Overthrowing of idols (ProcessGuard 3.4) Hi folks, I have recently tested new Process Guard 3.4 (full version), and want share my findings. I have no pretend that my results is fully comprehensive as I were estimating only specific aspects of software while others (perhaps no less significant) remained unexplored. This examination is more elaborate than my previous, and I hope I'll stick this plan for further testing. Soon I'm going publish analogous overviews for some another good known products. Here are aspects that I interested by: - Process Defense (how processes are secured by this software against various attacks, as process injections, dll injections and so on) - Registry Defense (how system is protected from malicious registry injections) - Firewall - Own Security (how modules of this software are protected from modifications causing switching off whole security) Process Defense: 41 of 54 tests were succesfully passed (76%). Some uncovered holes: - Create suspended process then patch it in memory and resume - Installing key reader - WM_CLOSE window messages - Installing/controlling drivers/services - Windows scripts not handled Registry Defense: 1 of 10 were succesfully passed (10%) Only test was passed with AppInit_Dlls registry value, but I know exactly there are abundant of other ways for registry injections. Firewall Module: Not applicable, 0 of 20 tests were passed. Own Security: 4 of 9 were succesfully passed (44%) All components, dll and exe files can be easily removed from disk (interesting thing: if you'll try to move files through explorer.exe, you'll get access denied, but simple MoveFile WinAPI call will do it no problem). Driver procguard.sys (as well as pguard.dat - settings file) is better protected, but anyway with additional efforts can be removed. BTW after restarting PG did not alert user that driver was not accessible, it just always was in initializing status. PG 3.4 protects driver from disabling on registry modifying, unlike PG 3.1.5 where driver could be easily disabled, just by its Start value. Also looks like that driver well protected from unauthorized DeviceIoControl calls. However WM_CLOSE window messages easily force application to be closed. Overall rating: Average by all aspects: (76+10+0+44)/4=32.5% Average without firewall aspect: (76+10+44)/3=43.3% P.S. These results are not so good (as many here supposed) but also not so bad Be waiting for next "Overthrowing of idols" posts (hope this series will compel good attention), my nearest aims are new Outpost 4.0 (with new anti-leak and others modules) and SSM 2.2. Do not hesitate to place your comments/questions here. I'll appreciate such things. Thank you.