?PG protects itself during its installation

Discussion in 'ProcessGuard' started by newbie, Mar 31, 2004.

Thread Status:
Not open for further replies.
  1. newbie

    newbie Guest

    After the file downloaed to the user machine, assumed its md5 is checked against its md5 posted on the website, at initially and during installing PG1x,2x, whether PG can check its integrity (clean from tampered, virus, worm, trojans and sort of malicious things)? All is under the assumtion of local machine and downloading are not 100% clean (for sure) from malicious things effected.
    In fact, I dont know how for sure to conclude that a pc is 100% clean after used ever, even did trojan scan, virus scan, malware scan....Even we say just format the hdd and do a fresh installation of everythings. Ok we can format even repartition it, but other softwares/os patches/....have copied onto CD/DVD/another hdd from that "not sure 100% clean system" ?
    Hope my english writing is enough to understood. Sorry for that poor!
    TIA
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Newbie and welcome,

    Yes, the concept of 100% clean machine depends on many things.
    We understand that there is no such thing as 100% security, what we mean is as clean as is possible ie. After having run all the normal checks.
    Process Guard is tool that runs at the administration level so one would expect most Admins to be familiar with securing their systems although we know that many users always run as Administrators or Power users with Administrative rights so Process Guard is made easy to configure even for the less knowledgable user.
    Once PG is installed you at least have another very capable layer of protection for your machines and without the need for regular or daily updates.

    Hope This Helps - Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I've been trying to explain this exact point about being clean. Being clean is not that hard - at least with Process Guard. If you install all your known clean software and updates on a KNOWN CLEAN OS before ever connecting it to the internet, and set up PG and your firewall, you can be very sure the machine is still clean at this point.

    From here, injection trojans and rootkits are out of the picture, which brings tools like ASViewer and Hijack this! back to life. It also means your Port Explorer / netstat results are also not modified by a rootkit trojan and you can analyse the system the same way as long ago when trojans (and some viruses) were not so high tech.

    Really on an unknown system these tools are not going to give a real sense of confidence - how do you know there isn't a rootkit installed ? It wont show up in those tools. Even running ASViewer in Safe Mode will not reveal the Hacker Defender rootkit service - it runs in Safe Mode too :rolleyes:
     
Thread Status:
Not open for further replies.