PG3 > what/which should be allow "Access Physical Memory"

Discussion in 'ProcessGuard' started by quaduong, Sep 21, 2004.

Thread Status:
Not open for further replies.
  1. quaduong

    quaduong Guest

    After hafl of day with PG3 public beta, please confirm and help on these seen on my xpprof box sp2, nothing else yet, but:

    - default "allow rights" is defautly set to "Modify + terminate" ? why that?
    (every program is added to the protection list will have such "allow" rights!!!)

    - Password fields to lock PG in secure show plain text when typing in password? Is this temporary stage at beta release?


    - What kind of program should be set to allow "Access to Physical Memory"?
    (When accessed hushmail.com and the hushmail authenticating applet loaded, firefox crashed and unloaded; PG3 showed firefox required this right!!!)

    Thanks in advance.
     
  2. MEGAFREAK

    MEGAFREAK Registered Member

    Joined:
    Jul 8, 2003
    Posts:
    51
    seems becoming a long time until the full 3.00 version release
     
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I would like to know how far we can go with unchecking this access Physical memory.

    I installed pg 3 and first in learn mode. then rebooted. I saw every program with the opportunity to modify things. I unchecked this because this is not the way I want my programs to be.

    but everything frooze. so now is my question after putting in learn mode, I could work again, what can I uncheck from this access physical memo_O

    is it necessary to put them all with this thing?? I have a very clean system btw.

    thanx
     
  4. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Actually it should be Modify & Read. Because both are methods that are frequently (i.e. by many programs and many times per time interval) used for legitimate reasons, and because it's hard to make a malevolent use of them. Actually the latter is valid more for read access than for modify access. Many programs that somehow handle other programs (file managers, shell replacements, launcher apps, task managers etc.) need it, but you may consider removing this privilege for some of your protected programs. - However, do remember that only programs with this privilege enabled in your protection list will be able to modify protected programs (not every program you launch), and that PG will alert you when such a program has been changed.

    Don't know if something general can be said about which programs require Access to Physical memory. Mozilla is the second (after IE) webbrowser where I've seen this reported, but Opera doesn't need it.


    HTHH,
    Andreas
     
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    You of course need to give physical memory access to whichever programs request it which you need to run. Do not remove the default setup (this will probably be locked somewhat in the final build) options from programs. If you remove physical memory access from lsass/csrss/winlogon/ntvdm/etc, which is automatically setup for you, you are going to run into many problems (system not booting, old dos/win3.11 programs not working,etc).

    The default list of protections given to the first 11-13 programs on your list have been tweaked for many months by us to provide the best protection and useability. It is interesting of course to realize which options standard Microsoft programs actually need for your operating system to boot, so playing around with it can be fun in a way. But if you want ProcessGuard to work as best as it can, I'd leave those default options on the important operating system executables well alone. :)
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Thanx Jason for this answer and thanx for this intentional release. I like the crypto gui :)
     
Thread Status:
Not open for further replies.