ProcAlert v1.3 - similar to System Safety Monitor

Discussion in 'other anti-trojan software' started by zorro zorrito, Oct 18, 2004.

Thread Status:
Not open for further replies.
  1. Hi all, I found this program "ProcAlert 1.3" here:

    http://www.esat.kuleuven.ac.be/~eschoofs/ProcAlert/

    It seems interesting, something like SSM(not as complete as this), it doesn´t prevent the programs to run, it only shows a window after a program has oppened, then you may select to acept, to close it, and iven create a permanent rule of this.

    Here is what the program does:

    Overview of ProcAlert
    Did you ever have a virus on your computer without you knowing it until your virusscanner told you? Research tells us that most users have had virusses on their computer, so chances are that you've got one too, or are going to have one in the near future!

    Virusscanners are a must in this "online world". However these scanners have one weakness: they only recognize a virus if it's in their list of known virusses! Some virusscanners even cannot recognize a trojan horse (some kind of virus)! This is where ProcAlert comes in handy...

    ProcAlert can be seen as some kind of firewall for your computer. Instead of the usual firewall to protect you from hackers on the internet, this firewall will protect you from programs on YOUR computer. ProcAlert will give back control to you over what programs can and what cannot be run on your system!

    Here is a small overview of what ProcAlert is capable of:

    Protect your computer from virusses and other malicious programs
    ProcAlert will ask for your permission every time a new unknown program is launched. This way, no virus can run unnoticed. If you decide a certain program isn't safe, you can make ProcAlert terminate it for you. You can even prevent it from ever opening again!

    Totally lock down your computer so that no programs can be run any more
    Some virusses wait until there isn't any userinput anymore to activate themselves. A lockdown will make it virtually impossible for any program to run, until you disengage the lockdown. This is also an effective way of preventing unauthorized use of your computer...

    Localize malicious programs
    Whenever a new program is launched, ProcAlert will keep a record of it. This record contains much information about the program. This way, you can easily localize the program and take appropriate action.

    Keep a close watch on which programs are started when Windows boots
    ProcAlert will also inform you which programs are started with Windows. As many virusses start with Windows, this can be a very effective way of protecting your computer.

    Log activation and termination of any program on your computer
    It's possible to keep a log of all actions done in ProcAlert itself. Also, it's possible to log all activations and terminations of programs on your computer.

    Full Password Protection so no unauthorized user can shutdown ProcAlert
    You can protect all your settings in ProcAlert by using Password Protection. Also, you can activate a Lockdown which can only be deactivated when the user knows the Password.

    Export Task List and Trusted List
    ProcAlert can export both the Task List (the programs which are running at that moment on your computer) with full information about the programs as the Trusted List (the list with programs you gave or denied permission to run).

    And much more...
    This help file will give more information about the basic and more advanced uses of ProcAlert.

    It is shareware, about 25 bucks.


    I hope this to be an interesting program for you, it adds to SSM, WINSONAR.
     
  2. Hi all, It is free for personal use, what do you think about it?
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi zorro zorrito, Your program? ;)

    Nice looking application. if a little cluttered.

    I am only going to pick up on one aspect ATM.

    It is a shame that this statement is not correct as Task Manager can shut it down even when it is password protected.

    It can be suspended.

    It can be crashed.

    It can be killed by all of the methods in Advanced Process Termination apart from K7. K8 SC_Close handling does kill it

    Having said all that it can be protected by Process Guard :D But then Process Guard will have done the rest of the job as well.

    EDIT: Having looked a little deeper your program it adds no real protection. Yes it does alert with a nice trust do not trust box but while it sits there waiting for a response a virus or Trojan will have done it's job installing itself with ease. I could use APT whilst in this scenario

    Sorry but you need to do a lot more research and work on your program. Unfortunately as it is now all it gives is a false sense of security to the uninitiated.

    Pilli
     
    Last edited: Oct 25, 2004
  4. Evarest

    Evarest Guest


    First off, I did not post this review on this site. I'm the creator of the program named ProcAlert, and the poster kindly referred me to this website.

    Secondly, I create programs for the "fun" of it. None of my programs, which can be found on my website, are professional, but are only made to fill in some gaps i found while using my computer. In the instance of ProcAlert, I had a virus on my computer which i could not locate immediately. This started the chain of events that led too ProcAlert.

    To answer to rather negative post quoted above:
    "It is a shame that this statement is not correct as Task Manager can shut it down even when it is password protected."

    Indeed, you still can close the program without authorization. With this, I just mean that you cannot close the program NORMALLY without knowing the password. More importantly, you cannot OPEN the program, and change the policies without a password. It's possible to make it (rather) impossible to close a program in WinXP (in win98 it's easy). HOWEVER, this code is noticed by antivirus programs as being malicious code, and thus should not be used.

    Also, as a system Administrator, you can set policies to which programs can and which cannot be closed using the Task Manager. This way, you can effectively use the Password Protection implemented in ProcAlert.


    "It can be suspended. It can be crashed."

    I'm not aware of any "professional" product that cannot be crashed, cracked, hacked, infested, or suspended.


    "It can be killed by all of the methods in Advanced Process Termination apart from K7. K8 SC_Close handling does kill it"

    Same for this. BTW.: if i want to close ANY application, including so called "hidden" keyloggers, I CAN. On a computer, NOTHING is safe, and I for one do not pretend it is.


    "Having said all that it can be protected by Process Guard But then Process Guard will have done the rest of the job as well."

    Indeed, but you can use ProcAlert also for other interesting tasks, you won't (yet) find in other programs.


    "EDIT: Having looked a little deeper your program it adds no real protection. Yes it does alert with a nice trust do not trust box but while it sits there waiting for a response a virus or Trojan will have done it's job installing itself with ease. I could use APT whilst in this scenario"

    Correct, ProcAlert will NOT protect users from any hacking attempt, malicious programs or whatever, WITHOUT some user input. When i created the program, I chose NOT to let ProcAlert automatically terminate so called malicious programs, as this can get a real pain in the ass (pardon my saying).

    Also, I don't have time to create a real "firewall" which will delay execution until you approve it. This is quite difficult to accomplish, especially given the tools I have at hand.


    "Sorry but you need to do a lot more research and work on your program. Unfortunately as it is now all it gives is a false sense of security to the uninitiated."

    It's really sad to see that you give such a review of a program that IS NOT INTENDED to give the only protection on your computer! It's a TOOL to make it easier to spot possible malicious programs. It'll warn about and log any execution of new or changed programs on your system, including those that aren't visible in the Task Manager.

    On top of this, you can make it rather impossible to execute some programs. This will make it easier for, eg. parents to control which and when their children will play games. Of course, limited access to the Task Manager is still required.


    BTW:
    "Nice looking application. if a little cluttered."
    Could you say what you mean with cluttered? It might be that you're running it in Win98 mode, which tends to mess up ProcAlert a bit.


    To summarize:
    I'm not pretending ProcAlert will offer you a full proof protection. However, it will give you an additional way to be WARNED of possible threads to your system.

    Kind regards,
    Evarest
    evarest_schooofs<at>yahoo.com
    http://www.esat.kuleuven.ac.be/~eschoofs
     
  5. Evarest

    Evarest Guest

    BTW:

    i see that Pilli is also promoting one of his own programs, by demolishing my own (which i can understand of course): Process Guard.

    I'm not trying to compete with any such applications, being just a humble "spare time" programmer. I personally see ProcAlert as another way of doing things than apps like Process Guard, but probably you disagree.

    Actually, ProcAlert isn't my main project at all, having some other projects on the way...

    Evarest
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Everest, I am not promoting Process Guard just comparing with it and I am not paid by DCS but I am openly biased towards DCS products as I am an enthusiastic user of their products and a moderator of the DCS public forums here at Wilders.

    You are absolutely correct that I did give a negative review. Now-a-days users expect prevention rather than cure and OK your program does at least give a user some idea that "something" has run. There are many process monitors around both free and paid for that can do this.

    Unfortunately these policies are useless against rootkits or other malware that work at the kernel level.

    Yes, This is just my initial view, personal tastes vary. :) I am using XP

    No, I wish I was clever enough to write such a program but I think that some of the claims about ProcaAert are misleading. As it really does not "Stop" anything much. A bit like closing the barn door after the horse has bolted.

    Best of luck with your endeavours :)

    Everest, When you come to a Security site like Wilders promoting your products you must expect criticism, consider it as an aid to making your products better :)

    Pilli
     
  7. Hi all, first of all I apologize, because the one who posted this program was me not Everest:

    "Everest, When you come to a Security site like Wilders promoting your products you must expect criticism, consider it as an aid to making your products better"

    On the other hand I only wanted to know oppinions about ProcAlert:

    "It seems interesting, something like SSM(not as complete as this)..."
    "Hi all, It is free for personal use, what do you think about it?"

    So that, I admit that if there is one who said something out of place about this program it´s me. sorry.

    And I posted this program here because I think it is good for all to know new programs.

    Once again, if the way I did it was bad I apologize.

    Thanks
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Zorro Zorrito, No need to apologise, I am sorry if I confused you with the program developer. :)

    Wilders tries to be educational in many ways not only to users but also to program makers.

    Most of the people that visit here wish to promote safe computing & I am sure the author of ProcAlert intentions are just as honourable.

    Cheers. Pilli
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    This statement is quickly becoming one of my biggest pet peeves in the context of security (I don't have time to cultivate patience for this excuse. :p )

    I really think one's time needs to be taken into consideration before you start such an undertaking. I think it would be a more honest approach to develop this as something thats made more to alert users of what's going on behind their backs, rather than a 'system shield'

    You could alert the user of a new process that has run without the program looking like a firewall and presenting it purely as a security application. The one thing I really liked about SSM was the translucent pop-up window showing any program executions then dissappearing after a few seconds. I had problems with SSM, however, and it wasn't worth it to me for that single function. If your program displayed something like that, maybe with a few other options such as a kill process (the same method as task manager), a "don't show this process again", a black list (like you said, this would be good for parents and such that don't want the kids playing games or opening unknown things like screensavers), and maybe a button that would run a user definable application with command line switches, your program would really appeal to someone like me that just wants to know what's running when it runs, and have some basic control over it. The security benefits of that would be an added bonus and good for spyware and some of the more minor malware. If your program was unable to deal with the process it would give the user an idea of what they're up against without leaving a sense of failure to your application. Of course for those of us that have multiple layers of security already, you would want to make a window that would scroll alerts while it's up, rather than having one window for each execution. DiamondCS products, for example, will run another process scanning the executable before it runs, so if you had one window for each execution, you would quickly have a bunch of windows stacked up.
    I'm not a programmer, but this doesn't seem like a lot to ask, and I'm sure it would save you from the kind of criticism you've already encountered. A little creativity applied to the interface is all I'm really saying, and it would appeal to novice and advanced users alike, I'm (more than) sure.

    For the record, I agree that Pili could have been a little more diplomatic in his review, but honestly it kind of seems like you are asking for it by promoting this purely as a security tool... that rabbit hole just keeps going deeper, and a lot of attention is required to really make a program a truely viable security tool.

    BTW, the pop-ups of the screenshots don't work in Mozilla or with IE's security zones set to high.. not a good sign to potential buyers.
     
    Last edited: Oct 26, 2004
  10. Evarest

    Evarest Guest

    Re: ProcAlert v1.3

    Never thought that a proggie like ProcAlert would get such a response from any of my "potential" users...

    First of all: I apologize for the misunderstanding i caused. I thought that it was clear enough on my site, help files etc that my program WOULD NOT give any "real" firewall security, ie. prevent a process from running.

    This it basically does. You can define a black list of programs, which may or may not run. You can set the preferences so that the popups will hide themselves after a set interval, and if there's interest, I might implement such command features.

    Actually, such command features have been implemented in another program of mine (and i really hope you won't demolish that one too), named DirMonitor. You might want to review that also, but I'm not asking for that, as I generally don't like promoting my programs at all.

    Lastly i want to repeat again: I'm not here to promote any of my programs. I appreciate that you have some kind of view about my programs, but I'm sure that ProcAlert and any other application i write is quite useful for at least some of the computer users out there (judging from the positive and cooperative feedback i get from them).

    This is one of the most negative reviews i got in my recent history, but I'll look at it from a positive side. I'm just a free-time programmer, and i get such response. People even compare it with real commercial products, developped by professional programmers, while I'm just becoming a civil engineer...

    I hope that you will now at least understand my point of view.

    Kind regards,
    Evarest
     
  11. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    I think that there is a misunderstanding somewhere :)

    What I personally think is that when we see the review done in the first post, we think that your application can prevent an app to run (such as System Safety Monitor, or ProcessGuard).
    However, by taking a deeper look, it appears that it is not, which seems a bit misleading, even if it is unintentionally.

    From a an apparently security tool, we end to a monitoring tool, which is not a "bashing" just a comment ;)

    I'm sorry you seem upset, do not. It was just appearing at start that your app was doing that in fact it does not, which does not mean that it is useless.

    regards,

    gkweb.

    EDIT : I do a big difference between allowing a program to run and then to kill it if it is not allowed, and simply preventing it to run dead in his track by intercepting his launch with a driver.
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Re: ProcAlert v1.3

    I do understand, and all I'm really getting at is that a little change on the UI and how you present the program on your site could make all the difference in the world. You could probably even gain more users of the 'power user' type.

    As far as having "asked for it", I mean that to say that you must have realized that this product would eventually be noticed by places like Wilders, where a lot of us like to download and try anything new that we can possibly find. Once found, it will be contrasted with very dedicated security products, and with a very critical eye at that (lots of scams out there.)

    Although this isn't a serious project for you, people here will seek out new things to evaluate and threads like this will start. If you just hadn't given it thought then just consider the point of my message to be just that you might want to start thinking about it. Not meaning to demolish you or your program, I think if you were to consider your time constraints and put them into perspective with where you want your program to be, and make it the best you can on that level, you could potentially make something really worthwhile to current and future users.

    I, too, apologize if there was a misunderstanding, but no, I really didn't glean from the site that it was meant to be anything less than a full-on security app.. it is, after all, headed with the title "Protect your computer from malicious programs!" and costs $25 (for the record, that's the same price as Process Guard.. just one of the aformentioned points of contrast) I will however stand by my conviction that anything proclaiming to enhance security should be given all the time it needs to become the best within it's scope of protection. If MS had given Windows that kind of consideration, we probably wouldn't be here. Giving special attention to the "feaures" that leave your system vulnerable is kind of what security apps are for.
     
    Last edited: Oct 26, 2004
  13. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: ProcAlert v1.3

    Nicely spoken Notok

    cheers
     
  14. Evarest

    Evarest Guest

    Thanks, I will implement these changes once i find the time to do so.

    Personally, i don't skim any forums, as i don't have time to do that. However, it seems that this forum is quite a nice one concerning the security issues of Windows.

    Which are most, if not all, not free to use. ProcAlert however, IS free to use, but should be registered to remove the splash screen and gain access to some minor features in Preferences. This is mainly to prevent "professional users" (ie. industrial) from using the program on their computers without me knowing about it...

    English not being my native language, it's sometimes quite difficult to express myself. I meant that this project is not my main project (which is passing my exams at unif), but rather something i like doing in my spare time. This does not mean that i don't spend a lot of time debugging the program (you won't easily find major bugs, or i can fix them in a short time), and i try to make it as easy to use, even for a novice user (which is quite difficult).

    Also, i have other projects, which are in cooperation with some companies, and they require a little bit more attention than ProcAlert.

    I didn't realize that such a small promotional sentence would have such grave consequences :)...

    Again, if you read the help files, and use the program, you'll notice that it's mainly a warning beacon. It'll notice you, and optionally log the execution of non approved software, which can include virusses, trojans etc. I think i've made it more than clear in this thread, i to my knowledge in the program itself that this is the main function of the program...

    I hope this will clear up things. You might think that i'll do anything to get my right on this, but actually, it's just that having spent some time on this project, i can't really let it down just like that. Maybe i'll post my other project on this site too, but after this review, i doubt i will...

    Kind regards!
    Evarest
     
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I think that says it all, really. :) I know that I didn't, and I don't think others meant to, just 'bash' you.. just offer critical analysis (not the same thing as outright criticism, although it may seem like it at times.)

    I do understand what you mean by having other projects/persuits to focus on, and didn't mean to imply that you didn't take this at all seriously, just that this wasn't your main focus the way that dedicated security software developers are, and that's the contrast that people that are into this kind of thing are going to be seeing. Gkweb really hit the nail on the head with his post, especially with his point that ProcAlert is more of a monitoring program, which isn't totally clear at first glance, and seems almost misleading. Although the help file may make this more clear, I wouldn't actually download and go through something like a help file unless I was already using the program and looking for more information. Perhaps this could be off set by a 2nd page with more detailed information about the features of the program, and link the help file from there? Kind of a layered approach to the amount of information provided..? Just an idea.

    I think that's more than fair. :) You might think about making that more clear on the site, I didn't realize that that was the case.

    So, really, although my posts were peppered with annoyance, I hope you can accept my posts in the spirit they were intended, which is no less than constructive criticism. If you ever want a second pair of eyes, just let me know, I'll make a greater effort to keep things on a more obviously friendly level :)
     
    Last edited: Oct 26, 2004
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Everest :)
    Please take no offence as none was intended.

    When a company or person such as yourself make bold claims about software here the members will respond. This is not usually an emotional response but a calculated response based upon what the software is claimed to do.

    If, however, you wish to have a program analysed in a more friendly perspective then it would be better to do it with humility. :) Such as: An outline of what you "hope" your program achieves and what would improve it.

    Remember this forum hosts the public forums for five "Top of the line" developers Acronis, DCS, L&S, Nod32 and JavaCool. There are also many very well qualified experts in many areas of security, all of which take an interest in all aspects of computer security, albeit in different fields.

    My advice to you is to join this forum and become an active member here, as a programmer interested in security you will find an inspiring & educational experience.

    Please become a full member here and reap the benefits and with your knowledge help others.

    Good luck in all of your endeavours. Pilli
     
  17. Evarest

    Evarest Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    1
    Thank you all for your kind words (at least in the latest post :). As i already assured Notok I don't have "hard feelings" against any of you. I must admit that the initial posts came as some kind of cold shower to me, especially as i don't mean to "harm" or deceive anybody with my programs...

    I can understand that you're trying to keep the level high of your reviews, and are especially critical against newcomers, or freelancer programmers. But then again, if there weren't any freelance programmers, where would the freeware society be now?...

    To make my point that I'm not in it for the money, i've explicitely placed a link on the main page of ProcAlert on its website. I've also placed a remark which gives an explanation to the basic remarks posted here. Also, i've modified some sentences to make it more clear what i mean, and that ProcAlert will actually let run the program until you terminate it using ProcAlert.

    I've also placed the notice that the "professional edition" is free for personal use.

    The "slogan": "Protect your computer from malicious programs", i will not replace. In my opinion, one should not build an opinion on "slogans" only, thus i don't see any harm in that...

    If you still find something on my site that is out of the ordinary, please let me know, and i'll see what i can do to fix it.

    And i keep stressing that i did not post the initial thread. No hard feelings against zorro zoritto of course, but i'd never have posted it anywhere but some download sites... I didn't know it even to be possible/allowed to do that. And indeed, i'd have used a totally different text anyway...

    Already done that :)

    Anyway,
    thanks a lot to you all for your posts. You've obviously taken some time into reviewing my program, and that's something already!

    I'll see whether i'll post the other program on this forum too...

    Cheers!
    Evarest
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Evarest,

    Welcome to the forums. :) I've noted this thread with some interest since I use both SSM and PG.

    I would suggest you reconsider the slogan - unless ProcGuard has the ability to stop malware from running or to undo any changes it makes (Windows Registry changes, file modifications, etc) then saying it protects is not appropriate and gives visitors an inflated view of its capabilities. A heading like "Monitor and Terminate Malware!" would be more accurate.

    In the Features section, you mention "Thread level" may I presume this is supposed to be "Threat level"?
     
  19. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I tried this programme,and liked it,but i uninstalled it because of the resources.In my pc it took 0-2% of CPU (Athlon 2500) and 12,5 MB RAM,which for my personal tastes are too much for such an application.

    I ll be keeping an eye for future releases though.It's a nice one.
     
  20. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Woops! Wrong thread :)
     
    Last edited: Nov 13, 2004
Thread Status:
Not open for further replies.