Process Guard and Online-Armor

Discussion in 'other anti-malware software' started by Mongol, Dec 13, 2005.

Thread Status:
Not open for further replies.
  1. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Would Process Guard and Online Armor be a good combination or would there be duplication in services?
     
    Last edited by a moderator: Dec 14, 2005
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    There's certainly some overlap. I try not to comment on competitors programs or businesses, so I will leave it open to any PG/OA users to comment.
     
    Last edited by a moderator: Dec 14, 2005
  3. b00sfuk

    b00sfuk Registered Member

    Joined:
    Oct 25, 2004
    Posts:
    40
    Location:
    UK
    In my view, with the current version of OA, it is duplication. The only areas you could possibly supplement is with a broader registry defense. OA is supposed to be getting this in V2 in the short term and with rumours of incorporating application firewall function (true?) I can see me runing just OA and an antivirus in the future.
    You could read other posts in these forums and get many different views. Some people will advocate duplication as an important security strategy and there will always be peoples favourites. It also depends a lot on your on-line habits ;-)
     
    Last edited by a moderator: Dec 14, 2005
  4. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    716
    Location:
    Toronto
    Use both. I set up a testing snapshot in First Defence as a primary defense against testing a real live trojan. I had both PG and OA installed and when I ran the trojan, both PG and OA started warning me. Since this was a test, I let the trojan proceed, step by step, up to a point where I used PG to 'Block Always' the attempt to "call home", and saw many hundreds of attempts scolling by so fast it was impossible to read them. I simply switched to OA and stopped the parent process, and it was all over.
    I then used OA to remove the components of the trojan, which PG can't do.
    Either one would have been sufficient if in the beginning I had said 'no' at the first warning, but, sometimes when you assume that you should answer 'yes', then all hell breaks loose.
    There may be overlap, but there are some valuable differences that add up to having really VERY good security.

    No, I didn't let the trojan go 'all the way', maybe one day I'll be more adventuresome ans see just how much trouble they can be, and then use First Defense to wipe all traces.

    So, use all three, PG, OA and FD.
    Jim
     
  5. Starstruck

    Starstruck Guest

    Are you sure PG, OA, FD alone is sufficient?

    I would add Regdefend and Safe n Sec at least before I start feeling safe.

    Also Appdefend is probably better than PG.
     
  6. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    The problem is that many Anti Malware products are using simular
    techniques as PG does. (Kaspersky 2006/Tiny Personal Firewall,AppDefend and perhaps even the new Regrun or A2 ( A squared) )
    I've tested a lot of these together and had the same results,
    as mentioned above. I think you don't have to worry if you are running more.
    The only problem that you can expect, is the amount of memory usage
    if you stack these products.
    Of course you can't look 'under the hood' (how it is built)
    but with testing with trojans and other malware,
    and tools like 'rootkit hook analyzer' i have concluded that
    if you are running Tiny Personal Firewall 2005 pro you don't need PG
    PG versus AppDefend is discussed in another thread in the AppDefend Forum.
    And i think i know enough if i see the experiences above
    with PG versus Online Armor.
    But i am still testing these 2 (and combinations with others) at the moment ..
     
  7. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    716
    Location:
    Toronto
    Actually I'd feel safe with just First Defense if I could have only one app. but that's subjective, certainly. However I have the Ghost Suite as well, talk about paranoid!

    And more!

    But stopping execution is primarily the best way, since registry entries can't be made without running something, and PG and OA and AD all do that. I haven't tried SnS so I can't comment there and haven't run a test against 'my trojan' using AD, yet, anyway. Maybe soon.

    But FD, PG and OA do work. And this thread is about PG and OA, after all.

    Jim
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Indeed, it's my favorite program too, but even though FD will perfectly remove the baddie, you still need something to warn you that you've contracted something in the first place. Whenever my virus scanner tells me that I've contracted a virus, I use FD to wipe it clean, but I still need my AV to tell me that I was infected in the first place.

    Acadia
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Geesh. Someone would think a few of us are addicted to First Defense. :D And of course they'd be right, and for good reason.
     
  10. wolf_xl

    wolf_xl Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    48
    Well I use PG with OA since I have paied for both and they work perfectly well. If your worried about exe protection overlap you can disable it on either one of the apps.

    I'm a novice when it comes to security so when I tried Ghost Suite I found it too complicated and difficult to use unlike OA.

    I also tried Safe n Secure. It's got a nice interface and was quite impressed but it's sorely lacking a learning mode. Also adding programes to the trusted list and defing the rules was a nightmare. I just didn't know what rules would be acceptable for the programme to work so I reluctantly gave up.

    Thankfully OA is easy to set-up and use so its my HIPS of choice with PG. I've never heard of First Defence, anyone got a link for me to try?
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi wolf_xl

    Link is www.raxco.com Note that you must be using NTFS file system to use First Defense.

    Pete
     
  12. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    for a week or so i am using and testing Online Armor and am very happy with that.
    It is a very nice prog, and it seems to work perfectly.
    I certainly like the roll-back feature.
    There are no conflicts with Ewido , Nod32 and Ghost Security Suite
    (running both AppDefend and RegDefend)
    and SecurWall.

    Another system with Regrun Gold and Tiny Personal Firewall 2005 Pro
    gave all kind of error while writing to memory errors
    So i asume, Online Armor will not run together with those (not on this pc)
    after uninstall system was free of errors again.

    But of course that could be the same when i would deinstall one
    of the other two progs.

    About First Defend, i asume it belongs in the range of
    ShadowUser
    DeepFreeze
    Illusian
    Watch IT
    etc. etc.

    Is it possible to protect your system from changing to other modes
    with a password ?

    Or with other words can you have students work with it,
    without messing up your system?
     
Loading...
Thread Status:
Not open for further replies.