Process Guard and Registry Protection

Discussion in 'ProcessGuard' started by WilliamP, May 24, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have Process Guard,TDS3,and NOD32. Could my system use a registry protection program? Would it provide added protetion?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi William, DCS do RegProt which would help.
    Reading another thread, I notice you have also tried SSM which is also good AdAware + and Pro also include registry protection.
    I am not sure what extra level of protection you would need with what you already have, hopefully the DCS team can add some advice. :)

    Pilli
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Pilli,right now I'm looking at Grr (Greyware Registry Rearguard). I'm am trying to find out from the experts if I really need the additional protection. I would appreciate any info.
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi WilliamP,

    Registry Prot from DiamondCS is a freeware and consume 0 ressources, it is very light, and works very well along with Process Guard.

    It cost nothing to use it, and your registry is protected :)

    regards,

    gkweb.
     
  5. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Gkweb, I had tried Regprot and had some problems. I'm not sure they were caused by Regprot but the problems disappeared when I removed it. Still my primary question is do I need registry protectiono_O o_O
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I have similar apps running on my box, and WilliamP is asking a great question regarding PG's registry protection capabilities.

    Since PG does such a great job of keeping unwanted apps from starting, those apps are then stopped from writing bad things to the registry, correct? If so, does that mean the WilliamP does NOT have a need for an app specifically designed to monitor and protect the registryo_O?
     
  7. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Process Guard is two defense layers :

    First, we try to not start malwares.

    Second, if we mistakenly start them, the process protection is here.
    In that case, a registry protection can be needed, but that's up to you.

    regards,

    gkweb.
     
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Gkweb, I don't exactly understand your post. You say we try to not start malware. But if we do the protection is there. But then you say, then registry protection can be needed. One seems to contradict the other. Please don't misunderstand I'm just trying to determine if I need registry protection.
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    WilliamP,

    I believe gkweb is saying that once you give a process (malware or not) permission to run via PG, PG will not stop that process from modifying the registry. However, Grr! or RegRun will then notify you.

    Nick
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    That's good enough for me. :) I don't know enough about the registry to be able to distinguish between when to allow a "good" program to modify the registry, and when not to allow the change. :doubt: So, if I can eliminate malware from making changes, I'm good (I think). ;)
     
  11. FanJ

    FanJ Guest

  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you all for the replies. I didn't know if something could get to the registry with out PG knowing about it. If PG can stop malware from getting to the registry I'm happy. :D
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    In french this sentence is perfectly right, may be my english contradict itself :D

    I mean that if a malware is started, then the process protection is here to protect your critical processes, but it doesn't protect you if the malware "just" write into your registry, so in that case you need a registry monitor.

    Is it better like this ? :D
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Gkweb,

    Thanks for the clarification. Are you saying that PG will stop a process from running, but may still allow it to write data to the registry?
     
  15. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    First, Process Guard was only a process protector, to protect your processes against _running_ malwares.

    Then, the Program Protection has been added to let the user control which executable to launch or not.

    Even if used perfectly this protection could probably be sufficient, and so Process Protection would be useless, because we can do errors and mistakenly allow something to run (or willingly thinking it just a 'screensaver' for instance) a malware can sudently be running on your system.

    That's my point :)

    Then, because a malware can run on your system if you allow it, there is the process protection to protect your critical security and OS process, but your registry is left open, so a registry monitor is not 'too much" IMO.

    regards,

    gkweb.

    EDIT : to answer to your question directly, an executable blocked from running can't write into the registry.
     
  16. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Dazed_and_Confused

    Yea I think that is what gkweb is saying.

    But the bit that sounds worrying is malware "just" write into your registry.

    Because thats what It [malware] is meant to do, alter the registry.

    A small change of '1' to '0' to a registry key can make a big difference.

    I may be wrong about this, and I hope some one corrects me.

    Take Care,
    TheQuest :cool:
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Quest / GK - Thanks. I see both of your points. My concern is the I've used RegMon, and there is a LOT of data being written to the registry constantly. And most of what I've seen seems to in a foreign language :eek: . If I were to use a registry monitoring app, it would have to fairly intuitive (make decisions / do a lot of the work for me). I'm concerned I wouldn't understand what's OK and what's not OK to be written.
     
  18. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Dazed_and_Confused


    I fully sympathize with you on this a I am the same with most of the Registry.

    That why my choice is not to usea monitor.

    This should help you [us].

    Take Care,
    TheQuest :cool:
     
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, gkweb

    Thanks very much for your Edit, helps to know that.

    Thanks once again.
    Take Care,
    TheQuest :cool:
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thank you all for the help. :D
     
Thread Status:
Not open for further replies.