Process Guard is cool but part2

Discussion in 'ProcessGuard' started by SystemJunkie, Dec 4, 2006.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Hi there I wanted to give my opinion to the last thread that was closed because of minor reasons. Therefore I have to open a second thread.

    My opinion about PG is: It was one of the first Antihook protections.

    I don´t use their execution protection, butr apart from that it´s excellent and easiest anti-firewallbypass protection, most fwb trojans have no chance against it. That´s in my opinion the biggest advantage of PG.

    But the Anti-Kill protection lacks a lot. Against remote initiated CSRSS.exe kills and ErasesurfaceBOs it is insufficient. Winpooch is much better concerning this.

    PG is very easy and user friendly that´s its main advantage, but you always need some extra special tools to fully protect your pc when using pg.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    For me PG's execution protection is one of its best features, it is certainly considerably superior to KAV 6's equivalent feature.

    For example, with PG if you set Regedit and Task Manager to 'permit once', you get a pop-up each time you try and run these progs. However with KAV 6 's PDM that is only the case if you directly try and run them; if you press Ctrl Alt Delete PG gives a pop-up while KAV doesn't. Similarly if you run regedt32.exe it will start regedit.exe (on XP) with KAV, while with PG you still get the regedit pop-up. So there are ways of by-passsing KAV's protection.

    Then of course there is the fact PG has learning mode and enables you to prevent anything from starting that doesn't have exlicit permission to run - which blots out trojans from starting via drive-by downloads - while KAV only protects against progs that are explicitly set to block/prompt.

    I have similar quibbles over KAV's Reg protection which is much inferior to RD for several reasons. So what I'm saying is that there is still a valuable niche being filled by specialist progs like PG, even if you have other HIPS type progs in your inventory.
     
  3. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i am not buying into the idea that PG will not stop malware from killing a protected process..
     
Thread Status:
Not open for further replies.