Process Guard "MADE EASY" page! We need your help

Discussion in 'ProcessGuard' started by Wayne - DiamondCS, Jan 27, 2004.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    We'll soon be putting a new page on the website/helpfile that will essentially be titled "Process Guard Made Easy". The basic idea of this page is to concisely explain to new users 1) the basic concept and idea of Process Guard, 2) how to initially configure the program, and 2) how to "use" it (which basically just means how to read the alerts, and how to make config changes accordingly).

    Now, due to the nature of our work we find it easy to write technical writings on this subject, but making a text that's easy for everyone to understand is quite a challenge! Especially as we tend to think of things from the perspective of a programmer/analyst rather than a new user ... :)

    Process Guard, despite being an extremely powerful program, is fairly easy to use - it's the job of this page to help show that, so we come to you for help :)

    If you can think of anything - anything at all - that you think might be useful to tell new users (for example, if you've ever just discovered a new feature and thought "I wish I knew about that earlier!"), then please let us know!

    Thankyou in advance, your help is much appreciated. :)
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    1) the basic concept and idea of Process Guard

    PG is meant to protect already installed and running security software from being attacked by virus/trojans.


    2) how to initially configure the program

    Accept the default wizard configuration at first startup, and then add every security program or every resident or often used program in the list :
    AV, AT, FW, mail client, browser, instant messaging


    3) how to "use" it

    first install PG on a clean machine (no virus, torjans, worm, spyware).
    Execute and use all your program that you usually use or that you can use, check the PG window log, and allow your software needed allowances to avoid logging.

    Then, all upcoming logging should be take with caution and do not allow
    something you don't know.

    Better to not allow if you are not sure.

    In case of a doubt, ask on the official PG forum.



    Just few ideas :)
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    _EXCELLENT_! That is exactly the sort of information we're after :)
    (After spending so much time researching and developing the program it's not easy for us to put ourselves into the shoes of a new user, but you all have that advantage over us which is why we're requesting help with this :))
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    I haven't had time to give thought to the verbage, but after my encounter with one of AOL's brightest trying to find about the services install issue, it became clear this guy was clueless as to what a "service" was. DUH!. I think it would be good to start this page with some basics for "non computer" computer users. For example:

    1. What is a process
    2. what is a service
    3. What is Taskmanager (don't laugh)
    4. What is a DLL
    5. What is the registry, and a registry key.
    6. What is a driver
    7. What is a Global HOOK

    Think back to some of the funny questions tech support guys get, we see in the humor thread.

    It would be best if non computer examples could be used. For example

    Process--Think of an insurance claims clerk. Someone puts a file on his/her desk.(exe file on the hard disk). Nothing happens until she/he opens the file and works on it(the process in memory)

    Hopefully this all makes some sense.

    Pete
     
  5. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    I think back to when I first tried setting it up and... I was really wanting to find a guide to which processes to protect in Windows XP (which is probably the predominant OS among home users) but maybe it could also provide info on W2K and 98SE too.

    I'm thinking along the lines of a guide as to "what" to protect "where" to find it "why" you should protect it and last but not least "how" to do it.

    Well that is what I was looking for as a new user (and couldn't find it) I had to post questions and test things myself, which did kind of give an "unsure" feeling about the whole thing. I feel a detailed guide would help put to ease the new user and bring security (PG) out of the shadows a little bit.
    ;)
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I agree with Protek. Even though PG is very easy to set up, it is a User trial and error game as to what to include in the protection list, what to Allow and if any Options are necessary. That is most understandable considering the myriad of software combinations.

    Plus "interpreting" the various forum Posts tends to further confuse and concern (definitely not intentionally) because of ambiguity. For example, Regedit.exe causing a global hook log printout. The ambiguity comes about by reading a post such as "well, things seem to be running okay without permission for the Global Hook", so it's probably not needed. That in itself is both confusing and a bit scary to a normal computer user. Does/Could it mean that Windows wanted to do something, didn't do it because of the block, and the result may/will show up next week?

    In summary, I suggest that the "Made Easy" needs to be as direct and precise as possible. In the above example, telling the user to add the option to permit Global Hook for TRUSTED Regedit.exe is a safe response and reduces/eliminates user "concern"-- if you get my drift.

    I also feel that it would be very helpful to new users to perhaps provide a downloadable setup/info .txt file that contains a list of files to include in the PG program protection for as many more popular programs (example, NAV 2003/2004, AdAware, etc.) as possible along with what to ALLOW and what Options to set. This helpful info .txt could be gleaned from current User input. I suspect many of current users would be willing to submit this type of info for centralized assimulation and distribution.

    JMO
     
  7. noname8

    noname8 Guest

    1) the basic concept and idea of Process Guard

    PG is meant to protect your operating system, your security software and your internet applications from certain dangerous attacks by viruses, trojans, rootkits and other kinds of malware.

    2) types of attacks covered

    Termination: Process Guard will make sure that malware does not shut down your security software (or any other program).

    DLL trojans: Process Guard will prevent the latest breed of trojans, so-called DLL trojans, from running. This is important because DLL trojans do not show up in the Windows Taskmanger. Moreover, they can bypass your desktop firewall. For further details see ( http://home.arcor.de/scheinsicherheit/dll.htm ) :D

    Rootkits: Process Guard can prevent the installation of any rootkits {still to be verified}. Rootkits are particularly dangerous because they work like a cloak of invisibility which makes it impossible for an antivirus or antitrojan scanner to detect malware.

    keylogges, setwindowshookex, dllinit etc. (have no time now)

    ...

    3) how to initially configure the program

    Accept the default wizard configuration at first startup, and then add every security program and every internet programm to the list: in particular, you should protect your
    AV, AT, FW, mail client, browser, instant messaging client ...

    [use detailed screenshots to show how, for example, the browser can be protected]
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'd love to see a consolidated reference of what each global hook type was. Every time I see something new in the log, I ask here, or search here. And Wayne tells us: "Global hook type 0xE is..."

    It would be nice if the local doc made it easy to tell what each global-hook-related log entry really meant.
     
  9. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Excellent ideas folks, thanks! Please keep them coming - you have the advantage over us in that you've been able to experience Process Guard as a new user :)

    But just in regards to this ...
    The next version of PG already tells you what type of hook it is, ie. "global Keyboard hook", "Global Low Level Mouse Hook", etc etc (rather than just "global hook").
    We may also add a list of codes to the helpfile, but that info is already available now if you're after it - search for SetWindowsHookEx at Microsoft (google will lead you straight to it)

    Cheers,
    Wayne
     
  10. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I've seen a couple of post where users tell " I get a log entry process X has been blocked from..... I don't feel comfortable giving it that permission."
    By not giving processes the right permissions, processes might not behave as intended, although it LOOKS like it's working ok.
    Dolf
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'd be doing that if I knew how. But I don't understand how to search for hook docs based on how PG logs them. For example, how would I search for this (which I just made up, so it's not necessarily valid):

    [00000007][0000000E]

    If it was just [00000007][00000000], I'd search for 0x7.

    I guess what it really comes down to is... either you have malware on your system, or you don't. If not, give everything that wants a global hook the ability to obtain it. Doing otherwise is slowly driving me insane over here.
     
  12. Chaz1

    Chaz1 Registered Member

    Joined:
    Jan 29, 2004
    Posts:
    1
    Hi Everyone,

    I bought and installed PG sight unseen last night based on everything I've been reading here and my experiences with TDS-3. Both are great programs (as are PE and WG)! My congrats to the development team!

    I think the suggestions given previously have been great, and I wholeheartedly endorse them.

    My suggestion would be to give new users a sample configuration file of some type. For example, when I installed PG, it auto configured for a lot of things, but it also left a lot off, e.g., TDS-3 itself. As a very experienced computer user, I feel comfortable adding and configuring my various programs, but I would LOVE to have had a file of common programs and suggested settings, even if to just make the process faster, and to make sure that I haven't left any necessary programs off the list. For a new or inexperienced user, this could be an absolute blessing---takes the guesswork out of the setup.

    To achieve this, I would suggest that you (or us here on the forum) could create a text file that shows the recommended settings for common programs. and since the bottom half of the PG screen is done so well, it can be in the same format with an additional title at left:

    AppName Process Process Path Blocked Allowed Options
    MyApp 1.2 myapp.exe c:\program files\myapp\ Write,Terminate,Suspend,SetInfo None CloseMessageHanding
    Prog 6 bant.exe c:\security\protect\ Write,Suspend,SetInfo Terminate

    To take it a step further, you could break the file into headered sections, e.g., "Anti-Trojan," "Anti-Virus," "Firewall," "E-mail," etc. While I suspect that the vast majority of entries would be very similar, it could really take the guesswork out of the process, and just make everyone more comfortable, especially new users. It could also solve some of the questions of "does X work with PG?" since a comprehensive list like this would implicitly indicate how good of a citizen PG is.

    I hope this helps.

    Charles
     
  13. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Because the most important processes to protect besides your security programs, are those which have permissions to access the Internet by your firewall, so I would suggest a firewall configuration spy, which can read configurations set in popular firewalls and add them to PG.
    Dolf
     
Thread Status:
Not open for further replies.