ProcessGuard - Is the free version strong enough?

Discussion in 'other anti-malware software' started by xeda, Jan 29, 2007.

Thread Status:
Not open for further replies.
  1. xeda

    xeda Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    59
    I realize that the free version of ProcessGuard lacks a lot of security features when compared to the full version, but in terms of security, is the free version strong enough to thwart most attacks?

    For example, the free version can control application execution, but cannot control DLL injection and global hooks.

    However, since the free version can already control application execution, wouldn't that stop a majority of attacks that use rogue installers from executing and installing new DLLs in the first place? Can DLLs and other files slip through the cracks without an executable installer?

    In this case scenario, ProcessGuard would be installed and configured immediately after a system reformat, and installing/running trusted software.

    Thanks!
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there Xeda,
    yes there are some differences
    Free Full Feature
    v v Control Application execution
    v v Protect applications from termination
    v v Protect applications from modification
    v v Protect applications from viewing
    x v Block new and changed programs
    x v Protect physical memory
    x v Block Global Hooks
    x v Block unwanted rootkit/driver/service installation
    x v Block registry DLL injection (CoolWebSearch)
    x v Secure Message Handling
    x v Interface Lock
    x v FREE Technical Support

    If i remember well only one application at a time can be controlled, not your whole system. Maybe this could have been changed in the meantime.
    Could not find any announcements on that. So worth trying it on your clean system. See also the ProcessGuard forum in the archives for settings, tips, etc.
     
  3. xeda

    xeda Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    59
    Would you mind explaining this to me in more detail? :)
     
  4. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Xeda, are you really saying that you want full system protection, but are neither willing to pay for the software nor read the postings on its support forum? o_O
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Paid PG is a moot question. You can't buy the paid version anymore. So, Xeda can only use the free version. As for not reading postings, what does that have to do with asking about it in this forum?

    Or did I misunderstand you?
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Let me put it this way:
    I really don't know about the current features and possibilities of the free version -- in the trial i remember postings about that trial only being able to control execution of only one application at the time. Maybe the free version now does allow controlling and protecting all applications, but has the limitations i copied from the site in my posting above.
    I think trying it on your clean system is very well worth it in any way.
    For settings and configuration if needed there are bunches of info in the ProcessGuard forum. I don't think these will differ much for the full and the free version.

    Mele, it's a current situation, hoping for other news in future.
     
  7. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Very nice educative thread, thanks for that.

    With that discussion in mind we might suppose there are no other limitations but the blocked functionalities.

    Anybody running the free version? Xeda, once you are running it, please let us knowhow it goes.
     
  9. xeda

    xeda Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    59
    Very helpful! Thanks! ;)

    Thank you, Jooske! I will test out the free version and post my results.
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    PG free is one solid application,maybe it dose not offer the great numbers of checkpoints when compared to its paid version or rival software but the end result is what it dose it dose 100%.

    These are my findings based on using this tool as part of my malware hunting arsenal,yep i said hunting not defence folks.

    No malware infection goes live on my stripped down greased up victim of a machine
    ( -IDS, -software firewall,XP service pack1& IE 6 unpatched and running Java JRE1.4.2).All attack surfaces are maximised to attrack malware,i visit known exploit URLS for drivebys,download dodgy activeX's and grab free pr0n codec's....

    Guess what nothing is able to infect until i grant the first execution alert by PG free everytime :D

    Also i can control an infections deployment as long as PG is active to stagger malware imported for collection/testing.

    PG *Protect* is a life saver when it comes to worm damage/control as all important .exe's are on the protection list since it no good to me if RKU,ProcessExplorer and SAS gets spliced with Ludor A ;)

    ProcessGuard is the *Big iron* and remains the golden oldie of process firewall's :D

    Look at it this way if your worried about drivers being dropped,Global hooks and DLL injection it should be remembered that everything begins with code needing to execute !
     
    Last edited: Jan 29, 2007
  11. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    And most people just don't get this concept. They feel it is necessary to first allow the executable to run before passing judgement on the effectiveness of their HIPS. In other words, "first I must allow the thief into my home to see if he can steal my belongings."

    Un****ing-believable!
     
  12. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I personally can say from experience in REAL LIFE scenarios of high risk surfing etc etc that the free version of Process Guard is Excellent. The ability to protect apps from being modified or being able to allow to read only is a major deal when talking about protection. I did a few tests like creating .exe files with exact names of the apps allowed to run in PG and all the .exe got flagged I was unable to run them. So name spoofing might be difficult. A properly configured computer with the free version of PG can be powerful protection provided that the apps and programs installed on your box can be trusted, but hence the ability to allow or deny reading and modifying of .....:)
    WELL SAID fcukdat ! Heh :D PG has yet to fail me :D Honestly I dont think it will. The only thing that might is myself :p
     
    Last edited: Jan 29, 2007
  13. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    yankinNcrankin. Do you think that PG Free offers better protection than Cyberhawk, or Spyware Terminator with all Guards and HIPS enabled? Or even ProSecurity Free?
     
  14. TECHWG

    TECHWG Guest

    Process guard is all but dieing. Their forum was removed from wilders, and the website seems to not be updated. Plus they did not add extra protections. i think PG freeware is good for basic things, but i would use Prosecurity or SSM freeware over Processguard
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I can't agree with this last posting, TECHWG.
    Like said before we don't know about the current situation over there and what's next to happen.
    Archived forums can be reactivated if time calls.

    Since you're mentioning other software, i would most certainly give the GhostSecurity software a serious try as well. A whole forum overhere.
     
  16. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    I disagree with his post because the software is 100% solid and secure irrespective of what the authors are upto:rolleyes:

    Kerio2.1.5 is one of the most dependable software firewalls going,light on resources compared to the super-bloats nowadays and very versatile if you know your internet protocol's.
    Its years old now,the vendor has gone the way of the dodo but that dose'nt equate to a product dying.It still dose what it says on tin and is as solid/dependable as the day it was released :D
     
  17. herbalist

    herbalist Guest

    I have yet to figure out why people have so much trouble accepting this, especially if the topic has anything to do with rootkits. I just don't see why a concept as simple as "If it can't run, it can't infect" is so hard.
    :thumb: :thumb: :thumb:
    Definitely! If only more security-ware vendors would take a lesson from it. Skip the bloat, toys, and eye candy. Make it reliable and able to do the job.
    The free version of PG may not have the features and configurability of the paid version or of its competitors, but more often than not the biggest weakness in any of them is the users configuration, or lack of it. If a process can't run, it can't install drivers, set global hooks, write to the registry, add files, call home, etc. If it can't run, it can't do anything.
    Rick
     
  18. xeda

    xeda Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    59
    I read some user reviews that claim ProcessGuard free only allows 256 application rules? Is this true?

    Are there any other limitations in the free version besides the features that Jooske mentioned earlier?

    Also, does the free version have learning mode?
     
  19. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I can't remember what the current number is because I've never got near to 256 myself. Currently I've got 115 items in the 'Protection' list, but a lot of them could easily be removed - I mean, who wants to protect a helpfile? Yet it will be added to the list if you run it while in learning mode.

    It is unlikely that you could have more than 256 progs that actually need protecting. Indeed it is unlikely you will exceed the limit even if you do protect rubbish files as well as system and security files etc.

    The only limitations are that you do not get any of the 4 Global Protection Options shown in my screenshot. But none of these are relevant if malware doesn't run. Thus PG can stop a drive-by download attack by preventing execution.

    There are however, other possible attack vectors, notably you could run the malware yourself; you could be tricked into running it or else it could be bundled up with some software you install. In this case you would wish to prevent it from installing Drivers/Services etc. The free version will not help you in these 'shoot in the foot' scenarios.

    Process Guard is not dead, despite what was said above, the paid version even auto-blocks one of the three Anti-Keylogger Tests while the full version of SSM fails all three:-

    http://www.firewallleaktester.com/aklt.htm

    Not that that is a reason to install it, but its execution protection certainly is. Another reason is this comment:-
    PG is very easy to configure and use and that puts its usefullness ahead of the complicated SSM for many (though not all) users.

    Yes it has learning mode.
     

    Attached Files:

  20. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    @topperid
    do you mean that processguard (free) will intercept all executables and ask you if you want to allow them to run? does it work with scripts (like .js) too?
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    While agreeing the for the near term at least there is no reason why one can't continue using PG, I think it very safe to say regardless of the "situation" DCS is dead. The key to success in this business is trust of the parties behind a company. That trust is totally gone in this case.

    Now if PG was sold to a new party then thats a whole new ball game. SSM is a good example of that.

    Pete
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Xeda, did you install PG free and how do you like it thus far?

    It is very advanced software, like agreed above.
    If you still need more security, combine it with AppDefend and RegDefend and you must be about very tight blocked.
     
  23. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Not to start an argument or anything, but you speak only for yourself when you say the trust is totally gone. Need I remind you that none of us know what happened to cause DiamondCS to stop supporting their products? I pass no judgement until I have some facts and those are practically non-existent in this case.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Let me correct u.
    Paid version of SSM blocks all three keyloggers.
    Free SSM blocks third one( hooking).

    This is after u allow AKLT.exe to run.
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Let's keep on topic, which is the software itself.
    In "General" on top of this forum is a thread about the DCS company.

    ProcessGuard is to protect the deepest heart of the computer, from the kernel to other levels and specific kinds of threats.
    The paid version would certainly add to that security with the other additions.
    It all means look what is happening and learn to work together on your own system.

    Since by the looks the paid version might not be available at the moment and in case you might like to add more security from that same level was my recommendation to have a look at AppDefend and RegDefend, made by Jason who was on the basis of ProcessGuard as well. Those two programs have a free version as well to try it out on your system.


    What is blocked you can test with the free tools at the DCS site. APT
     
Loading...
Thread Status:
Not open for further replies.