ProcessGuard Suggestions / Wish list

Re: Process Guard Suggestions / Wish list

me 2 would like more control regarding this issue.

to much black or white.

 

Re: Process Guard Suggestions / Wish list

not sure if new pg has this but a no icon on task manager by clock icon

boclean has this option

i use it so my puter dont freez

to many icons on system traqy anoying freezes blazes puter thank you in advance

 

Re: Process Guard Suggestions / Wish list

16MB was chosen due to it's size being greater than the majority of EXE files (only ~%0.001 of files are above this size) and the fact that hashing more than 16MB of data might take longer than most people are willing to wait.

 

Re: Process Guard Suggestions / Wish list

I'd like to see the date columns formatted as yyyy-mm-dd so that sorting makes sense. Currently the dates are sorted with dd-mm-yyyy which is not very useful for determining what was allowed (etc.) in the last xx days (too much clutter). But I also like Robyn's suggestion to allow heirarchical grouping of items as another option.

Jim C.

 

Re: Process Guard Suggestions / Wish list

Okay, I am now talking so far over my head it's not even funny (well maybe it is)

I just read a post (#8 ) about what PG does not guard against.

Specifically, GetAsyncKeyState and BitBlt from the screen.

I know nothing about these or whether they are valid points. I just thought you may want to consider them if they are good ideas for implementation in this or the next version.

 

Re: Process Guard Suggestions / Wish list

GetAsyncKeyState and BitBlt are two simple usermode functions that cannot be used to attack processes. They might be useful in some sort of anti-keylogger program or anti-screencapture, but they have nothing to do with Process Guard or process protection, thus are out-of-scope of Process Guard. Note that Process Guard does have some unique and very powerful anti-keylogger capabilities, but it's not a dedicated anti-keylogger program and some of the anti-keylogger capabilities it has are due in part to other protection capabilities, such as hook interception. If they were a real threat to any processes then they'd certainly be added to Process Guard.

If an existing driver such as a rootkit has been installed then it's already game over - the rootkit can circumvent any methods used to detect it so it's too late then. This is why prevention is the only real way to attack rootkits, and Process Guard blocks all known methods of driver installation (the next version extends on this even further).

 

Re: Process Guard Suggestions / Wish list

Thank you for the explanation Wayne!

 

Re: Process Guard Suggestions / Wish list

The masses are clamoring for a "secure over-write" feature for BOTH logs (user-selectable, of course) - with a MINIMUM of ten passes.

 

Re: Process Guard Suggestions / Wish list

Also a unified Options menu would be nice.

As it is you have to confirm far to many dialogs to change multiple options in the Protection->General Protection area.

 

Re: Process Guard Suggestions / Wish list

Hi Avitar & welcome, I can say that the Protection list options GUI has been radically revised.

 

Re: Process Guard Suggestions / Wish list

The problem with "hooking" these functions is the amount of false positives will be through the roof. GetAsyncKeyState hooking on it's own is worthless since you can't do system wide hooking with it unless you do some other things with it too, and even then it's not full system wide hooking (maybe some good research for Stephen )

And I'm not sure why you would really want to hook BitBlt, even if you managed to make sure that the source bitmap was actually the whole screen or the desktop, I know plenty of valid software which does the same thing for alpha transparency effects, etc. Hooking BitBlt will also definately be a system performance penalty. Since it gets called very often on every system.

 

Re: Process Guard Suggestions / Wish list

Thanks Jason!

 

Re: Process Guard Suggestions / Wish list

I would dearly like the new version to be release

j/k


Actually what would be nice is a shift to SHA-1 or SHA-2 for the hashing as their have been some (additional) collisions found in md5, which, at this point in time don't affect the use of it for testing the integrity of files. It certainly means that sometime in the future it will be useless at this function.

 

Re: Process Guard Suggestions / Wish list

Most security programs don't have adequate termination/alteration protection. Eventually AV companies will learn self defense for their programs. You guys have already mastered this technology.

Perhaps you could license PG to AV companies as a component that would be integrated into their AV. It would be single purpose (like the PG free) and only protect the AV. It would probably need to be stripped down a little and be made easy to integrate into any AV.

The AV company could then focus on AV signatures and say "now with Process Guard". Your company would benefit from massive license volume and increased awareness of DCS. This would also not harm the PG program itself. The trick would be making two separate "PG inside" programs work nicely together like say an AV and AT. They would both have the PG component inside.

Just a thought.

 

Re: Process Guard Suggestions / Wish list

HI all,

I am new to this forum. I got PG and found it hard to navigate. I am not an advance

user of it so it is a nightmare.

Here are the features I would love to see in the upcoming version..

Think user friendly.

1. GUI - If possible notich it up. So it is more nice looking but efficient, like ZOne

Alarm, Outpost firewall, You know what I mean?

2. Instead of adding programs to the protection list, make it so that if you click on the

program it will ask you what you want done for it. <troublesome to choose each one> <But

keep to option too>

3. In built AI in it. So it can learn better.

4. Enable protection mode so all resistry/program settings can be block and only the user

can gain access and nothing else. Currently PG doesn't have this. You can block but user

gets block too.

Troan can change IE homepage too.

5. Have a wizard to help set up all the secruity settings.

6. oh! Have an option so PG can block and effectively remove any unwanted parasites it finds
on the computer. What is the point of blocking when you can remove?

7. Have 100+ sercuity Agents monitoring all potential secruity flaws on your computer for viruses/Paraisites and the such.

This company has this feature!
http://www.giantcompany.com/p_antispyware.aspx

I think that is about it for now.

Thankyou for reading this.
Avail

 

Re: Process Guard Suggestions / Wish list

As an option:
make the "always do it like this" checkbox on the "new program launched" prompt available to admin only.

(but I'm not sure this is covered somehow already - me not being in any multi-user environment)

 

Re: Process Guard Suggestions / Wish list

one that works on my pc lol

 

Re: Process Guard Suggestions / Wish list

MY WISH.... and I think its already been mentioned, not sure, so here goes.

I would like it to have a section on Internet Connection. Similar to ZA, but not a detection of port scanning etc...just program control... I would love to get rid of ZA and just use PG as my main protection....A lot of people do actually use MS Firewall.... I may move across to that if PG does program internet access detection.... What do people think?

Rodrigo

 

Re: Process Guard Suggestions / Wish list

Perhaps a way to plug it in to port explorer?

 

Re: Process Guard Suggestions / Wish list

Hello,

Just wondering......if Process Guard can't work on Windows ME,is there any other prouct that can do the same job as Process Guard?Please any help would be great,I have searched the net,and every search ends up with Process Guard which is useless on my system.


Why does Diamond products only work on the newer versions of Windows?,You lose out on many people that don't bother to upgrade and who don't want to,just a thought.., why not make it for all Windows versions?
95 I understand,but the rest of Windows 98,Me,why not?

Thank you and good day

 

Re: Process Guard Suggestions / Wish list

Hi zoe1965 & welcome, Simply put Process Guard cannot be made to work with older OS's due to thier structure, the mode of operation is not in the older and intrinsically less secure systems.
All other DiamondCS products do work in the older systems even W95.

You could try System Safety Monitor as I believe that works in older systems but it is not the same as PG nevertheless it does add an extra layer of security.

HTH Pilli

 

Re: Process Guard Suggestions / Wish list

Hello Pilli,

I thank you for helping me understand why it won't work on Windows ME, and also for the reference to System Safety Monitor,too bad it's nolonger on the web,or the author took it off,not sure.

There must be something that can protect,my anti-virus from being stopped? But I have looked for months,but still no luck on finding something close to Process Guard,at least my firewall is safe.Phant0m created a program
called LooknStop-GUI_Exit-Protection.exe which does the samething as process guard,but it defends my firewall only,the rest of my apps how do I defend against such attacks?,if there is no program like PG on the market?
or some kind of anti-hack prevention for anti-virus running on my system from being shut down? Maybe someday there will something close to Process Guard for Windows Me, users.
Thank's for trying,Pilli

 

Re: Process Guard Suggestions / Wish list

I just found SSM here:

http://freeware4u.com/modules/mydownloads/singlefile.php?lid=204

"D/L is a direct download from FW4U. The authors Home Site is in Russia and typically slow and difficult at times to get to."

All you have to do is just put System Safety Monitor in Google and keep looking for websites where it is still located.



Starrob

 

Re: Process Guard Suggestions / Wish list

It's virtually impossible to create a program such as Process Guard for Win9x (95/98/ME) that has the same level of security we were able to obtain under Win2K/XP. You could argue that some security is better than none, but just dont be lulled into a false sense of security, because it would be vulnerable to attack.

Also, as the Win9x user base is rapidly shrinking (which is fair enough - its nearly 2005) it simply doesn't make sense to spend too much time focusing on Win9x if the end result is a program that only runs under Win9x, when really we should be focusing on what most of our customers are using (and will be using for quite some time to come) - 2K/XP. When and wherever possible we try to add support for as many Windows operating systems as possible (its in the best interests of you the customer and us the developer), but unfortunately this isn't always possible.

A primary reason for this - the fundamental security differences in the kernel. As just one example, in Win9x when a process modifies a system DLL (such as kernel32.dll) in memory, all other processes are affected because they share that module. This is not the case under 2K/XP, where each process has its own instance of kernel32.dll, so if one process corrupts kernel32.dll then the worst case scenario is that it'll kill itself (its own process), but all other processes will be left alone. Even drivers are different under Win9x - a .VXD file (Virtual Device Driver) is required, compared to the .SYS files you see under 2K/XP.

Cheers,
Wayne

 

Re: Process Guard Suggestions / Wish list

This is a good idea.