ProcessGuard v3.xxx Suggestions / Wishlist

Discussion in 'ProcessGuard' started by Jason_DiamondCS, Nov 3, 2004.

  1. James Taylor

    James Taylor Guest

    Because it would be foolish to try to force an existing product to become something it isn't.

    I didn't say that. Besides according to you IE is safe enough when running it with dropmyrights + all the 'hardening' you do... Right?
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,582
    Location:
    The Netherlands
    Well let the developers decide, like I said before I think it would be a nice addition, but perhaps they don´t think it´s necessary, SSM does offer this however. :) About IE, you already know my opinion about this subject, yes I think IE is safe enough with a certain configuration. ;)
     
  3. James Taylor

    James Taylor Guest

    LOL, a certain configuration means what? Running half a dozen programs to 'secure' IE by cripping most of its function, add a couple of IDS systems just to protect IE, *and* start spamming wishlists of IDS products meant for generic protection begging for IE specific protection.

    Yes, I see you really think IE is "safe".

    For the record I think your fixation with IE is not necessary .
     
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,481
    I don't think that this topic is to post opinions, but just suggestions... ;)

    And try to respect the other opinions.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Quite correct :) Please confine this thread to suggestions and not discussions. Either start another thread or use the Wilders Instant Messaging (IM) system.

    Thanks. Pilli
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,582
    Location:
    The Netherlands
    My final comment in this thread @ James Taylor:

    I´m asking for a feature that would make PG even more powerful, IMO it doesn´t really matter what I need the feature for. And why do you think products as Prevx, Safe n Sec and SSM are around? Just to secure IE? No, but they can make IE more secure.

    If you want to know what the remarks were, PM me. :D

    Unnecessary remarks removed: Pilli
     
    Last edited: Jul 12, 2005
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    *I* know what you mean, but I think quite a lot could be done just by making the tabs, and perhaps the bevel, smaller. Doesn't seem like much, but I think it's all it really needs to make it look really sharp :)
     
  8. heatsaver

    heatsaver Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    4
    Windows XP Professional 64 bit compatiability would be super!
     
  9. AAPlus2

    AAPlus2 Guest

    Hello,All

    @Jason

    First my apologies i am not big on words so don't take
    this the wrong way or think im some nut.
    well the nut part is up to you to say:)

    now my dad went out & as always over did it
    i now have i think 4 PG that he paid for not sure
    why he would do this with all the progs he would
    see

    now i have tried time & time again to use this great prog
    of yours but it's hard as hell now i would like to ask you
    this is there some way that you can add to the popups
    taking about when there is a warning.

    could you add some type of click here that will send
    the user to say a web site with info on what just happen
    with PG & it will help someone like me see what it is that
    PG is asking of them.

    like i said not big on words here say a box pops-up
    Bla Bla want's to do A B or C
    so i click button takes me to web site where it
    tills me if it is safe or not

    something like ZoneAlarm has that if a box pops-up
    you just click more info & before you know it your
    at the web site with info if your next move is safe or not

    Thank you
     
  10. AAPlus2

    AAPlus2 Guest

    Hey,Jason

    Well please kick me in the yahoo i just happen to find this here
    http://www.diamondcs.com.au/pgdb/

    i think this is what i had been thinking of when i posted
    the above info my apologies should keep me hole shut

    Thank you
     
  11. borisdavis

    borisdavis Registered Member

    Joined:
    Aug 1, 2005
    Posts:
    2
    Whats going on?
     
  12. vlad007

    vlad007 Guest

    It's easy to accidentally uncheck the global protections options section.

    Some kind of message, ie- "Are you sure you want to disable block global hooks etc?" when you try to uncheck anything in this section.

    The reason, i say this is, the other day i booted up and one of the global protections was unchecked.

    I don't remember doing that!

    I'm the only one who uses the machine and so i must of accidentally unchecked it. Still don't remember doing it though!

    vlad
     
  13. cyberdoc999

    cyberdoc999 Registered Member

    Joined:
    Apr 2, 2004
    Posts:
    5
    a ProcessGuard that works with punkbuster games!!!!
    currently you have to un-install ProcessGuard to play punkbuster
    games ie Battlefield 2 ect.....
     
  14. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    602
    Location:
    Australia
    One recurring annoyance is the tooltip box popping up with "known" (and accepted) blocks, this is an annoying type of false positive because the PG icon goes red

    In my case it is because I am using a citrix client and get the alert
    Its something that doesn't matter and happens frequently (when I switch back to the citrix window) but it pollutes the log files and gives visual false positives to the point where I ignore the colour of the PG icon now becuase it doesn't actually indicate that there is a problem


    Also worth noting is the thread raised by passing thru about hangs during shutdown, that would be a nice thing to see fixed

    And not to forget, a fix for the services.exe issue with drivers. I realise that the workaround given is reasonable as long as people are careful, but if someone does an install in learning mode (as suggested) then services.exe could silently obtain service/driver install privileges again and not everyone may realise that they need to check afterwards if they use learning mode.

    Thanks
     
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Is it possible to have a function which PG can prevent another kind of EXE spoofing?
    ==============================
    Case (1)
    svchost.exe is at c:\windows\System32
    However the hacker uses a trick to put the SAME file name svchost.exe in other paths (eg c:\windows). If I see it would like to be executed, I would probably get deceived.

    Is it possible to add file path verification, so one can warn me about possible spoofing, so I won't make silly/careless mistakes?

    Case (2)
    This time the hacker uses a trcik to change the name of a legitimate file a bit (eg scvhost.exe). If I see it would like to be executed, I would probably get deceived.

    Is it possible to add file name verification, so one can warn me about possible spoofing, so I won't make silly/careless mistakes?

    Note: In fact, since a hacker usually only change 1-2 characters, so one may implement a checker if it checks that the file name is slightly different form a Win legitimate file. If so, issue an warning.
    ===============================

    After all, are the above diffiuclt to implement?
     
  16. ibeme99

    ibeme99 Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    39
    1. It's counterproductive and annoying to place the popup window in the center of the monitor screen. I got a popup message from PG and wanted to research the module. Unfortunately, it was difficult to use the browser because of that damm popup window sitting in the middle of the screen without a title bar or controls that would allow it to be minimized or moved.

    2. When running PG, I am unable to do a clean backup using Windows backup. get the following dialog:

    Backup Status
    Operation: Backup
    Active backup destination: File
    Media name: "C_Backup.bkf created 8/14/2005 at 5:30 AM"

    Backup (via shadow copy) of "C: C_HD1_Boot"
    Backup set #1 on media #1
    Backup description: "Set created 6/24/2005 at 5:10 AM"
    Media name: "C_Backup.bkf created 8/14/2005 at 5:30 AM"

    Backup Type: Normal

    Backup started on 8/14/2005 at 5:30 AM.
    Warning: Unable to open "C:\WINDOWS\system32\pghash.dat" - skipped.
    Reason: Access is denied.

    Warning: Unable to open "C:\WINDOWS\system32\pguard.dat" - skipped.
    Reason: Access is denied.

    Warning: Unable to open "C:\WINDOWS\system32\drivers\procguard.sys" - skipped.
    Reason: Access is denied.

    Backup completed on 8/14/2005 at 5:36 AM.
    Directories: 1439
    Files: 15938
    Bytes: 2,488,316,782
    Time: 5 minutes and 48 seconds

    3. It doesn't seem smart to initially run PG in learning mode UNLESS you are 100% sure that you don't have any rouge processes hiding in your system. Otherwise, they will be approved automatically, which seems to defeat what PG is trying to do.

    4. The UI is UGLY. I wish developers would express their "creative urges" elsewhere and stick to the standard Windows GUI. Makes helping others over the telephone or in forums a lot easier if everyone is on the same page from the beginning.

    5. You should take a hash or CRC of every program approved for execution and check against that hash in case a hacker gets access to your system and installs a new replacement file with the same name as a system file that has been approved.
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Every executable that is on the security list is MD5 hashed, any changed or new executable is alerted on.

    Thanks Pilli :)
     
  18. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I second.
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    currently while PG is in LM, i notice that if an executable (like an installer) tries installing a service, hook, etc. then PG initially blocks it then allows it, this sometimes causes error messages from the executable. when in LM allowing permissions should go smoother or be silently added.
     
  20. anon

    anon Guest

    It would be great if I could use PG to regulate which programs could run with and without administrative rights.
     
  21. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    This requires a complete redesign of Learning Mode.. version 4 feature most likely. Lots of other things mentioned are being added/fixed for the next version though :)
     
  22. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i think only windows can decide that; also if u need to run a program under a limited account just use Run As and run it as admin.
    thats good to know, im looking foward the new version.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,582
    Location:
    The Netherlands
    About the GUI, please make it look more like System Safety Monitor v2, I think it´s a much more professional looking GUI, much slicker. :)

    http://syssafety.com/screens.html
     
  24. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Not sure if the following has already been mentioned or not in the numerous posts in this thread, but I believe I've found a small bug.

    Normally when I install software, I turn PG's protection OFF (as I just did when installing the update to Port Explorer :) ). As you know, lots of software will ask you to restart your PC after install, which I did, leaving PG's protection OFF. And when Protection is OFF, there is a dark "X" through the pretty PG icon in the systray. Well, after restarting my PC, I noticed the "X" was no longer there, but Protection was still OFF. If I hadn't remembered that I still had Protection turned OFF, I probably would have never realized I was unprotected, because the "X" was not there to remind me.

    For the next release.......... Thanks! :)
     
  25. CheriePie

    CheriePie Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    4
    I'd like to see the addition of tool tip like functionality for when the text in a given column is wider than the column. Then when you hover over the text in that column, a little tool tip pops up to show you the full text of that field.

    In a similar vein, I like to resize the columns and it'd be great if this column resizing can be remembered between reboots.

    Thanks!