Should ProcessGuard be trashed?

Discussion in 'ProcessGuard' started by Nautilus_, Nov 30, 2003.

Thread Status:
Not open for further replies.
  1. Nautilus_

    Nautilus_ Guest

    I believe there a valid arguments why ProcessGuard should be taken out of business:

    There are numerous trojan coders who have worked really hard to develop super-stealthy DLL trojans. They spent much time to research the fundamentals of CreateRemoteThread injection technique, developed a concept to bypass firewalls, created fascinating injectors and collected countless packers & crypters in order to camouflage their new trojan breed. More and more trojan coders recognized the possibilities offered by DLL trojans and committed themselves to this new concept. In summary, DLL trojans scared a lot of people and such fear resulted in huge business opportunities for AT software producers.

    And now, DiamondCS makes an extremely unfair move and develops PG which makes all DLL trojans useless in an instant. Instead of assiduously creating a lot of new trojan signatures and enhancing the TDS-3 module scanner, DiamondCS went the easy way and developed a tool which simply prevents all DLL trojans from being injected via CreateRemoteThread. That's really a reckless scam which eliminates an entire trojan class and makes AT scanners partly obsolete! And I can't foresee many possibilities to get out of this misery. Static DLL injection is just too difficult for many trojan users and LSP trojans still have to be released. On the other hand, every stupid newbie user can protect himself/herself with ProcessGuard since its GUI is so damn intuitive.

    For this reason, I believe that ProcessGuard should be immediately trashed before even more people hear about it.

    Nautilus :D
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Bravo Nautilus :D But they will keep on trying & innovating and so must we ;)
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    LOL! Very clever Nautilus. ;)

    Yes, ProcessGuard may well be the solution to defeating countless classes of Trojans well into the future.
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Nautilus_, you should be a reviewer :D
    Dolf
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    With causing so many others to become breadless it's easy in the end reviewing DCS tools only.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    But Gates's firm will still find away round it :p
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    He's given half of his capital to all kinds of good organisations in need, guess he's just making sure nobody gets ever breadless.
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I like the idea of Process Guards wich makes crap like trojan dll injection method useless
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Imagine the trojan writers need all new education trying to find new ways around. Sad case for them. And with the DCS attitude of being at least one step ahead all time ..... The program is complicated already, expect it to contain much more protecting abilities on the systems then initially thought.
     
  10. jules12

    jules12 Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    6
    HELP- - - ALL FILES BEING DELETED FOLLOWING PG3.5 run and MUTEX 2 Error message. SOrrr y not poseted right but forum wouldn't take new log in and I am a bit concerned about more than 1/2 of my programs and Media files disappearing
     
  11. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I see Nautilus is giving credit where credit is due. It is my opinion that Process Guard is one of the most innovative pieces of security software that has been put out in quite some time.

    It may just be me but it just seems that over the last several years not many security products or companies have really innovated and attempted to protect against future threats as well as present threats (This includes Microsoft as well).

    Most of the companies that have developed scanners (until recently) just settled into a comfortable mode where they just concentrated on creating signatures AFTER the threat starts to become widely used. Many scanners until recently would not even do simple things like encrypt their database just to make it a little bit tougher for code to be changed in order to beat that specific scanner.

    Many people place great faith in signature based scanners. I don't....Some people say there is no 100% security and there may not be but I want my security as close to 100% as possible and PG v3 goes a long way toward that.

    I just can't trust the protections that scanners give me....too many what ifs. What if they did not add a definition yet? What if the scanner company lied about what they can or can not detect? What if they are careless and leave their database unencrypted and make it easy for people to make Trojans to defeat it? What if the memory scanner is too slow and gets terminated before it can protect you? I have seen these discussions/arguments on many security boards over many years. PG is one of the few applications that I see the script kiddies on some of the black hat boards raising their white flag (or is it black flag..LOL). They just don't see a way around it because for all but a tiny minority, it is far beyond their coding skills.

    There are "What ifs" with PG too but they are much less than a typical scanner (for me at least). The biggest "What if" with PG is that at this point in time it involves knowing a little bit about your computer because PG can be defeated by somehow tricking the user into lowering the defenses but if you are somewhat knowledgeable about what is going on with your computer then two classes of computer threats are basically pro-actively eliminated....root kits and dynamic dll Trojans without any of the problems inherent in signature based scanning.

    Now after saying all that I do use some signature based scanners as part of layered security. There are some things that PG does not protect against and I am right now looking for a scanner that will really innovate whether that be TDS4, BoClean, Ewido, Trojanhunter or A2 (AT's) or KAV, NOD, F-Prot, Bitdefender (AV's) etc...

    I am also looking for something similar to PREVX that DOES NOT PHONE HOME. Maybe a AV or AT could really innovate and create some type of pro-active solution like this that does not require as much user intervention as PREVX.


    Starrob








     
Thread Status:
Not open for further replies.