Some questions

Discussion in 'Ghost Security Suite (GSS)' started by Comp01, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Currently I'm running process guard, but I see AppDefend has many more features (mainly interested in the outbound network protection, I want something lightweight for outbound because I love ghostwall so far, but would like some outbound protection), so I'm considering switching, but first, what are the main difference in AppDefend and pg? Also, what are the limitations/cut-out features on the free version of AppDefend?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    see this thread concerning teh differences.

    Also iirc, the beta from the website does not expire. I do not know if it is the same with the new alpha builds that Jason has released.
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The current alphas do not expire - so that part hasn't changed. :)
     
  4. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    I used to use ProcessGuard myself, before that I used SSM when it was free, I switched from PG to GSS (AppDefend & RegDefend) because I liked the way it worked and it was easy to use, the alerts are fantastic :thumb:

    I think one of the things that also made a big difference was that AD worked in the reverse way to PG, with PG you had to tell it what to protect and how, with AD it worked like a network firewall, I loved that so much, it protects all your processes and system without having to configure it really, through you do need to set rules to allow or block a particular action, like being able to terminate another process or accessing your network, a real improvement over PG :D

    Comp01, the best advice I can give you is just try GSS, at the moment v1.110 beta is really stable and works really really well, you wont regret giving it a try even if you dont like it.....through I'm sure you will love it like everyone else has :D

    Hugs,
    Fluffy
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Alright, I've installed GSS, so far its really nice, however it says the trial ends in 15 days? however once the final version comes out I will deifnitely buy, very nice program, very good work, very light and fast, anyways, what features will be disabled in the final version/when the trial expires?
     
  6. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Is there a way to test the driver install/rootkit blocking?
     
  7. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    It isn't even blocking drivers/services...
     
  8. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I disabled regdefend, so is that what blocks drivers/services? If thats the case then doesn't the regdefend side expire? And then no more drivers/rootkit protection? I'd really rather not put out money on an app thats still in beta, so I mean if this is going to expire in a few days I might as well just switch back to PG til AppDefend gets out of beta/alpha stages...
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    AppDefend is responsible for blocking drivers/rootkits iirc. Have you checked its settings?
     
  10. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    The default settings are Ask / Block for rootkits, however I don't get asked about it at all if RegDefend is disabled
     
  11. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I can start things that I know will install drivers, and still don't get asked.
     
  12. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I'll just go back to PG... This will be a nice app once out of beta, but it just doesn't block drivers/processes from installing, even though its configured to do such.
     
  13. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    And I am correct, it seems RegDefend handles services/drivers atleast from my testing, so after the 15 days while the AppDefend beta runs fine and doesn't expire, it leaves you with a severe security hole not having RegDefend, and its stupid to pay for a beta app, so in 6-months to a year whenever AppDefend is finished I will switch to it permanently
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm not certain of your definition of "handles services/drivers" but RegDefend does as the name implies....it defends the registry.

    RegDefend
    Bubba
     
  15. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yes, but from my testing with apps that installed drivers/and or services, I would get no popups, no warnings, no blocking, what-so-ever, with RegDefend disabled, with ANY settings, if I set rootkit/driver installations to just block (under the default rule) Services.exe was "blocked" from installing, and all system apps were blocked from installing, and I made sure every other app was set to default (which was block) and I still got nothing, drivers went through seemlessly, services went through, no prob, only time I got any warning was with RegDefend on, I sat here for quite a bit today messing with the configs, something should've worked.
     
  16. ignign0kt

    ignign0kt Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    5
    I have just tested AD and RD with a rootkit, oddly enough, AD doesn't catch the rootkit driver at all. But RD catches it being entered in the registry.
    I'm also curious why AD didn't see it.
     
  17. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    This might help a little.... and I agree that the distinction is quite hard to fathom unless you happen to know what is happening
    • The AD component is blocking abnormal ways of loading drivers
    • The RD component catches more "conventional" attempts to load drivers because that requires registry keys to be created during the driver load process
     
  18. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Well it depends on the rootkit, they use various methods to install themselves. For a while there was a lot of research into trying to get around the usual "use the registry" approach, but I guess they realized it's almost pointless since most things won't block the registry in the first place. The other methods which aren't registry based are covered by AppDefend.

    AppDefend in the future may cover the "undocumented non registry" approach to cover service only entries, I had to do the same thing for ProcessGuard so you could see the real process trying to do the service install. However you'll still need RegDefend for the processes which manually insert themselves into the registry (then reboot) rather than use windows API to do it.
     
Thread Status:
Not open for further replies.