sorry for all the questions, but........

Discussion in 'ProcessGuard' started by INTOXSICKATED, Feb 5, 2005.

Thread Status:
Not open for further replies.
  1. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    is it safe to say that all the programs listed in my security tab, should be put in my protection tab as well?
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi INTOXSICKATED,

    For now, I believe, the Protection List is limited to 250 items. I have about 200 items in my Security List, but only 45 in my Protection List. I prefer only to protect security apps and few other processes that autostart and run all the time, or that require special permissions. (That includes the system processes that are added during Learning Mode). I don't think it is necessary to add an app that I rarely run or an installer that runs only once. For those, the hash checking function of the Security List should be sufficient protection/warning against tampering.

    Nick
     
    Last edited: Feb 5, 2005
  3. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    Hi INTOXSICKATED,

    I think you probably don't want to protect all the programs listed in your security tab. Giving a program PG's protection could be thought of as saying, "I depend on this program and I trust it, so treat it differently than an ordinary program." By default, it will be authorized to read and modify other PG-protected programs, though you can adjust that as you choose. A malicious program could use "modify protected apps" to alter (and probably kill) most/all of your security programs.

    I usually PG-protect programs for the following reasons:
    1) Vital to Windows' security/stability (winlogon, userinit, lsass, csrss, services, svchost, rundll32, etc.)
    2) My security applications: firewall, AV, AT, AS, PG (procguard, pgaccount, dscuserprot), etc.
    3) Internet apps: Browser, Email, IM, Download Mgr, etc. (anything that gets thru your firewall to the internet)
    4) Applications that need special privileges: Legitimate programs that only function correctly when they can install a hook or a driver or access physical memory.
    5) Persitent, unwanted programs: I never run Outlook Express, but you can't be sure it's really gone. I protect it (just in case) but I remove all PG-authorizations.

    There is no such thing as a program that I trust "completely". It comes down to a compromise between risk/functionality with PG-protection vs. risk/functionality without PG-protection.

    There may be other good reasons to protect applications. For instance, MS-Office is a high-profile program that can be targeted by malware. I don't use it, and I'm not sure about pros/cons of protection for it.

    EDIT: Oops, mostly what Nick said (so much more succintly :) ).
     
  4. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    thank you both for the response, it's making more and more sense as time goes by.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,058
    As another approach, since my computer is on the internet all day long, I also protect any application that I use for any length of time while online. This does include all of Microsoft Office.

    Pete
     
Thread Status:
Not open for further replies.