TDS-3 and PG

Discussion in 'ProcessGuard' started by siliconman01, Dec 10, 2003.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    With PG active and fully loaded up with user pgms and with the two PG General Protection Options set active, is TDS-3 with Execution Protection sitting in memory really necessary to fully protect one's system? I've always had TDS-3 start up automatically on boot and remain memory resident.

    I recognize this could be a "leading question" for TDS-3; however, it would be nice not to see it sitting in memory if it's no longer necessary. Perhaps it's now only needed for a manual scan of the system every so often?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    With my understanding of both programs I would answer yes and no.

    TDS execution protection, looks at a program the OS wants to fire up, checks it for problems and then if its okay lets if run. PG only protects you assuming that the trojan want to shut something down. If thats not the case, then you need TDS running to make sure nothing bad runs, because PG won't protect you. (thats a yes)

    I personally don't run it because, I have Abtrusion Protection running, and it flat won't let anything new run, period. So assuming a program slips in unannounced, I am protected, because it can't run, until I examine it and give it permission. (thats the no)
     
  3. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Execution Protection is only working when TDS is running. PG only protects TSD from being closed (or modified in memory)
    Dolf
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    @Peter
    PG does more than that, it prevents also thread injection and DLL injection, as well as process code modification.
    That's how lastest trojan hide into trusted processes.

    PG is a jewel :D
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054

    gkweb. But of course. Case of the fingers being faster than the brain. I sure agree that PG is a jewel.
     
Thread Status:
Not open for further replies.