WG, PG,...

Discussion in 'other anti-malware software' started by Atomas31, Dec 25, 2006.

Thread Status:
Not open for further replies.
  1. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    Since DiamondCS seems dead for good and the fact that I own most of their products, I was wondering :

    Does Wormguard still very usefull nowaday? Can I disable it and count on Nod32 and Boclean to detect any worm and do what Wormguard was doingo_O

    Concerning PG 3.15 wich I really liked, is there any good alternative that can do all of what PG can do and even more (with good support :)? If possible in a similar approche and GUI?

    Thank you and good holidays,
    Atomas31
     
  2. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Atomas31,
    I would remove both WG and PG because products that aren't continuously update become obsolete very quickly these days, especially considering that you have quality products like NOD32 and BoClean. If you feel naked without PG maybe you should seriously consider Online-Armor.
     
  3. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Dallen,

    Happy holidays!

    I have disabled Wormguard and Process Guard and you are right, I am feeling a little bit naked!!!

    As for Online Armor, I know it and, unless I am mistaken, it doesn't do the same than PG... Also the last time I started it (I already have it but don't use it), there was no way to terminate the online armor services (GRRrrrr!) and this is something I personnally hate.

    Thanks,
    Atomas31
     
  4. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Happy Holidays to you. It's good to hear from you!!!

    We all use our computers differently and we all have different expectations from our security strategy.

    I'm not one to know the technical differences between OA and PG. Additionally, I am one that prefers user friendliness to meticulous security. So my advice may not be the best for everyone.

    That being said, I am confident that PG is nothing more than a decaying false sense of security.

    Whether Online-Armor is right for you is a personal choice. I have found it to be unobtrusive while simultaneously providing decent security. I’m rather new to the beta-testing team, so admittedly I have not thoroughly tested it against attacks, but I like what I see so far.

    May I ask why you prefer the option of terminating the service?
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,739
    Location:
    New York City
    I agree with dallen that NOD32 and BoClean are two excellent programs. If you want to add a HIPS, give free SSM (system safety monitor) a try. http://www.syssafety.com/ They also have a paid version. They also have a forum for support for both versions.
     
  6. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Dallen,

    What I mean concerning the termination services is when you click on Start/administration tools/services and then look at the online armor service, it was impossible to stop it, you had to change the property to manuel and reboot so you won't have this services running background anymore... That was an old build that I beta test some times ago so maybe now it is different. The reason why I like to have that control is for exemple if you want to start another software who is or might be conflicting with that services, I don't want to change property and then reboot to be able to open that other software... That's all!

    Right now, I am trialling Prosecurity wich seems very promising and more to my taste...

    Thanks,
    Atomas31
     
  7. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Atomas31,

    That is still the case - this was to stop malware potentially stopping the OA service in a trivial way. If this is a showstopper for you, I can probably add the ability to do this inside the OA GUI somewhere - or, alternatively, we could implement a warning when something tries to shutdown the service.

    Kernel mode OA just hit the beta test team, so there is definitely scope to change how things work.


    Mike
     
  8. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Mike,

    Yes, that is a show stopper for me... I only know one other application who does that an it is Spysweeper (GRRRrrrr!). If you can rectifie that, I might start using again my version of OA.

    Also, I am trialling Prosecurity wich I really like and seems like an ameliorate and more complete version of Process Guard and was wondering if the two products (Prosecurity and OA 2.0) can work together without any conflict? Are there gonna be any overlaps?

    Thanks and Happy Holidays,
    Atomas31
     
  9. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Atomas31,
    I know nothing about Prosecurity, but I do want to caution you about one thing. Learn a valuable lesson from the DCS debacle, customer support matters and a product is only as good at its developer. Mike Nash seems to be as classy as they come. This is evidenced by his willingness to listen to his customers.
     
  10. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands

    Could have been my words ;)
     
  11. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Dallen,

    Thank you for your advice! As I am concern, I believe that a developper that does something good desserve a chance... If nobody never gave Mike a chance to show us how classy he was and how good is product was just because of the DCS debacle, than Mike and OA will already be history and we will have lost a classy guy and a great product... :)

    Atomas31
     
  12. ClassicQ

    ClassicQ Guest

    For the time being there is nothing wrong with PG, and WG should server it's purpose/design indefinitely. I wouldn't move at all to any Ghost Security products as their support is also almost null too. While I don't use OA (nor am I connected in any way to Online Armour), I can really appreciate the effort they display in development (just think about the leaps and bounds OA has made since it's inception) and the support they (Mike Nash) provides here at Wilders, in addition to their own support forum. I think one day, OA will have an official support forum here. :cool:
     
  13. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,702
    Location:
    Texas
    Hi Atomas,

    I was a long time user of PG & finally got fed up with their, horrible customer support. I uninstalled PG got a 'competitive upgrade price', & am verry happy with SSM. SSM is like PG on steroids.

    Take Care
    Rico
     
  14. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I absolutely disagree with this statement. both WG and PG have been obsolete for a very long time. Almost immediately after Jason left DCS, he told me that PG had some serious problems that he wished he could fix, but could not since it was no longer his product to develop. Wayne has proven his unwillingness to address his product's issues, to wit Wilders was forced to take action.

    I'm not one to try to predict the future, although I will take credit for being one of the first to illuminate Wayne (DCS) for what he truly was, but it would not surprise me if Jason (Ghost Security) follows in Wayne's wake and meets a similar fate.
     
  15. ClassicQ

    ClassicQ Guest

    The issue was processes using 'services' to install drivers (and bypass security), which there is a working around for and may have been address with the latest release (I don't know for sure I don't actively use the product [I use Linux rather than Windows by choice], but I have tested it many times in VM sessions). What is the issue with WG? There are free apps that provide the same protection - which are still valid today. How is it obsolete?

    Wow, Do you really take what is said by an ex-employee and competitor at face value? Your anti-DCS bias is helping lead you astray, which isn't a good sign. Do you have anything that you can factually back up your beliefs with? :doubt:

    I'm anything but a DCS fanboy, I hate what they've done / become ... but I wouldn't dismiss the merit of the product without understanding the issue and having actual evidence. :doubt:
    That statement I can agree with ;)
     
  16. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    ClassicQ,
    I apologize if my criticism of your conclusion that nothing is wrong with PG or WG upset you. That was not my intent. It seems that what you consider to be "the issue" is different than what I consider the issue to be. So, it seems that we are in disagreement about different things.

    I consider it obsolete for a number of reasons including, but not limited to, the fact that it has not been updated for years and almost every quality AV on the market provides better anti-worm protection than WG.

    It seems that you know enough about computer security to understand that the dynamic nature of malicious threats cannot be met with stagnate defenses.

    I absolutely take it at face value (which means I don't give is much weight considering the vested interest the ex-employee has in the matter), but when I discuss the matter with the ex-employee privately and the statements are coupled with the reasons for making them and subsequently verified, I tend to take them at more than face value.

    They've become non-existant and the fact that you wouldn't dismiss a non-existant company's antiquated product in an ever-changing environment of increasingly sophisticated threats speaks for itself.
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    In the summer of '05 I tested several script-blocking programs for a friend who was interested
    in that type of protection. I found WG to be in a class by itself.

    Two of the other popular ones at the time added a line in the Open|Command line in the Registry
    for all script filetypes, resulting in passing the open command for that filetype to the blocking program.

    WG on the other hand, has it own script analyzing engine, which looks at all filetypes that run scripts.
    There is a slight difference: .html was not normally blocked as a script filetype in the other programs,
    but is capable of running scripts. See a discussion here, where I ran a test using .html:

    https://www.wilderssecurity.com/showthread.php?p=521885#post521885

    Another filetype that can run scripts is .doc, and WG will catch it, but the other programs would not
    unless added to the block list, which would result in every .doc file requiring a prompt from the user.

    http://www.urs2.net/rsj/computing/imgs/wg_doc.gif

    At the time, I didn't consider WG just from the standpoint of worms, and would be interested
    in how current products handle scripts contained in files such as .doc.

    regards,

    -rich


    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  18. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Rmus,
    If I'm not mistaken, both KAV and NOD32 each have methods of coping with the threats you reference. Furthermore, I think IE7 has a method of disabling scripting triggered via html.

    Actually, I tested the following script:
    Which you provided as a means of testing. I created an .html document containing the script and with default settings I am provided a warrning from IE7. I will play with the same script using a .doc file and report back.

    Meanwhile, I stand by my conclusion regarding DCS and their products.
     
    Last edited: Dec 26, 2006
  19. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    Back to the topic,

    I use PG for a long time and now since their support is gone o_O Should I replace PG with an other safe and easy going app o_O
    What would you recommend o_O
    Thanks
     
  20. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    true north,
    You are going to hear advice both ways, but I want to emphasize that PG is fundamentally flawed and relying on it only gives you a false sense of security. You need to remove and replace it.

    The problem is that the product that I would replace it with has not been released yet.
     
  21. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    To borrow a phrase from Blue, I would do a "risk assessment:"
    1) What types of threats doesn't PG protect against that you think are necessary?

    2) What is the likelihood of you encountering such a threat?​

    If using PG doesn't satisfy your risk assessment, then it's time to change. Looking at other threads, this goes on all of the time with other products: people switch because they think something else is better for them.

    I don't think it matters whether or not the product is still supported - if it meets your needs, why change?

    This has been discussed in other forums, and I notice other PG users sticking with it.

    Referencing my above post, my friend still uses Worm Guard because it meets a particular need in her work, so there is no reason to change.

    regards,

    -rich



    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  22. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I agree with everything Rmus said in his/her most recent posting.

    The only thing I would like to add is that a false sense of security is worse than a complete lack of security.
     
  23. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    You really do know nothing about ProSecurity. From what I have come across the developer of ProSecurity seems to be about the most responsive developer around at the moment. However, IMHO willingness to listen to customers is good but a sound financial model/basis for the development of the software is even more important...and we know very little about any of these developers.

    It would be good to get some more information in this area.
     
  24. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Baldrick,
    What did you mean by reiterating my admission of a complete lack of knowledge of ProSecurity?

    I agree that the responsiveness of the developer is not the only criteria in which one should judge a software. You are correct that "financial model/basis" (business plan) is also very important. However, when you say "we know very little...", you should probably restrict your assertion to yourself. I'm sure there are some here that have at least some knowledge about the business plans of these developers. I, for one, have some knowledge about a financial aspect of one of the developers that I consider to be pertinent. However, I don't feel that information is for public discussion.
     
  25. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    The reiteration was to confirm that the statement seems to be true.

    On the other point, I believe that the 'we' (as in the collective and not trying to single out any one person although it appears that I may inadvertently touched a nerve) is justified as this aspect of the software developers and their products that are discussed, recommended and panned in public does appear to be almost completely omitted from discussions. That is a shame.
     
    Last edited: Dec 26, 2006
Thread Status:
Not open for further replies.