Why you should upgrade to PG version 3

Discussion in 'ProcessGuard' started by A884126, Oct 20, 2004.

Thread Status:
Not open for further replies.
  1. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    This is why you should upgrade to PG version 3

    DiamondCS Process Guard Protection Features Disabling Vulnerability

    Description:
    Tan Chew Keong has reported a vulnerability in DiamondCS Process Guard, which can be exploited certain malicious processes to disable the security features provided by the product.

    The problem is that the security features provided by the product can reportedly be disabled by restoring the running kernel's SDT (Service Descriptor Table) ServiceTable by writing directly to the "\Device\PhysicalMemory" section object.

    Successful exploitation disables the protection measures thereby allowing a privileged process to terminate protected processes.

    The vulnerability has been reported in version 2.000. Other versions may also be affected.

    Solution:
    The vulnerability will reportedly be fixed in the next release.

    Always run applications with least privilege to lessen the impact of e.g. malware.

    PS: http://secunia.com/advisories/12033/
     
    Last edited: Oct 22, 2004
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi A884126, Old news I'm afraid, If you look through the beta threads you will see a screenshot of kprocheck being stopped dead.:) Can't find the link ATM
    This was one of the reasons for the Version 3 development.

    Pilli
     
  3. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
  4. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I think he was saying that is why you should upgrade to v3.0 if you can. :)
     
  6. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Well...think of my posts as proof that the vulnerabilty is fixed, and that one should upgrade to Process Guard 3 :p :D :D!.

    Regards,
    Jade.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for the pointers Bowserman :) It was late here and I was just closing down.

    Pilli
     
  8. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    will there be a manual for v3 ?
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi SPC, (Autumn dissapeared) ;) There will be a completely revised Helpfile which will be pretty comprehensive, you also have these public forums where many questions are answered and or you can get a response very quickly to any other problems.

    Process Guard's new learning mode and GUI takes out much of the pain of setting up, this makes it much more user friendly.

    HTH Pilli
     
  10. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Jason, you got it right! ;)

    There is no question mark, so it is more a statement if you know what I mean... :D
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A small request for DiamondCS - please refrain from using blinking text (I know it's just one sentence but I still find such things annoying). :(
     
  12. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    It's already been removed. :)
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    [blink]That's good to hear![/blink] ;)
     
  14. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Just updated the title of my first post and add the security info link.
     
Thread Status:
Not open for further replies.