Why you should upgrade to PG version 3

This is why you should upgrade to PG version 3

DiamondCS Process Guard Protection Features Disabling Vulnerability

Description:
Tan Chew Keong has reported a vulnerability in DiamondCS Process Guard, which can be exploited certain malicious processes to disable the security features provided by the product.

The problem is that the security features provided by the product can reportedly be disabled by restoring the running kernel's SDT (Service Descriptor Table) ServiceTable by writing directly to the "\Device\PhysicalMemory" section object.

Successful exploitation disables the protection measures thereby allowing a privileged process to terminate protected processes.

The vulnerability has been reported in version 2.000. Other versions may also be affected.

Solution:
The vulnerability will reportedly be fixed in the next release.

Always run applications with least privilege to lessen the impact of e.g. malware.

PS: http://secunia.com/advisories/12033/

 

Hi A884126, Old news I'm afraid, If you look through the beta threads you will see a screenshot of kprocheck being stopped dead. Can't find the link ATM
This was one of the reasons for the Version 3 development.

Pilli

 

Here is the link Pilli : https://www.wilderssecurity.com/showthread.php?t=51396

Specifically, posts #12 and #16.


Regards,
Jade.

 

Also in this thread: https://www.wilderssecurity.com/showthread.php?t=48478

Post #12 from Andreas.


Regards,
Jade.

 

I think he was saying that is why you should upgrade to v3.0 if you can.

 

Well...think of my posts as proof that the vulnerabilty is fixed, and that one should upgrade to Process Guard 3 !.

Regards,
Jade.

 

Thanks for the pointers Bowserman It was late here and I was just closing down.

Pilli

 

will there be a manual for v3 ?

 

Hi SPC, (Autumn dissapeared) There will be a completely revised Helpfile which will be pretty comprehensive, you also have these public forums where many questions are answered and or you can get a response very quickly to any other problems.

Process Guard's new learning mode and GUI takes out much of the pain of setting up, this makes it much more user friendly.

HTH Pilli

 

Jason, you got it right!

There is no question mark, so it is more a statement if you know what I mean...

 

A small request for DiamondCS - please refrain from using blinking text (I know it's just one sentence but I still find such things annoying).

 

It's already been removed.

 

[blink]That's good to hear![/blink]

 

Just updated the title of my first post and add the security info link.