Discussion in 'WormGuard' started by Jason_DiamondCS, Dec 18, 2002.
worm guard 4 today now lol
I suggest to include a digital signature in each .dll file distributed with WG4 (well also TDS4+PG2), and then the WG4 exe file could verify that before loading it. This could protect from a subset of dll hijacking attacks.
I do not have an "address book" simply because, even though I have as much protection as possible on my computer I do not want to spread any worm or virus to my friends. So I use the old fashioned way of typing their address in, instead of keeping an address book. Thus reducing the spread of so big, netsky etc.
Hey Tut, that would be an excellent file to keep encrypted in your CryptoSuite.
But WG should protect against such worms even starting to run at all.
Yes you are correct about WG protecting me, but I am trying to take every possibilty into account, anyway typing addresses in is good practice.
You do have CryptoSuite as well in the meantime i hope? Think it's nice to keep all passwordlogfiles and addressbooks inthere, everything sensitive open for any abuse and preying eyes
Does this mean you delete all emails too to prevent harvesting from emails and documents, even from textfiles?
it would be appreciated if the new ver Wormguard 4 has database updates like your TDS 3 etc
Your wish will be granted, as it has been stated previously, though I cannot find the thread ATM
I am not sure exactly what path the updates will take, hopefully Gavin will explain.
I have a suggestion. Work harder, faster, more efficiently, and/or more effectively. Finish something.
I apologize if it has been posted before, I got too lazy at the 2nd page.
How about an option to disable things that wormguard can be triggered by?
Such as multiple extensions... I have windows set to show all the extensions, so I have no use for it, it just annoys me when I try to open legit files that have v1.5 or something of that sort in them and then, that big WG window pop ups, and as if that's not enough, when I select 'always allow' another window pops up asking me if I'm sure...
Ofcourse I'm sure! Why else would I press on it
You can exclude files so they are a.llowed always, but i would not be happy with all dual extensions ignored like
document.text.................(many spaces)........ exe
I am no expert, but I think it's better that WG4 not have a database to update, but rather recognize code that worms use and stop them that way. Again, I'm no expert.
I think Jooske is right. WormGuard is simply protecting your system by responding. One way of stopping WG from annoying you would be to simply disable its protection.
There are things that I want WG to protect me from, and there are things that I don't.
All I wanted was to have an option to disable warnings about multiple extensions, not have it disabled by default.
All those warnings get repetetive and I tend to ignore WG's warnings because of that.
Initially, I was just giving you a hard time, but the more I think about it the more I think that you raise a good point. One can become desensitized to the alerts and complaisant by getting used to saying "OK...run the file" every time. Next thing you know you just gave permission to the wrong thing.
I am going to step out of my league here and as a technical question. Are the only files that we have to worry about deceiving us by using multiple extension .exe file that are masquerading as something else? Or are there others? My guess is that there are others. If there are a select few, then why not work something into the program that allows for example a .doc file with multiple extensions to run. Maybe I'm answering my own question here, but my guess is that due to executable macros that can be contained within files like .xls files this would be very dangerous. Just a thought.
Any chance of getting a reply about my suggestion from the development team?
I receive more often then i like doc and xls files these days as attachments and get warnings each time, why? because of multiple extensions in the naming.
file first version01.05.04.doc of course that triggers alarms, but i see macros mentioned too. I always ask the sender about it. Sometimes i take the trouble to rename such a file so it has only one extension and gtry again, i might upload it on the kaspersky online scanner for a second opinion, etc.
But if i get it from a source which forwarded me recently one of the hoaxes to remove the "jb..." bear virus from my system i don't consider that a reliable source so i do take all possible scans to make sure the file should be ok before i open it. And wormguard will keep beeping on the file, surely!
Take the trouble of looking at it in safe mode and WG will tell you what it finds suspicious enabling you to decide better.
Since most worms propogate through e mail, I would love to see a "safe" mail client in wormguard, in the style of "The Bat!".
Wormguard 4 in June would be nice
We receive hundreds of suggestions for our software on a very regular basis, it's simply not possible to respond to them all or we'd be spending all our time working on replying to suggestions rather than implementing them. Many good suggestions have been made by a lot of people and the best ones will certainly be incorporated where possible, but please forgive us if we don't have time to discuss your suggestions.
keep it "as is", running in deep background without slowing down the system. I have enough bells and whistles. then again, I don't know enough about worms to make a really meaningful comment. but I assume it's design is basically a good one and strong, so why make it obtrusive with options if that's not it's purpose.
How about fixing the bug in which the Windows XP Help and Support won't come up from the Start menu? It gives an error dialog about an invalid windows program. Wanna get rid of that shortcut from my desktop.
If you want to remove that from the start menu, right click the start button, properties. Customize button, advanced tab, in the Start menu items.
Here are a couple:
Separate names with a comma.