Started by Jeremy Collake, March 01, 2013, 04:42:40 AM
Quote from: Jeremy Collake on March 01, 2013, 01:59:59 AMProcesses that Process Lasso can not get access to, such as audiodg.exe, are not listed in the process list. This is a protected Windows process, thanks to DRM.Avast's processes, like the processes of some other security software, are not shown because it was discovered that read-only querying of many security processes induces tamper detection events. These events are not handled well by security software, and can lead to thousands of duplicate events in their logs, repeated every second.I do plan to make sure these processes are listed in the near future. Initially, I tried to hide problematic metrics of the security processes so that tamper detection problems didn't occur. This was only partially successful, and after testing numerous products, I eventually decided to just ignore them all completely, at least for the time being. From a development perspective, the choice was potentially crippling interoperability problems, or ignoring these processes. Process Lasso is not intending to be a full-fledged task manager, it is more an automation tool, and rules should not be set on these processes anyway. Still, since so many people use it as a task manager, this behavior must be adjusted.
Quote from: phthisic on March 18, 2013, 11:13:37 AMThough the "protection" of the processes may explain why they don't show up, I guess I still don't understand why they all show up in every other task manager I have tried. Even simple ones from Win98 show these (though being pre-DRM, just as the Linux kernel has no problem bypassing file security, older ones may be able to do it simply by being simple and avoiding DRM collisions).Thanks, by the way, for looking into this. It seems like I only come to the forum when there is a problem, but I don't want to leave the impression that I don't respect and appreciate all the work done on this. I use it all the time, as my primary task manager, actually, since it's easier to kill things or set priorities all in one place. It's a tool I also recommend a lot, though the average user may be a bit intimidated by it. Maybe a one-button self-configuration would be a good idea for simpler minds, though I'm not sure how well that would work in practice since some processes need attention and tweaking beyond what most automation would do well.
Quote from: phthisic on March 18, 2013, 11:13:37 AMThough the "protection" of the processes may explain why they don't show up, I guess I still don't understand why they all show up in every other task manager I have tried. Even simple ones from Win98 show these (though being pre-DRM, just as the Linux kernel has no problem bypassing file security, older ones may be able to do it simply by being simple and avoiding DRM collisions).
Quote from: Jeremy Collake on March 22, 2013, 02:50:19 PMI am going to start enabling the view of these system and tamper-proof security processes more aggressively in the near future. Please let me know if there are any issues seen with security software tamper detection (sometimes it won't say anything, but will be busy emitting thousands of tamper detection log entries). It is difficult for me to test all security suites out there, and all their various editions and updates.
Quote from: BenYeeHua on March 22, 2013, 02:59:40 PMDid it help detect the virus that "touch" or trying to kill the anti-virus process more easily?Or they want to collect other thing for debug use?
Quote from: Jeremy Collake on March 22, 2013, 03:06:15 PMA few years ago, malware started to disable security products (makes sense, eh?). At that time, they added a bunch of tamper detection crap. In addition, they added all those big warnings and prompts when you turn off any particular function of their software.I must say, in general, I continue to be extremely frustrated with all security software, with the exception of Windows Defender. The third-party security products are all awful, slow down any system to extreme levels, rarely detect anything but benign threats, and are prone to false positives. It's more about scaring people into buying their software and continuing to purchase updates than anything else.I believe security software may even make users *more vulnerable* by lulling them into a false sense of security. Users can mistakenly believe their security software will detect threats, and be less safe in their activities. I believe it is better, for some users, to not use security software, and instead realize that their activities matter more than anything. By not using security software, they won't have the *false* sense of safety, and thus be more cautious.