Andy Ful

Level 43
Content Creator
Trusted
Verified
Different strokes for different folks. I'll take my chances. Best Buy has better customer service than Fry's Electronics, but it doesn't change the fact that Fry's has better stuff. AG has given me no issues so far. A couple of post-factory entries and I'm good to go. Less effort than H_C to set up, and less effort to lock/unlock. It's a mature and polished product, which I appreciate. I like working with my computers, rather than working on them. I get more than my share of that as is.
AG is a very good commercial product (paid). Both AG and H_C can be locked/unlocked with one click. H_C can be configured with 2 clicks (Recommended settings). H_C is more restrictive for the user actions than AG, and less restrictive for the system processes than AG. Both have some unique features. I think that AG can be more usable for many people, but there are some people who think otherwise.(y)
 
Last edited:

LDogg

Level 28
Verified
All these scripts and programs people have listed here are just scams. They don't work and they don't improve your security. Instead the will make your security worse.
Sorry to put my discourse in this manner, but I don't think you have any prior experience, knowledge, evidence or expertise in suggesting the software is a "scam". Hard Configure, AppGuard et al increase security of one computer massively dependent on oneself implementation of a computer setup.

If you do have any evidence to put forward as an argument to backup your quoted claims I would very much like to see in put in motion, also you're border-lining defamation as this could deter people from using such software if people believe your statement, thus loosing potential revenue and clientele.

Please be careful with future statement if you have evidence to put forward.

~LDogg
 

ebocious

Level 2
AG is a very good commercial product (paid). Both AG and H_C can be locked/unlocked with one click. H_C can be configured with 2 clicks (Recommended settings). H_C is more restrictive for the user actions than AG, and less restrictive for the system processes than AG. Both have some unique features. I think that AG can be more usable for many people, but there are some people who think otherwise.(y)
Yah, I'm more concerned about system processes than user actions. Nobody knows my admin password but my wife and me, I research before I install/run, and my wife doesn't install anything; so I don't need protection from myself. Fileless malware is my biggest concern.
 

Andy Ful

Level 43
Content Creator
Trusted
Verified
Yah, I'm more concerned about system processes than user actions. Nobody knows my admin password but my wife and me, I research before I install/run, and my wife doesn't install anything; so I don't need protection from myself. Fileless malware is my biggest concern.
In the home environment (almost) all malware are started by user actions so initially can run only with standard privileges. So, it is far better and safer to restrict user actions, because this does not disturb Windows system processes, Windows Updates and administrative scheduled tasks. The malware/exploit cannot run because of those restrictions, so cannot get higher privileges, too.
If you want to apply restrictions with high privileges then you cannot restrict user actions as much as with standard privileges, because this could break something in the system. But, such restrictions are necessary for enterprise users, because the computers in the large local network can be attacked with high privileges (remotely).
 
Last edited:

ebocious

Level 2
In the home environment (almost) all malware is started by user actions so initially can run only with standard privileges. So, it is far better and safer to restrict user actions, because this does not disturb Windows system processes, Windows Updates and administrative scheduled tasks. The malware/exploit cannot run because of those restrictions, so cannot get higher privileges, too.
If you want to apply restrictions with high privileges then you cannot restrict user actions as much as with standard privileges, because this could break something in the system. But, such restrictions are necessary for enterprise users, because the computers in the large local network can be attacked with high privileges (remotely).
True. And if I ran an admin account, shared my admin password, or had UAC turned down; then I would have greater cause for concern. But I don't. Now, since I run Chrome with its sandbox and site isolation, along with Malwarebytes Browser Extension, Bitdefender TrafficLight, WoT, and Quad9 DNS; I realize my chances of landing on a malicious page are slim from the get-go. And if I do land on a malicious page, or a legitimate page infected by a third party, the malware on that page has to be able to defeat MBBE and BDTL, escape the sandbox, and execute.

It's a tall order, but not impossible. And since my processor is vulnerable to Meltdown and Spectre, not to mention how much harder it is to detect fileless malware, I don't feel like waiting until a working drive-by download kit enters the wild. There's something I can do about it now. And I'm doing it. Blue Ridge acknowledges that, once Spectre executes, nothing can stop it. But because certain events have to take place before Spectre can take hold, a proactive program like AG has as good a chance as any of stopping it before it's too late. And since the OP specifically asked about default-deny alternatives to Cruel Comodo, this is material information. Cheers!
 
Last edited: