Is prevx1 enough to cover what others like ProcessGuard or System Safety Monitor cover? Is there an advantage to add PG or SSM to Prevx1? Some people us both PG and SSM, isn't that an overkill? Could someone add PG and SSM to Prevx1 lineup? What other info about this can anyone provide?

dja2k

{QUOTE-> Is prevx1 enough to cover what others like ProcessGuard or System Safety Monitor cover? Is there an advantage to add PG or SSM to Prevx1? Some people us both PG and SSM, isn't that an overkill? Could someone add PG and SSM to Prevx1 lineup? What other info about this can anyone provide?

dja2k <-QUOTE}
That's what I like to know too. I have already the best method for removal of malwares, now I have to find a solution to stop the execution of malwares.
Possibilities are :
1. Prevx1 and/or
2. Online Armor and/or
3. System Safety Monitor and/or
4. Anti-Executable
5. ... who knows.
I can't use ProcessGuard, because it doesn't like FirstDefense-ISR.
Which one or which combination is able to stop most malwares of doing their evil job and is suitable for less-knowledgeable users ?

Yeah I know that we can't use ProcessGuard when using FD-ISR. I am leaning towards installing System Safety Monitor at the moment, but not sure.

Prevx1 and Online Armor are not enough for certain type of attacks in my view according to some leaktests.

I still don't really know if SSM is better than APPDEFEND part of GSS with REGDEFEND.

I am sure that soime of the new firewalls have some type of HIPS, but all new firewalls are giving me BSOD errors and Look'n'Stop has never giving me any errors.

dja2k

{QUOTE-> Yeah I know that we can't use ProcessGuard when using FD-ISR. I am leaning towards installing System Safety Monitor at the moment, but not sure. I ran both leaktests of SSM (not having SSM installed) and they both got passed my Prevx1, Nod32, and OA AV+ defense. Both leaktests ran and nothing alerted me of them and prevx1 noted them as green "safe" .

Prevx1 and Online Armor are not enough for certain type of attacks in my view according to those leaktests.

I still don't really know if SSM is better than APPDEFEND part of GSS with REGDEFEND.

I am sure that soime of the new firewalls have some type of HIPS, but all new firewalls are giving me BSOD errors and Look'n'Stop has never giving me any errors.

dja2k <-QUOTE}
Are SSM, APPDEFEND, REGDEFEND userfriendly enough or can they be used as userfriendly enough ???

Well not to sure on how to answer, but they are mostly user interactive programs, not set and forget. I have not used SSM to really know how good it is. I do however remember how APPDEFEND was and it was fairly easy for me as well as adding REGDEFEND rules from TonyKlein. APPDEFEND still needed work as it was left in beta (few problems with some protection, nothing big) and new APPDEFEND in alpha at the moment. Online Armor is great, no conflict with other HIPS, good anti executable with reg protection tracking of executables to undo changes if you let the wrong thing run. Online Armor as far as my opinion goes, is the best anti-executable protection and the easiest user freindly program of all, but doesn't not cover exactly what SSM and GSS cover.

dja2k

Right now the most user friendly is SSM in my opinion. As to registry protection, I think Regdefend is far more comprehensive, however saying that, I never get an alert from Regdefend that I didn't get from SSM.

With SSM you can make things as tight or easy as you want. I lilke it cause I can keep it out of my way. When I uninstall something, I just right click on the systray and click exit. Then it's out of the way for uninstall. For install of trusted programs, I first click on learning mode, then exit. That way it's out of the way when the installer runs, and is in learning mode on reboot so it picks up the startup. To go into depth with the program will take some study.

Support with SSM is excellent. Comparable to Raxco, and Online Armor

Pete

Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable.

{QUOTE-> Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable. <-QUOTE}
Not every user has the SAME computer and several FDISR-users, including me, had errors with copy/updating snapshots, when PG was installed. Other users told me that PG was working fine. That happens with most softwares, they like you or they don't like you, same with people.
Since copy/update is the most used function in FDISR, I decided to ditch PG, which I didn't like anyway.
This is another computer gremlin.

{QUOTE-> Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable. <-QUOTE}

William, I did that, and aside from the fact it was a pain, I still got errors when updating archives. PG just wasn't worth the hassle.

Maybe I can use Online Armor and SSM together to stop most executables.
I don't think, I will ever have a 100% Anti-Executable software(s), but I have at least a 100% removal method in my frozen snapshot.
If a malware is really dangerous, like KillDisk Virus, I think that most anti-executable softwares will handle these malwares as fast as possible.
If one of the less dangerous ones isn't stopped by Online Armor or SSM, I can live with that because they will be removed anyway during the next reboot.
I only need an anti-executable software to survive a maximum period of 8-16 hours, the rest is for sleeping. :)

Ok, Pete You win .I am dumping PG and going with SSM. Support for PG is gone.

{QUOTE-> Maybe I can use Online Armor and SSM together to stop most executables.
I don't think, I will ever have a 100% Anti-Executable software(s), but I have at least a 100% removal method in my frozen snapshot.
If a malware is really dangerous, like KillDisk Virus, I think that most anti-executable softwares will handle these malwares as fast as possible.
If one of the less dangerous ones isn't stopped by Online Armor or SSM, I can live with that because they will be removed anyway during the next reboot.
I only need an anti-executable software to survive a maximum period of 8-16 hours, the rest is for sleeping. :) <-QUOTE}

Erik. OA stops exe's and drives on a basic level. It also is very good at controlling the bad stuff that can happen with Internet Explorer, like Active X. Sure I use Opera, but there are times you need IE and OA is good protection. SSM is great because you can do more than basic control. For example you can control whether and exe just is allowed to run, or you can control who is allowed to run it. Same with drivers. Not only that they can be installed, but also who can install them. In many cases you can actually specifiy only with the given command line, which is great for Rundll32.exe or services.exe. Obviously this takes a bit more care, but you can really protect your system very well.

Pete

{QUOTE-> Erik. OA stops exe's and drives on a basic level. It also is very good at controlling the bad stuff that can happen with Internet Explorer, like Active X. Sure I use Opera, but there are times you need IE and OA is good protection. SSM is great because you can do more than basic control. For example you can control whether and exe just is allowed to run, or you can control who is allowed to run it. Same with drivers. Not only that they can be installed, but also who can install them. In many cases you can actually specifiy only with the given command line, which is great for Rundll32.exe or services.exe. Obviously this takes a bit more care, but you can really protect your system very well.

Pete <-QUOTE}
At first sight, SSM looks CHINESE to me. SSM is most probably a good software, if you know HOW to work with it.
I only want to run my legitimate applications and the execution of anything else needs to be blocked. So my wishes are simple and clear.
I think SSM will take me a very looong time, before I understand what I'm doing. Usually I avoid such softwares, because they are more dangerous for me, than safe.
I've downloaded the manual, I better start reading that one, before I start firing questions at Wilders.

Erik,

I think Prevx1 or OA will be much better for what you want than PG, SSM, AD, or AE.

{QUOTE-> Erik,

I think Prevx1 or OA will be much better for what you want than PG, SSM, or AE. <-QUOTE}

Agree with you Devinco. I have a liscence of PG and I ditch it mainly because it was interfering too much with my work. But also because OF incompatibility with
FD ISR. I also had OA installed for one year and I did not renew the liscence.

Lately I've been trying SSM and Prevx1 and of the two, I definitly prefer Prevx1.:)

I have Prevx1 and Online Armor installed together with no problem, but there is still something missing there that PG, SSM, and AD\RD can offer.

dja2k

Hey Pete, do you think that SSM Full Version offers more than AD\RD (Ghost Security Suite) and PG once it is setup correctly? Does SSM conflict with FD-ISR in any way?

dja2k

Anti-Executable is the simpliest of all. Is it as good as the rest ?, I don't know.
I like Prevx1 and my computer is powerfull enough to handle it.
Don't know much about Online Armor yet and I can't give SSM to housewives. :)

So I see you have System Safety Monitor + Online Armor in your sig, but do you have prevx1 running along side that as well?

dja2k

{QUOTE-> At first sight, SSM looks CHINESE to me. SSM is most probably a good software, if you know HOW to work with it.
I only want to run my legitimate applications and the execution of anything else needs to be blocked. So my wishes are simple and clear.
I think SSM will take me a very looong time, before I understand what I'm doing. Usually I avoid such softwares, because they are more dangerous for me, than safe.
I've downloaded the manual, I better start reading that one, before I start firing questions at Wilders. <-QUOTE}

Erik. You can start with SSM, by using learning mode to get started, and then when you get pop up's read them. You will easily start to get the hang of whats going on. I am problably only getting 50% of what can be had, but I still think it's great. Look at my example below.

Pete

{QUOTE-> Hey Pete, do you think that SSM Full Version offers more than AD\RD (Ghost Security Suite) and PG once it is setup correctly? Does SSM conflict with FD-ISR in any way?

dja2k <-QUOTE}

First, absolutely no conflict between SSM and FDISR. I don't disable SSM or anything like that. SSM and Ghost are very simliar, it's a tough call, and I know Jason is busily working on Ghost, as are SSM. It's a horse race. Frankly I think PG is back in the pack. Other than the window stuff which never bothered with, SSM does a much better job with things like Rundll32 and services.

Let me give an example of what I really like about SSM

I use Intuits Quickbooks, and it has two exe's QBWQ32.exe is the primary one.
Normally I click on the desktop Icon, open quickbooks and select the company file I want to work on.

Having just reloaded OA and SSM here's what happens when I first start Quickbooks as described above. OA says QBW32.exe is trying to run. I give it permenant permission. SSM says Explorer.exe is trying to start QBW32.exe, and again I give it permenant permission.

Now, for the first time, I start quickbooks, by double clicking on a company file. Doing this causes a program QBLaunch.exe to start and launch QBW32.exe. OA challenges QBLaunch and once allowed lets the whole thing go, it knows about QBW32.exe. SSM first challenges QBLaunch.exe, being started by explorer.exe and once allowed, SSM the challenges QBW32, because it is being started by something other than explorer. SSM also shows the whole command line being used and you can also check a box, which tells SSM to only allow this automatically if the command line is the same. This means something couldn't hijack the process and do the same thing with a different command line.

Lot of words, but handled easily with check boxes on the pop up.

Make sense?

Pete

{QUOTE-> Hey Pete, do you think that SSM Full Version offers more than AD\RD (Ghost Security Suite) and PG once it is setup correctly? Does SSM conflict with FD-ISR in any way?

dja2k <-QUOTE}

Is the network stuff in appdefend better than SSM at the moment?

SSM tracks disk access appdefend does not to the same degree?

Currently running both oa+prevx1.no conflics that i can see at this time.they seem to work very well together.

{QUOTE-> So I see you have System Safety Monitor + Online Armor in your sig, but do you have prevx1 running along side that as well?

dja2k <-QUOTE}

I have 6 snapshots in total, right now :
1 off-line snapshot (which will be my rollback snapshot in the future)
1 snapshot for rollback at this moment
1 snapshot for online jobs
1 snapshot with Anti-Executable (experiment)
1 snapshot with Prevx1 (experiment)
1 snapshot with System Safety Monitor + Online Armor (experiment)

Since I don't get any clear answers at Wilders regarding anti-executable softwares, I don't have any real goal with all these softwares and I don't really know how to test them and keep these tests under control.
My thinking gets better, when its colder outside. ;D

{QUOTE-> Since I don't get any clear answers at Wilders regarding anti-executable softwares <-QUOTE}Erik,

What specific questions do you have? Bear in mind that many who will answer are not the developers of these applications,

Blue

{QUOTE-> Erik,

What specific questions do you have? Bear in mind that many who will answer are not the developers of these applications,

Blue <-QUOTE}
My wishes are quite simple and clear.
I need one (or more) softwares that are able to stop the EXECUTION of possible malwares in my frozen snapshot. That's all I want.

My frozen snapshot takes care of the removal during the next reboot.

{QUOTE-> I have 6 snapshots in total, right now :
1 off-line snapshot (which will be my rollback snapshot in the future)
1 snapshot for rollback at this moment
1 snapshot for online jobs
1 snapshot with Anti-Executable (experiment)
1 snapshot with Prevx1 (experiment)
1 snapshot with System Safety Monitor + Online Armor (experiment)

Since I don't get any clear answers at Wilders regarding anti-executable softwares, I don't have any real goal with all these softwares and I don't really know how to test them and keep these tests under control.
My thinking gets better, when its colder outside. ;D <-QUOTE}

Erik. What questions. If your talking about Anti-Executable, I looked at it and just didn't like what I read about how it worked. Ask Away.

{QUOTE-> Erik. What questions. If your talking about Anti-Executable, I looked at it and just didn't like what I read about how it worked. Ask Away. <-QUOTE}
In that case, I put Anti-Executable off the list.
Besides Anti-Executable has a few problems with freezing snapshots. Freezing adds, removes and replaces data and certain AE-security-settings cause errors in FDISR during freezing, while others don't.
These errors have a logical explanation, but they are annoying for practical usage of FDISR & AE.

So it has to be one of these combinations :
1. Prevx1 and SSM or
2. Online Armor and SSM
unless there is something better.

Keep in mind that this is about stopping the execution of malwares on my computer, because a frozen snapshot doesn't do that and that's why KillDisk virus destroyed FDISR in one of aigle's tests.
I don't mind the temporary installation of malwares on my computer as long they can't do their evil job and my frozen snapshot removes them anyway.
This means I start with a clean computer every morning and after each reboot during the day.

When I have these anti-executable softwares, I need only two basic snapshots :

One off-line snapshot
That can't be infected, because it has NO internet connection. I disabled it completely in Windows.
If my off-line snapshot ever gets infected, it will prove that FDISR has leaks.
This is my most healthy snapshot and from there I'm able to recover my system in any possible way.
This is the only snapshot that contains Acronis True Image Home and FDISR of course and where I can keep my external backup harddisk off-line. I only have to pay attention to turn it off, when I leave my off-line snapshot.
My external harddisk contains all the image backup files and archived snapshots.
I also use this snapshot for defragging, creating CD/DVD's and to work in a quiet environment, because it has no security or internet softwares and therefore no disturbing security messages and popups.
This snapshot is like a computer in the old days, when internet wasn't invented yet.

One on-line frozen snapshot
This snapshot is for on-line activities, like surfing, downloading files, whatever.
The fact that it's frozen means that it will remove any change (good and bad) in that snapshot during the next reboot and that keeps my on-line snapshot clean without using scanners.
I only have to stop the execution of malwares during a period of 8-16 hours.
As long I can stop the execution, my data partition [D:] will be safe too.

Other on-line snapshots
I still have 8 bootable snapshots for testing.

That's the plan, if I get those anti-executable softwares. :)