-{ Quote: "Winsonar 2010 is a program specifically designed for process monitoring and system protection from unknown processes. The basic idea is that if the user could know a new program silently installed into memory, he could take appropriate countermeasures. The program detects new processes running into memory alerting the user.

The on-line status is also detected, asking then the user if an automatic termination of any unknown process is desired (this option can be also enabled by default). This leads to an active protection against trojan\spyware-infected e-mail attachments.

From version 7.xx an automatic "learning "feature is present: on first 5 program-startup all unknown programs will be accepted as safe, avoiding several initial alerts by Winsonar for all the programs normally in use during work sessions. To increase learning speed of the program the user can also "trust" the software installed under Windows.

New features of the version 9.01.03:



* New simplified interface * "Trust installed software" option added

* Rewritten registry search routine * Rewritten ports scanner

* Automatic search for open ports when an unknown program is detected

" }-

http://www.fewbyte.com/winsonar.html


It seems FewByte has taken over the Winsonar project. Thought there would be some users here who would be interested.

I've tried the 2008 version before and it wasn't bad but I figured I could just use SRP. What does everyone else think?

thanks alot,:) winsonar 2010 cool:thumb: yay finally:)

Looks interesting, thanks for the info. One concern from the WinSonar description page-

"From version 7.xx an automatic "learning "feature is present: on first 5 program-startup all unknown programs will be accepted as safe, avoiding several initial alerts by Winsonar for all the programs normally in use during work sessions."

Is that such a great idea? Comments? I suspect you could just make the first 5 start up programs safe if you wanted to without having them made safe automatically. Doesn't rogue programs try to load early? Maybe it's not a substantial issue, I am just wondering.

I believe this means the first five times Winsonar is run.

I see. Thanks.

-{ Quote: "thanks alot,:) winsonar 2010 cool:thumb: yay finally:)" }-
Jmonge - If you installed it already can you say if it's any quicker at notifying
re. something trying to access whatever on your machine ?

I have to laugh at how long the 2008 version takes to notify that
whatever it might be wants access, whereas the little PE Guard App.
is instantaneous - Maybe slightly different jobs they do so I shall continue
to run both.
Hope you can mention if it runs well, then I can switch to the 2010.

-{ Quote: "Jmonge - If you installed it already can you say if it's any quicker at notifying
re. something trying to access whatever on your machine ?

I have to laugh at how long the 2008 version takes to notify that
whatever it might be wants access, whereas the little PE Guard App.
is instantaneous - Maybe slightly different jobs they do so I shall continue
to run both.
Hope you can mention if it runs well, then I can switch to the 2010." }-
i will try it as soon as posible:thumb:

-{ Quote: "Jmonge - If you installed it already can you say if it's any quicker at notifying
re. something trying to access whatever on your machine ?

I have to laugh at how long the 2008 version takes to notify that
whatever it might be wants access, whereas the little PE Guard App.
is instantaneous - Maybe slightly different jobs they do so I shall continue
to run both.
Hope you can mention if it runs well, then I can switch to the 2010." }-
just install it and it is fast at notifying:thumb:

-{ Quote: "just install it and it is fast at notifying:thumb:" }-
Does it need a reboot to install it?

-{ Quote: "Does it need a reboot to install it?" }-no at all;D

-{ Quote: "no at all;D" }-
Thanks for that, will have a play under Deep Freeze.

-{ Quote: "Thanks for that, will have a play under Deep Freeze." }-cool;D it looks same thing to tell you nothing impresive added:)

-{ Quote: "cool;D it looks same thing to tell you nothing impresive added:)" }-just tested drivesentry and winsonar 2010 and this two has alot of work to do "not impress";D

Is it just me or does the default installation path lead to Local Settings\Application Data?
Is it a new fad to install programs there instead of Program Files? :D

-{ Quote: "just install it and it is fast at notifying:thumb:" }-
The time diff. has slowed my reply, thanks very much Jmonge - Looks like
I shall switch over because you don't refer to anything as being untoward
with the 2010 even though someone else took it over or whatever.

-{ Quote: "The time diff. has slowed my reply, thanks very much Jmonge - Looks like
I shall switch over because you don't refer to anything as being untoward
with the 2010 even though someone else took it over or whatever." }-i think it is same developer with a new page change:)

Does any of you guys wants to run system shut down simulator against WinSonar?

http://zeroday-software.110mb.com/

Maybe i 've always done something wrong, but i tried it again under shadow defender and as always it put Win7 to sleep (i presume this has to do with not having Win7 compatibility).

Just put Winsonar to its active mode (not learning) unzip the SSS , run it and click "shutdown computer". To me it has put Win7 to sleep after showing me "log off".

The problem, if confirmed by you, is that Winsonar is a poller, it doesn't hook to intercept. So any malware that runs "fast" and falls between the polling time, will always bypass WinSonar. It's a bit like WinPatrol. I don't remember how many times with WinPatrol Plus active, i have managed to install Comodo, restart and WinPatrol only alerted me of the new startup key, AFTER i had rebooted. Because it's a poller too, even in the plus version. It just polls "very quickly".

WinSonar is fine for less elaborate malware that runs and then stays running. Eventually the polling will get it.

My other problem with it, is that uses too much CPU to do a quite simple job. But polling programs usually use more CPU than the ones with hooks.

I think any "security software" that polls for running processes instead of intercepting process creation is only providing a false sense of security. If a malicious process is allowed to execute, what is stopping it from just killing the polling "security software" before it can do anything, or doing other, still worse damage like replacing system files with trojaned versions? I don't think anyone should use software like this, except perhaps for just playing around when there's nothing more interesting to do. Now, I haven't even touched Winsonar so I wouldn't know if it's simply polling for running processes instead of intercepting their creation, but from what their site says it sure sounds like it's just polling. Bad, bad.

-{ Quote: "
WinSonar is fine for less elaborate malware that runs and then stays running. Eventually the polling will get it." }-

Unless the malware just kills Winsonar, in which case... But then, malware is less likely to target something that is obscure and not widely used, so Winsonar may work against a lot of malware simply because malware doesn't bother to kill it.

-{ Quote: "I think any "security software" that polls for running processes instead of intercepting process creation is only providing a false sense of security. If a malicious process is allowed to execute, what is stopping it from just killing the polling "security software" before it can do anything, or doing other, still worse damage like replacing system files with trojaned versions? " }-

I agree. In fact in my case, although it was under Shadow Defender, so there might be a problem there or in the fact that i couldn't reboot, the sss.exe could have killed winsonar too (unless it has some protection).

-{ Quote: "
I don't think anyone should use software like this, except perhaps for just playing around when there's nothing more interesting to do. Now, I haven't even touched Winsonar so I wouldn't know if it's simply polling for running processes instead of intercepting their creation, but from what their site says it sure sounds like it's just polling. Bad, bad. " }-

Well, when you install it, there is an option checked "scan ever 6 seconds" (default is 6). There is also a progress bar which is "filled up" every 6 seconds. Even the GUI seems to be refreshing itself in that period (blinking). So i take that as a poller.

For XP, if i wanted a simple anti-executable i would prefer Process Guard Free hands down. It also eats way less CPU.

But for Vista or 7...

The other thing that i don't like is that once you activate the guard, you don't get a pop up with an option to allow a new executable. You must manually open the GUI and put learning mode. Otherwise it just kills the exe and you get a baloon notification about it. And if it's a process that keeps trying and trying (i had a windows delayed process doing this), you get a gazilion of baloons which almost impede you from opening the GUI to allow it.

For me this is very "old" HIPS technology. Even the "dead" HIPS like PG and SSM are light years ahead it usability, resource usage and protection.

Plus i find the GUI really ugly. It's like a windows 98 primitve game in colours (submarine game? :) ).

-{ Quote: "

Pretty Good Security!

-{ Quote: "any "security software" that polls for running processes instead of intercepting process creation is only providing a false sense of security." }-Amen.

Out of curiosity, I did check out the 2010 version of the app, though.
Beyond useless (for my needs), I found it to be quite BUGGY -- interface glitches; context menu orphaned & continually displayed onscreen; rules established during learning mode NOT respected later, in normal mode. The most ridiculous, and immediately intolerable, behavior it presented was this: clicking "Offline Shield" while the sonar app was running in "normal mode" immediately (repeatable) killed the running TextPad instance that I was using to take notes.

-{ Quote: " And if it's a process that keeps trying and trying (i had a windows delayed process doing this), you get a gazilion of baloons which almost impede you from opening the GUI to allow it.

" }-
I too got balloons in the new version until I used 'Advanced Options' and
it's 'Trust Installed Software on my PC', then they stopped.

So then it's decisive? It's a poller type software?

it is like anti-executable;)

So it will prevent an exe from executing or will it allow it and remind you after the fact?

Thanks jmonge!

if you put it to denny mode it will block it from installing:thumb:

But will it prevent it from executing? Installing is different than executing.

it will not execute at all it will show a warning pop up for what it blocks

OK thanks man - I'll give it a go. Do you still use it? If so, how do you like it?

i dont use as i have defensewall;) i like winsonar too:thumb:

-{ Quote: "Pretty Good Security!" }-
does the current version work on win 7? :D

I'm trialing this software on my friend's machine. The thing that I like about it, is that it's simple. Nothing too complicated going on and it works on a large variety of Windows platforms.

But there's one problem though. When you select "trust all software already on this machine" it doesn't seem to work. It still flags when I attempt to run programs that were installed on my PC. Is this a glitch?

-{ Quote: "does the current version work on win 7? :D" }-

Yes it works on Win7. Just now realized what you were talking about. I thought you meant Winsonar.

i used it before and it is very strong at stopping malware:thumb: