General answer to leaktests?

Hi everybody,

as I mentioned in annother topic already, I am not using LnS. However
I share with others like you the general interest in firewalls and
system security matters.
I did not go thru the hassle of testing all available leaktests on my
firewall because I am using a tool here from which I hope and trust
that it will catch such intruders whatever their name is.
The name is SSM, System Security Monitor.
I accidentally read an article in the "General Firewalls Forum" here,
that also Oops is detected, which means that also WIN98 etc. users
will have an answer to the issue.
The program is freeware, has a very small footprint, and low memory
consumption. It can be hidden also. Here are the features:

System Safety Monitor - Features

·Allows you to control which programs and applications can be opened on
your computer.
·Offers a choice of two modes - User and Administrator. In Administrator
mode you can set your preferences to control programs. Access to this
mode can be protected with an encrypted password to prevent anyone
changing your settings. In User mode no changes can be made to your
settings.
·Supervises changes to important registry keys when installing new
programs.
·Will block or alert on any attempt to change guarded registry keys.
·Allows you to control which programs run at system startup.
·Maintains a list of running applications and allows you to terminate any
application immediately.
·Maintains a list of Black-Listed (banned) and Trusted (allowed) programs
and applications. These lists can be easily edited.
·Allows you to block specific windows (including websites) from opening.
·Can be set to run automatically on system startup.

Did anybody check SSM with the available leak-tests?

cheers

 

I accidently read the same article in the Firewall forum where Mickey posted that Frederic had already created a new driver to patch the leakage issue.. System Safety Monitor is nothing new & mention was made of it ages ago in the old Becky's LnS forum. AWFT & 00ps affect NT/200/XP systems & are a non issue for 98[me=]users. I'm not using SSM or non MS software and all leak tests incl pcAudit !!FAIL!! to even execute on "my" Win98 OS. [/me]

btw, If you're not using LnS why post this advertisement in the Look'n'Stop forum?

 

Reading the 1st thread I get the instinct impression that hints being thrown to show how pointless Application Filtering Feature is in Look ‘n’ Stop, but yet Look ‘n’ Stop manages to stay on top of the matters.

I’m going to be bold here, my Opinions is if Look ‘n’ Stop ever discontinues Application Filtering Feature and implements Application Control like that of SSM I surely wont be using no-longer.

 

I'm at an absolute loss as to why you would "trust" this application (i.e. "SSM") to protect you, without testing it yourself.

I'm even more confused as to why the "black list" feature is desirable. If you have an application on your system which you absolutely don't want to run, you get rid of it. Why on earth would you try to block it without simply getting rid of it?

Another thing--you (well, it was probably you) posted before that "ALL TRUSTWORTHY SECURITY-SOFTWARE SHOULD BE OPEN SOURCE!" (see http://www.wilderssecurity.com/showthread.php?t=7740 ). Is SSM open source?

 

LOL

 

Hi everybody,

when I mentioned SSM and in the same time asked if anybody had tested
it with the available leaktests, then I did this for the following
reasons.
1. Not to substitute it for any firewalls and their application filters,
but to have an additional layer of security to possibly catch intruders
in the first place, before the firewall will have received a patch.
2. Moreover virus/trojan scanners and firewalls will most of the time
be able to handle such attacks AFTER a trojan/virus has been discovered
and is known.
3. Mentioning SSM, Webwasher, Proxomitron, Ad-aware and the lot on
this forum has absolutely nothing todo with advertising another
product or to use another firewall.
4. I thought that particularily users of this forum are more aware of
firewall-leaks than others. That's why the question was placed here.

So again... did somebody try SSM with the available leaktests?

cheers

 

Hi lurker1,

yes, I tested SSM ("System Safety Monitor") with most famous leaktests and, from technical view, it can indeed cope with most leaktests, e.g. Firehole, Tooleaky, AWFT, Thermite, partly PCAudit,... so all in all it seems to have similar capabilities towards leaktests as Look'n'Stop.

But as SSM isn't as focused on leaks/outbound protection, you have to know a bit about all this stuff, in order to be able "close leaks" with SSM (e.g. it doesn't say: "app x wants to access internet by hijacking app y" but something like: "app x wants to create remote thread in app y")

Furthermore there are some design issues and stability problems at the moment which have to be fixed.
But Max, the developer, is very quick and open for suggestions, so I think, SSM will be a great tool.

 

Hi anvil,

many thanks for your answer... was good to hear.

Yes, I agree, it is more an overall security tool which is useful also
somewhat in relation to assist the strenthening of firewalls as well,
if the user knows what he is doing.
I guess for this and other reasons the black list exists for the admin
and users.Pending further clarification a detected application could
be kept there.
Putting it on trusted for admin and black-listed for users could be used
for the kids not to fiddle with father's chess game settings.

cheers

 

I'm still waiting for someone to move this topic in appropriate forum before participating actively in it. This subject has nothing to do with LNS

 

I was kind of waiting to see in what direction the thread would be going. Since it seems to be focusing on SSM, I will move it to Software & Services now.

Regards,

Pieter