SSM Free 2.0.8.583 is out and I have a question

My question is not particular to the latest free version but to SSM itself.

I've been using SSM Free since it was first released and I do believe that the Application Rule has the potential to offer possible the best protection one could have in a HIPS since virtually nothing will run without the user's permission. Question is, if I disable Application Rules (trusting in safe hex), would enabling all other modules (Registry, INI Files, Startup Menu, Services, IExplorer and Windows Filter) offer good enough silent protection (less popups)?

 

same question for me^^

 

If you are not going to use SSM for what its main feature is "application rules" then I think there are better software to cover those areas that the modules cover like Spyware Terminator, Winpatrol, etc.

dja2k

 

Application Rules are a VERY important module of SSM. That module normally generates pop-ups only when you update applications or install something new -- 2 very *dangerous moments* in the life of your computer. For those occasional pop-ups which you are unsure about, it's quick & easy to get answers from Process Library.

However, if you absolutely must cut down on pop-ups, then I suggest that you try the following & see how you like it . . .

1- Disable SSM's application ruules module

2- Install Cyberhawk

3- Thereafter run both SSM and Cyberhawk.

Cyberhawk gets along just fine with SSM. It is very light and easy on resources. Cyberhawk is a behavior blocker that should give you *approximately* equal protection as does SSM's application rules module, but with MUCH fewer pop-ups. Cyberhawk is FREE!

 

Yes, i agree, SSM and CH is a good combo...

 

I agree. In my opinion u don,t need SSM just for its modules, they are limited in free version.

 

same here running both SSM n CH together here...
but CH is not in my Startup program....
each time i need to click the Program >> Novatix >> CyberHawk
why?

 

Seems a bug, u should write to their support as well.
Try to put it is start up folder manually or U can make a keyboard shorcut to launch it.

 

Is SSM blocking the CH autostart entry?

 

I will suggest to uninatll both( make a backup of ur SSM rules).
Reinstll CH first and then SSM.

 

https://www.wilderssecurity.com/showpost.php?p=872108&postcount=38

 

I have installed for 2 PC's now the following combo
- Antivir free
- CyberHawk Behavior + DEP for all programs in XP
- Spyware Terminator with HIPS enabled

Because Spyware Terminator scans your harddisk (like I Abtrusion Protector did) and makes a white list. So you do not get pop-ups while running yot current programs (only when installing new ones). SpywareTerminator gives good protection over vulnarable windows files.

 

What is DEP?

 

Data Execution Prevention part of Windows Operating System.

dja2k

 

Thanks.

 

Aigle,

When you processor supports it, it is a cheap way of protection against memory violation. Funny thing is that Comodo now claims it protects against bufer overflows. When you read their site it is through DEP enabling.

Regards

 

To be true I never knew about DEP. I will read more about this.

 

With your processor supporting DEP and a HIPS who protects against data and dll injecttion (PG, SSM or CB) you are pretty save against trojans trying to hide in other 'good' aps.

 

That,s nice. I will check this and if possible will try.

 

Just right click your computer icon. Select properties. Click the advanced tab

Click performance button (the same section where you can change the visual effects of windows, processor/memory use and define the size of virtual memory), click the DEP tab, enable DEP for all programs

Regards K

 

Thanks. I just checked and my Processor does not support it( it,s Pentium M).
It is saying windows can use DEP software however so I enabled it.
Am I going to loose some functionality( could not read about it yet).

 

No only performance, which you will gain back when removing CB (SSM gives same process protection) and uncheck the process protection of Comodo (because Comodo only protects changed aps to connect to internet, not the actual changing itself, try the Zapass test with SSM and CB set off with Comodo).

 

Means what? sorry

 

DEP invoked by software will take additional computing power (that is I think the reason MS has listed it with performance in stead of security )

You can gain the performance back by removing CB (SSM gives same process protection) and uncheck the process protection of Comodo.

Comodo only protects changed aps to connect to internet, not the actual changing itself (try the Zapass test with SSM and CB set off with Comodo to convice yourself). SInce CB or SSM already protect against proces modification you can turn this feature of Comodo off.

With your security setup Antivir + FireWall (with proces protection) + SSM + CB + GeSWall you have some overlapping area's: With Antivir + Comodo (plain) + SSM + GeSWall you have a solid security in my opinion

(I run Antivir + SSM + GeSwall as well, with no outbound firewall, just the Nat-router)

Regards Kees

 

Thanks. I have enabled it and until so far it,s OK. Did not notice anty difference. So I will continue with this set up. I might drop SSm anytime or use it only during surfinf with disconnected interface( sometimes I just don,t like many pop ups).