SSM Free v2.0.0.583 and v2.0.0.584 (was Privatefirewall 5 released....)

WOW, more than I ever thought I would learn. It may take me a little while to get all of those points for you. I will skip to one you have at the end, " . . except for regular attempts to connect to Google for some reason." I went into the other room and downloaded the Vdf_FuseBundle for Avira's AntiVir that I am using on both of our computers, took about an hour. Installed it and now running a virus scan. While downloading that file it was changing the amount of time from 45 min. up to 1hr25min and climbing. Checked the log file on my Kerio v2.1.5 and there was one port that was sending from FF to some location on Google.com:80. So I went into Administration of Kerio and blocked that transmission, the time went down to 32 min remaining. Do not know what was going on or why that was being sent. I stopped it. That maybe what is going on with your FF connecting to Google to let them know what you are doing.

As for that other info will take me some time to collect it plus Supper is in the pot and will need someone to devour it. I guess I will have to volunteer.

 

It's possible to put SSM in learning mode and get by with letting it make its own rules. That said, SSM is much better when the user understands their system, the apps they run, and can make informed decisions when SSM prompts them with an unknown. This is much easier on the 9X systems than with XP, and SSM free is one of very few such apps that support 98/ME. That may change shortly and it's entirely possible that 2.0.0.583 will be the last version of SSM that runs on a DOS based system. Even if this happens, I'll keep using it as it's the one app I've found that can protect the older systems against most anything you're liable to encounter. Vendor support isn't critical when app is a finished product. Besides, 98/ME aren't supported either.

You mentioned AntiVir. I assume you're using version 7? Their support for 98/ME will end at the end of June this year, at least with the free version. Not sure about the pro version, but I think it applies there as well. AVs that support and run well on 9X systems are disappearing. That doesn't mean that 9X systems can't be used safely on the internet. The lack of vendor and product support will have to be replaced with the knowlege of the user. While this does require some learning and probably some changes in habits, it's not all that difficult. Once we get past your immediate issues, we can explore that if you want.
Rick

 

I am using SSM free 2.0.0.584 and having nearly the same problem as dHodges.But my system is win XP.Because of the known conflict between antivir rootkit and ssm free,I removed antivir rootkit.No problem.But whenever I click on ssm logo in the systray and choose preferences my pc freezes a while and ssm free crashes.Microsoft says:sorry for the inconvenience but the program needs to close.
I restart ssm then no problems.I checked and found out that before the program crashes it uses a lot of CPU and than crashes.
Uninstalled ssm free 2.0.0.584 and installed ssm free 2.0.0.583 no problems.
Reinstalled 2.0.0.584 and the same problem.Now using 2.0.0.584 because there is no other thing that bothers me.But what is the problem I wonder

 

Herbalist,
You are so correct on Avira's AntiVir v7, that is one part I do attempt to keep as up to date as possible. I am also well aware of the ENDing of support for Win98/98SE, but; the VDF files will still be usable until the end of the year.

I will further update you on the other items you requested after I finish with this SetUp of SSM. I did have a little problem last night with SSM after going through and doing the HELP file thingy along with the Preferences, Learning Mode, Default (de-Fault is mine, me thinks.) getting all setup for the first time and going back through each of the windows it LOCKED-UP on me and would not do anythingy. Was just reviewing each of the Modules and when moving from "Modules" to "Application Rules" everythingy froze. Mouse would not move, Ctrl+Alt+Del brought up TaskManager. SSM v2.0.8.583 [Not Responding] is the only one that I attempted to shut down. I let is stay that way for about 20 min while I assisted with preparing supper. Then I did the TERRIBLE ON/OFF thingy to the OFF condition and had supper then went to bed. This morn we had to make a DR's appointment for my Best/Half and it was after Nooner before I re-started this system. Started in ProtectedMode and did the RegEdit thingy removing the AutoStart of SSM from the Registry.
Rebooted and all went well, restarted the SSM and put it back into the AutoMode, have not re-started yet but all looks AOK! so far.

The other info will be in my next post, still need to collect all of my info for you. Had not been able to save the message with all of the items you had in your request, that will be done now.

The End for Now, I will release you to 'cet' with that problem, do not want to over load you,

 

"Herbalist,"

"Unquoted lines are from your message, Quoted lines are my replies."

I just finished getting FF installed on my 98SE test box. So far, I can't duplicate the problem . .
"That problem may just be MINE and FF's. All have worked just fine since."

What firewall are you presently using, and what firewalls have you had installed?

"Agnitum OutPost for about 4 or 5 years then about 3 years ago I changed to Tiny PFW(YUCK!), then Kerio v2.1.5. There were a couple that I cannot remember, only installed and removed the same hour. Also have gone through RegEdit to find any leftover entries and removed same."

What other security apps are you using?

"DiamondCS RegProt.exe"

Unremoved registry entries from previous installs can also cause problems like these.

Have you had problems with BSODs or unexpected restarts before installing SSM?

"Not for maybe several years, my system has only crashed once, Oct, 2005, requiring a re-install of Windows. Started this system Dec, 1998 with only that one crash. Not that I am that good just very determined to find what has caused my problem and not do that again. Plus X-TechSetup v6.6.1 Final 3 (or somethingy like that) from about 1997 to present day. Have gone through many updates and improvements over the years. The very BEST BLACK BELT TWEAKING TOOL around. Make your system very customized and working MY way."

What global settings are you using in SSM? These are on the options tab at the top, then the "general" and "application" tabs on
the left.

"StartAutomagically," "ConnectUserInterface@StartUp," "ShowIcon-n-SystemTray." "Most everythingy was using DEFAULT for initial startup. Do you want full report?"

Did you make an allowing rule for FF or just allow it once?

"FF Allowed"

I have SSM set on it's most restrictive settings, which should alert on anything FF wants to do. So far, that's nothing at all
except for regular attempts to connect to Google for some reason. Rick

"Rick,

I am a tinkerererer and decided to make some changes in my RAM usage by Windows, System Properties, Performance, Virtual memory settings were changed to have Cache on a different drive (not just different partition) and unlimited size. My system has 184MB of RAM and am using RAMBooster v2.0 to keep my RAM as FREE as possible. WebSite www.sci.fi/~borg/rambooster and will run on Win98/98SE/ME/XP and maybe even more."

 

OK, so this is going to be a little more difficult than expected? Just kidding, I know you have other jobs to do besides looking into my problems.

I am running RamBooser v2.0 and since my install of SSM my CPU has gone up to 80-90% and since last night it has gone to 100% and is remaining there. At this time I am planning on running some investigations into what is on my system that may not show it's self. I have had some instructions from a Security Professional on CastleCops and plan on doing a looking into some possibilities.

May not be back on here again until tomorrow.

Thank you for reading my posts,

 

Sorry I took so long. I've barely been home the last few days.

I've tried to duplicate your system as much as possible. My hardware is similar, slightly lower power than yours. 366mhz Celeron, 160MB RAM. Are you relying on RamBoost for the CPU percentages? If so, I'd suggest you pick up Process Explorer. It will show just how much usage each process is responsible for. I initially had high processor usage by RamBoost. I don't use Ram boosters or optimizers so I'm not sure if it's set properly. It starts up more often than I'd expect, usually when I'm starting something else, which slows everything down.

I am seeing quite a bit of interaction between the AntiVir guard and SSM. When you click on preferences on SSMs tray menu, SSM checks the integrity of the files for which rules exist. When AntiVirs resident guard is active, it also checks each file as it's accessed. While this is normal behavior for both apps, it results in a very large amount of drive and processor activity, which is very noticable an older PC. An older PC can handle one or the other, but both drag one to a crawl. You can check the difference for yourself by timing how long it takes the SSM main screen to appear with the AV guard enabled and disabled. It's a big difference. If you use FileMon to monitor the activity, you'll see just how much more activity there is when the guard is active.

I tried AntiVir 7 shortly after they released it. In addition to being very buggy when first released, I found it to be too heavy to run well on a 98 box without a major hardware upgrade. It's reached the point that 98 users are going to be forced away from using conventional AVs. I stopped running a resident AV a bit over a year ago. I still use AV scanners for checking downloads, e-mail, etc, but protecting my PC from malicious code is now SSMs job. It can be a bit unnerving at first to make the switch from a signature based default-permit security strategy (conventional AV approach), to a default-dent strategy where your regular apps are allowed to run (whitelisted) and everything else is blocked. It's actually a very secure strategy, much more so than one based on detections. Apps like SSM are perfectly suited to this type of approach to security as it gives you the control you need to enforce such a policy. It's also much easier to set up a 98 box for this strategy than it is an XP unit. Far fewer executables to deal with. Fewer exploits, no rootkits, etc. It's not as restrictive as it might sound either. While a default-deny policy isn't suited for those who are regularly trying new software or switching what apps they use, you don't really have that option on a 98 box anyway. Many apps don't run on 98. Both a default-deny policy and SSM are well suited for PCs that are finished and change little. If you're interested in exploring this, let me know.

Regarding FireFox.
On a couple of occasions, SSM prompted about Firefox wanting to parent another instance of itself. I can't say with certainty if this is connected to FF crashing, but it's entirely possible. It may be necessary to allow FireFox to be its own parent and child process. This can be accomplished by clicking on "advanced properties" on the firefox rule.I've run into a few apps that do this.

If you're familiar with the old Mozilla Suite, you might want to check out Sea Monkey. It runs very well on the older 98 boxes. Many FF extensions work with it. The earlier versions are still available as well. I'm still running 1.07 on my regular box, 1.1 on my 98SE test box. It runs so well on my old hardware that I haven't bothered to upgrade it. Unlike Firefox, it doesn't start connecting out to places the moment it's launched.
Rick

 

Not a prob, bob, er Rick,

I have had Process Xplorer from SysInternals for about a year, neat little package except I find myself watching that instead of doing other thingys. No, I do not use the RamBooster for monitoring the Processor % of usage, just to keep the RAM as free as possible. I some times will set that to display but mostly just for the RAM. I used mostly his suggestions for the setup and went for the lower settings for AutoRamLevel and lower for the MB of RAM to FREE @ AutoLevel. 30% Only if CPU-Usage is below, Intervals to refresh 10 sec and Times to retry optimization 2.

Thank you for the HEADSUP about the interaction between AntiVir Grd and SSM as I was wondering why there seemed to be a rather long interval between clicking on a selection and activation. I will see what I can find out on my own about this activity, later of course. I have had FileMon from SysInternals for about the same amount of time as PocessXplorer, just have not used it very much.

I will probably continue to use Avira AntiVir for the scanning of downloads and e-mail like you are doing and switch to SSM to protect my system from other malware. The sig files are getting to be a rather gross over kill for those of us on dialups, each update is a file of 15 - 20 meg or more, several years ago I had made a suggestion to AntiVir that we already have the old signature file and only needed the new additions. That is when they went to supplying the sig file, AntiVir0.vdf, AntiVir1.vdf, AntiVir2.vdf, AntiVir3.vdf, so our downloads would be a bit faster. The only full Signature file is with the initial download.

I will also look further into the possibilities of setting up SSM to take over much of my protection, if I can gain a little insight or HELP in the configuring of the SSM for this job.

This is an area that I may need some special HELP with. Have not worked with the Prnt/Chld concept and that may take me some learning. As for the Mozilla Suite, NOT, had it for a short time and found FF to be much more to my liking. The ' about:config ' feature is one item I do like and have used extensively to customize my browser. So far it is easy to use and if I just can remember that little command to put into the Addy field maybe I can use it a bit longer. I did notice one time, have not had an occasion to look lately, when downloading a rather large file it was taking alot longer than usual. I opened my "Kerio Personal FireWall - Opened Connections @ localhost" by double clicking on the Tray Icon. It was showing there was a connection " Out TCP, localhost:1090->rn-in-f97.google.com [64.233.171.97:443], Owner: C:\PROGRAM FILES\MOZFIREFOX\FIREFOX.EXE" found this in my Kerio's LogFile. It was sending data to that addy before updating my download. Just to give you some info as to a possibility of what your FF wanting to Child/Parent or whatever, on your system.

I like the screen shot you gave, it shows me I may have some thingys set a bit differently than you. Will need to check that ASAP! Those thingys I do not know much about or confused about, I usually leave alone until further learning has HIT ME IN THE HEAD. Yes, I am very dense and need to read and re-read and re-read and re-read and re-read well you get the pic.

I think that will about cover it for now. Thank you for this info and for reading my Postses,

 

The default parent-child settings for apps (the 2 drop boxes on the bottom of the advanced properties screens) are affected by the settings on the options>application tab. When "block process creation" is the default setting, most parent-child settings will be "allow". When "Paranoiac" setting is used, the parent setting is usually "ask". I edited each rule manually to get both default parent and child settings to "ask". IMO, the ability control what processes each process is allowed to start is one of SSM strengths. A lot of exploits do their damage by using one process to gain access or control over another. By limiting what each process can do, you can pre-empt a lot of these problems.

Parent-child settings aren't that complicated once you get used to it. The parent process is the one starting another process. The child process is the one being started. The image below is a process tree taken from my 98 box. Click to enlarge.
http://i138.photobucket.com/albums/q277/herbalist-rick/Processtreehalfsize.gif
Near the top of the image, you'll see MSGSRV32.EXE. Immediately below it, indented to the right are mmtask.tsk and MPREXE.EXE. MSGSVR32.EXE launched both mmtask.tsk and MPREXE.EXE, which makes MSGSVR32.EXE their parent process while mmtask.tsk and MPREXE.EXE are child processes of MSGSVR32.EXE.

If you look below MPREXE.EXE, you'll see FILECHECKER.EXE and PERSFW.EXE. They are both child processes of MPREXE.EXE. Both filechecker and Kerio 2.1.5 run as services on my PC, their executables parented by MPREXE.EXE. Any process that runs as a service on 98 has MPREXE.EXE as its parent.

Explorer.exe can be a parent process for most processes. Anything you start by clicking on a desktop or start menu link is parented by Explorer.exe, as is everything listed in the user startup folder. When using SSM as the primary security app, you don't want to give Explorer.exe permission to parent everything, at least not without asking first. There are several process for which Explorer.exe is the normal parent that I wouldn't want run without my knowing it. This would include regedit.exe, (edits registry) regsvr32.exe, (registers DDLs and drivers) rpcss.exe, dcomcnfg.exe, (remote access or operation) etc. The usage of these can be controlled by selecting the "block for disconnected UI" option for them. This way, they can't run when the SSM UI isn't connected. Since installers are processes unknown to SSM, they're also blocked when the UI is disconnected, an effective way of controlling the activities of other users. It's also a good option for apps you wouldn't want other users to run. I let others use this PC, but I have apps I wouldn't want them to have access to, such as NMAP. One way to look at it is to view the disconnected UI as user mode and the connected UI as an administrator mode. Running SSM in user mode stops the prompts, but if the ruleset isn't finished, it can also interfere with normal operations.

You may have noticed on the Application Rules screen of SSM, the process creation control tab. The tabs are visible when a specific rule is selected. On the process control tab, there an option "allow this process to execute any unclassified program". This is a very dangerous and insecure option that shouldn't be used unless there's no choice. It allows that process to launch anything, whether it's known or not. The only place I've ever used that option is with an AV, when its update files are executables whose names you don't know beforehand. Personally, I'd rather update an AV manually than use that setting, especially when AVs are targeted for exploit.

The hardest part of setting all the allowed parent-child permissions is getting everything covered. AVs, office software, CD burning apps, etc can have some pretty involved settings. The task scheduler often needs specific permissions. Browsers need to parent other processes at times, like a media player or PDF reader. The windows notepad (if you still use it) has to be an allowed parent of wordpad once the text file reaches a certain size. In some instances, the "SendTo" folder is treated separately.

SSM doesn't control 16 bit functions well. It will intercept a 32 apps launching a 16 bit app, but doesn't control what other 16 bit apps can be launched by an already running 16 bit app. You will want to control access to command.com and DOS in general. A user or malicious app that gains access to a DOS command shell on a 9X system can use it to defeat any windows security app, including SSM. Something to figure into a security strategy.

If you know what's on your system, it's more time consuming than anything else. SSM will allow you to save as many separate rulesets as you want. I'd suggest making backups of the rulesets from the options>configs tab before you do too much editing. That way, if you make a mistake, it's easy to fix. Just take your time. I hope I haven't jumped around too much here.

Rick

 

I do not know what has occurred, but; while I was attempting to create a message - suddenly my screen went away, not a power problem this happened over the net, I am now logged in again as I was already. I have errored before and made double posts this time the Back Arrow was not available to return to my started message. So here I go again.

So far you have cleared some of the UnKnown programs that I do not trust because I do not know what they are supposed to be doing. A couple that I am not sure of but feel they are AOK! RNAAPP.Exe and TAPISRV.Exe, thanks to SSM and knowing what should be allowed when I connect.

I have not finished reading all of your message at this time, have saved a copy to my H/D so I can read and ssttuuddy (some times I SSTTUUDDEERR) off line. Don's ask me, my fingers get carried away at times and extra keys are used and I need to go back and clarify what I wanted to say. That is why it takes me so long some times to reply or just because I get LongWinded.

One of my Largest Complaints with µBarf is not providing info on all of the apps that are within Windows® so we KNOW. I have been working with these systems since 1985 and still have much to learn. Going through the School of HardKnocks is an on going battle, for me anyway.

Now go do some other work for a short so I can absorb what you have given,

 

Herbalist, Herbbie,

Just to give you some more info about my setup. I have downloaded WatchCat from Last of the Free Versions (LFV) if you know where that is, and use that to put programs I am not using at that moment in LIMBO. Yes, they seem to not really be using any of the RAM when hidden by WC. I have noticed RAM has a larger FREE portion when most of them are in WC.

As for NotPad, I know, I have a little program from MDGx's website called MetaPad. It is NotePad on steroids, has many more features and adjustments you can make and will handle larger files than NotPad originally NotePad. Plus my favorite txt file is JGSoft's EditPadClassic FREE. I use them both for different reasons. Another that I find to be very handy is WindowsEnabler if you would like to know more about them just ask and I will provide, if you already know then this is useless.

Thank you for reading my Poosters,

 

RNAAPP.Exe and TAPISRV.Exe are windows components that are used with dialup internet service. RNAAPP.exe is often the parent process of TAPISRV.exe. Any app that you want to be able to start a dialup connection will need to be an allowed parent for RNAAPP.exe. Controlling what processes can parent those 2 limits what can establish a dialup connection. Helps defeat the dialler types of malware.

I'm heading out for dinner at a friends. Will try to address more of your posts when I get back.
Rick

 

Re: SSM Free v2.0.0.583 and v2.0.0.584

Herbalist,

How would be the best method of including a ScreenShot in a posted message? Never have done that before, be gentile please?

I have all of my apps Rules set to Advanced and it is funny how you can learn from just clicking on items and reading. Have been wondering why I could not do any RegEdits. Always there was this little window popping up telling me that was not allowed or words to that effect. Found in the Modules, Registry that could be adjusted. Now maybe I can continue with my change over to SSM being my main monitoring program.

I even have the IExplorer and StartMenu Modules Disabled. Do not allow anythingy to be installed in the Startup under the StartMenu. If I want it to be auto/start it gets put into the Registry under my direction where I want it.

Thank you for reading my poosts,

 

Re: SSM Free v2.0.0.583 and v2.0.0.584

Now another question, what characters are acceptable and Max and Min length for passwords? Alpha/Numeric + Specials + all Alt+xxxx? My password program can create any combination I need so I need to know.

Thank you for reading my possttss,

 

Re: SSM Free v2.0.0.583 and v2.0.0.584

Herbalist,

Have seen where some are having a problem with Avira's AntiVir v7.0 and SSM v Unknown. "Re: Problems with Avira updates" I posted some info from my experiences as well as having just run an update, to AntiVir, without any problems. Also see where you have posted to AntiVir's Forums and had gone there to see what I could find and it was good to me.

Am very pleased and am now running without the AVGCtrl.exe in my system tray. The only problem I can see with this setup is after an update TaskMan needs to be run to remove the AVGCtrl.Exe so there is not a conflict or dual monitoring to slow thingys.

Thanks for reading this poosters,

 

Re: SSM Free v2.0.0.583 and v2.0.0.584

Regarding the screenshots, you'll need to use the forums "post reply" option instead of the quick reply. Below where you type the post is an "additional options" area. Use the "manage attachments" button. Use the browse button in the new window to navigate to the image file you want, then upload. When the upload is complete, close the new window. Just above the "manage attachments" button you initially used, you'll see a new link to the image, and code next to the link that starts with

Code:

[ATTACH]numbers[/ATTACH]

Copy that code to the location in the post you want the image displayed.

If your question was how to take a screenshot, just to the right of the F12 key is the "Print Screen" Key. When used alone, it copies everything on the screen to the clipboard. When ALT and Print Screen are used together, only the active window is copied. This is the most commonly used option to capture individual windows, dialog boxes, error messages, etc. Then open your image program, preferably something other than Paint. On Win98, paint can only save bitmaps. If you need one, IrfanView is a very nice free image program that works well on 98. Depending on the imaging software, either use the edit menu and select "paste" or right click and select "paste". Then save the image with the name of your choice. Given a choice GIFs or JPGs are better formats for screenshots as the file size is much smaller that bitmaps.

I don't know what the password limitations are on SSM. I know it will accept a password as short as 2 characters and as long as 32, which is the longest I tried. The characters are case sensitive. It also accepts numbers and at least some symbols. I haven't tried any of the more exotic ones, but it accepts these at least:
~!@#$%^&*()_+|}{:"?><
I'd suggest holding off using a password in SSM until your ruleset is basically complete, or use a very simple one. The password is easily changed. A large password can be a big inconvenience when you're modifying rules. I'm also hesitant to suggest using a password program to store passwords for security apps. If that password program is ever cracked, It's possible that the passwords for your security apps could be obtained and used to disable them. I'm assuming you need to use one because of what you called stuttering with the keyboard. If this is the case, make sure the SSM rules for the password program don't allow any unnecessary parent programs. That way, if another app should be exploited, it can't be used to start the password program. I'd also make sure that the password program isn't allowed internet access.

I also changed the default settings for the start menu and Internet Explorer modules to "block". You might want to leave the "Ini" module set to "allow". Some apps need to be able to modify the win.ini file to function properly. Don't get into too big of a rush to make changes to the registry module. It's default settings aren't that bad. There's also more than one way to defend the registry on a 98 box.

This test box has MetaPad on it too. On my regular box, I use NotePad+. It's another nice free replacement.

I know what you mean there. Even on the older systems, which are much simpler than the newer ones, there's a lot that can be learned, especially when you start getting deep into their workings. Even though M$ doesn't update 98 anymore, others like MDGx do, and do a better job at it, both at fixing bugs and making it more functional. I particularly enjoy working with DOS. It's amazing what you can do with a few batch files. I've found DOS to be a big security asset, enabling you to do things you just can't do on the newer versions of windows.
Rick

 

Re: SSM Free v2.0.0.583 and v2.0.0.584

Herbalist,

Sorry about the plain TEXT messages and not any smilies but I use plain TXT only. In my e-mail as well as in these Forums.

I use either the 'Quote' or 'PostReply', my Java is too old have a fresh version downloaded just have not installed yet so the 'QuickReply' will not work for me.

I know how to collect the ScreenShots, did not know about the Alt+PrintScreen though, THANK YOU VERY MUCH. Will save this message to my CPU for future reference.

My IrfanView v3.98 is one of my LIFE savers, many people have sent me pics of strange thingys and claimed they were truly pics of, well all sorts of strange thingys. Well I use IrfanView to look at the pics in Black&White and you can see where the pics have been Doctored. NO, I do not send any BitMap files, only JPG or GIF.

For the PassWord for SSM you have given me enough for what I need. PasswordMaker is the MOST secure password creating software. The only problem with it is it only works with Mozilla, FF, Opera and Linux. Not in M$IExplorer, it is being worked in that direction, along with many other requests for improvements and more features. It does not store any password it re-creates them each time it is used, storage is not a problem.

I am not planning on using the Password for SSM, yet, just wanting to get ready.

So far I have allowed the *.INIs to remain Default. Do not want to make too many changes in too many areas that I am not familiar with, yet. Am getting there soon though.

I agree with you on MDGx and crew at MSFN, I am a member there as well as CastleCops, CEXX, Net-Integration, SaferNetworking, and on and on.

I like doing some thingys in DOS, just do not know how to do all thingys. That is farther in the future, 4 ME!!

Thank you for this info and reading my posty toasters,

 

Re: SSM Free v2.0.0.583

Greetings ALL from LeonSprings, Texas USofA,

I do not allow any part of my system to run in AutoMagic or Automatic. I also do not use the Dialer in Windows mine is one that seems to be little known, Net Launch, I have used it for many years maybe 11 or 12 years. I have the one in Windows with NO entries, now there seems to be somethingy that is bringing up that dialer and attempting to dial out, of course I do not allow that and Cancel. FF is the one that was attempting to Parent a dial out today and there were three or four attempts without any data entries so they did not go any where.

Now a question about SSM, Preferences, Modules, Registry in the Key area there are two entries for HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ yet there is NOT an entry in Information. Is there possibly some hidden entry in one of those? I have run some inquiries for possible hidden files yet have not found any, yet. Have not looked at my latest check wanted to get this out here.

 

Re: SSM Free v2.0.0.583

On the modules tab, registry section, there's 2 separate screens, depending on whether you've selected "registry" or "information" on the right. Click any image below to enlarge.
http://i138.photobucket.com/albums/q277/herbalist-rick/registrymodule50.gif
This screen lists all the keys that are monitored by the SSM registry module. The default listing is for all versions of windows, so some of them won't exist on your PC, like the "HKLM....WindowsNT\CurrentVersion\*" keys. Note the right click menu which enables you to modify, add or delete individual monitored keys. This opens the screen imaged below.
http://i138.photobucket.com/albums/q277/herbalist-rick/editregistrymoduleparameter50.gif
On this screen, you can edit an existing key or specify a new key or value to be monitored along with what SSMs response to any attempt to change it will be. Be careful what you add or change here. Some registry keys and values do change during normal operations. How the modules behave depends on whether the UI is connected. Like the application rules, when the UI is disconnected, a user isn't asked about changes. "Ask" becomes "Blocked" when the UI is disconnected.
http://i138.photobucket.com/albums/q277/herbalist-rick/registrymoduleinformation50.gif
The registry information screen shown above is a listing of all the monitored keys and values on your PC. Nothing here is editable. It's all for information purposes. The "RunOnce" keys are listed because they're monitored, whether they contain entries or not. If you right click on a "RunOnce" key, you'll notice the default action is to alert you to a change. This is normal for these keys as values are regularly added by Windows Update, software installers, etc. On my PC, I changed all RunOnce keys to "Block" since I don't allow any auto-updating.

Regarding FireFox attempting to start the dialup, if your homepage is a website (normal for most users) this would be normal behavior when starting a browser if you don't already have a connection established. I use a local page of links as my homepage, a practice left over from my pre-SSM dialup days. Some malware exploits or hooks the browser, using its internet access to bypass the firewall. Such malware normally worked on the assumption that the browser will connect out to a website (the users homepage) when launched. By using a local page as a homepage, I could launch the browser without connecting to the net. While SSM can catch the hooks such malware uses, I kept the practice as an extra layer of security, plus I liked the convenience of having links to all my usual sites on one page. My present homepage is quite similar to This one. If it looks useful to you, feel free to edit it to suit your needs. When I first lauched FireFox on my test box, I was opening a local page like this. That's what alerted me to all the unwanted outbound connections FF was making. I especially didn't like the ones to Google. Sea Monkey doesn't do this. You mentioned the "about:config" on FF that you liked. Sea Monkey also has that feature.
Rick

 

Re: SSM Free v2.0.0.583

Herbie,

I am not going to give a full explanation of my problems at this time, they seem to be clearing up. Have not been able to access the web for a couple of days. Not sure as to why!

Thank you for this info, will save this to my H/D for future reference and study work. When you provide any info here, it is so extensive that it takes me hours or even days to fully absorb what is here.

Thank you for this HELP and hope it is giving others some little insight into the workings of this SSM. So far it has provided loads of info, just I do not know how to absorb some of it.

Thank you for reading my posts and for these replies,

 

Re: SSM Free v2.0.0.583

Hey Herbalist,

Excuse me, I had not read all the way to the bottom of your post before. So this is just to cover this ending to your last post.

Having managed a MiniMainFrame type computer setup with 32 dumb terminals with full responsibilities for the system security I am very security aware. That O/S was BTOS (Bourghous sp. Task Operating System) that is nothingy like MSDOS. Learned just enough to be able to maintain that system then changed over to DeskTops and MSDOS.

I cannot be charged with 'being normal' so for my opening page for my FF is about:blank and my NoScript is not allowing any scripts to be run while in that screen. This has been my practice from my very begining in 1985 before the web and before I had a HomeCPU.

Now another challenge for me to overcome, learn to do a webpage, so I may attempt to use that type of opening display. This will be my last post for some time, not sure how long, have some software downloaded and need to do some learning. Have been spending too much time on the Forums I am into. Approx. 24 Forums. Am not having any e-mail notifications sent to my addy any longer. Will pop-in everynow and then to see how thingys are going and see if you have answered my LAST question, for a short or long time.

What do you know about "FlashGet" 'eMule' and other download managers. Had a suggestion from another Forum for large file downloading . . am a little shaky about this because of the allowing that software such FREE operations. Understand it needs to open several ports at the same time for faster downloads.

Thank you so very much for the HELP you have provided,

 

Re: SSM Free v2.0.0.583

A download manager can be a lifesaver with dialup service. I used a very inexpensive dialup service until a year ago. The speeds were pretty good for dialup but the connection had a one hour limit. Without a download manager, the best I could do was about a 15mb file. With a download manager, you can pause or get bumped offline, reconnect and take up where you left off. I used to leave it paused during the day and let it download overnight. Downloaded files as big as 650mb that way. Over 40 hours for one file on dialup, a Linux ISO.

I haven't used either FlashGet or eMule. I believe eMule is a P2P app. They will work as a download manager but are more designed for file sharing. P2P apps and download managers have to be treated differently by firewall rules and should be treated differently with SSM as well.

I've been using Star Downloader, free version for years. It runs very well on 98 and integrates with most browsers. Screenshots here if you're interested. On the Kerio firewall rules for it, I have one allowing outbound TCP, any ports, followed by a rule blocking inbound traffic. Download managers do open more connections but they're all outgoing, and it only opens ports when a download is in progress. I can't say that this is correct for all download managers. Some might need more, depending on what features they have. For SSM, windows explorer and your browser need to be allowed parent processes. If you use the system scheduler instead of its built in one to schedule downloads, it'll need to be an allowed parent as well. Your AV scanner will need to be an allowed child process, as will the executables that launch your dialup connection (RNAAPP.EXE and TAPISRV.EXE). Downloaded files can be launched directly from Star Downloaders main screen, if the default app for the chosen file is also an allowed child process.

Unless there's a known vulnerability in the download manager itself, they're no more of a security risk than downloading with the browser. In a way, they're more secure than downloading with the browser. The better download managers can integrate with your AV and will automatically scan every download.

The only P2P app I've used is Shareaza. P2P apps need both incoming and outgoing connections to work properly. I can't speak for other P2P apps, but Shareaza will let you narrow it down to one port for incoming traffic if you configure it for use on a firewalled system. That port has to be open to other P2P clients in order to work. As far as I know, most P2P apps work this way. I suggest using a different port than the P2P apps default incoming port if the app gives you that option. Open ports can be a security risk, and more so when it's known what app is responsible for that open port. Shareaza for example uses port 6346 by default. Both attackers and internet service providers know this. Some ISPs deliberately block the default ports for file sharing apps. P2P apps are tempting targets for attackers for several reasons. One is the open connection they make, making them easy to find, identify if the default port is used, and connect to. It gets pretty obvious when all of a PCs ports are stealthed except one, and it's used by one specific P2P app. A lot of users who are heavily into P2P don't run many security apps. They're convinced that apps like firewalls slow them down. A lot of them think transfer speed is more important than being safe. Some of them are sharing trojans, both unaware and deliberately.

If an exploitable vulnerability is found in a P2P app, the risk to your system is higher than it would be with other internet apps because of their need to accept incoming traffic. Because of this, SSM rules for P2P apps should be as restrictive as absolutely possible. With dialup, you might have to allow RNAAPP and TAPISRV to be child processes, but if at all possible, allow no others. I use a separate ruleset when running Shareaza that's more restrictive than my regular one.

Regarding learning to make web pages, it's not as hard as you might think. I made mine with the composer component of Mozilla. There's a good chance that you've got Front Page already installed, comes with IE6. If you're interested in a separate one, check out NVU. It's Open Source, quite good. By using the WYSIWYG (What You See Is What You Get) Editing Mode, you can make pages without having to know HTML.

Stop in when you have time.
Rick

 

Re: SSM Free v2.0.0.583

Herby,

Now I have a BOOK to read as well as 65 years of software to test and learn. I do think it is time for be to leave for the duration or for whatever reason that I may have forgotten to mention. I will be Popping in and out from now and again to see how thingys are going and maybe ask a question or two or . . . If I survive this maybe I will be better off, then again you people may be the BETTER-OFF if I do not make it back.

So whatever happens HAPPENS and that is what I will need to live with or without.

This has been a very very very LARGE pleasure for me and if I could make it BANNER sized, "THANK YOU!!" would be bigger, better and from me to "U"

 

Re: SSM Free v2.0.0.583

I hope I've been able to help. Configuring both a rule based firewall and SSM at the same time can be a bit of an overload. As for configuring SSM, take your time with it. There's no reason the ruleset can't be treated as a work in progress. There's always the allow/block once options when you're not sure about a permanent rule.

You'll find making web pages is easier than you think. That's one of those subjects that you can dive into a lot or just a little. Once you get a few basics down, it's fun.

If you need help with any of it, let us know.
Rick