System Safety Monitor - is it the real deal?

System - XP Pro SP1

So, here I sit all dejected without complete app control after Kerio v3b5 decided to go Tango Uniform. Kerio didn't crash -- I just had to uninstall because it *refused* to acknowledge my rules to unopened ports, no matter what I tried. For instance, my ISP requires an IDENT on send mail by sending three packets to my port 113. The mail will eventually go but can take up to 15 seconds while waiting for the IDENT or a DNS check, which Kerio v3 ALSO blocks no matter what I do. The IDS simply takes over and the packets never get to my filter rules. <shrug> Anywho, all that's a different story, I have reverted back to Kerio 2.1.4 until they get their act together with v3.

Now, what I *really* like about v3 is the app control and K2 (or any other fw I am aware of) does not have that feature. I miss seeing "Gravity wants to start Internet Explorer -- Allow/Block?" and everything else that suggests. I could actually run without a fw -- or simply use XP's ICF -- if I had the level of app control Kerio v3 is trying to attain. I'm not really concerned about trojans because of awareness but am concerned about apps I *do* allow to be installed. Information is money to the sleaze factor out there and I don't want my info sneaking out.

So, is SSM what I am looking for to compliment my fw while Kerio gets the bugs out of v3, assuming they can? BTW, the Atelier proof of concept WILL blow right through K3 if IE has an allow rule set. The only way to stop it is to make IE ask permission for *every* connection. It could just as easily use any other 'net capable app. But I digress -- is SSM the trick or does anybody know of another app? I am not interested in purchasing Tiny *just* for the sandbox. I have seen SSM mentioned in other threads but not really hashing it out. I noticed Root is having problems on W2kSP3 -- what about XP? Does it play well with others, in particular those that use LSP? Can you limit it to only app control or does it insist on doing a bunch of other stuff? Can it be run "on demand"? How is it on resource usage? Is SSM *the* one or is something else available?

Yeah, I know how to find out -- install it and see. The problem is I JUST finished cleaning up a big mess left by the Kerio beta and I'm not in the mood to do it again. Please help out a lazy person.

Thanks,
Phil

 

I like SSM as added protection. I have problems with the latest version 1.9.1, but the version previous, 1.8.9 is working great for me.
The newest version , I think, does a better job of watching for programs to use api calls to other programs, so I hope it gets debugged soon. Everyone is not having trouble with it though, maybe just me.
Try it as an addition to your regular firewall. I think you will like it.

 

I tried one of the versions(I believe it was a beta version) of SSM a while back.It worked with no problems on my xp.System Safety Monitor is a good program from my experience with it.The only reason I didn't keep it was because I have a monitoring program and Spybot's resident beta.I don't like to run too many programs that deal with the registry.

 

Max has already fixed the problem I was having. I'm very impressed!
I urge people to try this program in its newest form. I think you will find it is providing a level of protection that other programs do not currently provide.
Whenever a program tries to execute, or even use another part of its own program, or another program, you get prompted to block, allow, once or always, etc. It offers excellent control.
Plus, its free!!!

 

It would be nice if the author of SSM would include which OS the software is compatible with (all windows OS?) in his readme file.

Guess since it is free one can't expect this type info?

Looks like from the install instructions that no registry keys are changed, just establish a folder, extract the zip to this folder and run Syssafe.exe.

Anyone know where there is a forum which discusses this program?

Also I was @ http://www.wilders.org/securing_your_pc.htm
just peaking around trying to find out more info on SSM and noticed at the bottom security suggestions, and a couple stood out for me:

• disable HTML in your e-mail software;
• rename shscrap.dll to shscrapold;
• install HTAstop; for more info look at our free tools page.
• install DSOstop; for more info look at our free tools page

Couple of questions on above:

1) How does one know if HTML mail is enabled, and if it is how does one disable for example netscape messenger, or hotmail.com

2) what does shscrap.dll do and why rename it, what is impact of renaming this .dll

3) HTA Stop and DSO stop worth installing or not?

TIA

 

in addition to above Qs, does Max Burmistrov have a home page for his SSM program?

 

Unless you can read and understand Russian, this is the closest I could find: http://kormushkin.narod.ru/help/ssme.html

Regards,

Pieter

 

http://maxcomputing.narod.ru/ssme.html?lang=en
Pieter Arntz your link was in english and worked fine unless i was missing something

 

Probably my English
What I meant was : this is the only page in English I could find.
I found a homepage, but that was illegible for me.

Regards,

Pieter

 

when I click on the links provided, i get a blank page

 

http://maxcomputing.narod.ru/ssme.html?lang=en
Rgds,

 

SpaceCowboys link worked fine for me.
Since I opend my mouth before, I guess I better keep this updated.
I thought the problem I had was fixed, but when I shut down and rebooted I had a new problem, with apps not wanting to load. If I remove mchooknt.dll from the folder, the program works fine, but is missing one of the most important parts.
I emailed Max again, but I'm sure he's asleep at this time.
I still think this is going to be a must have. It is beta software though.

 

Thanks for the info. One of the reasons I asked about the app is stability. I don't like a lot of things diddling around with my XP reg either. At over 25MB with more than 500,000 lines, there is just TOOOO much that can get goofed. I do have an excellent reg backup program and use it with regularity but still.....

Phil

 

I'll just bet the part missing is the app control, huh!

Are you talking about the 1.9.1beta2 version available from the site or do you have something "newer"? I have seen a couple of comments from XP users that the latest version works ok, but since W2k and XP are "kissing cousins" I think your comments may give reason to pause. I did notice the beta2 version is labeled W2k fix or something on that order. I may just need to run Drive Image, make a restore point, do a reg backup (<sigh> the travails of running betas ) and give that puppy a trial run. I would like to be sure I have the latest and greatest, though.

Thanks for your help, Root.

Phil

 

As best as I can tell, the dll I mentioned became part of the program in version 1.9.1.
That dll is what picks up the api calls or hooks that are used when one program uses another program. I currently just renamed the file and the rest of the program is working fine.
I seem to be one of the few people having a problem with this.
The program seems safe enough to try out, but then I mess with new programs daily.

 

Still can't get there via IE, must have the reins pulled too tight on that puppy, so I swithched to Netscrap and got there w/out any problems.

Will wait a while before I install, too many little things not clicking on this one for me to feel comfortable.

Home page:

http://maxcomputing.narod.ru/ssme.html?lang=en

says latest version is Current version 1.9.1 (beta! 2) September 23, 2002.

excuse me but aren't we in December?

when you click on SSM help (English) you get:

http://kormushkin.narod.ru/help/ssme.html#basic

which shows top of page: March 03 2002 Version 1.8.4

I know I'm being picky, but being picky has saved my SA quite a few times thank you.

also when you download SSM from here:

http://kormushkin.narod.ru/ssm.zip

open the zip you get an exe: ssm191-2-w2kfix.exe quite different from the 191 version I dl'd from wilders this pm also the installation obviously doesn't match the instructions anymore if this is an install ap vs. placing in folder and running SysSafe.exe to start the program

also no mention on compatability with operating systems that I could see.

yup - I think I can wait awhile on this must have ap

thank you.

 

I am going to drop this link in here from DSLR since others have had some problems and successes with SSM that might help here.

Anyone got any old copies of System Safety Monitor

http://www.dslreports.com/forum/remark,5212894~root=security,1~mode=flat

 

You're welcome.

Phil

 

After four days of working with me trying to get SSM to work on my machine, I do believe Max finally found the problem. I know he was working on this very late at night as thats when I was around. I remain impressed with this product and its author.
For those of you that seem to have your own problem with it, I encourage you to let Max know. I'm sure he will make every effort to make this a most effective product for everyone to enjoy.
I will continue to recommend this product highly. It addresses a built in problem with Windows that is a security nightmare. It is not easy to get a product like this to work flawlessly on every machine with all the various combinations of setups and hardware that are in place today.
For those of you that may have some problem with SSM, Firewalls, and some of the other programs around that seem to cause a lot of heartache, please take into consideration the difficulty of making these programs work just right, and take into consideration the kind of effort you get in return for your trouble reports. If more product developers would work as hard as Max has been working the last few days, we would have a safer environment.
I just want to make sure he gets the credit he deserves for the work he has done, and I'm sure, will continue to do.