system safety monitor

That depends on you. SSM does not differentiate between system files, legitimate apps, malware, rootkit installers, etc. It will block or allow whatever you tell it to. If you don't allow a malicious process or installer to run, it's not going to sneak past it. The only way you'll get rookitted running SSM is if you directly allow it or the rules you make are permissive enough to allow an unknown to run. SSM is ideal for enforcing a default-deny security policy. It is not the best choice for containing the malicious activities of malware a user may have inadvertently or deliberately allowed to run. It wasn't designed for that. With careful attention to the details and parent-child settings of its rules, it can be used as a type of policy sandbox, but because it's no longer being developed, it is possible that malicious code can use techniques it wasn't designed to intercept. If those techniques still depend on executing an unknown payload, SSM will still defend against that payload.

The registry protection is quite limited in the free version. It's more comprehensive and very configurable in the pro versions but the design of the registry interfaces can be quite confusing. On their own, the registry modules or rules are not sufficient to completely defend the registry. The application rules are the primary registry protection, especially the parent-child settings that restrict which processes have access to system utilities that can edit the registry. Again, this places the burden completely on the user.

These make SSM suitable only in situations where there is at least one user/administrator capable of handling those decisions. The administrator can create the complete ruleset, set the password, then disconnect the UI. SSM will function much like a system policy on steroids, creating a whole new meaning for "limited user". I'm using this method on one clients PC, after cleaning it far too many times, the last time being a real nightmare. I don't know where this guy browses, but he finds all the new fake AVs and anti-spywares. Just yesterday he called and said he had a big red screen that said he's infected with all kinds of trojans, but he can't get the antispyware they said he needs to run. I've given up on trying to explain fake AVs to him. SSM put a permanent end to this problem. The fakes can't install, no matter what he does.

Yes, all development for SSM has ceased. It failed because it was not economically viable, not because of any weakness or flaw in the code. It targeted a very limited set of users (techies who knew their systems very well) and was a one time purchase. I beta tested SSM for both System Safety Limited and for Max Burmistrov, the original developer. I've been using it for almost 6 years. For the last 4 years, it's been the core of my security package. It's not for Vista with the service pack or for Win-7. It's definitely not for the average user. It's for users who want as close to total control of their systems as possible and are knowledgeable enough to know what should and shouldn't be there.

 

thanks for this value info buddy

 

Thanks for the info. SSM is not for me, going by your discription. I loaded it up and it gave me a never ending series of pop up asking for allow or block, which I didnt know how to answer, so never made a rule. I mean continuous, it never left the screen. Until it locked up the computer....LOL! I was just clicking allow, allow, allow as fast as I could!

I hope SSM continues to be available for the expert user, though.

jmonge, Id be interested in your experience, too.

 

same here bunch of pop ups my fingers were bussy poor keyboardlol

 

Why didn't you leave it in Learning mode for a while, starting all your trusted applications. The icon in the tray has a red spot when in learning mode.

P.S. The very nice option with SSM is that you can specify parent-child process interaction.

 

you got me here man why didnt i?mmm

 

I never got to a place past the pop ups to get to a choice of learning mode. How do you get to a choice of learning mode?

 

You right-click on the tray icon and tick the learnning mode option from there.
It's especially advisable to do so before first reboot after install as otherwise you can lock your PC. I suppose this is the reason why the option "start when windows starts" is not ticked by default in SSM. So in short - after install and reboot, the program doesn't start automatically, you have to select that in the options.
So what I mean with 1st reboot after install is 1st reboot with the program configured to run automatically with windows log-on.

 

Before you decide to try the learning mode, make absolutely certain that your system is clean. SSM does not differentiate between legitimate system files or applications and malicious code. Learning mode will allow malware to run. Select the wrong options and it could even protect it! IMO, learning mode is OK for getting started if you're in a hurry, but it's not a substitute for learning how the processes on your system interact or for learning how to make SSM enforce your rules. There is no better teacher for learning the details about the processes on your system. If you decide to give manual configuration another try, make it easier on yourself and don't enable the registry or networking rules until the others are done. As long as you use "allow once" or "block once", the alerts will keep coming. You'll see many of the same ones repeatedly. The lockup was probably from service processes not being able to start when needed. When SSM alerts to the activities of a specific process, that process is often prevented from doing anything else until you answer that alert. System services don't respond favorably to that.

 

Thanks noone, maybe Ill give it another shot, with your tips here.

 

when it is in learning mode is redish color

 

jmonge, how is your SSM trial going? How would you compare it to ProcessGuard. I am running Malware Defender right now, so I havent had time to look at SSM again. I have also had ProcessGuard running a bit before.

 

EscapeVelocity i tested/trial both ProcessGuard is lite/fast but lacks alot of stuff tha system safety monitor and malware defender have for example active process activities and network protection,i prefer to run SSM instead of PG but i think MD is more complex it has full registry protection and more to bad is going some where