SSM vs Prevx

Hi Guys,

I currently use SSM which is quite complicated, would Prevx be more user friendly & afford similar degree of protection?

Take Care
Rico

 

Yes to the usability and protection if you're using SSM free (I can't vouch for the pro one since I'm cheap).

A friend of mine prefers prevx1 to SSM because even after he possibly downloaded some things that start with WA and end with EZ, he found that all SSM did was produce false positives in a foreign language(namely, the DLL Library crap or global hookers[not talking about Paris Hilton]). He isn't sure if the behavior blocker is that great, but its white and black lists are absolutely essential in his opinion. Just to add another degree of protection, he uses Cyberhawk free to catch nasty rootkit/keylogger installers which is known to report only questionable application behavior in PLAIN ENGLISH.
Bottom line is that my friend now wastes less time using google for every alert produced by SSM (including just opening up the internet browser) and trusts his HIPS combo enough to possibly use some things that start with WA and ends with ZE.

 

Prevx1 would definitely be more user friendly but I dont know about the protection.

If you can properly configure SSM and you dont mind the alerts, it can quite powerful.

 

Hi Guys,

So far using SSM (paid) the only alerts I've gotten is when I instigate something, install, updates etc.. Perhaps this weekend I'll uninstall SSM & give Prevx a try. I like the concept of white & black lists.

Thanks & T.C.
Rico

 

Hi Rico

Have a look at https://www.wilderssecurity.com/showthread.php?t=170691

It is more powerful than CyberHawk free. The rules I use are included

 

Why not run them together? I only ditched SSM because it made by PC act like the stereotypical fat guy in the Macintosh ads. E.G: you are booting up Windows, Accept or Allow? you have plugged in a usb device, accept or allow? you have run mozilla firefox, accept or allow? you have executed a text document, accept or allow? your wallpaper is trying to set global dll hooks with the parent hook of sexxxy bbw.com yap yap yap yap yap, just click accept already because the last time you clicked deny, explorer.exe crashed and turned your system into an offline paperweight.

That's just me. If you know what you are doing, then you probably don't need Prevx1. It is powerful for a set and forget HIPS, though. I suppose you can also base your SSM decisions on Prevx1's decisions.

 

Hi, folks: SSM paid has been expanding to include firewall features, more complicated and confusing than before. SSM free still produces too many alerts, needing your decision often, you can not afford making a slight slip of keyboarding, and making your head spinning constantly, very noisy. While Prevx is more quiet app, if you set ABC mode, it only alert you when an earthquake-like attack is looming. With millions of informants on duty, its eyes and ears are more competent than its rivals. If you like a quiet and enjoyalbe cyber time, go for Prevx1, by the same token, if you are an advendurous lancer, try SSM free or even paid, it will fill you up. In the event you ever have any reservation regarding Prevx1's full strength, why not enlist Cyberhawk free as a companion, somewhat quiet guy as well. Mind you, both SSM and Prevx1 are excellent security apps, just one with V8 turbo engine making awakening sound, while the other with a so quiet samller in-line engine, that you often can not feel its presence. Good luck.

 

It's not possible to directly compare the protection provided by SSM and PrevX. How well SSM protects a PC is completely dependent on its settings and ruleset. A user could create rules so permissive that they'd stop nothing. With well thought out rules and good decisions both versions will stop most everything.

SSM and PrevX use opposite approaches. These are for 2 different types of users. With PrevX, the vendor can handle many of the decisions. With PrevX, you primarily trust the vendor to detect, block and remove undesirable apps and code. SSM gives the user total control and total responsibility for the results. It's only as good as your judgement and knowlege.

Think of it this way. PrevX and SSM are enforcing tools. Both work well. With Prevx, you're relying on the vendors knowlege of systems, malware, and applications. You trust that they will detect malicious code and behavior, much like users have done with AVs for years, but on a much wider scale.
SSM enforces your rules and decisions. You're the one who has to decide if something is malicious or normal. You can easily allow malware to run with SSM if you don't understand what the alerts are telling you. You can just as easily block necessary system processes and create a nice mess for yourself. Be honest with yourself. Do you understand your system well enough to make all the decisions or do you need the knowlege and experience of the vendor to help you?
Rick

 

For most of us, we wouldn't know how to use SSM optimally. Very few people would think about their decisions rather than automatically twitching your muscles in the all too familiar position of the allow button. You may be letting a safe storm.dll have its hooks set by the parent application, world of warcraft, which is functioning normally or it could be some kind of backdoor that gives your account info to a chinese gold farming scheme.

 

Precisely why it's worth the effort and any aggravation you may find in it. SSM is a wonderful learning tool also in how your own computer registers various incoming commands via files and their locations & purposes. Before i could learn to drive my parents had to show me which handle was the automatic gear shift and where to move it in order for the car to move ahead. Then there was the brakes, signals, and so forth. You get the picture. System Safety Monitor is not as intimidating as the first time you see all those CONTROLS! And CONTROL! is does, you make the choices that stick and it remembers your instructions and locks the rule indefintely.

No, you really don't have to be some science manager to easily learn SSM, just use the same common sense it took for you to be able to work the keys & buttons (programs & settings) that gets you though every day now at the screen. It really is just that way. At my first try with it i thought oh! no!, how will i ever get all this organized to get the best possible benefits from this super shield, but with a little patience and asking questions in the forums like you, it soon became more simpler over time and my understanding of whats required of me to make it virtually impenetrable.

I stopped back at version 5.68 because it was changing too fast for me to keep up with it but my version is a steel wall now and it's everything and more i ever wished PC protection might one day become.

 

Another point with SSM is that every prompt offers the option of making it a permanent rule (i.e. your Block or Allow decision is remembered and applied if that situation occurs again). People who talk about repeated prompts for basic actions must surely be overlooking this.

I only get a significant number of prompts when installing SSM with a new configuration (I don't use Learning Mode) and I would compare it with ZoneAlarm or other firewalls - lots of prompts to start with, but after your basic actions are covered, you'll only see further ones appear if you install something (hint: use the Install Mode option available from the down-arrow menu on the Allow Button) or run a new program.

Of course, if you are new to SSM it will all seem strange (drivers? hooks? injection?). However if your system is clean, you can assume that most of what goes on should be allowed and just use SSM to gain a better understanding of your system and (legitimate) software behaviour.

 

Paranoid2000,

As one who does mention that, I'll say no, that I haven't overlooked it at least in my own case. However, whether is happens does depend very strongly on usage profile, as one might expect.

If the machine has a relatively static configuration and executables are not being constantly updated, SSM and related products are generally quiet after a short initial flurry of activity.

If the executable population is in flux either from, for example, someone trying out the latest game offerings or testing a wide range of programs for some purpose, the level of prompts can become annoying.

As you mention, it is akin to a standard firewall run in interactive mode. The primary difference being that prompts are offered for all unrecognized programs, not just those attempting network access.

Whether this is an issue or not depends on host of factors that are unique to the individual. I'll admit that my own tolerance to prompts after that initial and expected flurry is rather low (which would tend to place me in the Prevx camp relative to SSM vs. Prevx...)

Cheers,

Blue

 

Hi, folks: To use SSM or Prevx1? is a million$ question,and some experts can debate on and on for an unended future, but from a layman's point of view, the line drawn on the sand is very clear: When a new unknown situation arises, you are asked by SSM what are you going to do next, allow or kill? you are left ALONE, in cold, no lifelines,except panic search, search on web, while w/ Prevx1 , with the aid of vast spectra of data bases, this step IS taken out of your hand and is placed in GOOD HANDS. IMO, this is the LINE separating dayjoys and nightmares. I do not need detailed tech debates to make up my mind. One simple, clear line is sufficient.

 

Hi, Peter, thanks for your endosement(sort of). I guess nothing is 100% trustworthy yet, even w/ prevx1. And I do hope folks at Prevx1 can look into your concern. It has not yet happened to me, let us pray? Have a nice one.

 

Hi Guys,

I've been using Prevx for about 10 days love it. SSM I find distracts from my computing day, with its numerous alerts. Prior to using SSM, I used PG, so for several years of alerts, I was never alerted to, an actual malware attack.

Take Care
Rico

 

Does it happen often with Prevx1? Does Prevx1 have total control? Or can you do something about this?

Also, how good is Prevx1? Could this online-database concept be a weakness? Does it depend on how many use it? I mean if Prevx1 had 1000 users around the world I would not feel safe to use it. But if it had 10.000.000 users it would be a lot better? Or maybe I misunderstand?

 

why would you want it prevx to allow a known unsafe program to install?
lodore

 

This line:

If I get it right, this means Prevx1 is blocking a safe program that it should not block. Or as I said, maybe I misunderstand?

 

ok that does make sence
lodore

 

This is a valid point - though it probably applies more with program updates (resulting in a "checksum mismatch" prompt). Automatic Windows Updates can be a significant factor here, though SSM has the option (enabled by default) of automatically accepting digitally signed files to cover this.

I'd disagree here - in most cases it should be perfectly obvious when a program is legitimate (even if the filename isn't always obvious, the folder/path name certainly is), assuming that the user knows what software they have installed. If they don't (e.g. they have a new computer with pre-installed software that they know little or nothing about), then this will be much harder but still possible.

This isn't always going to be the case though for two reasons...

With a "community-based" database, all it requires is a small number of "allow by default" users to approve a malicious program initially and then others will accept it until it is overridden by expert advisors. This shouldn't be a common occurrence for most users but those who come into contact with new malware regularly are more likely to encounter such a situation.

The second reason is that "beauty is in the eye of the beholder" - what is an acceptable program to someone else, may not be acceptable to you. While most people can agree on outright malware, there is a large grey area:

• programs bundled with adware, like optional toolbars (e.g. Daemon Tools, Messenger Plus, AOL ActiveVirusShield);
• "dual use" software with legitimate and malicious uses like keyloggers and packet sniffers;
• programs that can pose a privacy threat (e.g. Windows "Genuine Advantage", anything with "phone home" capability like ZoneAlarm);
• DRM software - Sony's rootkit being a notable example - did Prevx flag this as malware prior to Mark Russinovich's revelations?
• programs that may be deemed undesireable for other purposes (excessive resource usage, intrusive behaviour, poor/non-existent uninstall option).

The question then is would Prevx err on the side of caution and block such software or allow it? In many such cases, it comes down to personal preference and circumstances - neither of which can be considered with a whitelist/blacklist approach.

 

some very good points made. one of the factors that no one has mentioned is Prevx1 cleans up an infection as well as stopping it. some nice gravy there.


Mike

 

I agree with most of the points made.
One other observation that may be relevant...
If you are the only person using the PC SSM free or paid is great.
If anyone else is going to use it who isn't so savvy in computer security then I'd definitely go for PrevX.
SSM was on my last PC for 8 months or so together with Prevx as I didn't know whether I 'trusted' Prevx at first to make the correct decisions but after using it now for some time it seems very solid to me and with my new PC I decided I didn't need SSM as Prevx gets the job done without being as 'noisy' as SSM or as complicated to use.
SSM is a great 'learning' tool and gives you rock solid security if you configure it correctly but I found I was too stupid or just too lazy to work that hard.