SSM - Prosecurity - Cyberhawk - DSA

This is probably my last post before I start trial these products. At least I hope so.

Before you keep on reading you should know:

My knowledge about security is not great. My English and computer language is not great.
Please try to stay on topic. And also, you dont need to tell me things like:

Why do you want all that protection? One HIPS is enough. You should learn how your pc work before starting with HIPS. Running several appl. can cause conflicts. SSM is hard to learn.You need to trial to see how it works. Its impossible to be 100% safe. Remember backup-plan, disc image etc.etc.... Because I know all this. And I also can agree with most of it.

From reading this forum and asking some questions I have reduced my «want to trial»-list from thousend to these four (thank you) except from sandboxing hips, but please lets keep them out of this thread.

Before you keep on reading, please have a look at this Comparative Features Table (HIPS - Behavior blockers):

http://wiki.castlecops.com/HIPS/IDP_programs/services#Buffer_overflow

I have listed some features missing for each of these four. Keep in mind I dont understand all those features, and dont know how important each of them are.

SSM full miss:

Dll loading (not miss, but limited)
Monitor of sensitive areas
Restrict file permissions by processes
Restrict file permissions by directories
Heuristic Algorithm or IDS
Configurable IDS
Buffer overflow

Prosecurity Pro miss:

Children parent control – Yes via rule 58 (I've only listed this because I dont know what it means)
Startup control (files)
Monitor of sensitive areas
Restrict file permissions by processes
Restrict file permissions by directories
Heuristic Algorithm or IDS
Configurable IDS
Buffer overflow

DSA miss:

Records command line parimeters
Dll loading
Process modification (DSA has this feature, but not as strong as other)
Restrict file permissions by processes
Restrict file permissions by directories
Block low level disk access
Password protection
Configurable IDS
Buffer overflow

Cyberhawk miss:

Process execution
Records command line parimeters
Children parent control
Dll loading
Access to physical memory
Service/Driver control
Restrict file permissions by processes (not pro version)
Restrict file permissions by directories (not pro version)
Block low level disk access
Password protection
Configurable IDS (not pro version)

I intend to go for a combo of 2 (or even 3) of these. Running SSM/PS in combo is out of question.

PS/CH/DSA or SSM/CH/DSA would of cours cover the most, but perhaps madness. Overkill, overlap, too much, conflicts......Or could it work ?? (I may try)

Running CH and DSA would of course be a free, easier to use, good combo, but lack something. (Password protection, block low level disk access, dll loading...dont know how important this is)

What would I miss, or what would be the weak point running each of these combos?:

SSM/CH
SSM/DSA
PS/CH
PS/DSA

Password protection needed for what? If it is to prevent other users/family members changing something, I will not need it. If it is to prevent malware from changing settings or shut off, then it could be nice to have.

CH the only one to protect against Buffer overflow. What does it mean? Needed by who?

The following I find interesting/important: If one of these 4 security applications miss one or two features, could it be possible that this could be ignored due to the fact that these features is covered by other features? Say SSM has feature A,B,C,D,E but not feature F,G. Maybe feature F and G are already covered by feature A,B,C,D and E?

Restrict file permissions by processes/directories: Only CH Pro, so I suppose this is not important or covered by other features in SSM/PS/DSA?

Heuristic Algorithm or IDS/Configurable IDS ?

A lot of questions, so I understand if there will be few or none replies. But I can always hope.

Btw I find this post helpful (post #77):

https://www.wilderssecurity.com/showthread.php?t=175145&page=4


My setup:

Nod32
Windows XP FW
BING (BootIt NG)
Firefox (NoScript, AdBlock Plus)
Thunderbird
Ccleaner
Spysweeper
Windows Defender
AdAware SE

 

Should use only one classical HIPS like SSM, PS, DSA, NG etc.
CH can be added safely as it is behav blocker. Still more can be covered by a SandBox.

 

Pepe,

Try the combo CyberHawk + WinPooch (like Glentrino2duo). This gives you the user friendliest coverage. Another possibility SSM free + WinPooch (best coverage). Look in this post https://www.wilderssecurity.com/showthread.php?t=173587&highlight=winpooch

Regards K

 

Hmmm... an interesting combination. WinPooch is an open source HIPS and Kees is one of the few posters who regularly mentions it. I shall have to give it a look one of these daze.

As for moi, I use & recommend DSA + SSM-Pro. Not a cough in a carload.

 

After trying GeSWall,WinPooch,and DSA over the last 3 weeks I would use DSA.

WinPooch is an interesting program.I liked it a lot,but stability was an issue on this box.

I'll be going to back DSA shortly.It was stable and easy to use.

 

Kees, one thing i don't know about Winpooch is if it polls the registry, or protects in real time.
The other is how to prompt for executables. I set it to ask, and it didn't ask, just blocked

 

So I guess this combo: SSM/CH/DSA or PS/CH/DSA would be totally out of question. As I said in my first post, probably madness, overkill etc... But still I want to use two. Maybe same as bellgamin (SSM/DSA).

WinPooch sounds interesting. (Same registry protection as RegDefend..) But It had to be in combo with SSM or PS (Prosecurity), because I see them as stronger than CH and DSA.

When I think of it, no matter what I choose as my main/strong HIPS, SSM or PS, I really think I should use a behaviour-blocker like CH. Why? Because I lack some knowledge, and if a malware should get throug anything else and start to do its business, whatever that may be, then CH is supposed to analyze its behaviour and block. But then I could not use DSA, which looks real good, because I end up with 3. Life is not easy So maybe a good solution would be SSM or PS in combo with CH, and change my Windows FW with Comodo instead of using DSA?

Some say Prosecurity Pro is a lot easier to use/learn than SSM Pro. Would all of you agree with that?

The reason I ask so many questions is that I want to find a combination of security applications that I will keep for a long time. As in not change all the time.

If you look at my first post, you'll see that there are som questions that I can not find out by testing the products. I wait for a while to see if there will be answers to any of those questions before I trial.

Thanks to all of you

 

tepe2, let me tell you that your 'question' post is a masterpiece: i dont remember anyone asking about any matter in such a brilliant way...i even think you already replied to yourself!
I dont think you need any advice,just start enjoying the programs you'll choose and should anything bad happen you have BING to take care of it.
My best wishes for you,anyhow.

 

If u are using Kaspersky, u can use its PDMs with SSM and in my oipinion u will not need anything more except for a sandbox if u wish. PDMs will add to SSM and also replace CyberHawk.

 

Im not sure I agree but thank you so much

I agree. I can run SSM/PS/CH/DSA/Comodo/NG/EQS/OA/Prevx/Winpooch in combo at the same time, and if....IF ? something goes wrong, I have BING

aigle

hmm...interesting. I now see the possibility of running Kaspersky with PDM, SSM, and add DSA. Because if PDM replace Cyberhawk and add to SSM, it would be like running what I suggested earlier, SSM/CH/DSA or even stronger. I'm hopeless I know (I guess PDM is some kind of built-in HIPS) Anyway I have Nod32 and since I am happy with it I dont think I will replace it. But I know for sure that if i should replace it, it would be with KIS. Aigle I wish I had Kaspersky because this was a great suggestion from you (also without DSA, or maybe better without DSA)

Seriously, if I do try this crazy thing, running SSM/CH/DSA together I will let you all know the result. Must be something you could disable to have less overlap and make this run.

 

IMO if somebody tried PDM with SSM, no need of DSA or CH at all. Even u can remove the overlapping protections from PDMs and SSM.
A sandbox might be the only addition to this.

If u run DSA with SSM Pro/ free, I think u can disable two modules safely in DSA that is Process monitor and System Anamoly. Also u might disable network control of SSM Pro( not sure).

 

correction: my combo is SSM Free (classic HIPS) + WinPooch (network access only) + EQSecure (behavior)

i drop Cyberhawk as my security app a long time ago, but try every new version to check if it improved...

 

Thanks aigle

Thanks Not very different from this: SSM/DSA/CH

From what I read in other threads EQS is very good. But I think CH (easy to use) will suit me. That is if it runs OK without slowdowns on my system. I soon find out.

 

Yes, you'll soon find out that it slows down your system.

 

Glentrino2duo,

Why don't you configure EQSecure as a Anti-Executable. Just change the "execute application" from allow (the ruleset I use) to "ask and block".
Make sure you tigthen the rules for every program you allow to the default protect mode (with execute application set to allow).

This way you can skip SSM-free.

Regards K

 

I just downloaded SSM trial. I disconnect from internet. Installed SSM, restart. Enabled learning mode, and opened all my programs. Another restart, disabled learning mode and connected to internet. Before I was connected to internet I got 3 popups about svchost something, I created permanent rule allow. And thats it.

Time will show if I can learn how to use SSM.

I can see that non of the modules are enabled as default. (INI files, startup, services, window filter, layered service provider.) I guess I should enable all of them.

By default network rules were not enabled, I had to enable. (So far I had popup for thunderbird and Nod32, of course I created permanent rule allow)

Im going to read the user manual, but also would like to know if a quick guide that cover the most important is available somewhere?

 

I would say the manual, and some of Herbalist posts. There are discussions too, other members are on top of things too.
Also, one way to relax: use it as an anti-executable, and move on from there.

 

Thanks, I'll do that And search for all recently posts about SSM.

 

I now run Cyberhawk and SSM together. Not much slowdown so far. Cyberhawk really is easy to use. And quiet.

Whatever I end up using at the end, I will restore an image and reinstall the products I choose. Thats why I'm first going to add DSA to this setup. I read the manual (DSA) and it does'nt seem much harder than Cyberhawk.

SSM - great! But not easy ! The manual is not up to date, and I read in the SSM forum that other users complain about this. I think the posts was from a year ago, and oct/now.


A green checkmark and the same checkmark in grey. Difference? And I cant find the red mark in the manual at all. They should incl a short expl in the GUI.


The "?" in grey and blue

SSM is supposed to have "Installation mode". How does it work? Can't find anything in the program.

Anyway it does'nt matter. I think SSM is more than I can handle.

I dont think downloading a trial, reading the manual and ask some questions at Wilders or SSM-forum is enough to handle SSM. It takes a lot more. At least if you're really going to use SSM.

Yes I could. But I also agree with those who say you have to know how to set it up and create rules, and know your system, systemfiles and how it all works, to get full protection.

As for Prosecurity....don't know if it is worth trialing for a guy at my level.

I could end up using Cyberhawk/DSA combo.

 

And why is not my screenshots included in the post?

When I created the post I several times made a preview. The first couple of times I previewed the screenshots were there, but later changed to:

"Attachment 190368" and "Attachment 190369". And they don't work.

Edit - They do work now

 

@tepe2, I also find images attaching to be a PITA (Pain In . .)!

Try this link https://www.wilderssecurity.com/showthread.php?t=63957

See here that post says, "Note:"

Mike

 

Thanks Screenshot problem now fixed. I learn something new every day

 

I now run all 3: SSM/Cyberhawk/DSA. Only for testing.

Nod32
Windows XP FW
SSM
Cyberhawk
DSA

No conflicts or slowdown so far. They did warn about each other a couple of times, but I click "allow".

I'll soon uninstall SSM, and try Prosecurity. What I find difficult with SSM is to setup and understand all the rules, and that make me feel not protected.

My hunt for a good combination of security applications will go on.

BTW can anyone tell me if Comodo PFW is difficult to manage/handle the rules? Easier than SSM?

 

Wrong. There seem to be some conflicts, but that does not surprise me. Some error warnings when login/logoff Windows XP





Also a message about nvsvc32.exe.

Dont know if this is because I run several security app together or not. But I dont think I will run all 3 together anyway. The error warnings also showed up after I disabled Process Detection and System Anomaly Detection of DSA.

Just thaught I should let you know.

I really like Cyberhawk, but dont know after PC Tools acquires:

https://www.wilderssecurity.com/showthread.php?t=176587