SSM vs Prevx

Discussion in 'other anti-malware software' started by Rico, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    I currently use SSM which is quite complicated, would Prevx be more user friendly & afford similar degree of protection?

    Take Care
    Rico
     
  2. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    Yes to the usability and protection if you're using SSM free (I can't vouch for the pro one since I'm cheap).

    A friend of mine prefers prevx1 to SSM because even after he possibly downloaded some things that start with WA and end with EZ, he found that all SSM did was produce false positives in a foreign language(namely, the DLL Library crap or global hookers[not talking about Paris Hilton]). He isn't sure if the behavior blocker is that great, but its white and black lists are absolutely essential in his opinion. Just to add another degree of protection, he uses Cyberhawk free to catch nasty rootkit/keylogger installers which is known to report only questionable application behavior in PLAIN ENGLISH.
    Bottom line is that my friend now wastes less time using google for every alert produced by SSM (including just opening up the internet browser) and trusts his HIPS combo enough to possibly use some things that start with WA and ends with ZE.
     
    Last edited: Apr 6, 2007
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Prevx1 would definitely be more user friendly but I dont know about the protection.

    If you can properly configure SSM and you dont mind the alerts, it can quite powerful.
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    So far using SSM (paid) the only alerts I've gotten is when I instigate something, install, updates etc.. Perhaps this weekend I'll uninstall SSM & give Prevx a try. I like the concept of white & black lists.

    Thanks & T.C.
    Rico
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  6. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    Why not run them together? I only ditched SSM because it made by PC act like the stereotypical fat guy in the Macintosh ads. E.G: you are booting up Windows, Accept or Allow? you have plugged in a usb device, accept or allow? you have run mozilla firefox, accept or allow? you have executed a text document, accept or allow? your wallpaper is trying to set global dll hooks with the parent hook of sexxxy bbw.com yap yap yap yap yap, just click accept already because the last time you clicked deny, explorer.exe crashed and turned your system into an offline paperweight.

    That's just me. If you know what you are doing, then you probably don't need Prevx1. It is powerful for a set and forget HIPS, though. I suppose you can also base your SSM decisions on Prevx1's decisions.
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: SSM paid has been expanding to include firewall features, more complicated and confusing than before. SSM free still produces too many alerts, needing your decision often, you can not afford making a slight slip of keyboarding, and making your head spinning constantly, very noisy. While Prevx is more quiet app, if you set ABC mode, it only alert you when an earthquake-like attack is looming. With millions of informants on duty, its eyes and ears are more competent than its rivals. If you like a quiet and enjoyalbe cyber time, go for Prevx1, by the same token, if you are an advendurous lancer, try SSM free or even paid, it will fill you up. In the event you ever have any reservation regarding Prevx1's full strength, why not enlist Cyberhawk free as a companion, somewhat quiet guy as well. Mind you, both SSM and Prevx1 are excellent security apps, just one with V8 turbo engine making awakening sound, while the other with a so quiet samller in-line engine, that you often can not feel its presence. Good luck.
     
  8. herbalist

    herbalist Guest

    It's not possible to directly compare the protection provided by SSM and PrevX. How well SSM protects a PC is completely dependent on its settings and ruleset. A user could create rules so permissive that they'd stop nothing. With well thought out rules and good decisions both versions will stop most everything.

    SSM and PrevX use opposite approaches. These are for 2 different types of users. With PrevX, the vendor can handle many of the decisions. With PrevX, you primarily trust the vendor to detect, block and remove undesirable apps and code. SSM gives the user total control and total responsibility for the results. It's only as good as your judgement and knowlege.

    Think of it this way. PrevX and SSM are enforcing tools. Both work well. With Prevx, you're relying on the vendors knowlege of systems, malware, and applications. You trust that they will detect malicious code and behavior, much like users have done with AVs for years, but on a much wider scale.
    SSM enforces your rules and decisions. You're the one who has to decide if something is malicious or normal. You can easily allow malware to run with SSM if you don't understand what the alerts are telling you. You can just as easily block necessary system processes and create a nice mess for yourself. Be honest with yourself. Do you understand your system well enough to make all the decisions or do you need the knowlege and experience of the vendor to help you?
    Rick
     
  9. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    For most of us, we wouldn't know how to use SSM optimally. Very few people would think about their decisions rather than automatically twitching your muscles in the all too familiar position of the allow button. You may be letting a safe storm.dll have its hooks set by the parent application, world of warcraft, which is functioning normally or it could be some kind of backdoor that gives your account info to a chinese gold farming scheme.
     
  10. EASTER.2010

    EASTER.2010 Guest

    Precisely why it's worth the effort and any aggravation you may find in it. SSM is a wonderful learning tool also in how your own computer registers various incoming commands via files and their locations & purposes. Before i could learn to drive my parents had to show me which handle was the automatic gear shift and where to move it in order for the car to move ahead. Then there was the brakes, signals, and so forth. You get the picture. System Safety Monitor is not as intimidating as the first time you see all those CONTROLS! And CONTROL! is does, you make the choices that stick and it remembers your instructions and locks the rule indefintely.

    No, you really don't have to be some science manager to easily learn SSM, just use the same common sense it took for you to be able to work the keys & buttons (programs & settings) that gets you though every day now at the screen. It really is just that way. At my first try with it i thought oh! no!, how will i ever get all this organized to get the best possible benefits from this super shield, but with a little patience and asking questions in the forums like you, it soon became more simpler over time and my understanding of whats required of me to make it virtually impenetrable.

    I stopped back at version 5.68 because it was changing too fast for me to keep up with it but my version is a steel wall now and it's everything and more i ever wished PC protection might one day become.
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Another point with SSM is that every prompt offers the option of making it a permanent rule (i.e. your Block or Allow decision is remembered and applied if that situation occurs again). People who talk about repeated prompts for basic actions must surely be overlooking this.

    I only get a significant number of prompts when installing SSM with a new configuration (I don't use Learning Mode) and I would compare it with ZoneAlarm or other firewalls - lots of prompts to start with, but after your basic actions are covered, you'll only see further ones appear if you install something (hint: use the Install Mode option available from the down-arrow menu on the Allow Button) or run a new program.

    Of course, if you are new to SSM it will all seem strange (drivers? hooks? injection?). However if your system is clean, you can assume that most of what goes on should be allowed and just use SSM to gain a better understanding of your system and (legitimate) software behaviour.
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Paranoid2000,

    As one who does mention that, I'll say no, that I haven't overlooked it at least in my own case. However, whether is happens does depend very strongly on usage profile, as one might expect.

    If the machine has a relatively static configuration and executables are not being constantly updated, SSM and related products are generally quiet after a short initial flurry of activity.

    If the executable population is in flux either from, for example, someone trying out the latest game offerings or testing a wide range of programs for some purpose, the level of prompts can become annoying.

    As you mention, it is akin to a standard firewall run in interactive mode. The primary difference being that prompts are offered for all unrecognized programs, not just those attempting network access.

    Whether this is an issue or not depends on host of factors that are unique to the individual. I'll admit that my own tolerance to prompts after that initial and expected flurry is rather low (which would tend to place me in the Prevx camp relative to SSM vs. Prevx...)

    Cheers,

    Blue
     
  13. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: To use SSM or Prevx1? is a million$ question,and some experts can debate on and on for an unended future, but from a layman's point of view, the line drawn on the sand is very clear: When a new unknown situation arises, you are asked by SSM what are you going to do next, allow or kill? you are left ALONE, in cold, no lifelines,except panic search, search on web, while w/ Prevx1 , with the aid of vast spectra of data bases, this step IS taken out of your hand and is placed in GOOD HANDS. IMO, this is the LINE separating dayjoys and nightmares. I do not need detailed tech debates to make up my mind. One simple, clear line is sufficient. :)
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    I own both SSM and Prevx1, although don't have both on the system. Perman you make an excellent point, but at the same time there is a downside to that. When I end up taking Prevx1 off is when it does something totally stupid, like blocking the install of a program it already knows about.

    Whether we like it or not we are ultimately responsible for knowing what is on our computers.
     
  15. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Peter, thanks for your endosement(sort of). I guess nothing is 100% trustworthy yet, even w/ prevx1. And I do hope folks at Prevx1 can look into your concern. It has not yet happened to me, let us pray? Have a nice one.
     
  16. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    I've been using Prevx for about 10 days love it. SSM I find distracts from my computing day, with its numerous alerts. Prior to using SSM, I used PG, so for several years of alerts, I was never alerted to, an actual malware attack.

    Take Care
    Rico
     
  17. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Does it happen often with Prevx1? Does Prevx1 have total control? Or can you do something about this?

    Also, how good is Prevx1? Could this online-database concept be a weakness? Does it depend on how many use it? I mean if Prevx1 had 1000 users around the world I would not feel safe to use it. But if it had 10.000.000 users it would be a lot better? Or maybe I misunderstand?
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    why would you want it prevx to allow a known unsafe program to install?
    lodore
     
  19. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    This line:

    If I get it right, this means Prevx1 is blocking a safe program that it should not block. Or as I said, maybe I misunderstand?
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Not total control. I just temporarily stopped an update. Fortunately a retry let it go. Honestly when I update know software, I would usually shut it down.

    @lodore. Not installing an untrusted program. Just doing an update to Quickbooks which is well know, even to Prevx
     
  21. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    ok that does make sence
    lodore
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    This is a valid point - though it probably applies more with program updates (resulting in a "checksum mismatch" prompt). Automatic Windows Updates can be a significant factor here, though SSM has the option (enabled by default) of automatically accepting digitally signed files to cover this.
    I'd disagree here - in most cases it should be perfectly obvious when a program is legitimate (even if the filename isn't always obvious, the folder/path name certainly is), assuming that the user knows what software they have installed. If they don't (e.g. they have a new computer with pre-installed software that they know little or nothing about), then this will be much harder but still possible.
    This isn't always going to be the case though for two reasons...

    With a "community-based" database, all it requires is a small number of "allow by default" users to approve a malicious program initially and then others will accept it until it is overridden by expert advisors. This shouldn't be a common occurrence for most users but those who come into contact with new malware regularly are more likely to encounter such a situation.

    The second reason is that "beauty is in the eye of the beholder" - what is an acceptable program to someone else, may not be acceptable to you. While most people can agree on outright malware, there is a large grey area:
    • programs bundled with adware, like optional toolbars (e.g. Daemon Tools, Messenger Plus, AOL ActiveVirusShield);
    • "dual use" software with legitimate and malicious uses like keyloggers and packet sniffers;
    • programs that can pose a privacy threat (e.g. Windows "Genuine Advantage", anything with "phone home" capability like ZoneAlarm);
    • DRM software - Sony's rootkit being a notable example - did Prevx flag this as malware prior to Mark Russinovich's revelations?
    • programs that may be deemed undesireable for other purposes (excessive resource usage, intrusive behaviour, poor/non-existent uninstall option).
    The question then is would Prevx err on the side of caution and block such software or allow it? In many such cases, it comes down to personal preference and circumstances - neither of which can be considered with a whitelist/blacklist approach.
     
  23. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    some very good points made. one of the factors that no one has mentioned is Prevx1 cleans up an infection as well as stopping it. some nice gravy there.


    Mike
     
  24. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    I agree with most of the points made.
    One other observation that may be relevant...
    If you are the only person using the PC SSM free or paid is great.
    If anyone else is going to use it who isn't so savvy in computer security then I'd definitely go for PrevX.
    SSM was on my last PC for 8 months or so together with Prevx as I didn't know whether I 'trusted' Prevx at first to make the correct decisions but after using it now for some time it seems very solid to me and with my new PC I decided I didn't need SSM as Prevx gets the job done without being as 'noisy' as SSM or as complicated to use.
    SSM is a great 'learning' tool and gives you rock solid security if you configure it correctly but I found I was too stupid or just too lazy to work that hard.
     
Loading...
Thread Status:
Not open for further replies.