SSM's registry protection

Discussion in 'other anti-malware software' started by greg32, Aug 22, 2007.

Thread Status:
Not open for further replies.
  1. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    Hi there,

    Quick question for the gurus. Is the registry protection in SSM sufficient on it's own, or is it advised to use alternative monitoring along side SSM.

    Cheers
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Depends on what you mean by "sufficient". You can always edit the rules to monitor what you want to, no need for another program that does the same thing.
     
  3. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    At the moment I use the default custom set in MJ Regwatcher. Maybe not extremely thorough, but none the less, this is the program I would be looking to replace with SSM if it has the same sort of coverage as MJRW. Will SSM provide the same level, if not higher than what I currently use?

    Thanks for the reply :)
     
  4. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I'm not sure what the default rules of MJ Regwatcher covers, but I have no doubt that SSM can be configured to provide just as much protection (or more, or less, again, it's up to you).
     
  5. wat0114

    wat0114 Guest

    SSM offers basic Create, Delete and Write protection of selected registry keys and their subkeys. You can also restrict applications under SSM's Applications tab to: Unrestricted, Checked, Read-only and Checked (inherited) access. All influence on the registry is, of course, restricted to applications or groups that SSM has currently established rules for. Logging of these selected objects is also an option. I would trial SSM beta version 2.4.0.619 (you have 30 days) before deciding on what to use. I have never used MJ registry watcher or similar product, so I can not possibly offer an opinion on which of the two is better. I feel that the registry protection SSM offers is probably decent but at the expense of being very user unfriendly. It took me considerable time navigating through the windows, researching the options, before I could achieve a basic understanding of this feature in SSM.
     
    Last edited by a moderator: Aug 22, 2007
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The paid for version of SSM has quite wide ranging coverage, and it is configurable so you can add to it - if you can work out how to! :D

    However in terms of overall protection, irrespective of the rules contained (and MJ RW does have a lot of rules, from what I recall) SSM is much to be preferred since it prevents any Reg changes from occuring unless you allow them. MJRW just polls for changes which it seeks to reverse if it finds them.

    To take one scenario, malware installs itself and inserts an auto run for itself in the Registry, it then forces a reboot; afterwards the malware will be fully installed and running. No matter how fast MJRW polls it cannot guarantee to prevent this; however with SSM the auto run could not have been placed in the Registry without permission, so even if you have a reboot forced the malware will not be running afterwards so you can easily deal with it.

    If you want to try a test you could see how MJ RW fairs against this:-

    http://www.ghostsecurity.com/registrytest/

    SSM should pass but I'd guess that MJ RW would fail, at least in part.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    HI,

    As Wat0114 said, it is quite time consuming to enter the registry protection yourself in SSM (free or paid). Only thing SSM has is a registry navigator to make it easier. Look for Toní Klein's set of autostart locations (TopperID once helped me with a link, I do not have it anymore).

    You could also try WinPooch which alerst at the reg set value handle (so it immediatly warns you), search wilders for WinPooch (also a filterset is posted).

    Regards Kees
     
  8. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    Thanks guys. So basically, SSM could be a decent registry monitor, but the painful bit is adding the additional areas/keys to be monitored. From looking at SSM, the keys need to be added one by one, or am I overlooking something. Is there some way (say through a config file) that a whole batch can be added in one go?

    Cheers Greg
     
  9. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The configuration file of SSM covers all of SSM's settings, not just the Registry protection (it is also the same problem with KAV's Reg Guard); this inability to transfer extensive personal settings solely for the Reg section is one reason why I would never bother to compile a set of rules myself for this app.

    If you want ease of configuration, the ability to carry forward Reg rules and exceptions after a reinstall etc, then there is only one serious candidate that I know of - namely RegDefend. With RD you can save individual Groups of rules or entire Rulesets, you can have several Rulesets and switch between them as you wish. When you first install it you have default rules, but you can supplement these with the Tony Klein rules, then you can add to that as you wish - it is all a doddle compared to the complexities of SSM.

    But at the end of the day, if all you want is a pre-defined set of rules giving good protection, then either SSM or RD would do.
     
Loading...
Thread Status:
Not open for further replies.