System Safety Monitor - Questions

Even the most difficult software becomes so called "userfriendly", once you know how it works. That's not userfriendliness.

 

Is there really any point in constantly and excessively exaggerating how hard SSM is to use, AND at the same time not bothering to so much as try to learn anything?

You seem to be offended by the fact that there are actually some things in this world that takes effort to learn and understand. Unfortunately, you're not resolving them in a very constructive manner.

 

Constructive ? The entire security is based on "malware & anti-malware". In another words "create and destroy", that's not constructive, that's nothing else, than doing NOTHING.

Clean pc ---> infected ---> removed ---> clean pc.
What did I do ? I worked for nothing, because I got something back, I already had before the infection.

The faster I get my computer clean, the more time I win to do something real constructive. SSM doesn't do that, my boot-to-restore does that.

 

Correction: you don't know how to use SSM to do that.

No need to constantly put down something just because you don't understand it, I think.

 

Erik,

"I believe" all that's being said is: you get out, what you put in. more in = more out, less in = less out.

There have been plenty of strategies laid out for you w/ regard to using SSM. Forget about the semantics of userfriendly vs. non-userfriendly. All require some work. Like they say, "there's no free lunch". It's entirely up to you if you want to approach this app, do the work and reap the rewards.

'nuff said,

...screamer

 

Only if you listen to the ad-sponsored media and become victim of the fear campaign.
I suggest you to reread this post

Then, go to the Castlecops Wiki and read the following:
Understanding Computer Infections: Part I
Understanding Computer Infections: Part II
Understanding Computer Infections: Part III
Then, develop a security strategy that can deal with the vectors/entry points. You already have mitigation (imaging + reboot-to-restore) in place.
Then, you'll have a security setup which deals with all known (current and future) threats. Stay informed about new threats and analyze them to determine if your setup needs an adjust to manage them (like the "recent" XSS threat)

 

Let's stop this discussion, because this is going nowhere. Keep on using SSM, because it's a very good one, but not for me. I will do fine without SSM, even better.

 

My 9 year old great-granddaughter uses SSM, and is quite adept at its configuration. All but 2 of the students in my 8th grade business math class use SSM with little difficulty.

SSM is easy to learn. In fact, when you put SSM into learning mode, it will teach YOU. The step-by-step tutorial that aigle posted earlier in this thread is clear & simple enough for a youngster to use. In fact, aigle did such a good job that I archived a copy for future classroom use as an orientation tool.

In the hands of neophyte users, SSM is readily used from day 1 as a self-configuring application/process *watchman*. As such, SSM needs no other user involvement beyond that described in aigle's tutorial.

However, for those folks who want to learn and grow in security matters, SSM can be configured & tweaked almost endlessly, thereby graduating it beyond mere watchman duties, and training it into a true hunter-killer.

 

@Peter 2150

Pete - The above was my method. By default, SSM seems to have loads of 'set' parent/child rules.

This way, whilst I'm NOT in Learning Mode, I have to agree to Parent A launcing Child B and then that rule is set and all other 'relationships' are still ask.

As I said earlier, this seems to be working for all the system functions i.e winlogon, logonui,task manager etc. Every other relationship is 'ask' so I can address these as and when the need arises.

Thank you screamer for confirming your method

 

Does SSM offer more protection than Prosecurity Pro? From what I have read they are much the same. But PS is supposed to be much easier to learn/understand. True/not true? If so, maybe more people should use PS if they find SSM difficult?

ErikAlbert and other who find SSM difficult, have you tried PS?

A few days ago I was going to restore an image. But I did download SSM free before i restored the image, just to see what it was like. I dont think I spent more than 10 minutes on it, but it sure did not look easy to understand. But of course 10 minutes or so, is not enough to find out.

I decided to look for other, but this thread makes me want to try again, and this time try to learn it.

Im the kind of guy who seldom try new applications. I always try to find out as much as I can before I install. I change my mind all the time, but finally I install and try. This method has worked for me so far. (But in future maybe I will ask fewer questions and try more by myself).

Right now these interest me: SSM, Prosecurity, Cyberhawk, DSA. CH and DSA in combo would be easier for me as I am closer to novice than expert, but I am tempted to one of the other two which is stronger.

 

FDISR's Frozen snapshot = PowerShadow.
Not many users seem to understand this, but that's not my problem. I did my best.

 

They are very similar in scope of protection. PS is a tad *easier* from the standpoint that it installs with a few more defaults in place. I just wonder why the developer of PS has been incommunicado to his forum since April 7. I hope he is okay.

CH & DSA will give you a very powerful combination, indeed. They play together quite well, and their respective capabilities complement each other very effectively.

 

I was kinda shocked to read some of the reluctance in SSM here after last evening. Seems a minute few users harbor some great suspicion over SSM's difficulty and for that matter it's effectiveness. You don't have to take my word for it that it's a Power HIPS! but i will say this.

It's a cheap way out in my book to always run to your imaging app everytime you suspect your system or a snapshot might have picked up some unwanted material. This is exactly what programs like System Safety Monitor (HIPS) prevents in the first place.
Then you don't have to scurry over to "well i can just restore my image and i'm as good as new" a hundred times a month. That's simply ludicrous and overkill when you have apps like SSM, and it's not the only one BTW as another good HIPS is also been mentioned here.

But not to wander too far off OT, SSM for the majority is about as good as it gets right now and some are even looking close at EQSecure now too. (But thats for another topic)

All testing malware aside, i personally been experimenting with EQSecure for the past few weeks since System Safety Monitor is already a force in these circles and is proven itself Solid, i decided to examine EQ and draw up some comparisons & benefits either up or down to the proven leader.

Oh by the way, SSM is a great learning tool if your so inclined. You can acquaint yourself more personally with what actually goes on in real-time with your system and you're not abandoned to the "just trust this program" syndrome. You actually get to interact in what the program is addressing where concerns signalling between files.

 

I don't need to restore an Image. I only have to reboot and the problem, whatever it was, is gone. I don't need SSM for that, my reboot does that. I only need to restore an Image when FDISR is corrupted or a harddisk crash.
Nobody seems to understand how easy my boot-to-restore is, but it doesn't matter, because I'm doing this for myself.

 

FD-ISR serves that purpose amazing well and with the greatest of ease i might add, of that theres no doubt, BUT! SSM can "assist" greatly in reducing the need for that process from having to be practiced if at all so frequently.
However, that would never stop you Erik. You already have your Reboot-To-Restore routine so in that case it matters not so much whether it be mistakes or some malicious invasion because you can return your system back in time b4 that ever took place. I just see more Logic in preventing against having to employ that practice too frequently, thats all.

Come to think of it, Power Shadow like you already mentioned earlier could also be considered reboot-to-restore to a point, but for me a PS reboot AND Copy/Update to that same formerly shadowed snapshot will return you equal results. Or you could go as far as restore another Image for the umpteenth time.

 

That's true, but I also have Anti-Executable and DefenseWall, which are supposed to keep my on-line snapshot malware-free as good as possible and I will see in practice how good they are. If they have too many holes, I will need an additional security software. How bad my actual security setup is, it doesn't matter because my reboot-to-restore will always fix it.
I also use the same reboot-to-restore for removing tested softwares and cleaning my registry + history, SSM doesn't do that for me.
It's a kind of all-in-one solution to fix ALL my problems, except two.

 

Peter you are right. Of course I was talking about Prosecurity. I have read about Power Shadow too, not much, and dont think I will try it.

EA I have read a lot of your posts. I understand your strategy and I think it is great But it dont suite me and my needs. Also I think your AntiExecutable seems like a great product, but dont think it would suit me. If you like it, good. I think you have good protection.

A free combo, good protection, easy to use. Sounds good. But would'nt SSM full or Prosecurity Pro as standalone, or in combo with one of these offer more protection? (Password protection, block low level disc access, dll loading and more)

 

Not true if you have tried Power Shadow 2.8.2. [ https://www.wilderssecurity.com/showthread.php?t=175191 ]

Not true, everybody understands how easy your boot-to-restore is, but it doesn't matter, because you are doing this for myself.

Mike

 

So PowerShadow never requires a reboot, even when you want to undo changes or keep changes ?
And PowerShadow protects you so well, that you don't have to restore an IMAGE ever again ?
Is that what you are trying to tell me, because you said not true ? I'm all ears now.

BTW did you try the "DEL /F /S /Q c:\*.*" in the CMD-window yourself when PowerShadow is ON.
Since you have Ghost, this must be peanuts for you to try.

 

No, that hidden data is part of just installing PS 2.8.2. PS itself does this. I was not talking about the actual use of the program. Sorry for the confusion.

I will try it some time today.

Just like you and FD-ISR, I have used Ghost 2003 forever and forever with FAT, FAT32, NTFS, Linux... ALWAYS 100% no problems.

Mike

 

I have FD-ISR ,SSM,PS,NOD, BoClean,Comodo firewall and SAS. Why because I like playing with security programs. Wilders has made me an addict. I know I don't need all that but I like security and I don't mind paying for it. I still feel that the best program I have is FD-ISR. The couple of times my computer had serious problems,I caused them myself. FD saved my day. And I certainly love checking here at Wilders to see whats going on. Have a good day.

 

YES YES YES YES, all very true!

Mike