SystemSafetyMonitor

hello.i just installed ssm and was hopeing you could tell me if ive installed it correctly.at the moment ive created rules for most applications,(by pressing F1,should it have been F3?)and when i select a program i havent created a rule for i get something like the attached image.should i just run it when im on the internet,or always?thank you

 

Well it all depends on you. If you only want programs to run in Admin mode than hit f3. Me myself I press f1 so my wife can use the programs I use when she needs them. If you have others that use the computer and there's a chance for them to use the programs press f1. But it's your choice not remember the explore.exe needs to be allowed for all or your comupter might not work in quest accounts or non admin accounts. It's always a good idea to read the readme file and help files that come with the program you're using. HTH.

 

thanks,notageek.its family computer,so im glade you put me straight.i did read readme,but tried installing PG before i needed to and my head got in a spin.thank you.

 

You're welcome. The on thing I forgot to say is SSM is a sanbox like program and it's their to tell you what programs are trying to run on your computer. It's a lot easier to cacth spyware or other junk that's trying call home or run. Just make sure you know programs you're allowing to run and what you're not. I would suggest to google the programs exe to see what's what. HTH

 

got it ,thanks

 

you're welcome.

 

I wouldn't let it run, but that's just me. If you don't know what the program is just don't let it run, if you then have problems you'll know to let it run next time. If you don't have any problems by stopping it, then why let it run next time.

To me the whole idea of having a sandbox is to stop things from running that you don't want running or just don't need running. After a while you'll learn what is friendly and what may not be, or just not needed. Hth.

 

SO let me see is I understand you timewarp. You say if you don't know what it is don't let it run? OK what if it's something that this person don't know about but needs it to run? What about if one this person family member is on the computer and SSM pops up asking to allow something they just installed? It's matter of perfrence I guess. I like to know what's running so I let SSM tell me what is trying to run.

 

if i come across a dll i dont know ill look it up.but other people infrequently use this computer like today.quote-do you have to connect to the internet to get email?and the general rule is allow all popups.as im sure notageek seems to understand;theres nothing else i can do.

 

I guess what i was trying to say is, i wouldn't let it run on my system, because i know what normally runs on my system. Looking at the name- MSNgaming\windows\rvsevn.exe, there's no way i would let that run. And it doesn't look like any essential system process, so i doubt it would cause any harm in not letting it run.

Whenever i see a program popup, i don't need to google it because i pay attention to what is running normally, and any new programs are simply not allowed. Unless i've just loaded in something new.


If you pay attention to what your letting run after a while you will get to know the regular programs that do run, and you would then know if this program should run or not. When you load in new programs, pay attention to what's going on, and you'll again know what to allow and what not to allow.

 

thanks tImEwArP,it would have been a help if my computer could handle ssm;but i causes the sasser system shutdown,too much buffer overflow i think.thanks

 

This is a common problem,happened to my system too. Also the older version seems to have a handles leak in my pc.

 

HI iceni60

If you want to know what's what with .exe here is a handy link


http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Cheers, TAS

 

thanks for the link,Tassie
(its supposed to be a koala,im not 100% sure if its appropriate for you?(Tasmania))

@(*o*)@

 

Hi,

I'm playing a bit with SSM on Win98 SE, and let met get this straight, can this app actually protect you from flaws in IE? So if a malicious website tries to run code on your system it will not be allowed?

And is there a SSM guide anywhere where all functions are explained, for example what is the window filter thing? And what is the polling interval for the plugins? I'm planning to use this app only when connected to the net, a good idea?

 

Like all such questions, the answer is It depends.

Besides on your old system, SSM might be a drag.

>So if a malicious website tries to run code on your system it will not be allowed?

That's the gist of it, if you set up SSM right and the permissions right. For example if IE is given permission to start child processes then forget it.

 

I only use SSM while online. Also there is a help menu within SSM that explains a lot about SSM.

 

Yes my bad, there is a help file, but what I wonder about is why can't you just make it monitor IE for example? Because it's kind of annoying to make rules for every app/process, what if I could just deny IE access to other apps?

And how exactly will it stop people from exploiting holes in IE? With some holes people can take control of your PC, I guess they have full system access. So what does this mean, can they take control only via IE?

 

Sure. Make sure "Ask me when program will try to start iexplore.exe" and "Ask me when iexplorer.exe will try to start other program". Simple.

That way, nothing can start iexplorer without you noticing, and vice versa.

Huh? I don't understand your second question. Of course, "they"
can take "control" via other means than just your browser.

As for the first, it's obvious,think a bit about how SSM works.....

 

I mean I still don't exactly know how people can take control over your PC. You go to a hostile webpage and then what? Can someone take control of your PC immediately? But how do they do that? Or do they need to place a trojan on your system first?

And about my first question, with SSM it seems that you have to have a rule for every process, you can't just deny IE access to other apps, if you have "watch apps activity" enabled, it will prompt you about every app that is trying to load. Does Process Guard also work this way btw?

 

^^^^^^^^^^

So I guess no one has a clue of how certain (remote control) attacks really work?

 

Hi Rasheed,

So far from what I've learned, all website based (remote control) attacks require some form of mobile code (activeX, Java, Javascript) to execute. That execution leads to downloading and execution of other trojans, malware, exploits, etc.
Most of these can be blocked by blocking mobile code completely within the browser and using a browser other than IE.

 

There are two sets of options here:

1. Active Content - ActiveX controls can do anything on your system - reboot it, delete files, add files. So a hostile ActiveX control could compromise your system by downloading a trojan and modifying your system settings so that it is run on system startup. Java and Javascript are far more limited but bugs in the browser or Java Virtual Machine can allow a similar approach. These attacks will go through a firewall (since it will be configured to allow browser traffic) so the only way to stop them is to restrict Active Content either via browser settings or a third party filter.
2. Buffer Overflow - The most popular way to compromise a system. If you have any programs that request data (e.g. a web browser asking for a page, an Instant Messaging client picking up a message), they will usually have limits as to how much data they can accept (for example, a simple IM client could be restricted to messages of 255 characters or less). An attacker would try to exceed this limit (sending a message of 256 or more characters in this case). Now what happens to the excess data is that it can, with certain systems like Windows, overwrite pointers used to determine where code is run from. So if the attacker chooses the overflow values carefully, they can cause the system to run arbitrary code of their choice (this does need Assembly language knowledge) which can then adjust system settings, install a trojan, etc. A firewall can provide a partial defence (by blocking access to vulnerable services running on your PC like Windows' RPC/DCOM service) but any application allowed access through the firewall could be targetted by this exploit - therefore it is necessary to check for security updates.

For more information on buffer overflows (I keep typing "bugger" here, a Freudian slip?), check out the Cult of the Dead Cow's Tao of Buffer Overflows.

SSM is an Application firewall, not an Internet Explorer firewall so it will intercept all inter-application calls and prompt you for action. If you want something to restrict IE only then you need to look elsewhere (perhaps Finjan's SurfinGuard) - but SSM should do the job well once the rules are set up - and can also intercept DLL injection, Windows hooks (used by keyboard loggers as well as legitimate software like keyboard function key drivers or mouse drivers) and (in the 1.9.5 beta) driver installation.

Process Guard works in a similar fashion but is simpler to use (in my view) while offering less granularity in its settings (e.g. with SSM you could allow application X to install driver Y, with PG you have to allow application X to install any driver). PG's main purpose is process protection though and it seems to have the lead over SSM here.

 

Great info!!

Thanks Paranoid2000.

 

Yes P2k ~ clapping ~, you are granted a " Karma Cookie ".

GF