Winsonar or Winpatrol or System Safety Monitor?

Discussion in 'other anti-trojan software' started by bellgamin, Jun 1, 2005.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Q-1
    With respect to Winsonar versus Winpatrol versus System Safety Monitor-- assume that I choose to run only ONE of these programs, WHICH of them provides the most essential protection?

    Q-2
    Why does Winsonar run TWO instances of winsonar.exe? (Or have I messed something up so as to CAUSE two instances?)
     
    Last edited: Jun 1, 2005
  2. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    I use Prevx
    But to choose out those 3, then SSM
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I choose WinPatrol.

    It provide the essential protection, very low resources usage and very easy to use and understand...
     
  4. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Granted it is very low resource usage, easy to understand and use. But it's protection isn't that good. It doesn't protect against .exe coming into the windows directory, nor does it protect against buffer overflow.
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Like I said, it provide the essential protection, not the protection like RegDefend...
    The other options could be better, but for me this is sufficient for now... ;)
     
  6. dog

    dog Guest

    I've never tried Winsonar ... but other than that SSM hands down. ;) It's a nice little sandbox similar to PG, but it doesn't provide some of the protections PG does, although it does add nice control for child processes to the mix, and runs well with PG.

    Steve
     
  7. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    In all honesty, I wasn't familiar with SSM, so I just did a search for it through Yahoo. I discovered something rather interesting.....links to SnapFiles (which WAS carrying this product available for download) indicated they no longer carried it. All links directing people to the author's web-site are pages which bring up an error message saying it can't download or find the page. I tried several various links to learn more about it, and none of them would load.

    WinPatrol, on the other hand, seems like a very stable program that isn't going anywhere and is growing in popularity. New versions are released with new features fairly regularly, and most everyone is familiar with it. Fairly soon, it will more than likely be Microsoft certified.

    I can't comment on the other two, but WinPatrol is a nice little program that is reliable.
     
  8. dog

    dog Guest

    The SSM page is here - http://maxcomputing.narod.ru/ssme.html?lang=en

    It is up ATM ... They sometimes exceed their bandwidth, as it's donate/free ware currently and they rely on user donations to keep development going and pay the bills incurred from hosting.

    Steve
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    In terms of actual protection, SSM wins hands-down. However, the trick is to get it running and keep it running on a machine. I don't know, but I would put it at a 50-50 proposition. I am not sure where the product is headed and the kind of support you can expect to receive. It is very iffy in my mind right now.

    As far as WinPatrol and Winsonar are concerned, they are really totally different products. I don't think either provides much "protection", but they both provide information. I have them on my machine and I run them now and then for the fun of it. There is no reason you cannot use both. It really isn't and either-or proposition.

    It really comes down to whether you can get SSM running and you can keep it going on your own, if you are looking for protection similar to the type of you can get from ProcessGuard.

    Rich
     
  10. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    SSM is my choice, but it could take too much time for advanced rules and configaration.
    Its protection possibilities are similar to ProcessGuard.

    Winsonar is an interesting utility (scan local port, detects start up enties and process running on the backround) but it does not provide a high degree of security.
    Winsonar can only prevent unwanted (unsafe) process from running, but unfortunately uses only a crc32 to recognize them.
    It's an interesting tool for beginners (very easy to use and configure).

    There is 2 winsonar.exe for a self-process-protection: when you try to kill the first one, a pop up appears for a confirmation.

    Regards
     
  11. peachtreecity

    peachtreecity Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    15
    Location:
    Georgia, USA
    Do you use WinPatrol or WinPatrol Plus, i.e., is the Plus edition worth $20?

     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    The Plus, because I win a license on the WinPatrol forum... ;)
     
  13. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Every time I run SSM something, eventually, bad happens (especially when rebooting) - related to compatibility I'm sure. I use Winpatrol, Winsonar, and Prevx at the moment with no issues. I'm coming to a point of deciding which to keep but it's hard. They all pop-up at different times it's hard to decipher which is more important. Yeah, I admit - I'm a security app nutcase but it's fun. :D
     
  14. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    SSM is the best protection. But i got annoyed with how many alerts it spews out when you install/run something new.

    Winpatrol - Never really thought it gives that much protection tbh. It's rate of polling is much too large(the minimum being 1 minute).

    Winsonar - I like this one. Not a 'serious' protection, but good at alerting you to new processes and startups(put it on fast scan for best results).

    muf
     
  15. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    One way to approach security and installation of security products, is to have an overall strategy. For example, my strategy is to try to trap the malware before it ever has a chance to begin execution. So with this strategy in mind:

    1) Utilize a top-rated AV/AT that detects a malicious file before it is ever opened and begins execution: This is probably the most important aspect of my security since it is first-line. I use Kaspersky 4.5 and Ewido and/or BOClean. Kaspersky 4.5 alone is probably enough, but an additional AT provides some limited additional protection.

    2) Stop any unauthorized processes before they can begin executing: Assuming that something leaks through the AV/AT wall, it still has to begin executing and doing something. I order to stop it before it has a chance to do anything, I use ProcessGuard and WormGuard. SSM has similar capabilities.

    3) Stop unauthorized installations and revisions to the operating system services and registry before they are instantiated in the registry: For this I use ProcessGuard and RegDefend. While at this point, the malware is excuting (something I hope never happens), I do have this final line of defense that will secure my registry and protect me against applications from isntalling malicious services or obtaining global hooks.. Not sure what SSM does in this area.

    The primary goal, in my strategy, is to stop malware before it can do anything. Once it is executing on the system, there are so many aspects of the operating system that can be affected that it takes a good amount of security software and individual knowledte to identify an undo all of these changes - as best they can. Better to try to stop the execution before it ever gets to this stage.

    I hope this helps with your decision. Comments, as always, are welcome.

    Rich
     
    Last edited: Jun 1, 2005
  16. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I think Rich brings up some excellent points. I think, ultimately, it is up to the user to decide which approach to take, and what comfort level they are at.

    The more technically knowledgeable would probably prefer to have apps like Process Guard and Reg Defend, because they are more aware of the terminology involved and are confident in their ability to make the right decision whenever an "alert" is raised. Others might not have the overall working knowledge of computers, programs, processes, terminology, etc., and might want a software app to take some of the "guessing" out of the equation by choosing one that makes the decision for them.

    It probably also comes down to how much "risky" surfing habits the user has. Like do they download EVERYTHING, and open email attachments from people and addresses that they are unfamiliar with, etc. There are ways to harden your security, and make surfing safer, but nothing is a guarantee. With spyware makers seemingly Hell-bent to use new methods to come out with more complicated "undetectable" nasties, it will be interesting to see just how long it is before they find ways to "side step" even programs like PG and/or RegDefend. But that is a defeatist attitude. I agree that a "pro-active" approach is probably best for those who are comfortable with it. For others, though, at least starting with a very good firewall and very good anti-virus is a good first step in the right direction (as well as a MUST have).
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I don't agree total with this...

    The reason that I don't use other program is because I don't want to have a lot of popups asking me what I want to do, and not the fact that I have or not the knowledge of computers, etc...

    For me, the areas that WinPatrol check is more than sufficient and doesn't bored me... ;)
     
  18. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Yep, you are correct, VaMPiRiC_CRoW, that is yet another "factor" to consider as well....I was really just generalizing by providing one example of how in many instances, it could be a simplicity factor (which reducing the number of pop-ups would include as well).
     
  19. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi guys,

    ProcessGuard on my machine only alerts when:

    1) A trusted program has been updated (occassionally happens, particularly with security apps)
    2) A new trusted program has been installed (not very often)
    3) A program that I purposely want to monitor is executed, e.g. rundll.exe, explorer (most users don't bother with this).

    These amount of alerts, I believe, is very manageable. If others are having alerts under more frequent circumstances, I would be interested in hearing about it. I do believe that some care has to be taked to turn off PG protection when updating Windows. This occassionally happens.

    Rich
     
  20. Jasontan

    Jasontan Guest

    That's on demand scanning, not on access scanning btw.
    But I don't think you do that.
     
  21. lockdown

    lockdown Guest

    1. SSM

    2. Winpatrol

    3. Winsonar

    In that order. That is the geekiest order for the three of them. ;)

    But I use both SSM and Winpatrol without any problems whatsoever.
     
  22. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    The program information isn't really worth the $20 Plus costs. However, I bought it anyway because I like the program and wanted to help support its development.
     
  23. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Same opinion... ;)

    But the new version will have features that the free version will not have...
     
  24. peachtreecity

    peachtreecity Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    15
    Location:
    Georgia, USA
    Any release date or info on the new paid version that you can share with us?

     
  25. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I don't know any date, just what I read in the WinPatrol forum... ;)
     
Thread Status:
Not open for further replies.