Winsonar or Winpatrol or System Safety Monitor?

Q-1
With respect to Winsonar versus Winpatrol versus System Safety Monitor-- assume that I choose to run only ONE of these programs, WHICH of them provides the most essential protection?

Q-2
Why does Winsonar run TWO instances of winsonar.exe? (Or have I messed something up so as to CAUSE two instances?)

 

I use Prevx
But to choose out those 3, then SSM

 

I choose WinPatrol.

It provide the essential protection, very low resources usage and very easy to use and understand...

 

Granted it is very low resource usage, easy to understand and use. But it's protection isn't that good. It doesn't protect against .exe coming into the windows directory, nor does it protect against buffer overflow.

 

Like I said, it provide the essential protection, not the protection like RegDefend...
The other options could be better, but for me this is sufficient for now...

 

I've never tried Winsonar ... but other than that SSM hands down. It's a nice little sandbox similar to PG, but it doesn't provide some of the protections PG does, although it does add nice control for child processes to the mix, and runs well with PG.

Steve

 

In all honesty, I wasn't familiar with SSM, so I just did a search for it through Yahoo. I discovered something rather interesting.....links to SnapFiles (which WAS carrying this product available for download) indicated they no longer carried it. All links directing people to the author's web-site are pages which bring up an error message saying it can't download or find the page. I tried several various links to learn more about it, and none of them would load.

WinPatrol, on the other hand, seems like a very stable program that isn't going anywhere and is growing in popularity. New versions are released with new features fairly regularly, and most everyone is familiar with it. Fairly soon, it will more than likely be Microsoft certified.

I can't comment on the other two, but WinPatrol is a nice little program that is reliable.

 

The SSM page is here - http://maxcomputing.narod.ru/ssme.html?lang=en

It is up ATM ... They sometimes exceed their bandwidth, as it's donate/free ware currently and they rely on user donations to keep development going and pay the bills incurred from hosting.

Steve

 

In terms of actual protection, SSM wins hands-down. However, the trick is to get it running and keep it running on a machine. I don't know, but I would put it at a 50-50 proposition. I am not sure where the product is headed and the kind of support you can expect to receive. It is very iffy in my mind right now.

As far as WinPatrol and Winsonar are concerned, they are really totally different products. I don't think either provides much "protection", but they both provide information. I have them on my machine and I run them now and then for the fun of it. There is no reason you cannot use both. It really isn't and either-or proposition.

It really comes down to whether you can get SSM running and you can keep it going on your own, if you are looking for protection similar to the type of you can get from ProcessGuard.

Rich

 

Hi,

SSM is my choice, but it could take too much time for advanced rules and configaration.
Its protection possibilities are similar to ProcessGuard.

Winsonar is an interesting utility (scan local port, detects start up enties and process running on the backround) but it does not provide a high degree of security.
Winsonar can only prevent unwanted (unsafe) process from running, but unfortunately uses only a crc32 to recognize them.
It's an interesting tool for beginners (very easy to use and configure).

There is 2 winsonar.exe for a self-process-protection: when you try to kill the first one, a pop up appears for a confirmation.

Regards

 

Do you use WinPatrol or WinPatrol Plus, i.e., is the Plus edition worth $20?

 

The Plus, because I win a license on the WinPatrol forum...

 

Every time I run SSM something, eventually, bad happens (especially when rebooting) - related to compatibility I'm sure. I use Winpatrol, Winsonar, and Prevx at the moment with no issues. I'm coming to a point of deciding which to keep but it's hard. They all pop-up at different times it's hard to decipher which is more important. Yeah, I admit - I'm a security app nutcase but it's fun.

 

SSM is the best protection. But i got annoyed with how many alerts it spews out when you install/run something new.

Winpatrol - Never really thought it gives that much protection tbh. It's rate of polling is much too large(the minimum being 1 minute).

Winsonar - I like this one. Not a 'serious' protection, but good at alerting you to new processes and startups(put it on fast scan for best results).

muf

 

Hi all,

One way to approach security and installation of security products, is to have an overall strategy. For example, my strategy is to try to trap the malware before it ever has a chance to begin execution. So with this strategy in mind:

1) Utilize a top-rated AV/AT that detects a malicious file before it is ever opened and begins execution: This is probably the most important aspect of my security since it is first-line. I use Kaspersky 4.5 and Ewido and/or BOClean. Kaspersky 4.5 alone is probably enough, but an additional AT provides some limited additional protection.

2) Stop any unauthorized processes before they can begin executing: Assuming that something leaks through the AV/AT wall, it still has to begin executing and doing something. I order to stop it before it has a chance to do anything, I use ProcessGuard and WormGuard. SSM has similar capabilities.

3) Stop unauthorized installations and revisions to the operating system services and registry before they are instantiated in the registry: For this I use ProcessGuard and RegDefend. While at this point, the malware is excuting (something I hope never happens), I do have this final line of defense that will secure my registry and protect me against applications from isntalling malicious services or obtaining global hooks.. Not sure what SSM does in this area.

The primary goal, in my strategy, is to stop malware before it can do anything. Once it is executing on the system, there are so many aspects of the operating system that can be affected that it takes a good amount of security software and individual knowledte to identify an undo all of these changes - as best they can. Better to try to stop the execution before it ever gets to this stage.

I hope this helps with your decision. Comments, as always, are welcome.

Rich

 

I think Rich brings up some excellent points. I think, ultimately, it is up to the user to decide which approach to take, and what comfort level they are at.

The more technically knowledgeable would probably prefer to have apps like Process Guard and Reg Defend, because they are more aware of the terminology involved and are confident in their ability to make the right decision whenever an "alert" is raised. Others might not have the overall working knowledge of computers, programs, processes, terminology, etc., and might want a software app to take some of the "guessing" out of the equation by choosing one that makes the decision for them.

It probably also comes down to how much "risky" surfing habits the user has. Like do they download EVERYTHING, and open email attachments from people and addresses that they are unfamiliar with, etc. There are ways to harden your security, and make surfing safer, but nothing is a guarantee. With spyware makers seemingly Hell-bent to use new methods to come out with more complicated "undetectable" nasties, it will be interesting to see just how long it is before they find ways to "side step" even programs like PG and/or RegDefend. But that is a defeatist attitude. I agree that a "pro-active" approach is probably best for those who are comfortable with it. For others, though, at least starting with a very good firewall and very good anti-virus is a good first step in the right direction (as well as a MUST have).

 

I don't agree total with this...

The reason that I don't use other program is because I don't want to have a lot of popups asking me what I want to do, and not the fact that I have or not the knowledge of computers, etc...

For me, the areas that WinPatrol check is more than sufficient and doesn't bored me...

 

Yep, you are correct, VaMPiRiC_CRoW, that is yet another "factor" to consider as well....I was really just generalizing by providing one example of how in many instances, it could be a simplicity factor (which reducing the number of pop-ups would include as well).

 

Hi guys,

ProcessGuard on my machine only alerts when:

1) A trusted program has been updated (occassionally happens, particularly with security apps)
2) A new trusted program has been installed (not very often)
3) A program that I purposely want to monitor is executed, e.g. rundll.exe, explorer (most users don't bother with this).

These amount of alerts, I believe, is very manageable. If others are having alerts under more frequent circumstances, I would be interested in hearing about it. I do believe that some care has to be taked to turn off PG protection when updating Windows. This occassionally happens.

Rich

 

That's on demand scanning, not on access scanning btw.
But I don't think you do that.

 

1. SSM

2. Winpatrol

3. Winsonar

In that order. That is the geekiest order for the three of them.

But I use both SSM and Winpatrol without any problems whatsoever.

 

The program information isn't really worth the $20 Plus costs. However, I bought it anyway because I like the program and wanted to help support its development.

 

Same opinion...

But the new version will have features that the free version will not have...

 

Any release date or info on the new paid version that you can share with us?

 

I don't know any date, just what I read in the WinPatrol forum...