mvdu Premium Member join:2003-07-28 Collegeville, PA |
mvdu
Premium Member
2003-Sep-6 10:09 pm
Re: Abtrusion Protector vs. System Safety MonitorNow that "exploited" text file is coming up again when I use Copycat.. :-( |
|
markwp2001Spreadhead Premium Member join:2002-05-25 Long Beach, MS |
to POB
said by POB: Pardon me for asking but what the hell is an abtrusion?
That's what I call my beer belly. |
|
mvdu Premium Member join:2003-07-28 Collegeville, PA |
mvdu
Premium Member
2003-Sep-6 10:13 pm
I see - Copycat was on my hard drive when I installed AP, so it got counted in with all of the trusted applications. I changed the allow to deny. |
|
jansson_markMarkus Jansson Premium Member join:2001-08-05 Finland
|
to mvdu
Nothing anymore since you noticed you had AP allowing the copycat exploit. |
|
|
to Khaine
>KhaineBOT Thanks for suggestions!
> - sometimes you have ... What do you mean? I have two different programs with the same name and they are treated as a different applications (There are two entries for them in the list of rules).
>- the option to use MD5 or SHA-160 etc etc Added to to-do list
>- the ability to start SSM as a service Already was in to-do list
>- the ability to automatically remove deleted of moved files from the ruleset. >- the ability to scan the ruleset for changed files> OK, Will be done. |
|
burma69
|
to jansson_mark
quote: Did you have install mode on ...
yep. quote: 1) it will not prevent DLL/code injection
Ofcourse it will since you dont allow trojans to execute that could do dll/code injection. If you allow installation of trojans, you might as well allow uninstallation of SSM or Abtrusion Protector or any other security software you have so
No, it will not. Example: DCOM RPC exploit: it will simply start command prompt (allowed by AP) on your HDD and then will run a server (that may be a part of your OS and also allowed by AP). There is a note on their official site about it (in FAQ) SSM isn't any good at that point if you have 100% allowing rule for cmd.exe and your web (HTTP, FTP, Telnet, etc.) server. That's where the parent application control (what application is running other) will be usefulRegarding CRC - Ok, You've changed my mind. I'll implement something more secure in next release [text was edited by author 2003-09-07 03:21:53][text was edited by author 2003-09-07 03:24:56] |
|
burma69 |
to mvdu
Could you name those bugs, you've encountered with SSM? If you will then I'll do my best to fix it |
|
Kiwi88 Premium Member join:2003-05-26 Bryant, AR |
to mvdu
I'm not trying to be a pain, but a good Router takes care of many problems {NOOo, not Lynksys}; Along with a reasonable ISP= Protection + Some configs on an OS, certainly helps!
Just a Thought.
Cheers |
|
Khaine join:2003-03-03 Australia |
to burma69
SSM Dialog | SSM Rules |
said by burma69: >KhaineBOT Thanks for suggestions!
> - sometimes you have ... What do you mean? I have two different programs with the same name and they are treated as a different applications (There are two entries for them in the list of rules).
Well I mean I have two programs called ping, one is the windows default and one is from diamondcs. I get this message (SSM1) when I try to run the diamondcs version. I have both in my ruleset (SSM2) however it doesn't see them as different programs. |
|
|
to mvdu
If anyone wants to give SSM a try, you should download the new help file from the homepage. It's much better than the one included in the SSM installation....(at least the new help file wasn't included at the time I DL SSM). |
|
mooty join:2001-01-28 Riverdale, GA
|
to mvdu
quote: said by teh : -------------------------------------------------------------------------------- A question do I really need SSM or Abtrusion Protector, I am running a router with (NAT & SPI) as well as Outpost Pro v2.
--------------------------------------------------------------------------------
three words: code injecting trojan
(that means yes )
quote: said by teh : -------------------------------------------------------------------------------- I see, maybe I will go give it a run to test it out then
Edit:
said by maxcomputing: -------------------------------------------------------------------------------- For example, SSM can prevent so called "DLL Injection". --------------------------------------------------------------------------------
I thought Outpost has this feature.
[text was edited by author 2003-09-05 18:41:35]
--------------------------------------------------------------------------------
DLL injection != code injection..
code injection goes undetected by all firewalls..(with the possible exception of tiny, due it's sandbox..)
Tiny can detect all DLL injection and code injections, as a possible exception to the notion that FW's can't, because Tiny is a "sandbox" ? Being a FW and sandbox in one package, seems as though it sounds too smart - but as far as Tiny's FW learning curve re: order of rules set & prioritizations of allowed/disallowed rules, why wouldn't a sandbox - (I'm almost sure I undertstand the definition of 'sandbox') be more effective in preventing malicious or unfamiliar code injections and .exe's, unless SSM or AP provides a better 'picture' of what your OS is allowing to follow thru ? Or, am I comparing apples to oranges since Tiny is a FW but not a AV, and AP and/or SSM are AV's, but not sandboxes or FW's ? Thanks as always for your comments and input. |
|
|
Grendel22"No" Is A Complete Sentence Premium Member join:2003-01-03 Bethlehem, PA |
to mvdu
Slightly off-topic, but since Burma69 seems around....
The SSM site, to me, has been a *very* slow load, despite DSL dload speed 740something. Even in my office, with a T3 line, no appreciable speedup. Is it a server issue, a distance issue...or has anyone else noticed this? |
|
1 recommendation |
to Khaine
>KhaineBOT Jinx! I'm having almost the same situation (with two different versions of delphi32.exe) and all works fine for me. I'll check this once more. Could you be so kind to send me your config file (if there is nothing private in it of course)? >Grendel The remote server (.narod.ru) is too slow for handling the number of sites it hosts. In fact - it's the one of the most popular free-hosting providers in Russia. But I suggest you to d/l files from alternatative locations (the link is present on homepage and it points to » mcom.fatal.ru/ssm.zip if my memory serves me well) |
|
Grendel22"No" Is A Complete Sentence Premium Member join:2003-01-03 Bethlehem, PA |
Thanks, burma69! I'm a big fan of SSM, and very glad you've appeared here. |
|
|
to mvdu
I was using the older version os SSM. I'll dl the newer of SSM and see if it freezes my computer now. |
|
mvdu Premium Member join:2003-07-28 Collegeville, PA |
mvdu
Premium Member
2003-Sep-7 11:51 am
What bugs? It would freeze my computer where all I'd see is my desktop background. I use ZA, Tauscan, and BlackICE, so maybe it was incompatible with those.
As I said, Outpost does have DLL injection prevention, but so far it's limited and Outpost can't pass Copycat and Thermite. |
|
mvdu |
mvdu
Premium Member
2003-Sep-7 11:53 am
Note: I did have the newest version of SSM. |
|
|
to mvdu
Well how about a program named Winpatrol? You can find it here » www.winpatrol.com/ |
|
|
to mvdu
>mvdu Okay. If you still any enthusiastic about SSM, then you may try to delete your config file, start ZA, BlackIce and others (McAfee for example) and only then activate App watching. If it's the way you did it before, then there is something more complex. BTW: Can you remember where it freezed (during the startup or when you've tried to run something or when it asked you to create a rule)? Thanks anyway for reporting. >Grendel And I'm very glad that there are people that find SSM useful >Dragon_73 I would appreciate if you'll let us know about the results Regarding WinPatrol: nothing more than lister/monitor of autorun programs (BTW: unlike SSM, it shows you the list of services and files, located in startup menu "Start | (All) Programs | Startup"). msconfig (that comes with Windows) does almost the same. |
|
|
to mvdu
Burma69, I can't even download the new version of SSM. For some odd reason when I click on the download link at max computing it has a pop up that's blank. I can't find the new version anywhere. I even looked at webattack and they have the old version. |
|
mvdu Premium Member join:2003-07-28 Collegeville, PA |
mvdu
Premium Member
2003-Sep-7 2:18 pm
I put SSM on while the other programs were on. I could try it the way you said, but I think I'll try Abtrusion Protector for a while at least. It froze when the computer was inactive for a while.
I did like the program, and SSM has potential. |
|
Vampirefo Premium Member join:2000-12-11 Huntington, WV |
to Dragon_73
|
|
Vampirefo |
to mvdu
I use SSM and prefer it over AP any day. |
|
|
to mvdu
Thanks Vampirefo.
I see AP always ask if it can get on the internet. Is AP calling home? [text was edited by author 2003-09-07 15:46:36] |
|
madirish Premium Member join:2003-08-04 Cleveland, OH |
to mvdu
Currently using SSM and Abtrusion Protector on XP Home.No problems with either. |
|
|
..both simultaneously?? |
|
madirish Premium Member join:2003-08-04 Cleveland, OH |
madirish
Premium Member
2003-Sep-7 4:01 pm
Yep,just wanted to see if there is any problems-none sofar. |
|
|
to madirish
quote:
Currently using SSM and Abtrusion Protector on XP Home.No problems with either.
extreme... |
|
madirish Premium Member join:2003-08-04 Cleveland, OH |
madirish
Premium Member
2003-Sep-7 5:24 pm
Well,yes and no.I've been using SSM since the Becky's days when Vampirefo 1st brought this to my attention.
There are some good Pro's and Con's to both programs.I wanted to see if running both these programs would cause any problems and so far(after 3 days)there are none.
If Kerio ever gets their act together with the 4 series,I will get rid of SSM as they (Kerio)have app. monitoring. |
|
|
The question is if the Kerio application monitoring is as sophisticated as it is in SSM. I don't think so.... |
|