Process Guard and System Safety Monitor

Here I am, exasperated again, trying to gain knowledge via searches, and just spending way too much time muddling through search results, then giving up and relying on the knowledgeable techies here to clue me in…

I am trying to research the difference between what is termed an "application firewallâ€, called System Safety Monitor (SSM), and another prog that also looks like an application firewall, called Process Guard (PG), but the differences are indeterminate to me, based on the canned descriptions of the products, although the descriptions are quite different. The bottom line to me, would appear that PG is much more complicated in what it does than SSM, but that maybe the simplicity of what SSM does equates to the same results?

Any of you experts know the differences, and if there happen to be any other similar components that help to secure against nefarious activities, and if so what might be the best?

http://www.diamondcs.com.au/processguard/

http://www.snapfiles.com/get/systemsafety.html

 

Process Guard would keep something like a virus from disabling approved running programs [processes], such as a firewall or AV program.

SysSafe monitors your startups and notifies you if something has been added, modified or deleted. If a program that is not allowed to run starts up then you are alerted to this.

 

Hello keywester,

I run SSM - monitors all processes including any new function a particular program wants to do. Also will monitor some OS functions as well. Llike a firewall, keeps track of permissions/denials in a log that if deleted, will ask again. SSM also monitors the registry as well. Each of it's monitoring functions are optional - so if you don't want to track apps or the registry, you can turn it off.

Have not tried Process Guard.

SSM is not recommended on 9X OSes.

Regards - Charles

 

OK, thanks for the info, and pardon my ignorance, but that generates further questions.

It sounds like maybe SSM would negate the need for PG? Because if SSM intercepts any and all nefarious modules (?) before they can even execute (?), then would that not obviate then need to intercept a virus/etc to prevent the action of disabling a firewall or AV? Or, am I missing something -- i.e., would security be tighter with both tools for some reason (that implies an assumption on my part that SSM sounds like a more essential security tool...)?

 

Not always. Some virus apps will mimic a legit app on your system so the SSM might be fooled into thinking it was seeing an approved app running.

I'm not familiar with either app but if SSM simply notifies you that something has happened and you have a system that runs and is connected to the internet when you are not at the console, easy enough to have a critter sneak in, do damage, and you not see the notification.

If SSM stops things from happening until you say OK, then things would be safer unless it was such a pain in the hindparts with constant notifications that you turned parts of it off.

 

*but if SSM simply notifies you that something has happened *

No: asks - permit once or always (untill changed in log)
Deny once or always, again, can be changed in log.

*If SSM stops things from happening until you say OK, then things would be safer unless it was such a pain in the hindparts with constant notifications that you turned parts of it off.*

Newt, works like a firewall, asks for premission/denial, and if you don't want to be asked again, you don't have to be.

A firewall's permission/denial options are the best analogy I can think of.

Incidentaly, when I first installed SSM, Iwas supprised by being asked to allow XP to auto defrag, this happened every 2-3 days, I forgot which. At first I did it on a "permit once" basis, and thereby being asked again the next time the OS wanted to do it, than on a "permit always" basis, thereby not being asked the next time the OS wanted to do it; I would be able to change that by either deleting that particular log entry - and being asked again - or modying it to "deny ".

Regards - Charles


Edit: SSM forum http://www.mickeytheman.com/forums/index.php?showtopic=11

From a post in the Forum: Note: SSM will NOT protect you from any kind of network-related activity. For that purpose you can use personal firewall

Process Guard Forum: http://www.wilderssecurity.com/index.php?board=40