- System Safety Monitor
Infobox Software
name = System Safety Monitor
caption = Screenshot
developer = System Safety Ltd., Russia
latest_release_version = 2.0.8.584 (freeware version)
latest_release_date =30 March ,2007
operating_system =Microsoft Windows
genre =Host Intrusion Prevention System
license = Proprietary
website = http://www.syssafety.comSystem Safety Monitor (SSM) is a HIPS software or behavior blocker developed by System Safety Ltd for the Windows platform.
Features
SSM does not rely on signatures to detect
malware , but instead monitors the system for certain types of suspicious behavior and warns the user giving him a chance to block or allow it. Like most behavior blockers or HIPS, SSM only warns you when a certain event or behavior occurs and the process that causes it. Some of these warnings might be legitimate software doing their tasks though, so it is up to the user to decide whether to allow or block the behavior.History of SSM
SSM began as a private project in 2002 [ [http://www.wilderssecurity.com/showthread.php?p=8092&highlight=SSM#post8092 System Safety Monitor v1.0 - Wilders Security Forums ] ] and was one of the first behavior blockers aimed at the home user market.
In April 2005, It was sold to a group of professionals who started Syssafety company [ [http://maxcomputing.narod.ru/ssme.html?lang=en Max Computing Software ] ] that went commercial and released the first 2.0 beta series in September 2005.
In June 2006, the series was split into 2 lines. First there was a
freeware version 2.0 that has all of the features of the original 1.9 series plus some improvements. There was also a 2.1 commercial version that has some improvements over the freeware version, particularly an improved registry control (hooking as opposed to polling), low level keylogging control and better termination protection. The new 2.1 version also dropped support of Windows 98 and Windows ME.Use of SSM and noteworthy features
SSM is similar to many products in its class and offers some termination protection, process filtering , blocking of driver installs etc. What separates it from most HIPS programs is that it offers not just process filtering but also parent-child control of processes. What this means is that instead of giving a process complete rights to start, you can specify more restrictive rules so that a given process can only be started by another specific process. For example while you might want to allow Windows explorer to start your
web browser , you might not want other processes to start up your browser because they might exploit the browser to "phone home". See alsoleak tests .SSM can be used effectively against
spyware andadware programs, as well asrootkit s, trojans, keyloggers, dialers, browser hijackers, and commercial surveillance software. However this relies entirely on the user responding correctly to prompts. Beginners might be confused by the prompts and respond incorrectly. In the worst case scenario this can lead to malware infecting the system (when allowing a dangerous activity) or system error (when blocking an activity needed by the system). SSM also offers a learning mode, where rules are automatically made when needed creating a baseline of normal operations. But this assumes the system is clean, if this is not so, SSM can "learn" to allowmalware . Regardless of training mode, whenever any new unknown process is run, a prompt will be created, unless the user chooses to block all prompts.References
External links
* [http://www.syssafety.com Official site]
Wikimedia Foundation. 2010.