System Safety Monitor
Encyclopedia
System Safety Monitor was a HIPS software or behavior blocker developed by System Safety Ltd for the Windows
platform.
, but instead monitors the system for certain types of suspicious behavior and warns the user giving him a chance to block or allow it. Like most behavior blockers or HIPS, SSM only warns you when a certain event or behavior occurs and the process that causes it. Some of these warnings might be legitimate software doing their tasks though, so it is up to the user to decide whether to allow or block the behavior.
In April 2005, It was sold to a group of professionals who started Syssafety company that went commercial and released the first 2.0 beta series in September 2005.
In June 2006, the series was split into 2 lines. First there was a freeware
version 2.0 that has all of the features of the original 1.9 series plus some improvements. There was also a 2.1 commercial version that has some improvements over the freeware version, particularly an improved registry control (hooking as opposed to polling), low level keylogging control and better termination protection. The new 2.1 version also dropped support of Windows 98 and Windows ME.
, you might not want other processes to start up your browser because they might exploit the browser to phone home. See also leak tests.
SSM can be used effectively against spyware
and adware
programs, as well as rootkit
s, trojans
, keyloggers, dialers, browser hijackers, and commercial surveillance software. However this relies entirely on the user responding correctly to prompts. Beginners might be confused by the prompts and respond incorrectly. In the worst case scenario this can lead to malware infecting the system (when allowing a dangerous activity) or system error (when blocking an activity needed by the system). SSM also offers a learning mode, where rules are automatically made when needed creating a baseline of normal operations. But this assumes the system is clean, if this is not so, SSM can learn to allow malware
. Regardless of training mode, whenever any new unknown process is run, a prompt will be created, unless the user chooses to block all prompts.
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
platform.
Features
SSM does not rely on signatures to detect malwareMalware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, but instead monitors the system for certain types of suspicious behavior and warns the user giving him a chance to block or allow it. Like most behavior blockers or HIPS, SSM only warns you when a certain event or behavior occurs and the process that causes it. Some of these warnings might be legitimate software doing their tasks though, so it is up to the user to decide whether to allow or block the behavior.
History of SSM
SSM began as a private project in 2002 and was one of the first behavior blockers aimed at the home user market.In April 2005, It was sold to a group of professionals who started Syssafety company that went commercial and released the first 2.0 beta series in September 2005.
In June 2006, the series was split into 2 lines. First there was a freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
version 2.0 that has all of the features of the original 1.9 series plus some improvements. There was also a 2.1 commercial version that has some improvements over the freeware version, particularly an improved registry control (hooking as opposed to polling), low level keylogging control and better termination protection. The new 2.1 version also dropped support of Windows 98 and Windows ME.
Use of SSM and noteworthy features
SSM is similar to many products in its class and offers some termination protection, process filtering , blocking of driver installs etc. What separates it from most HIPS programs is that it offers not just process filtering but also parent-child control of processes. What this means is that instead of giving a process complete rights to start, you can specify more restrictive rules so that a given process can only be started by another specific process. For example while you might want to allow Windows explorer to start your web browserWeb browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
, you might not want other processes to start up your browser because they might exploit the browser to phone home. See also leak tests.
SSM can be used effectively against spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
programs, as well as rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
s, trojans
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
, keyloggers, dialers, browser hijackers, and commercial surveillance software. However this relies entirely on the user responding correctly to prompts. Beginners might be confused by the prompts and respond incorrectly. In the worst case scenario this can lead to malware infecting the system (when allowing a dangerous activity) or system error (when blocking an activity needed by the system). SSM also offers a learning mode, where rules are automatically made when needed creating a baseline of normal operations. But this assumes the system is clean, if this is not so, SSM can learn to allow malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
. Regardless of training mode, whenever any new unknown process is run, a prompt will be created, unless the user chooses to block all prompts.