Abtrusion - Anyone use this?

[*Vanguard*]

Abtrusion lets you control what is allowed to run on your system. No, it's not permissions stuff. I already run an anti-virus scanner to monitor incoming traffic and to check if something tries to run that is already on my system that is infected. However, until the anti-virus program schedules its next up update, my system is vulnerable (although that is not long hopefully since I let it perform automatic updates). It also takes time to detect that a virus is on the loose, to determine how to identify it, and possibly to kill it, all of which lengthens the window of opportunity. Abtrusion takes the tack of preventing anything from running unless allowed. I think there is another product called something like System Safety Net (not sure about the name).

I'm interested but wonder about the following:

- How much do these products get in the way of using your computer?

- How much do they slow down opening programs (i.e., what's the impact on how snappy your applications startup)?

We all know that running a firewall is a good thing, especially if you have an always-on connection, like cable broadband or DSL, but a firewall always adds delay. Hopefully not much delay. Even though it causes delay, I'd rather incur the slight and mostly unnoticeable delay and have the protection. However, with dozens if not hundreds of files getting opened and closed every minute, an imperceptible delay in opening a single file becomes magnified and might significantly impact your use of your computer. So it would be nice to have the added protection as long as it wasn't in your face wasting your time and if it didn't make you wait to use your computer.

--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[Kerodo]

Abtrusion lets you control what is allowed to run on your system.
No, it's not permissions stuff. I already run an anti-virus scanner
to monitor incoming traffic and to check if something tries to run
that is already on my system that is infected. However, until the
anti-virus program schedules its next up update, my system is
vulnerable (although that is not long hopefully since I let it
perform automatic updates). It also takes time to detect that a
virus is on the loose, to determine how to identify it, and possibly
to kill it, all of which lengthens the window of opportunity.
Abtrusion takes the tack of preventing anything from running unless
allowed. I think there is another product called something like
System Safety Net (not sure about the name).

I'm interested but wonder about the following:

- How much do these products get in the way of using your computer?

- How much do they slow down opening programs (i.e., what's the impact
on how snappy your applications startup)?

We all know that running a firewall is a good thing, especially if you
have an always-on connection, like cable broadband or DSL, but a
firewall always adds delay. Hopefully not much delay. Even though it
causes delay, I'd rather incur the slight and mostly unnoticeable
delay and have the protection. However, with dozens if not hundreds
of files getting opened and closed every minute, an imperceptible
delay in opening a single file becomes magnified and might
significantly impact your use of your computer. So it would be nice
to have the added protection as long as it wasn't in your face wasting
your time and if it didn't make you wait to use your computer.

Looks very interesting. I would think that your software firewall would do
at least partially the same thing though, but maybe this program does a
much better job? I think I'll try it out and see how it goes...

 

[Bogus]

Abtrusion lets you control what is allowed to run on your system. No, it's
not permissions stuff. I already run an anti-virus scanner to monitor
incoming traffic and to check if something tries to run that is already on
my system that is infected. However, until the anti-virus program schedules
its next up update, my system is vulnerable (although that is not long
hopefully since I let it perform automatic updates). It also takes time to
detect that a virus is on the loose, to determine how to identify it, and
possibly to kill it, all of which lengthens the window of opportunity.
Abtrusion takes the tack of preventing anything from running unless allowed.
I think there is another product called something like System Safety Net
(not sure about the name).

I'm interested but wonder about the following:

- How much do these products get in the way of using your computer?

- How much do they slow down opening programs (i.e., what's the impact on
how snappy your applications startup)?




I tried abtrusion for a while; left it for this program that worked better
for me.

http://maxcomputing.narod.ru/ssme.html

Each of them had a slight impact - abtrusion had a heavy start-up time, but
little action after that. SSM will popup whenever it comes across something
new, or if something changes, or if something is reaching beyond its space.

 

[*Vanguard*]

"Kerodo" said in news:[email protected]:

Looks very interesting. I would think that your software firewall
would do at least partially the same thing though, but maybe this
program does a much better job? I think I'll try it out and see how
it goes...

A firewall will only detect or block processes that attempt to make a connection past it. It does nothing to keep rogue programs from running on your computer, like formatting your disk, deleting registry entries, deleting files, spying, redirecting you to a different site (which is done BEFORE the connection is made), and so on. Firewalls are handy in managing who gets to connect in and out, not specially what runs on your system.

What intrigues me is the claim that a computer thus protected (with Abtrusion or System Safety Net, or whatever the other one is called) is [more] immune against viral infection simply because the infected file won't be allowed to run. It's somewhat the same tact taken by SpywareBlaster: it doesn't stop the crap from getting onto your system but it prevents it from executing.


--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[Kerodo]

"Kerodo" said in news:[email protected]:

Looks very interesting. I would think that your software firewall
would do at least partially the same thing though, but maybe this
program does a much better job? I think I'll try it out and see how
it goes...

A firewall will only detect or block processes that attempt to make a
connection past it. It does nothing to keep rogue programs from
running on your computer, like formatting your disk, deleting registry
entries, deleting files, spying, redirecting you to a different site
(which is done BEFORE the connection is made), and so on. Firewalls
are handy in managing who gets to connect in and out, not specially
what runs on your system.

What intrigues me is the claim that a computer thus protected (with
Abtrusion or System Safety Net, or whatever the other one is called)
is [more] immune against viral infection simply because the infected
file won't be allowed to run. It's somewhat the same tact taken by
SpywareBlaster: it doesn't stop the crap from getting onto your system
but it prevents it from executing.

Yep, I realized this about the firewall after I posted.. I think I might
try out that other program, SSM, that the other person mentioned too. It
looks similar, but with some different features. Warning though... their
web site is outrageously slow. Took 10 or 15 minutes to download a small
file and I have a cable connection.

Abtrusion looks good, but I'm wondering if it might not be more annoying
than it's worth after a while. I'm always downloading updates to programs,
on a daily basis sometimes as I'm installing the nightly Mozilla and
Firefox updates constantly. So it might become annoying when Abtrusion
stops me all the time to verify a new program.

Another thing that might be annoying is if it significantly increases the
load time of apps. I'm only running on a 1 gig processor here, so
increasing the load time of apps would be slighly irritating.

But I think I'll try them both anyway. What the heck...

 

[*Vanguard*]

"Bogus" said in news:[email protected]:

message Abtrusion lets you control what is allowed to run on your system.
No, it's not permissions stuff. I already run an anti-virus scanner
to monitor incoming traffic and to check if something tries to run
that is already on my system that is infected. However, until the
anti-virus program schedules its next up update, my system is
vulnerable (although that is not long hopefully since I let it
perform automatic updates). It also takes time to detect that a
virus is on the loose, to determine how to identify it, and possibly
to kill it, all of which lengthens the window of opportunity.
Abtrusion takes the tack of preventing anything from running unless
allowed. I think there is another product called something like
System Safety Net (not sure about the name).

I'm interested but wonder about the following:

- How much do these products get in the way of using your computer?

- How much do they slow down opening programs (i.e., what's the
impact on how snappy your applications startup)?




I tried abtrusion for a while; left it for this program that worked
better for me.

http://maxcomputing.narod.ru/ssme.html

Each of them had a slight impact - abtrusion had a heavy start-up
time, but little action after that. SSM will popup whenever it comes
across something new, or if something changes, or if something is
reaching beyond its space.

So what is the NAME of this other program? That site is non-responsive and it might help if I knew what was "SSME", assuming that's the initials for the product, so I could research it through Google in the meantime.

If I understand you correctly, Abtrusion impacts the Windows startup time but very little after that whereas SSME does not impact startup time but will popup whenever a new program wants to run. I believe Abtrusion lets you take a snapshot if you consider your system clean. Does SSME do that, too, so you don't get prompted for every program immediately after it is installed? Otherwise, you'll be spending most of your time for the first day or two just answering prompts.

Update:

Ah, by the time I got writing the above, the web site responding. SSME = System Safety Monitor (don't know the reason for the "E" in the path to the product). Well, I was close; only was off on the last word. A couple months ago I came across mention of these. One of the arguments was over which used the better "signature" to identify a file. One used a hash code (which is not guaranteed unique and could be spoofed providing the infector knew how the protector hashed the file's contents) and the other used some other technique.

This is for my personal computer at home. So far I have not been infected with viruses, trojans, or spyware (although 2 tried to infiltrate in the last year). So my shields are adequate at the moment but I figured it's about time to reevaluate to see if I need to raise the shields higher. I create periodic disk images for disaster recovery and tape backups for data restores but I'd rather not bother. That is, I strongly believe in proactive maintenance with incremental cost in time and money rather than reactive disaster recovery.

SSM seems to be free but all its downloadable versions are also listed as "beta". Also, the "English, prolonged until December 2004) makes it appear that it self-expires.



--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[Kerodo]

"Bogus" said in news:[email protected]:

So what is the NAME of this other program? That site is
non-responsive and it might help if I knew what was "SSME", assuming
that's the initials for the product, so I could research it through
Google in the meantime.

If I understand you correctly, Abtrusion impacts the Windows startup
time but very little after that whereas SSME does not impact startup
time but will popup whenever a new program wants to run. I believe
Abtrusion lets you take a snapshot if you consider your system clean.
Does SSME do that, too, so you don't get prompted for every program
immediately after it is installed? Otherwise, you'll be spending most
of your time for the first day or two just answering prompts.

Update:

Ah, by the time I got writing the above, the web site responding.
SSME = System Safety Monitor (don't know the reason for the "E" in the
path to the product). Well, I was close; only was off on the last
word. A couple months ago I came across mention of these. One of the
arguments was over which used the better "signature" to identify a
file. One used a hash code (which is not guaranteed unique and could
be spoofed providing the infector knew how the protector hashed the
file's contents) and the other used some other technique.

This is for my personal computer at home. So far I have not been
infected with viruses, trojans, or spyware (although 2 tried to
infiltrate in the last year). So my shields are adequate at the
moment but I figured it's about time to reevaluate to see if I need to
raise the shields higher. I create periodic disk images for disaster
recovery and tape backups for data restores but I'd rather not bother.
That is, I strongly believe in proactive maintenance with incremental
cost in time and money rather than reactive disaster recovery.

SSM seems to be free but all its downloadable versions are also listed
as "beta". Also, the "English, prolonged until December 2004) makes
it appear that it self-expires.

I just tried SSM and had some trouble with it always thinking that Outlook
had changed every time I loaded Outlook. And there was no way to change or
fix that. In general, the program looked interesting, but I wasn't all
that impressed, so I removed it just because of the Outlook problem alone.

I also just installed Abtrusion and it looks very nice so far. It didn't
have any problems with Outlook, so there must be something wrong with SSM.
Abtrusion has some features that let you install new software or updates,
so that problem has been handled I guess. Looks good so far. I don't
notice any significant loading time difference either. Maybe takes a
little longer, but nothing I can't live with...

Looks good so far...

 

[sponge]

Abtrusion lets you control what is allowed to run on your system.

No, it's not permissions stuff. I already run an anti-virus scanner
to monitor incoming traffic and to check if something tries to run
that is already on my system that is infected. However, until the
anti-virus program schedules its next up update, my system is
vulnerable (although that is not long hopefully since I let it perform
automatic updates). It also takes time to detect that a virus is on
the loose, to determine how to identify it, and possibly to kill it,
all of which lengthens the window of opportunity. Abtrusion takes the
tack of preventing anything from running unless allowed. I think
there is another product called something like System Safety Net (not
sure about the name).

I'm interested but wonder about the following:

- How much do these products get in the way of using your computer?

- How much do they slow down opening programs (i.e., what's the

impact on how snappy your applications startup)?

We all know that running a firewall is a good thing, especially if

you have an always-on connection, like cable broadband or DSL, but a
firewall always adds delay. Hopefully not much delay. Even though it
causes delay, I'd rather incur the slight and mostly unnoticeable
delay and have the protection. However, with dozens if not hundreds
of files getting opened and closed every minute, an imperceptible
delay in opening a single file becomes magnified and might
significantly impact your use of your computer. So it would be nice
to have the added protection as long as it wasn't in your face wasting
your time and if it didn't make you wait to use your computer.

I have not used Abtrusion specifically, but it is rather similar to a
sandbox. I have used and written some sandboxes, and they are much
more involved than simply monitoring program start-up, and, as a
result, they can significantly decrease performance, depending on the
extent of capability and coverage. Abtrusion sounds great if it allows
for the detection of individual program components and dependencies
(e.g. DLLs). However, if it doesn't, then that's a significant flaw in
completeness. Not enough to make it worthless, but far from being very
dependable by itself. You might be served just as well if not better
by running HiJackThis! periodically, to see what's running. It won't
show all dependencies, but it will show BHOs and the like. You can do
this instead of or in addition to Abtrusion. The DLL Authentication
features of some personal firewalls (Sygate, BlackICE), are also
helpful in this regard and can somewhat complement Abtrusion if it
lacks dependency verification.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com

 

[*Vanguard*]

"Kerodo" said in news:[email protected]:

I just tried SSM and had some trouble with it always thinking that
Outlook had changed every time I loaded Outlook. And there was no
way to change or fix that. In general, the program looked
interesting, but I wasn't all that impressed, so I removed it just
because of the Outlook problem alone.

I also just installed Abtrusion and it looks very nice so far. It
didn't have any problems with Outlook, so there must be something
wrong with SSM. Abtrusion has some features that let you install new
software or updates, so that problem has been handled I guess. Looks
good so far. I don't notice any significant loading time difference
either. Maybe takes a little longer, but nothing I can't live with...

Looks good so far...

Did the install of Abtrusion include a help file, like .chm? If there is a shortcut in its start menu to open its help, the shortcut's properties will tell what file it opens? I'd like to read that before installing the product. There isn't much information on their web site. They'll discuss how to go into install mode but nothing about checking dependencies to see what other files a program might try to open or read from, like DLLs, or how it might take care of ActiveX controls or Java applications (since the only thing you see is the "java" process that runs the code and you wouldn't want to simply enable "java" to load for any code to run in it).

--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[*Vanguard*]

"*Vanguard*" said in news:[email protected]:

Did the install of Abtrusion include a help file, like .chm? If
there is a shortcut in its start menu to open its help, the
shortcut's properties will tell what file it opens? I'd like to read
that before installing the product. There isn't much information on
their web site. They'll discuss how to go into install mode but
nothing about checking dependencies to see what other files a program
might try to open or read from, like DLLs, or how it might take care
of ActiveX controls or Java applications (since the only thing you
see is the "java" process that runs the code and you wouldn't want to
simply enable "java" to load for any code to run in it).

Forgot the purpose of my post. If there is a help file, could you e-mail it to me? Hotmail has a 2MB quota limit so it would have to be smaller than that. I'm just curious if they describe their product within their help better than they do at the web site.

--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[Kerodo]

Did the install of Abtrusion include a help file, like .chm? If there
is a shortcut in its start menu to open its help, the shortcut's
properties will tell what file it opens? I'd like to read that before
installing the product. There isn't much information on their web
site. They'll discuss how to go into install mode but nothing about
checking dependencies to see what other files a program might try to
open or read from, like DLLs, or how it might take care of ActiveX
controls or Java applications (since the only thing you see is the
"java" process that runs the code and you wouldn't want to simply
enable "java" to load for any code to run in it).

Sorry, I've removed it here and don't recall if there was a help file.
Best thing I can suggest is to install it and try it out for a while. I
was disappointed because I couldn't run some useful utilities here for no
good reason. And there didn't seem to be any way to correct that either.
But it did uninstall cleanly, so there's probably no harm in trying it...

 

[*Vanguard*]

"Kerodo" said in news:[email protected]:

Sorry, I've removed it here and don't recall if there was a help file.
Best thing I can suggest is to install it and try it out for a while.
I was disappointed because I couldn't run some useful utilities here
for no good reason. And there didn't seem to be any way to correct
that either. But it did uninstall cleanly, so there's probably no
harm in trying it...

I've downloaded it and will test it after I get to where I save a disk image (so I can restore in case of any gotchas). I'll use InstallWatch to monitor its installation to make sure I can purge every change if I decide to get rid of it. But then I'm still undecided if I want another layer of protection at this point. Thanks for the input.

--
________________________________________________________________________
***** Post your replies to the newsgroup. Share with others. *****
E-mail: lh_811news [at] hotmail [dot] com
Passcode: "=NEWS="
All e-mail is auto-deleted unless passcode is appended to Subject.
________________________________________________________________________

 

[Bogus]

I just tried SSM and had some trouble with it always thinking that Outlook

had changed every time I loaded Outlook. And there was no way to change or
fix that.

SSM has multiple levels of "tuning"; Outlook can be readily accomodated -
but it takes a little thoughtfullness


In general, the program looked interesting, but I wasn't all

that impressed, so I removed it just because of the Outlook problem alone.

Perhaps very wise. Abtrusion will have a startup cost (hashing all of your
files), but then will simply popup when a hash disagrees. Very simple

I also just installed Abtrusion and it looks very nice so far. It didn't
have any problems with Outlook, so there must be something wrong with SSM.

Not at all! But you should stick with Abtrusion ( or drop it as well) .

Abtrusion has some features that let you install new software or updates,
so that problem has been handled I guess. Looks good so far. I don't
notice any significant loading time difference either. Maybe takes a
little longer, but nothing I can't live with...

Looks good so far...

It is an important addition; can save you from all sorts of grief; be patient with it.

 

[Bogus]

If I understand you correctly, Abtrusion impacts the Windows startup time

but very little after that whereas SSME does not impact startup time but
will popup whenever a new program wants to run.

I was not clear. Abtrusion has a one-time -installation- impact (during
which it hash's your executables), thereafter it has almost no impact.

Your understanding of SSM is correct. Plus SSM will monitor for DLL
injections, programs exceeding their operating space (e.g. a program trying
to shutdown your AV), programs that are invoking valid programs for the
first time (e.g. I.E. invoking something "strange"), etc. Abtrusion only
blocks new or changed programs - doesn't consider relationships.

I believe Abtrusion lets you take a snapshot if you consider your system
clean. Does SSME do that, too, so you don't get prompted for every program

immediately after it is installed?

Yes - best way to do it is to "start" it the first time >after< your box is
up and running. It will then do an initial inventory and hash active
programs, plus the program that invoked them. Changes beyond that are
challenged. If you ever want to reinitialize it, simply delete the directory
and reinstall - there is no registry installation.

Otherwise, you'll be spending most of your time for the first day or two

just answering prompts.

There will be that as well - much like a firewall learning trusted
applications. But this is more sophistocated than a firewall - do it thoughtfully.

OTOH, Abtrusion is much easier to use, and either app. will significantly increase
your security

 

[Kerodo]

SSM has multiple levels of "tuning"; Outlook can be readily
accomodated - but it takes a little thoughtfullness

Oops... Looks like I should have given it more of a chance. I admit that I
dismissed it pretty quickly...

Not at all! But you should stick with Abtrusion ( or drop it as

well) .

Yep, I dropped Abtrusion as well since I couldn't get some utilities to run
with it running. Seemed more trouble than it was worth..

Kerio 4 has a feature that does something similar. You can set it to
question every executable that runs on your machine and ask for permission
to run it. So that, plus it's normal features, plus my NAV should be
enough protection.

 

[Kerodo]

SSM has multiple levels of "tuning"; Outlook can be readily
accomodated - but it takes a little thoughtfullness

Ok, I think I'll give SSM another shot. How would I "tune" it to
accomodate Outlook for example. Any ideas?

 

[Bogus]

Ok, I think I'll give SSM another shot. How would I "tune" it to

accomodate Outlook for example. Any ideas?

At least two - one of which I needed to accommodate K-mel.

1. The second popup for outlook will have a little box in the lower-left
corner. It will say something to the effect of "add a separate rule ....."
Use it. What is happening is that there are two different subtasks with
the same name, so when you o.k. the first, it challenges the second. o.k.
the second, and it then challenges the first.

2. Go to Preferences-Application Rules. In the lower-right corner you will
see different levels of rule "refinements". With these, you can deactivate
some of the sensitivity of SSM for troublesome applications. However, the
item above is 90%+ likely to be the issue.

Which ever of these you go with, give it a week. SSM provides far more
protection, but it will occasionally be a PITA.

 

[Kerodo]

At least two - one of which I needed to accommodate K-mel.

1. The second popup for outlook will have a little box in the
lower-left corner. It will say something to the effect of "add a
separate rule ....." Use it. What is happening is that there are two
different subtasks with the same name, so when you o.k. the first, it
challenges the second. o.k. the second, and it then challenges the
first.

2. Go to Preferences-Application Rules. In the lower-right corner you
will see different levels of rule "refinements". With these, you can
deactivate some of the sensitivity of SSM for troublesome
applications. However, the item above is 90%+ likely to be the issue.

Which ever of these you go with, give it a week. SSM provides far more
protection, but it will occasionally be a PITA.

Ok, thanks, I'll try that. I went back and tried version 1.89 and it
didn't seem to mind Outlook at all. However I found that 1.89 did little
more than check apps at load time and some reg keys. 1.94 seems to have a
lot more features..

 

[Kerodo]

At least two - one of which I needed to accommodate K-mel.

1. The second popup for outlook will have a little box in the lower-left
corner. It will say something to the effect of "add a separate rule ....."
Use it. What is happening is that there are two different subtasks with
the same name, so when you o.k. the first, it challenges the second. o.k.
the second, and it then challenges the first.

2. Go to Preferences-Application Rules. In the lower-right corner you will
see different levels of rule "refinements". With these, you can deactivate
some of the sensitivity of SSM for troublesome applications. However, the
item above is 90%+ likely to be the issue.

Which ever of these you go with, give it a week. SSM provides far more
protection, but it will occasionally be a PITA.

Many thanks... Number 1 above fixed it. Now all is well... I didn't
think to try that originally... Thanks again...