Rili said:
I'm after a program that will monitor all processes, threads or services
<Snip>
< any new program [not previously approved] that was started would
result
in a warning that an unknown process had started.
I think the category closest to what you have described is application
firewall. Many firewalls are now incorporating some application
firewall features.
One interesting product, System Safety Monitor (described below),
works in tandem with a traditional firewall. The same source also
offers SSM Service Guard to monitor just the activity of system
services in WinNT.
I tried SSM briefly, but that Win95 system was already not very stable
(even for Win95) and SSM may have made that worse. Hard to tell at
that point, but the site does say only 70% compatible. I liked the
features.
http://maxcomputing.narod.ru/ssme.html?lang=en
I've downloaded WinSonar (described below) at least 3 times, but I
haven't gotten around to trying it. The description is certainly
applicable.
A number of programs take a less ambitious approach. WinPatrol (.com)
for example is a very straightforward and easy to apply program that
monitors various startup folders and keys for changes (as well as
additions to cookies). The commercial version adds additional
information about each process. Some startup managers also provide a
check on startup locations at startup and/or on an ongoing basis.
Several sites offer extensive lists of services and sometimes other
task names which you may encounter.
Pacman's Portal
One interesting product, the System Safety Monitor, works in tandem
with a traditional firewall. The same source also offers SSM Service
Guard to monitor activity of system services in WinNT. I tried SSM
briefly, but the Win95 system was already not very stable and SSM may
have made that worse. Hard to tell at that point. I liked the
features.
http://maxcomputing.narod.ru/ssme.html?lang=en
I've downloaded WinSonar at least 3 times, but I haven't gotten around
to trying it. The description is certainly applicable.
A number of programs take a less ambitious approach. WinPatrol for
example is a very straightforward and easy to apply program that
monitors various startup folders and keys for changes (as well as
additions to cookies). The commercial version adds additional
information about each process. Some startup managers also provide a
check on startup locations at startup and/or on an ongoing basis.
Several sites offer extensive lists of services and sometimes other
task names which you may encounter.
http://www.pacs-portal.co.uk/startup_index.htm
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Does anyone have good _comparative_ experience with SSM, WinSonar, or
WinPatrol?
BillR
-----
(Excerpts from site)
System Safety Monitor (SSM) is an application-firewalling tool (it is
not a "firewall" in traditional understanding, so there shouldn't be
any conflicts with your network firewalls). SSM controls which
programs are running on your computer and what they are doing. For
example, SSM can prevent so called "DLL Injection". Also, SSM will
notify you whenever a program you want to start was modified. In
addition, SSM can constantly check your registry and alert you, when
an important modification was made.
Features
Allows you to control which programs and applications can be opened on
your computer. Alerts you whenever a program, you want to run was
modified.
Allows you to control calls to some OS functions which is used in "DLL
Injection" and Keystroke logging utilities.
Prevents unauthorized code-injection activity, so no application will
be allowed to use another legitimate one for malicious activity.
Allows you to control which programs are allowed to start other, and
wich cannot be started by others. For example, you may allow your
browser to be started only by Explorer.exe but not by any other
untrusted application.
Offers a choice of two modes - User and Administrator. In
Administrator mode you can set your preferences to control programs.
Access to this mode can be protected with an encrypted password to
prevent anyone changing your settings. In User mode no changes can be
made to your settings.
Supervises changes to important registry keys when installing new
programs.
Will block or alert on any attempt to change guarded registry keys.
Allows you to control which programs run at system startup.
Maintains a list of running applications and allows you to terminate
any application immediately.
Allows you to block specific windows (including websites) from
opening.
Can be set to run automatically on system startup.
OS Compatibility (for most current version)
Win 95 / OSR - 70%
Win 98 / SE - 95%
Win ME - 95%
Win NT 4.0 / SP4-6 - 95%
Win 2k (5.0) / SP1-3 - 99%
Win XP / SP - 100%
Misc
Program is absolutely freeware.
Current version 1.9.3 (beta 1) July 10, 2003.
Currently following additional languages are supported: English,
Russian
-----
(Excerpts from site)
Winsonar 2003 is a program specifically designed for process
monitoring purposes: it detectes new processes that permanently
install into memory while system is working. Windows (Tm) has a
built-in task monitor, but the user will not be prompted for
new-installed tasks and even using the task monitor he won't able to
distinguish normally running modules from new-added ones. The basic
idea is that if the user could know a new program permanently
installed into memory, he could readily scan it using an updated
antivirus program: viruses couldn't really hide for a long time before
being detected.
The program has been updated to the version 3.04.03, released on March
12, 2003. New features of this version:
* Registry autorun keys are regularly scanned, to detect programs
attempting to be loaded on system startup.
* Processes included in the unsafe list will be prevented from
loading.
* Winsonar Probe has been enhanced with a ports scanner: this could be
useful in order to know if an unknown process opened a TCP port on
your system.
* As advanced feature it is now possible to edit the default safe
process list: the user will be able to terminate almost every process.
* Winsonar will now resist to attempts of closing the program,
requesting user's authorization.
* By switching from default to fast scanning rate it is now possible
to detect short-acting malicious programs.
* Processes are now displayed with the number of open threads.
* This version of Winsonar comes with runtime files needed to properly
run the program.
This program has been tested and works under Windows 95\98, Me, XP.
