Thanks. Knowing exactly what files you've updated will make it easier to investigate. Just so I can set up a similar system, did you install any of the unofficial service packs? If so, which ones?
I'm still VERY slowly learning how SSM works and how to configure and use it properly. It seems to be a very powerful tool albeit somewhat complex and confusing to use. Some of the menus, layout, and structures aren't intuitively user-friendly and obvious, at least to me, but I'm slowly getting familiar with them.
Trying to come up with a user friendly interface that included all those options was a project in itself. Compared to the pro version of SSM, it's actually quite friendly. The pro version is much more convoluted, especially the registry rules. In some ways its behavior seems backwards in comparison. The interfaces definitely could have been better, but from the beginning it was clear that SSM would target a limited user base and that there was no real way to make it friendly to the more "typical" user (not referring to you). Several of us convinced the developer not to drop 9X support, but even the free version was designed with XP in mind. There was only a couple of us testing it on 98. Being one of the few remaining viable security applications for 98 wasn't planned for.
The help file did skip over the options for applications almost completely and is seriously lacking in detail for logging.
The short explanation for application options:
1, allow everything. Default permit. If the process or activity isn't specifically blocked, it's allowed.
2, block process creation. Only whitelisted applications (those with allowing rules) can run. Other activities such as DLL injection are not restricted. The default parent and child settings is "allow."
3, Block everything (paranoiac setting). All monitored activites not specifically allowed are intercepted. If the UI (user interface) is connected, you'll be prompted. If it's not connected, the activity is silently blocked. If this setting is chosen and rules for normal system activities aren't finished and the UI is disconnected, SSM can easily lock up the system.
Another thing the help file doesn't mention. If you set a password, the "Connect user interface at startup" no longer applies. SSM will automatically start with the UI disconnected. Do not set a password until the rules for all processes involved in startup are complete. I had hoped to have the web pages for SSM and 98 done long ago. I seriously underestimated what it would take to thoroughly address this subject. KEX and to a lesser extent RP9 have made it necessary to modify some of the material. Since these are very necessary to the continued viability of 98, they have to be accounted for and have to get along with SSM and each other. Snowstorms aside, I "should" have more time to finish them this winter. There's a lot I still need to examine and account for, especially in regards to external devices. Building web pages/sites is not something I'm good at. They won't be pretty or fancy. Hopefully they will be useful.
Edited by herbalist, 12 December 2010 - 11:11 PM.