Additional Features
The SOSOS Suite
SOSOS is actually a suite of programs consisting of the following:
SOSOS – the main application (includes all of the features below)
RunSOSOS – a command-line version for unattended gathering of data
PollSOSOS – a command-line version for network scanning
ViewSOSOS – a read-only interface to SOSOS database
ConfigureSOSOS – a setup utility for the SOSOS suite
SOSOS.exe is the “main” application that may be the only application that’s required in a home or small office environment. It is also the only application that is contained in the MSI setup file.
In the most common scenario for a corporate environment, the average user may never see the SOSOS program. The data from their PCs may be gathered by the RunSOSOS program which is designed by default to be “stealthy” and to be run during the login process with no user intervention.
Users can double-click on the SOSOS.exe program to manually scan their PC, save the data, print, or save a report. Administrators can do more…they can use SOSOS to poll remote PCs for their data.
Related Applications
In addition to the SOSOS suite, there are several other related programs that are available as VB.Net source code that perform the following functions:
- AlertSOSOS Immediately notifies a list of staff members by instant message and email when conditions such as new virus activity or new disk shares are detected
- BackupSOSOS Archives SQL data into Microsoft Access files
- ErrorLogSOSOS Converts the text-based SOSOS Error Log File into a database
- MgmtConsoleSOSOS A GUI-based management console for SOSOS data
- ProcessSearch Searches the SOSOS database against a list of several hundred known spyware, addware, and Peer to Peer applications
- SoftwareSearch Similar to ProcessSearch, but searches Installed Software
Database Table Listing
The data is stored in the following 43 tables:
| Table Name | Description |
|---|---|
| Accounts | A listing of all local accounts |
| Admins | Members of the local Administrators group |
| AutoUpdate | Automatic Update settings |
| BIOS | BIOS information |
| Components | Windows components (similar to installed software) |
| CPU | Processor information |
| Desktop | User’s desktop (screen saver, wallpaper, etc) |
| Devices | Listing of devices (similar to device manager) |
| Disks | Physical disk information |
| Drives | Logical drive information (drive letters) |
| User’s Microsoft Outlook settings | |
| EventLogs | Event Log Entries |
| EventLogSettings | Settings for each Event Log |
| FileInfo | Information about an ad-hoc list of files |
| Internet | User’s Internet Explorer settings |
| Mapped | User’s mapped network drives and printers |
| Memory | Quantity and type of RAM |
| Modem | Modem information |
| Monitor | Video Monitor information |
| Motherboard | Motherboard information |
| Mouse | Mouse |
| NetAdapter | Network Interface Card (NIC) information |
| NetConfig | NIC Configuration |
| OS | Operating System details |
| PC | Miscellaneous PC information |
| Permissions | Permissions on network shares |
| Ports | Number and type of ports |
| Printers | Local and network printer information |
| Processes | List of running processes (similar to Task Manager) |
| Profiles | Listing of User Profiles (i.e. C:\Document and Settings) |
| QFE | Updates/Patches (QFE=Quick Fix Engineering) |
| Registry | Information about an ad-hoc list of registry keys |
| Services | List of Windows Services |
| Shares | Information about network shares |
| Software | Listing of installed software |
| SOS | Summary information (root of many tables) |
| Startup | User’s automatic startup applications |
| SystemDrivers | List of system drivers (useful in recovery console) |
| SystemInfo | System identification and serial numbers |
| Tasks | Listing of scheduled tasks |
| UserLogin | Record of every login |
| Video | Video card information |
| Virus | Norton Antivirus Corporate Edition logs |
The database diagram looks like this (click for larger view):
