A few minor updates, including a Company based exclusion list for easy use with Norton and other multi-file software. I had hoped I'd get more feedback to make improvements, as one single person I have a narrow scope of what people in general would like! Please post me some comments positive or negative both appreciated equally.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd like to view the source code before running this program.
Have downloaded the beta release, read all the text files, and checked for CVS access; but have yet to find access to the source code, nor any mention of it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I apologize for the delay I barely find the time to code it seems, nevermind posting that stuff. I am working on a free host for a web site to go with this project but for now I'll post the source code and the readme file on the Documentation tab.
Thanks for the input!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I really like the concept you have going. I haven't tested the program yet but I was wondering, most AV programs use a blacklist (search for malware and bad programs) do you think you could implement a white list? Basically the white list would be a list of legit programs and files. It would notify you if something, not on the list is about to be run. If it is you give the user choices to either mark it as a new white list item, mark it as bad file and prevent it from running, or delete it. This whole white list thing could be a option in its self. In the GUI you have for the program have a check box for "White list". That way they can turn it on or off when they want too.
The white list idea is something a few AV software companies are starting. The only draw back is that the companies are spending time on enterprise software. I think we could increase this by using web2.0's idea of letting people make the choices. What I mean is if you want to go through with the white list idea I could help create a web site where people can submit possibly good software and let others vote if its good or not (in a secure way). Then once it gets a few votes (20 or so) then its added to the white list. Then in your program you could have it auto download the new white lists every night or on start up.
This option would dramatically increase the potential of your current program.
Also could you make the source available.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Great tool. I just downloaded it but whould like to skim through the source code before actually install in on my small company (4 WinXP computers). Could you please submit it to the CVS or send it trough e-mail to me.
Best Regards
Sulan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just found this tool and it is exactly the concept that I look for in a firewall. I know you are looking for suggestions so here goes. . .
It seems to me that this program will decide whether a process is legit or not only by its name. I have not delved into the code yet nor used it so if this is off feel free to contradict. Anyway, the point being that I think it would be better to check something a little more accurate such as an MD5. The reason for this is that when a buffer overflow takes place, the hackers (or worms') code will run under the process that was just overflowed. Now, if that code that is running inserts code into the 'blank' space of an already trusted executable, notepad for example, malicious code could run when the user starts notepad, but the firewall will not catch this if it only triggers on process names.
The only other thing I have to add is -- what's up with the color scheme? ;-)
Thanks for your work on this app; I'll be downloading the source soon and contribute when I can.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A few minor updates, including a Company based exclusion list for easy use with Norton and other multi-file software. I had hoped I'd get more feedback to make improvements, as one single person I have a narrow scope of what people in general would like! Please post me some comments positive or negative both appreciated equally.
I'd like to view the source code before running this program.
Have downloaded the beta release, read all the text files, and checked for CVS access; but have yet to find access to the source code, nor any mention of it.
I apologize for the delay I barely find the time to code it seems, nevermind posting that stuff. I am working on a free host for a web site to go with this project but for now I'll post the source code and the readme file on the Documentation tab.
Thanks for the input!
I really like the concept you have going. I haven't tested the program yet but I was wondering, most AV programs use a blacklist (search for malware and bad programs) do you think you could implement a white list? Basically the white list would be a list of legit programs and files. It would notify you if something, not on the list is about to be run. If it is you give the user choices to either mark it as a new white list item, mark it as bad file and prevent it from running, or delete it. This whole white list thing could be a option in its self. In the GUI you have for the program have a check box for "White list". That way they can turn it on or off when they want too.
The white list idea is something a few AV software companies are starting. The only draw back is that the companies are spending time on enterprise software. I think we could increase this by using web2.0's idea of letting people make the choices. What I mean is if you want to go through with the white list idea I could help create a web site where people can submit possibly good software and let others vote if its good or not (in a secure way). Then once it gets a few votes (20 or so) then its added to the white list. Then in your program you could have it auto download the new white lists every night or on start up.
This option would dramatically increase the potential of your current program.
Also could you make the source available.
Hi
Great tool. I just downloaded it but whould like to skim through the source code before actually install in on my small company (4 WinXP computers). Could you please submit it to the CVS or send it trough e-mail to me.
Best Regards
Sulan
Just found this tool and it is exactly the concept that I look for in a firewall. I know you are looking for suggestions so here goes. . .
It seems to me that this program will decide whether a process is legit or not only by its name. I have not delved into the code yet nor used it so if this is off feel free to contradict. Anyway, the point being that I think it would be better to check something a little more accurate such as an MD5. The reason for this is that when a buffer overflow takes place, the hackers (or worms') code will run under the process that was just overflowed. Now, if that code that is running inserts code into the 'blank' space of an already trusted executable, notepad for example, malicious code could run when the user starts notepad, but the firewall will not catch this if it only triggers on process names.
The only other thing I have to add is -- what's up with the color scheme? ;-)
Thanks for your work on this app; I'll be downloading the source soon and contribute when I can.
Interesting concept. I would offer more comments and suggestions if the source code was available.
Doren...
http://dorenrosenthal@hotmail.com