I start this thread to discuss some programs with the ability to check the integrity of your files and/or registry.

Some of these will do it in realtime, others don't.
Some of these will check only one type of files, others give you the possibility to choose your own type of files to monitor.

Let me make a start of the discussion by making a summing-up of these:


NISFileCheck SITE (http://www.capimonitor.nl/niscrc.htm) thread on the old forum (http://pub24.ezboard.com/fsecureyesecurityfrm6.showMessage?topicID=122.topic) guidelines (http://www.security-pro.co.uk/yabb/YaBB.pl?board=osif;action=display;num=1013708171;start=0) FileChangeAlarm SITE (http://www.capimonitor.nl/FileChangeAlarm.htm) thread on the old forum (http://pub24.ezboard.com/fsecureyesecurityfrm6.showMessage?topicID=269.topic) ADinf SITE (http://www.adinf.com/home.htm) Screenshots (http://members.tripod.com/technodrome24/adinf.htm) Alfa File System Monitor AFSM SITE (http://www.alfasp.com/html/afsm/index.html) Alfa System Protector ASP SITE (http://www.alfasp.com/html/asp/index.html) KAV Inspector SITE (http://www.avp.ru/tour/featurestour.html?id=26&page=4) RegRun SITE (http://greatis.com/regrun3.htm) RegRun forum (http://www.morelerbe.com/cgi-bin/ubb-cgi/ultimatebb.cgi?ubb=forum;f=32) TDS CRC32-feature SITE (http://www.diamondcs.com.au/) TDS public forum (http://www.security-pro.co.uk/yabb/YaBB.pl?board=dcstds) Integrity Master SITE (http://www.stiller.com/)

With permission of Technodrome (thanks TD!) a copy/paste of a posting by him about ADinf:

[hr]

http://members.tripod.com/technodrome24/adinf.htm (there are some cool, ADinf32 GUI shots)

ADinf is a sophisticated data integrity system, which senses even the imperceptible modifications in the files system and system areas, changes in files, newly created and deleted (sub)directories, newly created, deleted, renamed files, and files moved from one directory to another. *

I am using this product since 1999 and it's very cool utility... It needs less then minute to check 70,500 files (on my computer) for the modifications and changes in the files, system, system areas, so-called invisible (stealth) viruses, etc… It only cost 19.95$ and works perfectly under Windows XP. (Including 95/98/ME/NT/2000 as well).
Any suspicious file change will be discovered and take care of. It saved me several times when AV product failed. I just Love it. ADinf is Similar to Kaspersky AV Inspector. But in my opinion (and others too) ADinf is far better IC the KAVI and it has more features then KAV Inspector. I won’t even touch speed issue..

You can try it from here: http://www.adinf.com

[hr]

Real nice overview. I like to add two other integrity checkers to your list.

FP-Win Professional (http://complex.is)
Integrity Master (http://www.stiller.com)

At the moment I use the KAV Inspector as integrity checker. But the best one I tried so far was ADinf.

wizard

There is also an integrity checker included in F-Prot AntiVirus (though I'm not sure how it compares to the other programs on your list).

{QUOTE-> Real nice overview. I like to add two other integrity checkers to your list.

FP-Win Professional (http://complex.is)
Integrity Master (http://www.stiller.com)

At the moment I use the KAV Inspector as integrity checker. But the best one I tried so far was ADinf.

wizard <-QUOTE}

Thanks Lars!

I have added Integrity Master now to the list, but somehow the url for FP-Win Pro doesn't work for me.

{QUOTE-> There is also an integrity checker included in F-Prot AntiVirus (though I'm not sure how it compares to the other programs on your list). <-QUOTE}

Hi Javacool,

Could you give an URL to a page with info about their integrity checker?
(Of course I know F-Prot exists ;) ).

What I would like to do, is this (with all your help!!!):

Make an overview for each one of the programs about some features (is that the right word?).
I'm thinking of this example (maybe in better layout):

NISFileCheck:
freeware/costs free build in other program no real time no registry no files yes only default file type no file by type yes default file type exe, dll, vxd, ocx, sys, bat possibility to add file types of your choise yes possibility to add files of your choise yes other remarks

This is CheckSum Guard. *One more product with similar intention. *http://www.softcharm.com/index.htm

CheckSum Guard is a versatile and effective antivirus program for Windows 95/98/NT/2000. It can protect your executable files against almost all EXE & COM viruses. During the first run the program scans your drives and saves information about every executable file in its database. After that, each time you check your computer it adds information about new executables and checks old ones. If any of them has been changed since the last check, you will receive a warning and will be able to cure that file. The curing algorithm allows to fix more than 90% of infected files. The program's help contains an instruction that helps you to find the file that was already infected when it was copied on your computer.

To view a screenshot click here http://www.softcharm.com/products/cguard.gif

I didn’t try this one myself. If someone did, please be kind and share experience...
;)

{QUOTE->

Hi Javacool,

Could you give an URL to a page with info about their integrity checker?
(Of course I know F-Prot exists ;) ).
<-QUOTE}

Try this one:
http://www.f-prot.com/f-prot/products/fpwin.html

F-Prot anti virus means FP-Win professional. Maybe the url does not work because I did not typed www but most browsers can reach that site without www.

The correct url is http://www.complex.is or try the direct url from technodrome. It is the same server. ;)

wizard

Oops, dumb me *;)
Thanks!

FanJ,

Okay, now you've done it! *;D
Adding three items at the bottom of the listing

Given my well-known propensity for long tabulations of features, here's my suggested tabular outline for this subject. *(I assume you can put tables into the FAQ section on this bulletin board?) *It would be nice if an individual user could select specific *columns for comparative purposes, but that's not really necessary.

Also, I assume I can come back and modify this list as time goes by? *(So, folks, check back in this posting for any additions/modifications/deletions that I might make):

Herewith:

Application Name * *Required
Application Build * * *Required
Release Date * * * * *Desired
Website URL * * * * * If available
Freeware/Shareware/Payware
* *(Not much point in putting in detailed prices for
* * payware, given rebates, street prices, etc. Besides,
* * that's easily findable, once feature set is clear.)
Works On:
* *Win 95 * * * * * * *(Yes|No|Unknown)
* *Win 98 * * * * * * *(Yes|No|Unknown)
* *Win 98 SE * * * * (Yes|No|Unknown)
* *Win ME * * * * * * *(Yes|No|Unknown)
* *Win NT *(SP?) * *(Yes|No|Unknown)
* *Win 2K (SP?) * * (Yes|No|Unknown)
* *Win XP * * * * * * *(Yes|No|Unknown)
Monitors:
* *Executables in RAM * * (Yes|No|Unknown)
* *Executables on Disk * *(Yes|No|Unknown)
Can be Run:
* *Memory-Resident (i.e., real-time)
* *On Demand
* * * *On Demand requries Operator Present?
* *On Schedule
Can Consider:
* *LAN Drives
* *Other machines on LAN
* *All Drives On System
* *Specific (User-definable) drive
* *Specific (User-definable) folder
* *Specific (User-definable) file
Addresses:
* *All Files (wild-card specification available for filename, file extension, or both)
* *EXE Files
* *DLL Files
* *VXD Files
* *OCX Files
* *SYS Files
* *BAT Files
* *Script Files
* *Other (Please Specify)
* *Can Examine Multiple File Extensions on Single Pass?
* *User Can Add File Extensions to Check
* *User Can Add Specific File to Check
* *User Can Exclude Specific File to Check
Version Comparison:
* *Identifies Newly Found Files
* *Identifies Modified Files
* *Identifies Deleted Files
* *Identifies Renamed Files
* *Identifies Moved Files
* *User can Archive data on old file versions (for roll-back)
* *User can Roll-back to 'Prior, Known Good' File
* * * *(this can work for OS utilities like SFC)
Hash Algorithms Available:
* *CRC-32 * * * * * (Yes|No|Unknown)
* *MD2 * * * * * * * *(Yes|No|Unknown)
* *MD4 * * * * * * * *(Yes|No|Unknown)
* *MD5 * * * * * * * *(Yes|No|Unknown)
* *SHA1 * * * * * * * (Yes|No|Unknown)
* *RIPEMD160 * * (Yes|No|Unknown)
* *RIPEMD256 * * (Yes|No|Unknown)
* *RIPEMD320 * * (Yes|No|Unknown)
* *Haval * * * * * * *(Yes|No|Unknown)
* *Other (Please Specify)
* *User Can Compute Multiple Hashes Concurrently?
Output Displays:
* *File Drive
* *File Path
* *File Name
* *File Extension
* *Hash(es)
* *File Date/Time Last Modified
* *File Date/Time Created
* *File Size (bytes)
* *File Version (if available)
* *Other (please specify)
User-Defined Filters on Display?
Export Capability for Posting in e-mail and forums?
Known Independent Reviews (multiple hyperlinks, if available)

Data on targeted files is encrypted
Data on targeted files is password-protected
Application allows baselining from independent source(s)

Betcha thought I was gonna let you off easy, didn't ya? *;D *

Joseph,

Jan will be in for quite a surprise tonight indeed * ;)

regards.

paul

{QUOTE-> Joseph,

Jan will be in for quite a surprise tonight indeed * ;) <-QUOTE}
Paul,

But it is night over there by now! *;) *Are you trying to tell me Jan has a real life? *:o

Joseph,

{QUOTE-> But it is night over there by now! <-QUOTE}

Ah, those Time Zones.. it's 7:26 PM over where Jan lives. Accidentally misinformed you as well; he won't be around until sunday late (that's in about 28 hours)...

{QUOTE-> Are you trying to tell me Jan has a real life? <-QUOTE}

eh...never heard of: "a real life"? Could you elaborate please? *Sounds promising.

regards.

paul *

{QUOTE-> Joseph, ...eh...never heard of: "a real life"? Could you elaborate please? *Sounds promising. <-QUOTE}
Oh, dear, how to explain this? *;) * It has something to do with real-life experiences that do not require a computer, keyboard, and monitor. *Odd concept, isn't it? *But I have it on good authority that such things do exist. *;)

Somebody should start a new post under name "How thick glasses u wear" * ;D

Hi Joseph,

Welcome again!

Thanks very much for your suggestions, and email's.
It could take a while to think about them, at first look it seems it are very good suggestions!!!

(eh, I was earlier back from real life than I thought I would be :) ).

Other desktop Integrity Checkers:

Veracity ($60)
http://www.veracity.com

LANguard File Integrity Checker (free)
http://www.gfisoftware.com/languard/lantools-fic.htm

WinInterrogate (free)
http://winfingerprint.sourceforge.net/

A poor-man Tripwire-like system on Windows 9x/NT (free)
http://www.geocities.com/floydian_99/poormantripwire.html

Floke Integrity (free)
http://www.angelfire.com/wi/wickmann/floke.html

here is another :Inctrl5 (http://www.zdnet.com/products/stories/reviews/0,4161,2653679,00.html)

Security Focus:

{QUOTE-> File/Network Integrity Checking

A second tool that can be used to detect insider attacks is a file and network integrity-checking piece of software. This software is designed to constantly check multiple servers or computers for any changes in the base file installation. This includes any the installation of backdoor programs in standard programs (such as ps and ls in Linux/Unix operating systems). By monitoring these files for changes, the security administrator can determine if someone has successfully breached the system. The most well-known and recommended piece of software to accomplish this is called Tripwire for Servers, by TripWire. <-QUOTE}

Found here: http://www.securityfocus.com/infocus/1546

Bin eval - u - 8 - tin *Adinf32. this thing goes nuts if a file changes with out the last modified/accessed dates changing. It told me I have stealth virus activity when in actuality, I have Index server running.

FanJ,

If you get so ambitious as to try that tabular comparison of different file authentication products, there's one thing I believe I neglected to say. *(I know, I know, difficult to believe, isn't it -- after all, I said so much! *;D )

Every cell in the table should probably have an entry. *If the answer remains to be determined (i.e., if it's unknown at the time), I'd recommend a question mark or question mark icon. *That immediately draws attention of people who might be familiar with the product so that they could provide you with the correct information.

Second, I'm sure that in some products one or more of the parameters (rows) I've recommended is simply irrelevant. *In that instance, I would recommend an explicit use of "N/A" (Not Applicable), rather than simply leaving the cell empty.

Third, there may be some instances in which the appropriate parameters for a cell is not known (in which case the value should be indicated), and not not known (if you catch my meaning), and is not simply "Not Applicable". *Mind, I have no idea what cells might fall into that category, but I will acknowledge their potential existence. *These cells should be left blank (and only these cells). *That'll get attention fast enough. *(Credits to C. J. Date on this one: "When NULL is Not Null".)