Crystal Security - Discussion

Discussion in 'other anti-malware software' started by kardokristal, Jan 29, 2012.

  1. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Bug report:
    Clicking Apply two times in checking the start up will make Kristal Advance Detector to have to instances.
    Typo:
    Tool tip shows "Kristal Security Advamce Detector".
    Question: How can I restore denied application to be able to use the exe again?
    Question2: Will Kristal Advance Detector prevent changes in the program files folder even if it has only standard user rights. (The way I'm using it know"
    Question3: What does the set file group options for?
  2. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi skudo12,

    Thank you for your report :)

    I will fix this today.

    1) To restore just add your file to whitelist. You can add directly to activity monitor by just clicking "+" button or under Blacklist/Whitelist.

    2) I will try this today and i will report results

    3) You can blacklist/whitelist your files with this option.

    Some news about classification engines: Coming up to 6 engines.
    If i will get answer from Emsisoft and ThreatExpert then up to 8 engines.

    Best regards,
    Kardo Kristal
  3. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Got a message that I don't have enough permissions, does that mean that I need admin rights when restoring a denied file?
    Crash report: Sandboxie + Eraser 6, set eraser 6 as sandboxie default delete command. Download an exe, click close in the prompt, then close the sandboxed browser and let sandboxie delete. Kristal Advance Detector will then crash. Does not happen if RMDIR is used.

    EDIT: Tested again, crash happens if I delete an exe with eraser 6.
  4. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi skudo12,

    Try to test this way:

    First add file to Blacklist. Then try to execute it. If execution is denied then continue: Search blacklisted file name from Activity monitor list, click on the object name and set "Set file group" to Whitelist. If all is working then no errors and file should execute.

    EDIT: I will try to fix crashes you mentioned with sandboxie and eraser 6.

    Best regards,
    Kardo Kristal
  5. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Bug report: Blocked file(deleted) from a prompt is not added to the activity error or is it suppose to work not to be recorded in the activity monitor.
    Feature Request: A button to clear logs from activity monitor.
    Question: When will the file classification be functional? What I'm getting is "analysing..".
  6. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Kardo, the .Net Framework error I was getting was due to lack of network permissions. :D Once I have given it such permission, the error doesn't occur any longer. :thumb:

    I encountered a localization bug in the tray bar icon. It says Kristal Security Advamce Detector. It should be Advance. ;)

    -edit-

    In the main GUI, where it says: Advance Detector Level: HIGH and then Set Low, what would think of modifying it to be like: Protection Level: High or HIGH, then some space, and then instead of Set Low, maybe have (Set to: Low)

    Protection Level: High (Set to: Low) (There would always be more emphasis in the one that is not set, perhaps?)

    This way Protection Level would be in harmony with Protection Status. For me, it makes sense this way. The eyes also "eat". :D Let's see what other users think of it.

    Also, in the current version GUI, where it says Advance Detector Level: HIGH, we see it hyper-linked... I clicked on it, but nothing happens. Is there a reason why it's hyper-linked? Clicking Set Low does change the level to Low...

    -edit-

    Where it says KSOnline: Connected, I think it would be more understandable what it means, to the user, if it had something like Connection Status: On/Off... or Database Connection: On/Off... something like that? (The latter option would make more sense, I think.)
    Last edited: Feb 22, 2012
  7. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    -edit-

    I clicked the green + in the main GUI, and I added a file... How does one remove files? I right-click, but no context menu appears; pressing Del also does nothing.

    By the way, what do you think of allowing the user to open the Activity Monitor in a separate, bigger window as well? Maybe a small window icon by the side of Activity Monitor, so that when the user clicks on it, a bigger window appears, just with the Activity Monitor. The current GUI is a bit small... that's all. :D
    Last edited: Feb 22, 2012
  8. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Maybe you could also add about detection of other executable type of files, like .com, etc.
  9. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi all,

    There is coming big update for Kristal Advance Detector and is soon available.

    First big improvement is design. Yes, now with modern GUI and simple navigation:

    Screenshot of Coming beta version: http://i.imgur.com/SS2HX.png

    New features:

    * A button to clear logs from activity monitor
    * KSOnline Engine 1 - Nictatech database
    * KSOnline Engine 2 - Malc0de database
    * KSOnline Engine 3 - Minotaurus analysis (based on Clean-MX)
    * Re-Analyse files option (button)

    Fixed:

    * Apply button (2 instances)

    Changes:

    * Improved design for better usage
    * Advance detector level to Protection Level

    Please let me know what you think of new design :)

    Best regards,
    Kardo Kristal
    Last edited: Feb 26, 2012
  10. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Looking forward in using it.. :D
  11. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    I hope you won't feel hurt because of what I'll express, because... well, it's just my humble opinion. :)

    Personally, I prefer the previous GUI. The previous GUI was making use of the operating system underlying UI (I apologize if this isn't the most technical term.). It blended with the O.S just fine. Granted that it was a tiny small, but nothing that couldn't be solved.

    Knowing you before hand, and knowing what you're trying to achieve with this tool, I'd use it. But, if I encountered Kristal Advance Detector by chance and saw the new GUI, I wouldn't even download it. On the other hand, if I encountered with the previous GUI, then I would download it, because it blends with the O.S.

    My honest opinion is that you shouldn't waste your time on this kind of GUIs, because you're just one guy. The time you waste doing it, it's time you won't be dedicating to the actual coding of your software.

    If you had a design team, maybe you could offer alternate themes, for those people who fancy that kind of themes.

    I know that a GUI shouldn't be the most important, and it isn't, which is why I'm saying you shouldn't waste your time trying to reivent the wheel. Take advantage of the O.S underlying UI.

    My advise to you, as you probably already figured it out, is to focus on the coding (improvements, bug fixing and all that stuff). Leave the GUI as simple as possible - use the O.S underlying UI.

    I personally like to have the feeling that I'm using a Windows native application. (Even if I know it isn't!) Then again, many like themes, many don't like them. :D

    But, considering you're just one guy, maybe you should keep it simple. That's my honest opinion and the best I can give to you.

    Please, don't throw me tomatoes. :D :thumb:
  12. Tarnak
    Offline

    Tarnak Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Had another go at installing earlier today. After installing, .NET Framework v4.0, I got an exception error which I ignored...

    ScreenShot_KristalAdvanceDectector_beta0.0.0.2_REVOInstaller_install_08.jpg

    After a reboot...all was OK! ;)

    ScreenShot_KristalAdvanceDectector_beta0.0.0.2_REVOInstaller_install_13.jpg

    ScreenShot_KristalAdvanceDectector_beta0.0.0.2_REVOInstaller_install_14.jpg

    ScreenShot_KristalAdvanceDectector_beta0.0.0.2_REVOInstaller_install_15.jpg
  13. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi m00nbl00d,

    Maybe you are right, because what i saw is that new GUI use a lot of
    memory....about 19 megs. I´ll think i should use same design like in previous versions.

    Important reason: memory usage.

    Thank you about this opinion, this is very helpful and i don´t implement this new GUI. All 3 engines already working now in new BETA what is coming very soon, also is working Clear monitor and Main GUI is bigger for better usage.

    Final Beta is thanks to your comment this:

    1) Main GUI: http://i.imgur.com/wgsTq.png

    2) Notification: http://i.imgur.com/vmQxx.png

    Best regards,
    Kardo Kristal
  14. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Ouch! 19MB. For many that's a small amount; for many others way too much, and most likely for people with low amounts of RAM. :argh:

    I like the Notification window. :D I also like the Kristal Advance Detector UI. :D (When you got yourself a team of developers and who knows a dedicated design team, you could then waste some time on a new UI... who knows. ;) But, for the time being, let it be... keep it simple.)

    By the way, I see that Protection Level: HIGH (Set to Low) is hyperlinked. Is there a special reason why? What exactly happens if one presses it? Shouldn't the hyperlinked part be only Low/High, depending on the chosen protection level?


    Thanks
  15. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi,

    Thank you.

    When you click on hyperlinked protection level, then it will set protection level low (if already HIGH). Give some suggestions: hyperlinked only Set to low? or the whole line?

    Regards,
    Kardo Kristal
  16. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    My opinion is that if you apply the hyperlink only to Low/High, then it will stand out, and there will be harmony.

    I think that Protection Level: HIGH and Set to: Low should have some separation. That separation is done by the parenthesis. Then, there should also be a separation between Set to: and Low/High. That separation would be done by hyperlinking Low/High.

    Anyway, you could wait and see what other users will say and get a better overview of what could be done with it. After all, my view is just my view... just one view.

    Even if you don't get more feedback at the moment, about this aspect, and instead get some feedback at some point later, you can always work on it. :)
  17. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi,

    Thank you :)

    I have some very good news about memory usage.

    New version will use 1 to 4 megs, but mostly 2 megs of ram.

    Look yourself: http://i.imgur.com/GGo4X.png

    Hope you like this memory improvement.

    Best regards,
    Kardo Kristal
  18. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    That's some nice improvement! Specially compared with the 19MB with the new GUI. I'm all in favor of code optimization and as less as possible used resources. :D

    :thumb:
  19. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hello everyone,

    New version of Kristal Advance Detector Beta [2012 0.0.0.3] is now available for download.
    This version include new features like 3 KSOnline engines for files classification,
    enlargeable activity monitor, separate analyse for your custom chosen files etc.

    For first i´d like to show you screenshots of new Beta version.

    Screenshots:

    1) Main GUI

    http://i.imgur.com/Q2Axv.png

    2) Enlargeable activity monitor

    http://i.imgur.com/q9vMb.png

    3) Notification

    http://i.imgur.com/lrJVF.png

    4) Separate file analyse notification (check custom files anytime by just adding custom file to activity monitor
    then click on object name on Activity Monitor and finally click Analyse to check file by 3 different online databases)

    http://i.imgur.com/fxBPF.png

    Here you can see complete list of new features, improvements and fixes:

    New features:

    * 3 KSOnline Engines
    * Clear Monitor availability
    * Add or remove custom files from Activity Monitor
    * Enlargeable activity monitor
    * Check for updates availability

    Improvements:

    * significantly improved memory usage (about 1-5 megs of RAM) - Screenshot: http://i.imgur.com/MVg3g.png
    * Bigger GUI for better usage

    Fixed:

    * Apply button (2 instances)

    Download links for new beta version:

    Installer: -http://dl.dropbox.com/u/47450407/Kristal%20Advance%20Detector%202012%20-%20Public/Kristal%20Advance%20Detector%20installer.exe-

    Portable: -http://dl.dropbox.com/u/47450407/Kristal%20Advance%20Detector%202012%20-%20Public/Kristal%20Advance%20Detector%20BETA.zip-

    I hope that you like and use this new beta version of Kristal Advance Detector and let me know how you like it :)

    Best regards,
    Kardo Kristal
    Last edited: Feb 26, 2012
  20. kupo
    Offline

    kupo Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Nice release :D, It's still very light and the nice changes.
    BTW, I've found another bug, clicking analyze without adding any files will result to a crash.
  21. phalanaxus
    Offline

    phalanaxus Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    I got a question, what does safe/unknown mean? If the file is unknown to the engine how do you know it's safe?
  22. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi phalanaxus,

    Thank you for your interest.

    This actually mean that no malware detected.

    Engine 2 and 3 include information about malware/malicious files.

    Best regards,
    Kardo Kristal
  23. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi Tarnak,

    Thank you for your report ;)

    I figured out how to solve this bug.
    This will be fixed in new version.

    Best regards,
    Kardo Kristal
  24. kardokristal
    Offline

    kardokristal Developer

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Hi skudo12,

    Thank you for your report and kind words :)

    This is known bug and will be fixed in version.

    Also thank you for using Kristal Advance Detector.

    Best regards,
    Kardo Kristal
  25. phalanaxus
    Offline

    phalanaxus Registered Member

    Re: Kristal Security 2012 [0.0.1.x Beta]

    Let me rephrase my question then :) To me these are the possible situations for me.

    Safe- You know the exact file and know it's safe
    Unknown- You don't know of the file
    Malware- You know the exact file and know it's harmful
    Unknown/Likely malware - you don't have exact file, but by some other means like behavioral detection and heuristics you can say it looks like malware


    Unkown/Likely Safe - you don't have exact file, but by some other means like behavioral detection and heuristics you can say it looks like goodware

    However unknown/likely safe shouldn't have any place in any security program that relies on signature/hash databases only. Does your program use some kind of behavioral analysis/heuristics?