Integrity Checkers

Discussion in 'other security issues & news' started by FanJ, Feb 14, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I start this thread to discuss some programs with the ability to check the integrity of your files and/or registry.

    Some of these will do it in realtime, others don't.
    Some of these will check only one type of files, others give you the possibility to choose your own type of files to monitor.

    Let me make a start of the discussion by making a summing-up of these:


     
  2. FanJ

    FanJ Guest

    With permission of Technodrome (thanks TD!) a copy/paste of a posting by him about ADinf:

    [hr]

    http://members.tripod.com/technodrome24/adinf.htm (there are some cool, ADinf32 GUI shots)

    ADinf is a sophisticated data integrity system, which senses even the imperceptible modifications in the files system and system areas, changes in files, newly created and deleted (sub)directories, newly created, deleted, renamed files, and files moved from one directory to another.  

    I am using this product since 1999 and it's very cool utility... It needs less then minute to check 70,500 files (on my computer) for the modifications and changes in the files, system, system areas, so-called invisible (stealth) viruses, etc… It only cost 19.95$ and works perfectly under Windows XP. (Including 95/98/ME/NT/2000 as well).
    Any suspicious file change will be discovered and take care of. It saved me several times when AV product failed. I just Love it. ADinf is Similar to Kaspersky AV Inspector. But in my opinion (and others too) ADinf is far better IC the KAVI and it has more features then KAV Inspector. I won’t even touch speed issue..

    You can try it from here: http://www.adinf.com

    [hr]
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Real nice overview. I like to add two other integrity checkers to your list.

    • FP-Win Professional (http://complex.is)
    • Integrity Master (http://www.stiller.com)

    At the moment I use the KAV Inspector as integrity checker. But the best one I tried so far was ADinf.

    wizard
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    There is also an integrity checker included in F-Prot AntiVirus (though I'm not sure how it compares to the other programs on your list).
     
  5. FanJ

    FanJ Guest

    Thanks Lars!

    I have added Integrity Master now to the list, but somehow the url for FP-Win Pro doesn't work for me.
     
  6. FanJ

    FanJ Guest

    Hi Javacool,

    Could you give an URL to a page with info about their integrity checker?
    (Of course I know F-Prot exists ;) ).
     
  7. FanJ

    FanJ Guest

    What I would like to do, is this (with all your help!!!):

    Make an overview for each one of the programs about some features (is that the right word?).
    I'm thinking of this example (maybe in better layout):

    NISFileCheck:
    • freeware/costs
      • free
    • build in other program
      • no
    • real time
      • no
    • registry
      • no
    • files
      • yes
    • only default file type
      • no
    • file by type
      • yes
    • default file type
      • exe, dll, vxd, ocx, sys, bat
    • possibility to add file types of your choise
      • yes
    • possibility to add files of your choise
      • yes
    • other remarks
     
  8. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    This is CheckSum Guard.  One more product with similar intention.  http://www.softcharm.com/index.htm

    CheckSum Guard is a versatile and effective antivirus program for Windows 95/98/NT/2000. It can protect your executable files against almost all EXE & COM viruses. During the first run the program scans your drives and saves information about every executable file in its database. After that, each time you check your computer it adds information about new executables and checks old ones. If any of them has been changed since the last check, you will receive a warning and will be able to cure that file. The curing algorithm allows to fix more than 90% of infected files. The program's help contains an instruction that helps you to find the file that was already infected when it was copied on your computer.

    To view a screenshot click here http://www.softcharm.com/products/cguard.gif

    I didn’t try this one myself. If someone did, please be kind and share experience...
    ;)
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Try this one:
    http://www.f-prot.com/f-prot/products/fpwin.html
     
  10. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    F-Prot anti virus means FP-Win professional. Maybe the url does not work because I did not typed www but most browsers can reach that site without www.

    The correct url is http://www.complex.is or try the direct url from technodrome. It is the same server. ;)

    wizard
     
  11. FanJ

    FanJ Guest

    Oops, dumb me  ;)
    Thanks!
     
  12. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    FanJ,

    Okay, now you've done it!  :D
    Adding three items at the bottom of the listing

    Given my well-known propensity for long tabulations of features, here's my suggested tabular outline for this subject.  (I assume you can put tables into the FAQ section on this bulletin board?)  It would be nice if an individual user could select specific  columns for comparative purposes, but that's not really necessary.

    Also, I assume I can come back and modify this list as time goes by?  (So, folks, check back in this posting for any additions/modifications/deletions that I might make):

    Herewith:

    Application Name    Required
    Application Build      Required
    Release Date          Desired
    Website URL           If available
    Freeware/Shareware/Payware
       (Not much point in putting in detailed prices for
        payware, given rebates, street prices, etc. Besides,
        that's easily findable, once feature set is clear.)
    Works On:
       Win 95              (Yes|No|Unknown)
       Win 98              (Yes|No|Unknown)
       Win 98 SE         (Yes|No|Unknown)
       Win ME              (Yes|No|Unknown)
       Win NT  (SP?)    (Yes|No|Unknown)
       Win 2K (SP?)     (Yes|No|Unknown)
       Win XP              (Yes|No|Unknown)
    Monitors:
       Executables in RAM     (Yes|No|Unknown)
       Executables on Disk    (Yes|No|Unknown)
    Can be Run:
       Memory-Resident (i.e., real-time)
       On Demand
           On Demand requries Operator Present?
       On Schedule
    Can Consider:
       LAN Drives
       Other machines on LAN
       All Drives On System
       Specific (User-definable) drive
       Specific (User-definable) folder
       Specific (User-definable) file
    Addresses:
       All Files (wild-card specification available for filename, file extension, or both)
       EXE Files
       DLL Files
       VXD Files
       OCX Files
       SYS Files
       BAT Files
       Script Files
       Other (Please Specify)
       Can Examine Multiple File Extensions on Single Pass?
       User Can Add File Extensions to Check
       User Can Add Specific File to Check
       User Can Exclude Specific File to Check
    Version Comparison:
       Identifies Newly Found Files
       Identifies Modified Files
       Identifies Deleted Files
       Identifies Renamed Files
       Identifies Moved Files
       User can Archive data on old file versions (for roll-back)
       User can Roll-back to 'Prior, Known Good' File
           (this can work for OS utilities like SFC)
    Hash Algorithms Available:
       CRC-32           (Yes|No|Unknown)
       MD2                (Yes|No|Unknown)
       MD4                (Yes|No|Unknown)
       MD5                (Yes|No|Unknown)
       SHA1               (Yes|No|Unknown)
       RIPEMD160     (Yes|No|Unknown)
       RIPEMD256     (Yes|No|Unknown)
       RIPEMD320     (Yes|No|Unknown)
       Haval              (Yes|No|Unknown)
       Other (Please Specify)
       User Can Compute Multiple Hashes Concurrently?
    Output Displays:
       File Drive
       File Path
       File Name
       File Extension
       Hash(es)
       File Date/Time Last Modified
       File Date/Time Created
       File Size (bytes)
       File Version (if available)
       Other (please specify)
    User-Defined Filters on Display?
    Export Capability for Posting in e-mail and forums?
    Known Independent Reviews (multiple hyperlinks, if available)

    Data on targeted files is encrypted
    Data on targeted files is password-protected
    Application allows baselining from independent source(s)


    Betcha thought I was gonna let you off easy, didn't ya?  :D  
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Joseph,

    Jan will be in for quite a surprise tonight indeed   ;)

    regards.

    paul
     
  14. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Paul,

    But it is night over there by now!  ;)  Are you trying to tell me Jan has a real life?  :eek:
     
  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Joseph,

    Ah, those Time Zones.. it's 7:26 PM over where Jan lives. Accidentally misinformed you as well; he won't be around until sunday late (that's in about 28 hours)...

    eh...never heard of: "a real life"? Could you elaborate please?  Sounds promising.

    regards.

    paul  
     
  16. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Oh, dear, how to explain this?  ;)   It has something to do with real-life experiences that do not require a computer, keyboard, and monitor.  Odd concept, isn't it?  But I have it on good authority that such things do exist.  ;)
     
  17. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Somebody should start a new post under name "How thick glasses u wear"   :D
     
  18. FanJ

    FanJ Guest

    Hi Joseph,

    Welcome again!

    Thanks very much for your suggestions, and email's.
    It could take a while to think about them, at first look it seems it are very good suggestions!!!

    (eh, I was earlier back from real life than I thought I would be :) ).
     
  19. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    Other desktop Integrity Checkers:

    Veracity ($60)
    http://www.veracity.com

    LANguard File Integrity Checker (free)
    http://www.gfisoftware.com/languard/lantools-fic.htm

    WinInterrogate (free)
    http://winfingerprint.sourceforge.net/

    A poor-man Tripwire-like system on Windows 9x/NT (free)
    http://www.geocities.com/floydian_99/poormantripwire.html

    Floke Integrity (free)
    http://www.angelfire.com/wi/wickmann/floke.html
     
  20. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
  21. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Security Focus:

    Found here: http://www.securityfocus.com/infocus/1546
     
  22. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Bin eval - u - 8 - tin  Adinf32. this thing goes nuts if a file changes with out the last modified/accessed dates changing. It told me I have stealth virus activity when in actuality, I have Index server running.
     
  23. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    FanJ,

    If you get so ambitious as to try that tabular comparison of different file authentication products, there's one thing I believe I neglected to say.  (I know, I know, difficult to believe, isn't it -- after all, I said so much!  :D )

    Every cell in the table should probably have an entry.  If the answer remains to be determined (i.e., if it's unknown at the time), I'd recommend a question mark or question mark icon.  That immediately draws attention of people who might be familiar with the product so that they could provide you with the correct information.

    Second, I'm sure that in some products one or more of the parameters (rows) I've recommended is simply irrelevant.  In that instance, I would recommend an explicit use of "N/A" (Not Applicable), rather than simply leaving the cell empty.

    Third, there may be some instances in which the appropriate parameters for a cell is not known (in which case the value should be indicated), and not not known (if you catch my meaning), and is not simply "Not Applicable".  Mind, I have no idea what cells might fall into that category, but I will acknowledge their potential existence.  These cells should be left blank (and only these cells).  That'll get attention fast enough.  (Credits to C. J. Date on this one: "When NULL is Not Null".)
     
Loading...
Thread Status:
Not open for further replies.