Post your feature suggestions for the next version of FileChecker (1.8)...

Discussion in 'FileChecker & ID-Blaster Forum' started by javacool, Sep 8, 2002.

  1. RogerParks
    Offline

    RogerParks Registered Member

    Hi Javacool,

    Some suggestions and a question.

    1. "Minimal file-monitoring default". This switch would automatically add files such as: wsock32.dll, comctl32, oleaut32, mfc42, boot.ini, explorer.exe, etc., and folders such as spywareguard, filechecker, etc.

    -Perhaps the Forum can suggest files to include here.

    2. "Critical" file designation. A change in wsock32 could, for example, be designated by the user as a critical change.

    3. An optional alarm that sounds continuously (a stream of "dings") if a critical change occurs.

    -Obviously, some users would choose to have a few files, all of which are "critical". Other users would have some critical, and some "informational" - with simply a popup. Still others would make them all "informational". Some logs, and service daemon file changes, for example, would be informational.

    4. Guidance on checksum algorithms. Is there a significance difference in processing time, between the various checksum formulas? If so, include an explanation.

    5. Advice to users that checksums should be used on "critical" files, and date/size checking is adequate for "informational" files.

    6. Change the "X" in the upper-right corner from exit to minimalize (yeah, I know - many won't like this ....)

    7. Question: Why all the reference to psapi.dll when Filechecker is in the tray? When the window is open, these constant references cease (using Russinovich filemon)....

    Thanks for some GREAT programs,


    Roger Parks
  2. Andreas1
    Offline

    Andreas1 Security Expert

    Windows2000's backup tool provides a way to "backup system state". That includes registry and a couple of essential files. I don't know the exact files, but i suppose they would be a start for the critical files...

    (I'll have to examine FC to think of other suggestions for future versions first, i'm just a would-be user ;) )


    And i have a question to you FC users: I have recently had to reformat my windows partition and upgraded from 98SE to 2k. Now i'm in the process of slowly re-installing the tools/apps. In the meantime i have played a lot with linux and came to know file checking tools like tripwire or aide. So i have decided to use something like that in Windows as well. By chance i first downloaded NISFileCheck and now i find this tool here... Would someone who knows both of these (and maybe even the linux tools) be so kind as to PM/IM me with a suggestion which tool i should use and what its advantages are when compared to the other tool. So far, windows-service-capability of FC looks like a great advantage. But maybe i'd need only scheduled checks... TIA,
    Andreas
  3. Andreas1
    Offline

    Andreas1 Security Expert

    I've just did that backup thing and it's some 1.700 files, so i'll have a hard time finding out which ones that are...

    In the meantime, how about the following:
    - Offer an option to send changed files as smtp attachment only if they are below a certain size.
    - Add files by providing a textfile with a listing of those files.
    - has anyone mentioned already adding message digests/one-way hashes in addition to checksums?

    CU,
    Andreas
  4. jargonize
    Offline

    jargonize Registered Member

    this is a dumb question, but why doesn't file checker check all files by default?
  5. osmethne
    Offline

    osmethne Registered Member

    (a well old post, but it's sticky and noone seems to have answered?)

    because huge numbers of files change on a regular basis, and are indeed supposed to. on servers, think of databases and log-files. on clients, think of your browser cache.

    and a reply to the suggestion made by others of scanning all .exe's and .dll's -- assuming that this kicks off your AV scan as well, i hope you're prepared for a fairly heavy system load.
  6. DolfTraanberg
    Offline

    DolfTraanberg Registered Member

    For this very nice program I would love to see a possibility to run a different program on any file change detection.
    Dolf
  7. Comp01
    Offline

    Comp01 Registered Member

    I think Filechecker should also have a small "System snapshot feature" and backup, so, say, if you install a Windows update, or program, and cannot remove/have a hard time removing it, you can just restore the original files, and delete any added to a certain Program folder/and or Windows folder... ... if possible...
  8. jcouture
    Offline

    jcouture Registered Member

    Here's an icon for you...

    Attached Files:

  9. jcouture
    Offline

    jcouture Registered Member

    One other icon...

    Attached Files:

  10. alk
    Offline

    alk Registered Member

    Hi

    What a great but simple program Filechecker is. I like it a lot.

    I have some suggestions for additions that I would like to see in it if possible to do.

    Let me get right to it:

    It might be good to enable it to check for the following types of tamering of a file. For example, presumably if a hacker wants to read the contents of a text file he first has to open it and secondly may want to copy the file or the contents of the file to some location so that he can download the text from the person's PC and send it to himself by some devious means. It would be great if I could have realtime monitoring of certain files that would immediately alert my with a pop up of a watched file was even simply opened in any way. That way I would know immediately that someone was viewing the contents of a text file and could put a stop to it. Better yet if even a request was made by a hacker even to open a certain file then the Filechecker could say do you know that a request has been made to open a text file and I could then stop the hacker by saying I did not want the file to be opened or viewed by anyone.

    Another useful feature might be to have a message that tells us which particular lines or text in a text file has been altered. It could say what was there before and what is there in place of it and do I want the changes made or returned back to how they were originally.

    Also if a hacker got in and copied a file from my PC to send to himself via a trojan or something it would be good to know just exactly what text or file he had been able to steal.

    A final feature might be to have a report on which file on my PC was requesting or making changes to a file in the watchlist so I could see if it was some kind of new unidentified trojan or virus file. And this might be difficult, but if a hacker was right now tampering with my files it would be great if I could get some kind of lead on him like where on the internet he was attacking from so I could report him.

    I hope you might be able to include some or all of these ideas.

    Thanks

    Al :)
  11. Nimrod
    Online

    Nimrod Guest

    [glow=red,2,300]Hello ! [/glow]

    Thank you for a wonderful utility !! :D ;) :)

    I think i have some useful suggestions :
    1]
    It will be a nice featue if the user would be able to determine for each file in the list which specific file attributes to scan insted of scanning all the attributes ("created date" , "modified date" , "file size") as one.

    The reason is that in some programs (like Spyboot , Sygate , AdAware) in every execution there are some "configuration files" that are always being rewrite (even if u didn't change anything)
    i.e. only thier "modified date" is changed while their content or their "file size" doesn't change at all.
    if u activate the "alert attribute change" then in every execution of this programs u get a lot of unwanted annoying alerts . while if u won't activate the "alert attribute change" u will abandon this files to unauthorized changes.

    Examples for the file that i referred to are :

    in spyboot : "configuration.ini" and all the important "exclude" directory
    in Sygate : "stddef.dat" , "stdstate.dat" , "Default.dat" (configuration files)
    in AdAware "Ignorelst" (the important ignore list)

    Adding the specific "file size" scan without the "modified date" scan will enable a smart usefull protection without all the unwanted & continuous "modified date" alerts.

    A useful way to implement the suggestion is to add a check boxes near every file (similar to the checksum box) which will determine which specific scan will be performed for each file.

    To facilitate with the novice users when a file is added to the list u can set all the scan possibilities to "yes" ("checked") as default.

    2]
    A nice feature will be the ability to export/import the "file list" (in case u have to reinstall/upgrade Windows)

    3]
    in contrary to the easiest way of adding files to the list , removing them is a little problematic :
    if the path file is long u can't see his end in the window (does'nt support resizing).
    u cannot remove entire directory/branch (in case of wiling to unscan an entire utility files) .

    I hope i was useful ;)

    Waiting for the next version . . . .
    Nimrod
  12. icxcnika
    Offline

    icxcnika Registered Member

    So far, Filechecker only uses CRC32. However, i have found that there are better ones. Could there be an option to pick which algorithm was used? i.e.:

    (*) CRC16
    ( ) CRC32
    ( ) MD5
    ( ) SHA128
    ( ) SHA256

    whadda ya think?

    The one and only ICXCNIKA
  13. icxcnika
    Offline

    icxcnika Registered Member

    Another idea!

    Another suggestion to be placed in the 'options' panel: easily make it run at startup. I.e.:

    [x] Run FileChecker at startup

    ( ) Normal run
    (o) Run as a service (explanation 'here')

    Hope you like it :D
  14. Pigman
    Offline

    Pigman Registered Member

    Not knowing exactly how Filechecker works, I'm not sure if this is possible to implement, but...

    How about "Allow/Deny Change", like Spybot's Teatimer does for registry changes?
  15. liquidsilver
    Online

    liquidsilver Guest

    yeah it would be great if you could deny or allow changes made to files... or atleast be able to restore files that you specify filechecker to check in case of change. Great program! I dont feel safe without it...
  16. Herbalist
    Online

    Herbalist Guest

    How about making it so that it doesn't show when CTRL+ALT+DEL is used? The ability to keep the tray icon hidden in some profiles but not others (win98 and ME). Make the popup land on top of whatever is open on the desk (always on top).
    Rick
  17. JakeR
    Online

    JakeR Guest

    How about an option to run a custom command script?

    Nice program! Thanks for this very useful app.

    Jake
  18. User_uk
    Online

    User_uk Guest

    Stopping file access

    Hi,

    I think a new feature for file checker should be the facility to block changes being made to the files you add, when the prompt appears.

    There is a new feature of software called "ransom ware" which can encrypt files that a user owns. By actually blocking changes (as many anti spyware programs do), it would be a hardy defence again this sort of program. On regular documents these alerts could be a pain, so a simply box popping up where you can quickly click "allow change" would then mean you were more secure.

    Just a thought. What do others think?

    Antony
  19. Dazed_and_Confused
    Offline

    Dazed_and_Confused Registered Member


    ...At least a different icon when "Checking" is enabled, and a different one when it is not enabled.
  20. Dazed_and_Confused
    Offline

    Dazed_and_Confused Registered Member

    What about the ability to sort the list of monitored files? That would make it easier to find a specific entry in a long list.
  21. Dazed_and_Confused
    Offline

    Dazed_and_Confused Registered Member

    1. Regarding the checking of the box (next to the files being monitored) to enable checksumming, it would be nice to have a "check all" button (or something in a right-click context menu) that would automatically populate each of the boxes with check marks.
    2. When depressing the "Save Watch List" button, it would be nice to receive a confirmation to user that the list was saved.
    3. How about adding a "Check Email Message" button to verify SMTP (a well as firewall) settings are set and ready to go, and have FC send a test email message. Obviouysly a work around is to manually change a file being monitored and see what FC does.
    4. Regarding the boxes next to the files being monitored, how about adding a headings above that column to better identify the purpse of the boxes.
    5. What is an "NT/Event Log"? What happens when you enable this? I believe it simply instructs FC to log specific events to a text file, but not sure. Explanation on form would be an improvement.
    Thanks for your consideration. A really nice tool. :)
  22. cortez
    Offline

    cortez Registered Member

    Some way to hide (change):

    1. hard drive identification

    2. BIOS identification

    3. CPU identification

    4. machine identification


    It is not that I am against identifying myself to Microsoft when I need/want an update, it is I do not want to be identified between updates.


    Spying is spying as long as it happens when I do not want it to happen, and I do not like it at all.
  23. CircleGirl
    Offline

    CircleGirl Registered Member

    @Cortez:

    XPAntispy may be a small stop gag from Microsoft snooping until ID Blaster is brought up to (your) snuff:

    Attached Files: