Sentinel - Free once again!

Could people share their set-ups here? Which folders/files should be included in the scan?
Thanks...

JJ

 

run the settings wizard under options, very easy to follow

betauser2

 

Sentinel comes pre-set to cover the *most critical* files. So also does Watcher.

The out-of-the-box settings for Watcher (per its own website) are as follows...

As for me, in addition to using Watcher twice daily, I use another free integrity checker called Fingerprint every week or so because it lets me specify exactly which file extensions it should monitor. My personal watch list is as follows...

 

Thank you very much for your help bellgamin.

 

Avec:

I would recommend adding the following folders:
C:\Windows\System
C:\Windows
C:\

Sentinel does not scan recursive directories, so adding the C:\ drive for instance will not scan your entire drive; only the files directly located in the C:\ path.

For each folder, I would also enable the options: "Scan this form at Startup" and "Scan this folder at Secure Shut Down" and select every file type except for the OCX files - that will add the folders to list that will be scanned if you have those features enabled.

Derek

 

This product sounds great. However, when I go to the website, it does not have Antivir under the compatible antiviruses and it is not listed in the forums. So I was wondering what .exe file I need to set it to notify to scan?

 

Browse to the anti-vir installation directory (from the sentinel settings wizard), add the exe then click ok in Sentinel-the next page allows you to test if you have chosen the correct exe by doing a test scan of two files.

 

Thanks Derek, that's what I was after.
Very nice wee app.

 

Hi All,

Gad, when someone mentions FREE, its like moths to a flame - me too!

Perhaps the only useful function is to auto check your AV program whenever it finds a discrepancy, but having a registry watcher is an added plus if you don't have one, or a HIPS that also watches the registry for changes.

Does this mean the integrity of the AV is checked or does it mean that the AV is launched against the discrepancy? If the second, is the integrity of the AV checked prior to launch against the discrepancy? If the AV's integrity has been compromised then it is not sufficient to check against any discrepancy.

I'll stick with using Watcher at boot up to verify integrity until I've had a chance to take Sentinel Free for a spin to see how it compares with what I have already including HIPS - I'm always interested in reducing my footprint while keeping the same level of functionality or improving it.

Support for SHA-1, MD4, have both been superceeded and CRC32 may not be as useful as even MD5.

On Feb 15, 2005 Bruce Schneier reported SHA-1 Broken
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Microsoft has since announced that they are moving away from SHA-1 due to this issue no doubt.

Read this article about MD5:
* Good Bye MD5 by ediazc The cracking of MD5 is making it useless?
http://www.codeproject.com/useritems/GoodbyeMD5.asp

* Stronger encryption functions than MD5 (128bit)
Whirpool(512bit): http://en.wikipedia.org/wiki/WHIRLPOOL
Ripemd(160,128,320bit): http://en.wikipedia.org/wiki/RIPEMD-160
Sha-2(256,512bit): http://en.wikipedia.org/wiki/SHA-2

-- Tom

 

To get AntiVir working with Sentinel, use the following exe file:
AVNT.exe

I checked the command line options and it doesn't seem like the quiet mode works when calling AVNT on demand while specifying the exact files (so the DOS window will stay there until you close it).

It looks like earlier versions from H+BDEV used AVWin.exe; but when I tried that here it didn't seem to work, so use AVNT.exe instead.

Derek

 

Yep, very true. I remember reading Bruce's webpage when the news broke back when the original article was published (I would recommend his email mailing list to anyone else interested in security). The researchers found a collision in the SHA-1 algorithm which basically means that they found a way to crack SHA-1 codes.

The good news is that SHA-1 is still a very good standard and it is very unlikely that casual hackers will be able to take advantage of this flaw right now (as the computing power required to crack SHA-1 is very very very substantial). But - with the news that the big dogs over at NIST are looking to phase it out by 2010, I guess people should be looking into other standard (Perhaps I should update Sentinel and include much better algorithms)

Sentinel does not explicitely check the validity of the AV software since regular AV updates are likely to make the AV software fail any integrity check Sentinel would perform. The best Sentinel can do at the moment is notify you of any changes to AV dll's and exe files if you decide to scan the AV folder (which would indicate possible corruption if you know you haven't updated the AV program files). Whenever Sentinel detects a change, it will send the discrepencies over to the AV for further checking.

 

Thanks runtimeware for this excellent free product and the quick support! It works great.

 

Does Sentinel include an option to remove changed or added files? Watcher has this and several other options available at every instance of a new or changed file. I have read the Sentinel help file and this (essential) facility isn't mentioned anywhere.

 

MikeyB: No, Sentinel does not have such an option

 

ewido and Trojan Hunter don't seem to work properly with Sentinel or I'm putting in the wrong .exe.
Has anyone done either of these successfully?

Thanks..

JJ

 

Ewido worked fine about a month ago when I tried Sentinel .. don't know how it would do at this moment but I know it worked back then ..

cheers

 

I have Ewido and Sentinal working together fine

 

RunTimeWare, I really don't want to offend you, but - as a programmer of a security related software who doesn't even care if this software works under a limited user account you have a rather questionable understanding of what computer security should consist of. With such an attitude it's no surprise that probably more than 95% of all Windows users are permanently logged in as administrators thus giving full rights to any malware.

I'm sorry that you are the adressee of my complaint but it's really a pity that you and many other programmers make a crucial contribution to prevent an absolutely necessary change in the behavior patterns of most Windows users.

 

Mine just stays in the task bar and doesn't do anything.

 

Such as switching to Linux or a Mac, perhaps?

 

That's one possibility, indeed. But even Windows can be considerably safer without admin rights.

 

No offense taken -

The nature of Sentinel (and most file integrity checkers) is to verify the integrity of the most vital system components. If those components are not accessible, then it really renders the program useless.

I agree that I probably should have tested this at some point in time, but let's be honest; the 95% of Windows users WONT change. What has made Windows so successful is that it is extremely easy to use and doesn't generally bark back at the user. Trying to get users to change their habits to make it HARDER for them to install and use software is NOT what's going to get your program downloaded from the internet.

The type of people downloading security software nowadays are not the average computer user as well. If the operating system market was a perfect world and we were all running Linux then we wouldn't be having this discussion...but we're not...and therefore instilling change into the existing userbase (that 95%) is going to take MUCH more than a couple security software programmers - it's going to take an initiative on Microsoft's part.

I understand your frustration, but please, direct it to Microsoft...they're the ones who can really make any difference - not the guys releasing additional security software.

I don't know what its going to take and I can't wait until Microsoft cleans up Windows...any news on what this looks like in Windows Vista btw?

 

What's wrong with running as administrator? I upgraded from WinME to XP about three months ago. I run as administrator without the need of a password to logon. Is this bad? With my WinME machine there was no password and i was administrator because there is no option to be otherwise. So what's the difference with my setup now and my setup using WinME? Don't get me wrong, i'm sure there is a good reason to do this, but I would really like to hear a good solid reason to put a password on my XP and run as a user account with limited access rights.

M.

 

Have a look here or here and from Microsoft themselves here .

 

What I don't like about running as non-admin is I can't get many of my programs to run. I like to use some anonymizers at times, they won't work. I just can't get so many of the programs I like to work, so I just gave up trying to run as non-admin and just run a bunch of security programs instead. It much easier to do it this way and far more fun than running a boring limited account where none of my programs work. Maybe if I could get all my favorite programs to work in a limited account I might switch over.