Wormguard 4 Suggestions

Discussion in 'WormGuard' started by Jason_DiamondCS, Dec 18, 2002.

  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    This thread is to start a list of features that you guys want in Wormguard 4. I know a lot has been suggested previously in this forum and probably through email but this is just to compile it into one place. Things I am looking for are "minor tweak" to "midrange features/improvments" about Wormguard 3 you would like to see to make WormGuard 4 a better/easier to use product overall. I will of course consider all the features submitted, but it might not be possible to add all of them. And with that... let them being :D
    -Jason-
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi Jason
    I love to see a lot of commandline-options, like where to scan, what to scan, what to log where to log, or if it has no scanning possibilities, a way to execute a file in "protected mode" to see if it's ok, and sure, also from the command-line :D
    Dolf
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Jason:

    I would love to see a "right click"

    Scan with Wormguard [already available]

    PLUS

    Scan with Wormguard..... [where the "...." will give you a 'Navigation' option so you can navigate to folders/sub-folders/files, whatever
    instead of having to open up Explorer then navigating opening up the folders manually, then selecting a file to scan.

    I do this a bit for a] tests b] If downloading to a specific folder instead of desktop.

    Also: Is it possible to add the "confirmation no baddies found" option after such scan so put people's minds at rest. {mrBlaze asked about this also, so don't want to steal his idea}

    Thanks. :D
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I will add a fair amount of command line options which should please you Dolle :). The confirmation on whether or not a file is a worm is already added. Plus with the right click menu I will have some options in there in a Wormguard 4 submenu I think, like Winzip's
    -Jason-
     
  5. FanJ

    FanJ Guest

    Maybe this is off-topic here (if it is: sorry!):
    in the past there was a conflict with an early version of NIS (I don't know about newer versions of NIS vs. WG); if it could be possible to solve this.....
     
  6. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    You've[glow=red,2,300] SOLD[/glow] me then Jason. Thanks :)
     
  7. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi Jason,

    I would like to know if wormguard4 could scan a file being downloaded? Also an update feature, I've heard there will be something like reference type files for known worms. I hate having to download and install updates so something simple would be great :D. How about a cool graphic with the file warning :D. I know Wormguard4 will be great ;), but it's hard to wait, so how about some more hints? :D Any chance of integrating with email?

    Thanks
    Loki :cool:
     
  8. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Thanks for the headsup FanJ, I will look into that as a BETA approaches. The updating is going to be easily done, at least I think it is, simply click on "update database" and it installs it automatically for you after downloading, no unzipping or whatever necessary. Cool graphic with the warning? Hmm already done ;) .
    Integrating with email... what do you mean by that? With the protection that Wormguard 4 currently has, it won't allow any worms to be executed at all on your system. So if for some reason you click on an attachment, or an attachment is automatically run somehow from your mail program, then Wormguard4 will pick it up. I don't know if its "any" use doing things like scanning on download etc, we are looking at other methods of popular programs which we can integrate with to provide higher protection. But with the execution protection, if you have WormGuard 4 installed on your system the chance of a worm running on it would be almost nil. This is due to the combined "generic" detection and database detection.
    As a side note I added generic detection for certain types of EXE based worms the other day and it automatically picked up the new "iraq_oil.exe" worm and stopped it from executing. So even if someone managed to manipulate your network system and put a worm on it and try and get it to run, the chance is very high WormGuard4 will warn you that a this file is trying to be executed, do you want it to run? :)

    -Jason-
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Will i love worm guard cause its newby frindly out of all the dimonds products worm guard was the easyest to use click it on and forget it software

    im actualy surprise i didnt put it on the newby list its definitly up there port explorer even if its easyer to under stand is made for an advance newby.

    but still newby frindly for the most part just requires a little back ground reading.

    as for worm guard the things you and the guys done so far have been great no real need for inprovement really.

    adding to worm guard 4 no worm found message was much apreachiated.

    but if you want to really make it a perfect 10 rather then a 9.9 id say hire gladiator to do the worm guard interface desghien none of the technique stuff cause thats perfect just the apearence.

    then you have a perfect 10 cause not only will it be newby frindly great software but it be pure eye candy with a talking sexy voice.

    i sugest you try out gladiattor so you can see what im talking about.

    the man is a artist geniuse
     
  10. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The gladiator AV interface surely is different, there are a few "issues" that I find with it but I won't discuss them since it contains no relevance to this forum.

    With Wormguard4 I have been given a lot more freedom on the interface design so hopefully you will like it when you see it =) . While Port Explorer's interface isn't THAT pretty, it is pretty versatile and easy to navigate, etc, which is what is most important in any product. Pretty graphics come second, but with Wormguard 4 I will show you some of what I can do in interface design. :cool:

    -Jason-
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    now thats sweet im save up my money for worm guard 4 its refreshing to see some eye candy with state of the art software.

    but your right eye candy is second but still it be nice to see a dimond product with eye candy look just once i bet more people will be drawen to it.

    like gladiator software i was drawen on the looks at first glance it cought my attintion as totaly being diffrent from every software i ever seen related to security.

    and it only gets better with talking voice and im sure more things to come.

    thats way cool they gave you freadom to stretch your arms with worm guard 4

    im actualy very excited now finaly a dimond product with not only high quality security for peace of mind that we all love and enjoyed from you guys but now the feel and look of a brand new porch easy on the eyes yessssssssssssssss pure eye candy
     
  12. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Excellent with what you've done with PE I can't wait to see WG4 :D
    Happy Holidays :D
    Loki :cool:
     
  13. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hey Jason,
    How about some SS3 in WG. Should be easy :D :D
    Dolf
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Or make it a plugin from TDS?
    (i mean the scripts running in TDS for WG functionallity)
    or........
    WG resident at startup, from there autostart or manually start TDS with all SS3 functionallity etc. for WG and euhmmmmmmm PE too?
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    wouldnt that confuse worm guard cause it is constantly checking scrips for worms wouldnt it cause worm guard to go off like a machine gun
     
  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    WG knows better then we or any worm :D
    I'm happy it's on all time so it can catch the first nasties after reboot if they would be there and after the TDS exec protection or nothing against it to have that one there active before anything is running at all :D
    After all that our own scripts can do what we want them to.
    I'm quite happy with Dolf's port 137 listen SS3 which works nice for me, just as easy as the TCP Port Listen to eleminate all those UDP 137 portscans and logging.
    We just might like some collection of modules no matter if parts are called WG or TDS or Socket Spy sniff detector PE blocker netstat function exec prot scan resident spam hater intruders smack hacker bouncing infections thing with a nice voice calling us in the morning with fresh coffee and croissants -- as we devoted operators have the whole DCS collection anyway.
    For your machinegun hunt for a machinegun wav or mp3 and play it in the jukebos script :D
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will that sounds perty good but i can see problems with that will at least for a few window operating systems.

    for example windows me has a problem with starting certin programs on start up espechialy if you have to do a manueal reboot and are protected by the checking for errors fix errors option that comes as a default setting.

    example blaze is on aol waol has cause a problem screen freezes

    no way around it have to do a manuel reboot

    blaze click on button restart puter get box saying checking for errors but it never finishes cause new worm guard 4 becomes instantly active on start up befor i even get to desktop.

    meaning the check for errors never complets boclean at one time had that problem thats what i would check out first befor realeasing any security software that becomes active as soon as you turn on your pc literly
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I'm not describing anything new, just what WG is doing now at the moment. And doesn' it work that way for you at this moment?
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mr Blaze:

    I cannot remember if ME has Task scheduling or not, if it has surely all you would need to do is have any errant programmes start just after start up? If ME has not got Task Sheduling I am pretty sure there are task sheduling proggies around. :D

    Another thought: May be a nice addition to WG4 for some ppl - A "start" timer such as that found in Spybot Search & Destroy
     
  20. Luthorcrow

    Luthorcrow Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    56
    Location:
    California
    One quick question and a suggestion.

    ? I am using Workguard on a trial run and the About button displays it as WG 4?

    Suggestion, I haven't found an option to reduce wormguard to the systray only. I have the following apps running on the net: Wormguard, Spywareblaster, NOD32, Sygate Pro 5, and TDS-3. Which makes for a crowded taskbar for each security app that won't reduce to just a systray icon until either neeeded or going into alert/alarm. If I am missing an option please let me know otherwise I recommend that for future versions.
     
  21. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Wormguard 3 doesn't have a minimize to systray option, but it will be in v4 for sure :)
    -Jason-
     
  22. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Luthorcrow:

    Do you mean you have each of those apps just sitting on the Task Bar, and not minimised to System Tray. Spyware blaster you just select and protect then close down. NOD32 and Sygate must minimise to sys tray.
    As for TDS3. GUI/Configurations/Start-up and check like attached pic

    Just wondering why the don't.... :)
     

    Attached Files:

  23. Luthorcrow

    Luthorcrow Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    56
    Location:
    California
    Hi Tassie_Devils,

    Actually no, just Wormguard, Spyblaster, and as you saw in the TDS-3 section, TDS-3 as well. Thanks for the help on both. As for Spyblaster, I must be missing something in your description, because after I select the Protect Against Selected Items button, if I close the window, the process for Spyblaster no longer appears on the list on Task Manager?

    Anway, I didn't mean to double post, just was trying to keep the same question for two different apps in the appropriate place. I see I shouldn't worry about cross fertilization with help :D
     
  24. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Luthorcrow:

    I see what you mean. Well javacool explained that once you set the protection you are actually entering them into the REGISTRY, and no need to have the program 'running'.

    This from help:

    *********************************************
    How does SpywareBlaster work?

    -SpywareBlaster works by settings "kill bits" in the registry. These "kill bit" registry entries are set for the spyware ActiveX CLSIDs (unqiue IDs that identify an ActiveX control). When a kill bit is set for a CLSID, the ActiveX control that uses that CLSID cannot install itself via your browser, nor can it run if it already installed. Microsoft sometimes uses these kill bits for fixing Active-X security holes.


    #3) But what happens if I ever want to reverse or remove these kill bits?

    -SpywareBlaster can do this for you. Simply uncheck every item that you wish to have the kill bit removed for, and press the "Remove Protection for Unchecked Items" button.

    ****************************************************

    So I take it no need to have it 'running' just enable the "kill bits" [protection enabled] then close it, as the Registry entries are already there. At least that was my understanding when I asked him this very same question. Could be wrong though, lol. :)

    EDIT: Oops, just realised off topic here. Sorry guys. No more posts re this from me.
     
  25. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol cup holder and leather seats