Advanced Process Analysis and Identification System

I just installed the latest version and noticed with Voice narration turned off, if you go to Processes and then right-click to launch Analysis and Identification, it is still narrated.

Nice!

I'm not sure what you mean.

 

Yes, noted. I still have one more external module to update, seems I forgot to pass the settings from the main GUI to that module...

Well, right now only the local user gets full control over the "Insecure" database. Currently you update the database by manually adding to it when you click on the "Insecure" button.

I was just wondering if it would be of value and worth my time to do like I did with the White-listing modules and generate a local and a global Insecure/Vulnerable module (One controlled by the user the other by me... and kept up to date via the signature updates)

Currently I only provide a few Insecure listings with the database file that comes with each upgrade, which you cant really use unless you overwrite your own local field additions to the file (it actually optionally overwrites it during upgrades)

Right now it seems I don't get enough interest in the product for me to warrant spending much more time or effort in developing new features, I can just build them as I personally need them unless users ask for something specific they actually need...

 

Ah like that, a global Insecure database would be nice, but like you said it may take up a lot of your time without much in return. Plus software like Secunia PSI already has a huge Insecure/vulnerable database which makes it easier to just do a scan with that to find any vulnerable software.

 

Yes.. I really like Secunia... However I strongly suspect that through no faults of their own they would be obligated to fail to alert users of insecurity like skype or outlook for example...

The type of insecurity that is a subversion by the NSA or the PRISM as well as other allied programs implemented via cooperating corporate America and other western democracies....

https://www.eff.org/
https://www.schneier.com/blog/archives/2013/08/the_nsa_is_comm.html

Users have to now depend entirely on themselves for inspection, and for the determination of what actually really constitutes "Clean" or "Secure" as large businesses with U.S. ties can no longer be trusted.

Large corporation in the U.S., Britain, Australia, and Canada are no longer trustworthy in relation to the forcible silent cooperation with the new western totalitarianism currently in place.

They can be forced to cooperate and threatened with incarceration if they tell anyone about it. This forced cooperation is imposed without due process or a judges order. It's pretty much arbitrary.

The only defense available is software like mine, where you can selectively tag, locally or in a portable fashion whatever you identified in the field as hostile so as to easily defend against those in-sinuous attacks against privacy and intellectual property...

By giving you the ability to dynamically and persistently identify and tag hostile, or friendly or insecure processes you can more effectively protect yourself in several ways. I saw this one coming and it's why I built and designed everything this way...

The only problem I cant solve this way is the man in the middle "between boxes" interception tactics, the only viable solution here is increased use of and better encryption for all communication and for all data storage, independent from large vendors and preferably via open sourced models...

By the way have you ever read this: http://www.huxley.net/bnw-revisited/index.html
Anyone interested in viewing the future being built right now should read this with a special focus on the use of propaganda, brain washing, and other technologies by the authorities...

 

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3723 (17 October 2013)
http://hermes-computers.ca/downloads.php

* NEW:
- UNLOCKED A FEATURE: You can now scan for and analyze/Identify Drivers in the Free Unregistered version!

* Improved:
- Sound controls are now fully functional in all cross modular interactive functions
- Bottom visibar activity tracker text labels now flashes text to green when functions perform tasks

 

Advanced Process Analysis and Identification System Technician's Edition
Database Updates


New Signatures Updates 25 October 2013

- Global Whitelist
- Primary Malware Database

Happy Hunting!

 

Advanced Process Analysis and Identification System Technician's Edition
Database Updates


New Signatures Updates 01 November 2013

- Windows List
- Global Whitelist
- Primary Malware Database

Happy Hunting!

 

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3854 (27 November 2013)
http://hermes-computers.ca/downloads.php

* NEW:
- I.A. Box (Extereme lower Left) - GUI now Clearly identifies background Internet activity
- S.I.M box (extreme lower right) - GUI now clearly identifies Signature Identification Module activity

* Improved:
- Added several new "Tooltip" information strings to Main GUI
- Improved a few minor logic processors
- Miscellaneous internal code improvements to continue to prepare for A.R.A. module improvement

Here is a pic of the new release!

 

Thanks for the notice

 

You are Welcome!

 

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.4064 Rev D (20 March 2014)
http://hermes-computers.ca/downloads.php

* NEW:
- Public Release switched to internal Revision "D" fork of the project
- Data Execution Prevention (DEP) - Security
- Address Space Load Randomization (ASLR) - Security
- Experimental A.I. Preceptor logic control now passes educated guesses to users (This will improve over time - as my schedule + resources permits)
- A.I. Viewpoint report (See line above for reference)

* Improved:
- Improved security (DEP)+(ASLR)
- Analysis performance improved
- Lots of minor code improvement
- A very Long List of compiler improvement
- A.P.A.I.S. can now identify an extra 9 millions more historical malware signatures (Previously only 6,000,000 signatures)
- Changed from Secondary and tertiary to 001-ext_mal - 005-ext_mal to increase compatibility with 32 bit O.S.'s with a small RAM footprint
- Advanced Risk Analysis is now able to feed from a much broader range of data to infer a file inherent probabilistic potential

* Fixed:
- Most XP out of memory issue should now be resolved
- Reduced all 32 bit O.S. memory impact identified by increasing number of databases but reducing the size while maintaining very large detection rate...
- Fixed a few minor statistical glitches

* Known Issues:
- The over all application size increased substantially to accommodate the detection of the entire extended malware database (> 600 MB)
- Advanced Risk Analysis is still incomplete - Much work required there - estimated completion date still unknown...

* Changes:
- Secondary and Tertiary Malware Databases are discontinued and replaced with several extended lists
- You now must register to get Primary database updates (New Extended malware list 2/3/4/5 is Free and will be upgraded with each new A.P.A.I.S. releases)

Here is a picture of the new release:

 

Warning! - Serious SSL related Security Issue - Immediate Global attention required!

About the Heartbleed bug...
http://heartbleed.com/

It is highly recommended that you test all secure server you normally use. You can go to this web site:
https://ssltools.geotrust.com/checker/views/certCheck.jsp

To test the server certificate you simply copy paste the address string starting with "https://" (It opens a secure "SSL" socket, and verify and checks for the vulnerability)
To test my own site SSL Mechanism and certificate: Type this string in the box: https://hermes-computers.ca

Make sure you do test your bank, and every other server you regularly use, else that may have been compromised by the bug....
After you confirm the server, and the bug is patched (The site I provided above will assist you)

You will need to change all your online password for all sites compromised.
If unsure if site was compromised, test then change your passwords anyways...

A later bit of background noise surrounding these issues...
https://www.techdirt.com/articles/2...compromised-nsa-than-previously-thought.shtml

http://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/

Please do keep a watchful eye on this site as it often offers great advise and is a good early warning system

https://eff.org

I hope you will find this informative

All the best!

Guy Deschênes

 

Thanks for adding DEP and ASLR
This new build won't load/crashes:

 

Could you let me know on which operating system this error was triggered. (32 or 64 bit).

At first glance this looks like your hard disk is fragmented....
Just Defragment your drive then run again. My guess is that your problem will be resolved.
You may need to uninstall, then re install A.P.A.I.S. then run again.

As a test, install A.P.A.I.S. on a clean USB Thumbd Drive (1 Gig or greater in size).
If it runs proper then your hard drive is fragmented, if it doesnt run proper then some other issue may be present.

The new installs expands to >600 Megs... large installs like this sometimes cause issues on fragmented systems.

Let me know how it went.

Thank you for your support!

Guy

 

Thanks, defragmenting was enough. It's been a while since I did that

 

You are welcome!

Having multiple extra large malware database files is necessary to make this tool easily portable, and useful to system administrators, and field technicians who dont always have full access to the Internet during admin run. Unfortunately it sometimes causes issues on near full hard disks with lots of clutter, and heavy file fragmentation...

Users with SSD's, and those who perform regular decluttering, and defragmentation should not experience any issues.

What do you think of the new version?
I hope it proves to be powerfull enough to help you unearth all the malware you encounter in the wild...

regards,

Guy

 

I like it, though I don't have to use it much. Family and friends seem to have become a lot more security conscious during the last few years
Perhaps it would be nice to have some progress indicator for tasks/scans that take some time.

 

Yes... I'm finding much less malware on machines running X64 Versions of Windows 7 and up. Although the new bug counts is still relatively high on a day to day basis, with the bulk of malware targetting XP users.

I also spend much less time explaining rudimentary security protocols and methods to users, they seem more able to undersdandt technical hygiene requirements a bit better as well.

The Problem with this is I have multiple independent scans, some are just checksum comparission within files while others are more technical in nature, all take some time and operate differently while working to produce a picture for your interpretation, I chose verbal narration instead of progress bars during scans for it's educational nature as well as to work as a reminder for the admins while they are analysing systems.

Thorough file and system analysis can be a long, boring and tedius task, working to keep users attention to the task for extended periods is difficult.

I find that progress bars while sweet to look at reduce the mental coefiscient to a minimum during scans, they also help users assume everything is done when the scan is completed which nothing could be further from the truth in A.P.A.I.S.'s case since the entire concept is to push you to furhter the analysis once the automated portion of the analysis is completed so as to effectively confirm, and validate the file or process. This is done via several alternate means like with the A.F.N.A. and the Internet Module for exemple.

Also the intent is for the user to keep their nose on the GUI and Watch/Read/Listen during the analysis in order to pick up on discrepencies, and other indication of previously unenditified spyware, and malware in general. Also in the Registered version I went to great lenght to fascilitate the identification of impersonated checksums via "Temporal Signature Checksum Tracking" report module. (Accessible via the Technian's Field Notes menus -> Tracker) unfortunately this requires the users to actually open up those reports, and verify that those files are not impersonated by comparing checksums via the integrated historical reports or via external services such as virustotal, and others. (These reports are only agregated if you use A.P.A.I.S. to scan a file. It also helps you to identify any, and all modification to that file at each scans.

This said... I am always considering better ways to engineer this thing, I'll give it further consideration, and see how I can implement progress bars without further degrading the attention to details by the user...

Guy

 

Thanks for your explanations