Secure Folders to protect folders (and use as anti-executable)

Hi Rasheed187,

I'll try Hide Folders 5 at the same time when I get round to retesting SecureFolders. Thanks for the tip.

Regards
pegr

 

Looks interesting, but can I make a question?

What does Trusted programs mean?
Is this setting change access token of that program? Then can't it make potential attack surface 'cause those programs might get higher privilege (of course not talking about integrity level) than before, depending on context?

Also, for whom does folder restriction apply? Everyone, or Users?

 

Using this program for a while now and it seems that
- trusted programs are allowed to bypass the limitations imposed by SecureFolders itself
- restrictions apply for Everyone

 

How does it uninstall? Does it restore ACLs when removed?

 

Do you know how Secure Folders perform this?
I suppose it modify subjects' access token, but not sure.

 

509
Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to
bandwidth limit has been reached for this site.

Please try again later.


What happened to their site?

 

3 days in a row? I think I will stick to My Lockbox Free.

 

Perhaps some regional issue...I can open its page normaly.

 

No it installs a driver and filters disk access. It just returns the same error as ACL.

 

Ah, I got it, Thanks!

I wondered if ACL is for Everyone how subject bypass this, but now it solved.

 

certeap.sys LoL

 

http://www.isitdownrightnow.com/securefoldersfree.com.html
http://www.downforeveryoneorjustme.com/http://securefoldersfree.com/

 

It's getting worse...

 

I have send installation program to last freeware version website

 

YEP, see pic,not black listed on VT, no suspicious calling home

 

Safe and sound. Funny how this sooo reminds me of when I used to confiscate those malware rootkit hider drivers from the bad guys and instead turn them around to hide my own alternate security measures and even in ADS

 

I'm not sure to understand: so you trust it ?

 

I had a couple of questions so i e-mailed the developer. Interesting info:

1. The anti-exe protection applies to any file extension.
2. A new version will probably be released this summer.
3. A per file/folder "Trusted Applications" feature will be considered (for the upcoming version?). I'm curious as to how it will be implemented (if). Hope it is feasible.

 

Nice find! Looks like an excellent way to prevent data leakage or ransomware.

For example you can set that only browser can access it's password storage files, for the rest of the system it wouldn't even exist! Or allowing images to only be visible to image preview and your favorite image editor.

EDIT: Would be nice if you could specify exactly what app can access what, to make it even more secure. But also have the existing global trusted apps.

 

No don't know how they implement it. I uses a driver. When you run a trusted programs as admin, it loses its access rights. The pop-up is the popup you gett when manually changing ACL of folders/drivers, so it looks like:
a) It is user based (denying it to everyone and run trusted programs as another user)
b) It uses Windows ACL mechanisms to do the actual protection (maybe also the reason why it uses less overhead)

All and all a smart application as Rezjor says, with many applications, like
- set your data folders as read only
- give windows explorer, office and media aps access, deny all others

You can also set the folders of the trusted programs themselves as no-execution, this will run the trusted programs in a LUA container.

 

I've just protected my browser so only browser EXE can access user profile folders. So no other app can dig through stuff that is stored there. And it works!

But the problem is with global trust apps, that kinda exploit one another just by being global and not per folder/rule. For example I need explorer.exe on Trusted list for being able to copy protected image files, but consiquentially, this also negates browser protection rules, because browser user folders are again visible because of it.

 

Not such a bad app either. It seems to be compatible and 100% stable running alongside my testings of Bouncer just fine. My box is a Win 8.0 64bit.

MBAE free version with SD in tray and also Sandboxie. Seems like these third party types offer a degree of satisfaction I've yet to discover in plain jane security apps yet again. After all this time these little inventions trump the big boy packages as always for me.

 

I wonder how this app affects folders if you have 2 partitions, you protect data on non-system partition and reinstall the system. Will protection rules remain or not? I mean, does it use NTFS permissions also or not?

 

@RejZoR: As Windows_Security's (nice find, indeed ) last post implies, SF's protection rules are enforced by its driver. As for your concern about Trusted Applications indiscriminately accessing SF protected files/folders, that was my rationale behind proposing a per file/folder setting.

@Kees: Are you sure about running Trusted Applications as another user? I thought the same (haven't researched it yet), but SF's author's response to my request (quoted: "Will note your feature request and possibly implement it") has left me in doubt.