Terra Privacy -- Dynamically generated whitelists

"Dynamically generated whitelists help stop hackers

Whitelists have traditionally been used as a way of limiting what users can do, but they're time consuming to maintain and keep up to date.

...Terra Privacy is addressing this with a system where destinations are continually inserted and removed from the whitelist in real-time, in concert with the user's activities.

Hacker Deterrent Pro's system provides effective protection against browser-injected trojans. It uses a Transient Whitelist that only contains the addresses of open webpages and their declared additional connections. All other browser traffic remains blocked. This means browser-injected trojans are blocked from connecting to their command and control servers...

It guards against non-browser trojans too by ensuring that applications like Word and Photoshop can only talk to their maker's sites and no others. It also uses DNS whitelisting to protect operating system traffic..."

https://betanews.com/2017/05/26/dyn...ign=Feed - bn - BetaNews Latest News Articles

Terra Privacy : https://terraprivacy.com/

There are free extensions for FF and Chrome at the site (not clear what they do and if they are beta and the above article states that there is a free beta version of Terra Hacker Deterrent Pro also -- these extensions are accessible via the Product drop down menu at https://terraprivacy.com/.)

Terra Privacy's description page: https://terraprivacy.com/hacker-deterrent-pro/

Beta and Free Trial versions of Hacker Deterrent Pro are here:

https://terraprivacy.com/purchase-ttc/

What do you think about this ??

 

Tried it.

Too complicated to configure and my pages wouldn't load quickly. Uninstalled it.

 

If you're thinking of testing this prog make sure you have a good and recent backup. I tried it but the installation failed and it 'rolled back the changes' - except it didn't and hosed my network completely and irrecoverably.

Luckily Macrium rode to my rescue. Avoid is my advice..

 

OK, so at the moment it's crap. But I must say the concept sounds interesting. The problem is that I can't fully picture it. They say they white-list all connections that belong to a certain website, but how do they know that? Can anyone explain?

http://www.securityweek.com/terra-privacy-product-uses-dynamic-whitelisting-block-attacks

 

Sory I lead you astray faircot :-(

I didn't get to try it (yet). I first had to do a fresh double back-up/re-imaging of my system, then watched all the video demonstartions and tutorials. Hesitated cuz I was confused whether or not the current version was ready for prime time. And somewhat confused about implementation. By then I first saw NormanF's post and now yours.

hawki is a glutten for punishment and must always learn the hard way, so despite reported bad experiences, the described benefits and unique nature of this program appear intriguing. So being a curious cat, hawki may feel compelled to commit Hari Karaoke and give it a spin. If I you see hawki has not posted for a few days please call 911.

 

Its basically a whitelisting firewall.

The basic concept is you decide what Internet traffic to allow within your browser.

The way its set up though is too confusing for home users. No one has the time or patience to drill down a category and decide what's safe and what's not.

Most people are better off with an ad blocker based on the blacklist principle where known malware and "black web" sites are blocked by default. It holds promise though.

It may become the next generation security tool.

 

Sorry to hear about this. In response, we are adding in a step-by-step configuration wizard (which will be in the next beta release at the end of next week). As for slow pages, it's important to note that your choice of DNS servers will likely be the greatest factor in how fast the web pages load. During DNS setup, Hacker Deterrent Pro shows which DNS servers are optimized for performance. These would be the recommended servers if speed is the greatest priority. However, if for some reason certain pages load slowly even with high-performance DNS servers, we'd appreciate you letting us know by submitting a ticket on our help desk system. If it turns out to be an issue with the beta code, we will gladly fix the issue and gift you a one-year subscription to the commercial release as a thank you.

 

We have received a lot of feedback regarding the difficulty in setting up. Therefore, we are adding a step-by-step installation wizard in the next beta release. However, kindly note that no one needs to "drill down to categories" to decide if they are safe or not. Hacker Deterrent Pro doesn't require any such activity. The browser whitelisting is 100% automated.

 

Then perhaps it won't become the next generation tool? I thought it was supposed to auto-protect people without them having to make decisions. Can you perhaps post some screenshots?

 

Sorry to hear about your difficulties. It's important to reboot your PC after uninstallation (as prompted by the uninstall program). However, if you still experienced a lack of network connection after uninstallation then something must've interfered with DNS server reconfiguration. No need to roll your computer back to an older state. The DNS Servers would simply need to be manually set (if that's the case).

If you do decide to retry our program, and you experience an issue after rebooting, we'd appreciate you helping us determine the cause since this issue hasn't arisen during alpha testing on numerous machines with a wide variety of network configurations. It's our standard operating practice to award anyone who helps identify beta bugs with a free one-year subscription to the commercial version upon its release.

 

You are correct. Hacker Deterrent Pro does auto-protect. It doesn't display any categorization whatsoever. Perhaps someone was referring to an earlier product.

 

Thanks to the Webextension standard implemented on Chrome, Firefox, etc. the connections made by each individual open webpage can be captured individually. In other words, the connections made by Samung.com can be distinguished from another open webpage (such as Motorola.com). The connections made by each open webpage are then reported to the kernel-level firewall. Also, the moment you close a page, this too is reported to the kernel-level firewall so that the webpage and all its connections can immediately be removed from the Transient Whitelist - all automatically.

 

Make Hacker Deterrent free for home users and the Hacker Deterrent Pro for business users at the current price. Sine its automated, I think the set-up could be simplified by setting up defaults and allowing users to decide whether to trust or to block particular Internet traffic. A good security tool should be simple to set up and run.

KAR is the gold standard for how to do it - and let the software run in the background until it needs to block something malicious that it detects.

 

OK thanks, I think I now understand it a bit better. But what if some banking trojan has hijacked the browser and is connecting out, how do you know that this connection is not related to an open website? I mean it's the browser that's making the connection. Can you perhaps post some screenshots of both the extension and app?

 

Ransomware communicates with cloud C&C servers and if the communication is blocked, the ransomware won't be able to start the encryption process. In other words, it does nothing.

That's its real weakness.

 

Whenever a browser-injected trojan or a browser-imitating trojan tries to connect to a hacker's C&C center, it will be appear to be the browser itself trying to connect (not any of the individual pages). This is how Hacker Deterrent Pro knows to both display and block it. To see the screen and plugin in action, there's two pages on the company website: https://terraprivacy.com/browser-injected-trojans/ and https://terraprivacy.com/browser-imitating-trojans/. Both pages have videos.

 

Michael, I did reboot (twice) and subsequently applied all of the methods and tools I use on clients' computers in an attempt to restore network connectivity, rebooting in between. Nothing resolved the issue and the only thing that did restore connectivity was to restore a recent Macrium image.

 

Upon uninstallation and reboot, the Hacker Deterrent Pro kernel-driver is completely removed from your PC. Therefore, at this time, there's no software blocking internet access. The only change to your operating system configuration during use is a change in DNS servers. Thus, the only way for the internet connection to be cutoff would be for the DNS servers to somehow not be restored during uninstallation. I am one of the alpha testers. While this issue didn't arise during alpha testing, it seems to be the most likely explanation for how your PC could be cutoff from the internet after the kernel driver had been uninstalled. If you ever reinstall the program and have the same issue, kindly send our company a screenshot of the command shell after you execute "ipconfig /all". Please include the DNS Server portion of the screenshot along with your operating system. If this does indeed turn out to be a beta bug, our company routinely provides free subscriptions to the commercial version for all who help during the beta process.

Update: One additional thought. I just noticed that you use the tag "VoodooShield beta". It's possible that VoodooShield or some other program like it wrongly prevented the uninstall program from being able to remove the kernel driver. While we've never seen this situation before, it's possible that a program such as VoodooShield or another anti-malware program wrongly prevented the uninstall program from removing the driver.

 

I 've just tried a reinstall, this time with Shadow Defender in operation. The result was another unsucessful installation with a message about another installation in operation and to let that continue first!

I always shut down VoodooShield when installing/uninstalling new software - and that was the case here.
Regards

 

@Michael Wood and @Estaban S

I think I need to clarify my comments in this thread and apologise to you.

Since I use Opera I chose to install Hacker Deterrent rather than the beta of Hacker Deterrent Pro, which doesn't seem to support Opera yet. I don't know if this caused the issues I've had with your software but...

 

Sounds good in theory, but I still can't fully picture it. Let's say I browse to apple.com and cnet.com, this will result into lots of different connections also to third party domains. And if the browser-injected trojan is simultaneously connecting to the C&C server, how does HD Pro knows those connections are not related to the open websites?

 

Yes, that's very important. Hacker Deterrent and Hacker Deterrent Pro are two different products. Hacker Deterrent doesn't contain the type of whitelisting pertaining to this forum thread. Only Hacker Deterrent Pro does. No need to apologize; however, your clarification is appreciated.

Also, in your previous post you mentioned that you couldn't reinstall Hacker Deterrent because the installation process thought another installation already exists (at least partially). This further confirms that some security program that your PC was running prevented the uninstallation from completing properly (this is why reinstallation thinks another installation already exists). If you'd like to resolve the situation to use Hacker Deterrent then you can open a ticket with our help desk via the Support link on our website. The help desk can guide through a manual uninstallation process. Our support team will gladly help.

 

Hacker Deterrent Pro automatically keeps track of which sites are required by apple.com and which sites are required by cnet.com. Everything else remains blocked. The following video shows site detection live in action: https://youtu.be/G6I3oHMTwGY

You can test this for yourself in two ways:

1) Once you install Hacker Deterrent Pro, open multiple tabs each with different webpage. Then, in each tab, click on the Hacker Deterrent Pro icon in the browser. For each tab, you will see the sites that are required for that tab's webpage, and that tab's webpage only. For example, let's say you open two tabs (apple.com and cnet.com). When you click on the Hacker Deterrent Pro icon on the apple.com tab, you will only see the sites needed by apple.com; when you click on the Hacker Deterrent Pro icon on the cnet.com tab then you will only see the sites required by cnet.com. Thus, you can verify that Hacker Deterrent Pro is indeed keeping track of which sites are required by each of the webpages.

2) Now, to confirm that Hacker Deterrent Pro blocks everything else, you can install any plugin from any company that requires an internet connection. For example, you can install Ghostery or NoScript (both of which communicate with their company servers). You will notice that regardless of which plugin you choose, that plugin will automatically be blocked from connecting to the internet (until you click on the lock to allow it). Browser-based trojans are blocked in the identical way that your chosen plugin was blocked.

Hacker Deterrent Pro's novel approach blocks browser-based programs regardless of the manner in which they've injected themselves into the browser. Thus, even unknown zero-day injection techniques are still blocked since Hacker Deterrent Pro doesn't concern itself with how the injection occurred in the first place.

 

Thanks for the info. You guys really might be on to something, I'm surprised others haven't chimed in yet. The reason I may seem a bit skeptical is because in the past companies have often claimed to have a new and superior product, but they didn't manage to deliver.

Let's talk some more about the tech, let's say I open the browser and don't connect to any site, and the browser-injected trojan is trying to phone home to send stolen data, how will HD Pro stop this? I mean it's the browser that's connecting out, so the firewall won't stop this.

 

When you first open your browser, the Transient Whitelist is empty. In other words, all browser traffic is blocked. Therefore, by definition, all browser-injected trojans are blocked.

No need to apologize for your skepticism. We're doing something completely new and unorthodox. Skepticism is both expected and welcome. The more questions you ask the more you'll discover the depth of our solution.