Crystal Security - Discussion

@phalanaxus

Hi,

Thank you for the suggestion. It is interesting approach. I believe that I'll implement this method in the near future so results will be more accurate.

Regards,
Kardo

 

@Ashanta

Ashanta, Thank you for the test and suggestions. I appreciate your help.

Can you please test Crystal Security against active malware?

1. Start Crystal Security
- be sure that latest version is installed and Cloud is connected
2. Check if Processes detection is enabled and working correctly
3. Execute malware / download via browser etc..

Please note that mostly executable files will be analyzed.

Thanks to different suggestions - Checkup detection functionality will be improved and optimized with new versions.

@Everyone New update expected soon: Self-protection will be totally upgraded so it can successfully fight against targeted attackers and task managers like Process Hacker + terminator feature.
New review video is also planned.

Regards,
Kardo

 

@Ashanta

Can you please check it again?

Settings -> General - > Start with Windows (check it) -> Click Apply.

After that you should see Crystal Security entry under System Configuration..
.. Please tell me if you can see Crystal Security listed under System Configuration.
1. Click on Start orb and search for msconfig
2. System Configuration -> "Startup" tab



Regards,
Kardo

 

Hello,

Here is a video review of Crystal Security Self-Protection. You can see Self-Protection feature in Action against Process Explorer, Process Hacker + terminator and Task Manager. Self-Protection will be upgraded in next Beta version and will be updated against all targeted attacks with each new version. I hope you enjoy it.

Video: https://www.youtube.com/watch?v=qqfhURzGEuM

Regards,
Kardo

 

I already tested CS against malwares on Win7 platform :

1. It was with the latest CS version
2. Yes, 'active process' was checked

 

Ok, I will check the msconfig and I will let you know.

Anyway, I checked 'Settings -> General - > Start with Windows (check it) -> Click Apply.' this option, but as I told you CS didn't start on Vista.

 

@Ashanta
Okay. Next update will be out very soon and I made some changes in "Start with Windows". Maybe your issue is solved with next release. Also.. Checkup feature will be upgraded after next update. I'll also perform tests against "active" and "passive" malware. Currently I am focused on the following important features:

1. Self-Protection against targeted attacks and task managers
2. Checkup: detection and removal

Regards,
Kardo

 

Hello,

Crystal Security 3.5.0.96 BETA released

Changelog

• Improved Self-protection
• Fixed several reported bugs
• Updated internal database

NB! If there is any problem with this version then please try to turn off Self-protection and restart Crystal Security.
Self-protection is now more aggressive against targeted attacks and may cause errors.

Two different types of downloads

Download installer version of Crystal Security 3.5.0.96
Download portable version of Crystal Security 3.5.0.96

Looking forward to your feedback.

Regards,
Kardo

 

Thank you Kardocristtal

I will install this version on Vista and let you know if something is wrong.

 

@Ashanta Thanks! Please let me know if your problem is solved (automatic start-up issue).

Regards,
Kardo

 

Hi Kardo,
first - I was unable to download latest portable version from your page
second - when I was able (today morning), I was redirected to Softpedia...so I was very surprised and confused...why is that and what was happened?

 

@ichito

Hi, Thanks for the interest.

Temporary technical problems with the service provider. The original download links will be back soon.
One of the most requested feature will be added in the next version. Update is coming soon.

Regards,
Kardo

 

Hello,

Crystal Security 3.5.0.97 BETA released

Changelog

• Added Shell integration for files and folders
• Added new default Protection extension (.vbs)
• Fixed several reported bugs
• Updated internal database

Screenshot of Shell integration (context menu)



Two different types of downloads

Download installer version of Crystal Security 3.5.0.97
Download portable version of Crystal Security 3.5.0.97

Looking forward to your feedback.

Regards,
Kardo

 

Interesting idea: You could award a bonus for transparancy (tested by AV-comparatives and VB), programs not participating would get (average score+MSE score)/2, calculate the average (file detection test of AV-C and reactive score VB100) assign clusters (like AV-C does) and award highest cluster 3, middle 2 and lowest 1 to differentiate trust.

So when vendors are rewarded when participating in VB100 or AV-C, you could ask AV-C or VB-100 for sponsorhip (because you urge them to be transparant )

In the donated version (for home users), it is possible to assign a personal rating to vendors (high-medium-low trust), which also assigns the 3-2-1 value for your calculation. Small donation say 5 euro's. This is a small amount for being able to personalize the VT-score. Phalanaxus has shown you a way to make money

 

Thanks Kardo, downloaded and using the portable as usual.
I've noticed one small bug, not just with this version but previous versions too. That is, when you use the mouse to hover over a file name in say 'overview', the file name always appears behind the main window and not in front, so you can't read it.

Regards
Gordon

 

Just to let you know I'm getting 'suspicious' warnings about task manager and wordpad which I've never had before. Surely these would be signed ? (as well as being part of the OS).

Gordon

 

Hi Kardo,

Very good improvement since the last time (May 2014) I checked it!!!

The current beta version is really great!!!

I'm trying to make a advanced analysis, but I the list under "Checkup > File" Types are empty?
Shouldn't be identical to the "Protection > File Types" list?

Keep the excellent work!

 

Just checked taskmgr.exe in Win 7 32bit and strangely it is not digitally signed.


@Windows_Security ,@kardokristal

IMHO, if weighted statistics are going to be used false positive ratio should also be taken into account besides detection. A few simple but defining equations would work wonders when weighting from test scores.

 

@Windows_Security

@phalanaxus

Thank you both for the interesting ideas.

It is a unique approach and I really like the idea behind it. I'll think about it and If I have any questions about this detection/calculation method then I'll ask additional questions via PM. Please note that If I have a plan to implement this kind of detection rules, then full development of this method will take some time.

Regards,
Kardo

 

@ghodgson

Hi Gordon, Thank you for the feedback.

I'll try to re-produce and investigate it.

Can you please check detected files manually via VT or send files via PM within ZIP file?
About digital signature of detected files. Answer by @phalanaxus

Regards,
Kardo

 

@rdsu

Thank you! Great to hear that.

Protection and Settings: Separate settings (Scope and File types). Indeed, this list should not be empty.
Thanks for the report. Will be fixed.

Regards,
Kardo

 

Hi Kardo,
I can assure you my system is 100% clean, before and after the warnings about the OS files, (as checked by EEK, MBAM, Hitmanpro,) the files afore mentioned were false positives and were added to the whitelist manually. But if you really require me to send them to you I can.
This morning I received another pop up from CS, this time telling me there was an error and it would shut down and it told me where I could find the logs. However, when I located CS in the 'Roaming' folder there were no logs that related to errors.
So could you tell me where the logs are situated please ?
Secondly, wouldn't it be easier to access scan and error logs via the programme interface rather than having to go finding them ?

Thanks
Gordon

 

@ghodgson

Hi Gordon,

Thanks for information about detected files. I believe that your system is fine.
Errors should be located in C:\Users\username\AppData\Roaming\Crystal Security\3.5 Beta\Logs. Errors will be accessible via interface in the near future.

Regards,
Kardo

 

Interestingly when I zipped up those files in preparation for sending to you, CS complained about them again. This time I uploaded both from the CS interface and then both were added by CS to the file whitelist. Wordpad.zip being labelled as 'Safe (Internal)'.

Gordon

 

Hi Kardo,
Thanks, I am looking at 3.5 beta logs now, in which can I find the reason for it shutting down this morning ? as I don't see any 'error' logs

Gordon