I need information, PLEASE!

Discussion in 'NIS File Check Forum' started by bellgamin, Oct 31, 2002.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    NIS FileCheck is an excellent program for me.

    Sadly, however, Wilder's NISFC forum category seems to have become stagnant. Some of its threads reportedly were moved to a .uk YABB, but the links thereto are deader than the proverbial doornail. Also, version 2 is, so far as I know, still not available.

    Bearing in mind that my little old computer likes on-demand programs, like NISFC, my question is this...

    >>Is there any other program which offers similar capabilities to those offered by NISFC [Preferably a shareware or commercial product]o_O

    shaloha.......bellgamin
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    bellgamin,

    Rest assured, those that know this product will be stopping by to respond to your question. In the mean time, I have checked all the links here and fixed those that were broken.

    That ".uk YABB" forum was actually the previous location for this very board, and it still can be accessed (read-only) for those old posts. Wilders was at that location until it moved here this past June. (And even that was not the original Wilders board. There was another before that one. Of course, now we're talking "prehistoric times" ;) )

    Best Wishes,
    LowWaterMark
     
  3. FanJ

    FanJ Guest

    Hi Bellgamin,

    Yes there are those programs; they work not exactly the same however as NISFileCheck (NFC).
    Some examples:

    File ChangeAlarm (brother of NFC); free; for NT/2000/XP; real time.

    FileChecker from Javacool; free; more or less real time.

    ADInf32 or ADInf32 Pro; not free; from the company that sells the AV DrWeb; on-demand.

    Inspector; not free; build in KAV Personal Pro; on-demand.

    [hr]

    From the last two commercial ones, I use ADInf32 Pro, and I like it very much! However it should be mentioned that its database is not encrypted like NFC, that encrypts its database with Blowfish.

    [hr]

    I hope this helps.
     
  4. FanJ

    FanJ Guest

    Another pro for NFC compared to ADInf32 is that NFC uses much stronger (and world-wide recognised) HASH-algorithmes.

    As far as I know there is no other on-demand Integrity Checker that has all the following 3 features:

    1. add files by extension (for example .exe; .dll; etc.) to its database.

    2. encrypts its database with a strong HASH (Blowfish).

    3. uses strong HASHES (SHA1, Haval or Ripe MD160) for checking changes (changed, new, deleted) on the files in its database.

    Only NISFileCheck has those 3 features, as far as I know!
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    LowWM... thanks for the fast fix.

    Fan J -- I deeply appreciate your continued contributions to my education. By the way, if I decided to use ADInf32, I wonder...

    1) Would the disadvantage of non-encryption for ADInf32's database be offset if I kept that DB on my Iomega zip drive 250, & removed the disk after each use?
    [My premises are well guarded by an attack miniature poodle, trained to kill on command.]

    2) Did the programmer's of ADInf32 have a contest to find the ugliest possible title for their program? :D

    Again, thanks for your help and kindness.......belissimo
     
  6. FanJ

    FanJ Guest

    Hi Bellgamin,

    Some more about ADInf:

    ADInf means Advanced Discinfoscope

    Links:

    http://www.adinf.com/home.htm

    http://www.adinf.com/english/adinf/about.htm

    http://www.adinf.com/english/adinf/faq.htm

    You definitely will not regret buying ADInf; I'm absolutely sure!!!
    And there is a trial version; at least there was when I bought it about an half year ago.
    I guess it doesn't make much sense that I post here screenshots because you can find some on those links.
    Another real nice thing about it is that you can let it co-operate with the AV DrWeb (from the same company)!
    And another nice thing: on each system its main exe is different; meaning that if you would have it installed on your system, your exe of ADInf will be different than mine.

    Bellgamin, you made a real nice remark about installing it on a ZIP250!!! I have to admit that I don't know whether it is possible, but on the other hand ....hm....why shouldn't it...

    I also would like to thank you for making me look at their site: it reminded me that I forgot to put myself on their mailinglist: dumb me :rolleyes: :oops: Could well be that I missed a newer version, I don't know; I definitely have to look at it!!!
    If I could give you a cookie, you would get one right now!
     
  7. FanJ

    FanJ Guest

    Just for the record: I've edited Reply #3 in this thread.
     
  8. FanJ

    FanJ Guest

    About that putting ADInf on a ZIP250:

    Just only thinking loud now.....

    It might help, or not.....

    Just go back in thinking about what an Integrity Checker might do for you:
    It warns you about changes in files (changed, new, deleted).
    Now why would you like to know that?
    You might just want to know about any of those changes on your system.
    Such a change might be caused by a fully legitimate change on your system; for example: you installed a new program on your PC.
    But such a change might also be caused by a virus/trojan.
    Now think about this theoretical possibility:
    That virus is also capable to make some change in the database of an Integrity Checker, and that virus is not caught by your AV......
    Now would having that database on -for example- a ZIP250 help you? Hmmmmm.... What could that virus do the moment you run your Integrity Checker from that ZIP250?
    See what I mean?
    Having the database of your Integrity Checker encrypted, might possibly save you here.....?......?
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I visited the ADInf website. Searched & searched but could find no explanation of the differences between the standard version [$19] & the PRO version [$25]. Do you know?

    I did a download of ADInf but the zip failed an integrity check by my unzipper. Repeated. Same result. Will try again tomorrow.

    Meantime, I surfed around and discovered an on-demand file integrity checker named Sentinel at...

    http://www.runtimeware.com/

    I'm testing Sentinel. So far it looks really good. User friendly. Well thought out. Smooth programing. Excellent GUI -- PLUS the program has an alternate/optional GUI called "low" that [you guessed it] uses almost zero system resources. Plus a wizard to walk you through set-up. Let's you easily add "Custom Folders."

    Now, as to the Iomega zip disk idea [as offset to ADInf's non-encryption of its DB]...

    Doesn't it seem a bit improbable that (a) a virus would recognize ADINF [for example] as being what it is, AND (b) recognize that ADInf's database is missing from the HD & thus must be hiding somewhere else, AND (c) keep on running & lurking & running until I insert the zip disk with the DB, AND (d) finally pounce(!) for the kill?

    In a way, if someone had the talent to craft a virus with that much AI, I feel like he would sort of *deserve* to soil my computer's knickers. Well... maybe not.

    I await with baited breath your judgment of Sentinel's worth, and especially a comparison between its virtues versus those of ADInf.

    Be well!
    bellgamin
     
  10. FanJ

    FanJ Guest

    Difference between standard and Pro version of ADInf:

    Strongest HASH on the standard version: CRC48
    Strongest HASH on the PRO version: LAN64 ( that is an HASH algorithme developed by LAN Crypto Company in Russia.

    Quote from the Helpfile:
    ADinf32 checks a file by its size and checksum (CRC). This version supports the following CRC types:

    ·   Fast
    ·   Fast (Win32)
    ·   Macro
    ·   CRC16
    ·   CRC32
    ·   CRC48
    ·   LAN64 (available only in ADinf32 Pro version).

    Files can be associated with CRCs through filename extensions as specified on the CRC Types tabsheet in the Profile Properties dialog.
    end quote

    The ADInf company states somewhere on its site (or was it the Helpfile?) that there are virusses who can attack ADInf.

    I haven't yet tried Sentinel (shame on me :oops:).
     
  11. FanJ

    FanJ Guest

    About Sentinel:

    You wrote:
    "Let's you easily add "Custom Folders.""

    At the moment I'm not quite sure here (I'll try Sentinel next week, I guess).
    But there is a difference between telling your Integrity Checker to add a folder for checking and telling it to add files on their extension for checking.
    In my humble opinion telling it to check files added on file-extension is much better.....

    In NISFileCheck you add files on their extension (.exe, .dll, etc.) and the drive (partition) they are in, and then all those files will be checked. That is IMHO the way to go.

    ADinf does the same as NFC, in a slightly different way.
    And it also checks all other files. And it gives you even the possibility to look in its logfile where you will see changes for what it calls hidden files.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    In NISFileCheck you add files on their extension (.exe, .dll, etc.) and the drive (partition) they are in, and then all those files will be checked. That is IMHO the way to go.

    Sentinel is pre-set for just about every file extension I could think of -- dll drv sys 386 ocx exe com pif scr.

    You wrote:
    "Let's you easily add "Custom Folders.""


    They call them "custom folders" which is rather misleading to me. What they mean is ANY folder on your drive.

    Difference between standard and Pro version of ADInf:

    Strongest HASH on the standard version: CRC48
    Strongest HASH on the PRO version: LAN64


    CRC48 is what's used by Sentinel.

    ADInf PRO is $5 more than the standard. It sounds like all I would get for those 5 dollars is additional hash. Correct? If so, & seeing I am just an average user, is it worth the extra $$$? Or should I get the standard?

    In any event, it sounds that the ADInf is better than sentinel, but I will not decide until I hear from you concerning your trial of sentinel. I am eager to see what you say.

    aloha.......bellgamin
     
  13. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Sorry to be so slow in responding; I've been occupied elsewhere for most of the past month. What FanJ said (re NISFC) is, of course, accurate. I haven't heard from Albert in six weeks or so and am uncertain about any future plans he may have.

    If Albert doesn't pursue, I may consider publishing my own version (and also incorporating MD5 as a hash algorithm, since so many people use that with their native firewalls). (That's just a thought; not a commitment at the moment. My version is bigger and considerably more complex because it's databased, but it also has a bit more functionality.)

    Actually, there are quite a few. Several were mentioned in a thread on the grc.security NNTP newsgroup in the past month or so. I know about Sentinel (haven't checked it out yet, however) and there's a new version of WinInterrogate I understand at SourceForge.net.

    Tripwire and Integrity Master remain the premiere (payware) products in this field, I suspect. I don't think FanJ got to the section of the old FAQ that identified all the old alternatives. All of these have their own pros and cons. I'm sort of betwixt and between at the moment and I may take a stab at digging out the latest versions of each and doing that comparative feature analysis that was discussed at one point in the old Wilders forum. Again, I may not be able to get this done (especially to my own satisfaction), but it might be a good idea to start on it.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    JVM sed...
    I'm sort of betwixt and between at the moment and I may take a stab at digging out the latest versions of each and doing that comparative feature analysis that was discussed at one point in the old Wilders forum. Again, I may not be able to get this done (especially to my own satisfaction), but it might be a good idea to start on it.

    JVM -- Great to hear from you! I lust & covet & solicit the comparative feature analysis that you are considering. I only hope you can get to it before my 30-day trial of ADinf is over [27 days to go]. Why? Because ADinf is where I was leaning up until you mentioned that other similar programs exist.

    Shaloha........bellgamin
     
  15. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    If I manage, it will probably be within November time-frame.

    The grc.security thread is entitled "Program to detect changes.." and originated on or about 28 Oct 2002 at 2153 (not sure if that was EDT or EST at the moment). Going back and taking a look at it, it's not as helpful as I had hoped; it only mentions falert (which may no longer be available) and ADInf32. A lot of the thread is taken up with somewhat different solutions such as install-uninstall monitors and registry monitors. While these are useful utilities, they aren't exactly the same thing as file authentication utilities -- primarily because uninstall-install and registry monitors, for the most part, are only going to notify you of legitimate changes to the executables on your box.

    I'll try to get started on the comparative analyses tomorrow unless all hell breaks loose.
     
  16. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Bellgamin,

    While setting up to begin the comparative analysis of various file authentication utilities, I went back and took a look at the last version of my own application. The following is a screen shot of the Setup options that I had specified (now over a year ago, I think).

    I'm already thinking of some additional features. For example, as you can see from the attached screen shot, I was thinking of only computing one of the various hashes, but there's absolutely no reason why the user shouldn't be able to select one or more of the possibilities. (I use a different hashing algorithm than what Albert has used.) This would be more similar to the functionality that TripWire offers, for instance. (But it would make a run of the application far longer.)

    I also like the 'full parameters' pop-up provided by WinInterrogate and will probably consider that.

    Finally, and since my application is databased, I'm thinking of three files:
    • One file would contain the latest information on the various executables selected for checking.
    • Another file contains the currently authenticated (i.e., validated) list of files and their associated hashes
    • The third file would contain archival information on previous versions of the executables (if the user chose to take advantage of this capability.)
    Now, information in all three of these files would be datestamped so you could easily ascertain when the last file authentication was run and when the last (authenticated/ archived) file info summary had been generated.

    Let me know if you have any other suggestions.
     

    Attached Files:

  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Let me know if you have any other suggestions.

    JVM - Be aware that I am waaay over my head here. With that in mind, I wonder...

    1) You have provided check boxes for a constrained list of file extensions. Might it not offer more flexibility if you provided an "all other (specify)" entry box for use in adding other file extensions [such a pif, scr] that are a unique need of a given user who has a given *special* situation?

    2) Do you think your program might need to keep track of [alleged] changes in bad sectors?

    By the way -- I know about NIS FilChecker & Sentinel & ADinf -- but the screen shot you posted is something I hadn't seen before. o_O

    shalom.........bellgamin
     
  18. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Yes, it would (be more appropriate, that is). What I posted was a screen shot from a dialog box developed as part of an Excel 97 macro of my application. It was intended for explanation to Albert of a GUI that I thought he might find of interest -- that's all. I modified this in the Access 97 implementation, but I'm still not happy with the display that I came up with to do precisely what you suggest.
    Well, that's an entirely different subject and I did not address it (but I think I know what you're getting at, here). I was trying to build an app that would work on Win 95/98/ME/NT/2K/XP. There are any number of file systems in these various MS OSs and that constrains me a bit (not to mention that it could well eat processing time like you wouldn't believe). And, in Win NT/2K/XP, I have to contend with the possibility that the user may not be running with full admin privileges. I've still got a lot of work to do to get this ready for prime time, if I eventually decide to publish it.
    Well, you've never seen it before for the simple reason that only about four or five people ever have! :cool: Again, it was set up solely as a rapid prototype demonstration, sort of a 'proof of concept' exercise. Only the people interested in extending NIS File Check have ever seen it -- as far as I know.
     
Thread Status:
Not open for further replies.