JottiQ: Desktop program for batch scanning files with Jotti’s malware scan

Homepage
http://whitehat.dcmembers.com/

Review
http://dottech.org/freeware-reviews/21190

 

Thanks for posting !

 

Nice App!
Thanks for the Heads Up!

 

First impression is nice.

Gerard

 

This looks like a useful tool,nice find.

 

As I noticed this thread pop up a lot in my referers, I figured I would register and thank you guys for spotting JottiQ and giving it a bit of attention.

I hope you guys will go easy on the service since the previous versions ended up getting just a little too much attention for Jotti to handle - but seeing how there seem to be a lot of powerusers here I doubt I have to be worried of tons of people throwing their entire computer at the service.

Never the less, I will stress that JottiQ is meant for (advanced) investigation into suspicious files, not as a first-line defense, AV replacement or anything of the sort.

 

@stylishhat: Will it support detecting 64-bit processes in the future?

 

Welcome Stylishhat to Wilders and thanks a lot for making such a beautiful tool...

 

Nice... thanks for the update.

 

I will look into it. Process scanning was never the intended purpose of the tool, and from responses thus far I found it considerably lowers the inner user inhibitor on the 'upload my pc' front. As it is, the process scanning isn't process scanning in the first place (nor is it labeled such if you look closely!), it scans the executables only.

In other words, the following are what aren't added/scanned at present:

• DLLs or other files loaded by processes
• 64-bit processes, as you point out. I wasn't actually aware of this till earlier today (I think you were the one to point it out to me at the Dottech comments?), but it does a great deal in showing why .NET can make things oh-so-simple... yet impossible to do right.
• Processes running under other users. For me, it never added svchost and lsass.exe for example, but with the 64-bit thing come to light, that might instead be the issue.

Someone requested the future at DonationCoder.com, and as such I added it because it was 'simple to add', but I remain of my opinion it is the wrong tool for the task as it has a tendency to give the wrong impression. After all, rundll32.exe is safe, so the process with commandline rundll32.exe shell32_.dll,TakeOverPCAsRunDLL would be considered safe as well. Or the less obvious dll-in-current-directory hijacking and sorts are even less obvious examples.

So summary: I will look into it. If I can fix it to give more results, I am tempted to fix it and leave it be. If I can't fix it, I might well remove it unless I get a lot of responses/urges for me not to. In my opinion, a tool should stick to its domain operandi (pig latin ftw ), and 'process scanning' can quickly fall outside of said domain for JottiQ.

Thanks. As I said before - thanks to Wilders for noticing and not flaming JottiQ for its (at times so-designed) shortcomings.

 

This program is getting popularity
http://www.softpedia.com/reviews/windows/JottiQ-Review-177666.shtml
Well done..

But I have something to say about improvement.
1. The GUI, simple looking but not self explanatory. You know what I mean. Many do not like to read the help files..
2. The agreement acceptance at startup, I know that's a good idea but nagging too, do you really think anyone really do care if they want to violate it!

 

Thank you. I had already seen that review a couple of hours ago and was indeed surprised to see even softpedia found it.

Regarding your suggestions for improvement:

1. Many indeed do not like to read help files. Which is why JottiQ doesn't have one in the first place. More seriously though - I like to think that the simplest way to use it is pretty obvious from first boot: drag files to the box, and make sure you are processing. You are the first I hear of that has issues with the short 'getting started' summary offered up. Is there anyone else who shares these usability concerns? Or has suggestions on ways to improve it?
2. The agreement is my own initiative, and is shown only _once_. Although with v1.0.2 I did decide that queueing up an unreasonable amount of files would cause it to be shown again and require agreement once more. I never really wanted to make that change, but JottiQ v1.0.1's popularity forced my hand in that I wanted to make sure I did all I could do to have the application did not spell its own doom. This included several changes, and I hope like hell this is the furthest it will ever need to get. Hopefully, I may be able to remove some of these more drastic-in-your-face measures in future versions.
   
   Since the very beginning JottiQ has had the potential (which it already has fulfilled!) to way out-do the regular usage scenarios of Jotti's malware scan, and as such I felt it very important to get the goal of the tool right.
   
   As many (download/review/spider-) sites already demonstrate, it is being reviewed as an anti-virus tool, then it ends up being known as that crappy anti-virus tool that never works and can't delete files, and so forth. I have a specific userbase in mind for the application (the more savvy computer users) and I did not want all those reviews that approach the application as something it isn't meant to be to cause these users to miss or pass up on JottiQ.
   
   Finally, and I will be very upfront about this, there will _always_ be legal considerations from all angles. I would love not to worry about those, but I am a considerate person. Files are sent to another server, and if I don't point users at something like that, I don't know what I'd be liable to, or for that matter Jotti himself. JottiQ can be used without ever visiting Jotti's malware scan itself, so I doubt simply expecting a user to know of and agree with the terms on that website they never actually visit themselves is going to be enough.

In the end, I want to make clear that I wrote the application because I have loved Jotti's malware scan for years now, and I wanted to share the love. It deserves all the attention people wish to give it the way I see it. Now, Jotti (the author of the malware scan) gave me permission to develop this app, and even went out of his way to deal with questions I had, and that has only deepened my respect for the man. As such, any changes to JottiQ will always be on a be-nice-to-Jotti basis, and if ever he wants a feature gone or removed, I will oblige (even though I might try to change his mind on the subject a bit if I disagree with the reasoning!)

I think it is nice to remember that one can write a tool like JottiQ by simulating the motions of uploading/scanning a file like a user would manually do on the website and parsing the results. Although that would miss several of JottiQ's features. If it got popular enough it would probably force Jotti's hand on changing the website, you updating the tool, rinse repeat until finally hard-capping stuff or taking the service offline all-together. I want that, even if JottiQ ends up way too popular, there will always be the option of saying 'hey, it was nice while it lasted, but we can kill the project and there's always the crummy website for the diehards'.

Maybe I'm just too nice a person for this nasty internet world.

 

Thanks for the nice and decent explanations..

but

you mean the readme.txt?


Another suggestion:
Can you employ auto-update check at program start?

 

Oh, people read that thing?

I wrote the app assuming people would not read it at all, and added it afterwards since it is expected for software to have one of those, and for those people who really appreciate it. (Oh, and some stuff I used wanted mentioning in my credits or whatever, so yeah, readme seemed good for that too.)

The auto-update is planned to get some attention at startup time in a future version. v1.0.1 lacked any sort of updater, and I got punished by it big time due to the fact I kind of forgot to include links in the app itself to the forum thread I was publishing new releases at (at that point I didn't set up a website yet). Meaning that everyone who got JottiQ v1.0.1 or earlier would have to dig into the readme to find it, and as I said... I think most people don't read that thing.

Anyhow, as I was juggling what amounted to a functional ddos on Jotti's malware scan, my own stupidity, and the need to have an updater, I simply did the most minimal stuff I could get away with. Once you do a check at startup, you'll want to throw in a setting to turn it off, make sure an app doesn't do such a scan every time it boots but rather once every 24-48 hours for example, and so forth.

Long story short: it was all a bit of complexity I wanted to avoid since I would have without a doubt have made a stupid mistake and had the entire internets on me for excessive phoning-home functionality. Given my target audience of tech-savvy users, I didn't deem such a scenario too unlikely.

At present I am not rushing out a new release at all, and am considering skipping a 1.0.3 and going straight for 1.1.0 when enough features have gathered up. The software is stable, it works, and right now information on long-term usage scenarios is most useful so I and/or Jotti can determine whether enough measures have been taken to safeguard the website. A tentative line of thought for me personally is early february, but it might be longer or sooner - I simply haven't given it a shitload of attention just yet. All my free time has been centered around JottiQ in the last few months, and time for myself and the TODO lists of my other apps are quite welcome.

 

Thank you Stilishhat.. Will eagarly wait for the v1.1.0 release. Any hint of what features are going to be included..

 

Whatever people want me to include and that I deem suitable of the application. As-is, I feel JottiQ is feature-complete, and I do not want to make it something it is not.

One of the things I am considering is support for translations. I noticed a lot of foreign blogs/reviews which basically translated some words for their users (it kinda stands out in the chinese versions, obviously) and am currently having a poll done to see if people want multiple languages and such supported. So if you want a hint - consider that my hint to the people here who like JottiQ to throw in a vote with their opinion.

I'm cheapskate and haven't fully figured out my CMS yet, so it is old-school through email for now. News post with information is here.

 

Translation would be a good idea. I am sure you will get a number of volunteers here..

 

I hope so. Never the less, given your wording involving 'here', I want to emphasize I want any replies through the method described in the post I linked. While I will probably check here from time to time given the warm welcome I've had here, I have felt 'obligated' to give similar hello's on other websites that did reviews and the likes.. and in the end I simply can't keep checking every single place for replies, ideas, support issues and the sort.

I've set up a bunch of email aliases, all of which can be found through one way or another, jottiq-support@... being the most obvious, so in the end I'd appreciate any help I can get in getting my attention a bit less fragmented and more focused on whatever needs doing.

 

Sure stylishhat..

 

Released v1.1.0 (2011-07-01)

donationcoder

 

Stylishhat have done great in releasing this update. The support is quite extraordinary. Look at the change log.

 

Thanks for the good reviews and keeping up with this little project. Especially for the inquisitive minds of the sort that wander around security forums like these, I made sure to upload an archive containing files of all the streams that JottiQ pre-emptively whitelists.

Also, I'd like to point out that v1.1.1 has been released on July 12th. It is an unimportant for most people.. but it adds a setting to deal with an error that people on domains might run into. More important, it fixes the updater.

Apparently I shipped v1.0.3 and v1.1.0 with a semi-broken updater. That teaches me to upgrade without testing if the new updater still has all the proper functionality. Or to be precise, it teaches me not to test with older versions than the one I end up distributing. To err is human, I suppose.

Consider this a manual update notice.

 

Thanks stylishhat aka worstje, for working hard in releasing this update. Now jottiq is the only file uploader (others are VT Uploader, NVT Uploader) that works in my institute with broken certificate.

Change Log
v1.1.1 (2011-07-12)

Any new version released suffers from a few hiccups, and v1.1.0 was no
different. Thankfully, all this release does is pat the proverbial belly.

Added: A setting that, if enabled, lessens the scrutiny given to the
remote server of Jotti's malware scan to determine its authenticity.
'Ignore certain SSL certificate errors' is only useful on a few
specific configurations, and should not be enabled unless you get an
error like the following in the Connectivity Test:
'The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.'
Changed: dcuhelper.exe was updated to v1.10.01 released on July 12, 2011.

 

I'm glad to hear that. I somewhat expected the one person I created this feature for to be the only one to suffer this issue. (Or are you him? )

 

Yep...