New version information and screenshots

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Feb 19, 2008.

Thread Status:
Not open for further replies.
  1. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The next version of AppDefend will mark the beginning of its phase into a non alpha/beta state. The addition of virus mutex blocking, proper keylogging detection and module/dll blocking are some of the enhancements since the last beta.

    For RegDefend it's an improvement on something which for the most part worked quite well. I have changed the way protections work somewhat in RegDefend, mirroring the AppDefend way of having specific actions and logging for each item - Set Value, Delete Value, Delete Key, Create Key, etc. A registry scan has also been added, which will help in finding malware related registry keys/values, and also help trim the registry.

    Both products will feature the earliest graphical interaction with the user that is possible in part due to GhostGUI (a new GUI library) and moving most code into the kernel rather than user mode. There is also some new experimental security options which changes the Microsoft related kernel code to perform some new tricks, basically disabling installed rootkits (and a lot of security products) by taking away their ability to hook. There is some other stuff I won't talk about too much yet for now.

    Some of the above a lot here will already be familiar with from my other posts. Below are some screenshots from the new GUI, which is still being heavily modified and doesn't quite have a 100% final look, but it is close. It is done utilizing the same GhostGUI library. Most of the new changes compared to the old GUI are in relation to making it more "explorer" like, editing descriptions, filenames, folders, in place. Making it more simple to look at and edit. And just so people don't ask, what you are seeing here is simply a theme, GhostGUI supports the classic windows look for all the people who love it, and that will be selectable as a built in theme.

    http://www.ghostsecurity.com/images/gss_new01.jpg

    http://www.ghostsecurity.com/images/gss_new02.jpg

    http://www.ghostsecurity.com/images/gss_new03.jpg

    And the question of when? Well editing wise, the GUI is already functional, it is simply a matter of tweaking things and adding some other small items. I will be releasing everything (new GUI, new driver, etc) on friday as a beta, with subsequent smaller updates after that until the final is ready.
     
  2. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Jason,

    Thank you for the progress report, the new shell looks great. Like many others I am eagerly awaiting Friday.
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks Jason for the update. Hope it stays lightweight. Also, is there going to be default protection for RegDefend (something like Tony Klein's ghost file) so you are protected right out of the box?
     
    Last edited: Feb 19, 2008
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I don't quite understand what a mutex is, so any explanation of it and how blocking it improves security is welcome.
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Does this new version have a learning mode?
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Don't bet on it.

    @Jason, looking good. How about password protection, is it implemented, how does it work? (no pop-ups if locked, no gui or editing) Blocks what isn't explicitly allowed?
     
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks for the info/screenshots Jason. Will this work with Vista by chance?
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Nope, but I will be taking a look at that soon after release.
     
  9. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The default RegDefend ruleset will be padded out yes, most likely utilizing most of the keys/values found/added by Ghost Security beta testers and users.

    And yes it is still very lightweight, I have trimmed AD/RD stuff more than I thought possible in the kernel, and logging now is done with a fixed size internal buffer to minimize memory allocations. The actual GUI is using less resources now than the old one, even though it is a lot more complex with more "stuff" in it. Thanks to GhostGUI gui updates are even batched into single updates resulting in less cpu usage when many things are occurring at once.

    To give one example - the new listview was able to sort 400,000 registry values (I dumped the whole registry into it) which totaled about 150MB of data in 5 seconds on my 3.2GHz core2. In a Microsoft type list as soon as you go over something like 20000 items, it's pretty much unusable, let alone sortable. Some may remember sorting logs in older versions of GSS and having it take 60 seconds to respond or something crazy with only a few thousand items in it.
     
  10. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Software usually creates a mutex to synchronize themselves, or to know that multiple instances of itself are running. For instance a virus may create a mutex named "lucas1985" , and then at startup it checks to see if that mutex exists or not, if the mutex does exist it thinks it is already running and will exit (usually).

    So if you have a list of virus mutexs you can then alert whenever one of them are trying to be created, warning you of a known virus. It's not a perfect way to detect malware because usually the people who create them will change them quite often between versions or allow people to edit the mutex they create. However it's another prong you can use to protect the computer against known threats.
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Glad to hear it. Thanks Jason for the response.
     
  12. sentry42

    sentry42 Registered Member

    Joined:
    Apr 2, 2007
    Posts:
    9
    Thanks Jason,

    Looking forward to try the beta!

    Do I remember correctly that Ghostwall also will be (can be?) integrated in GSS?
     
  13. cafeshop

    cafeshop Former Poster

    Joined:
    Feb 20, 2008
    Posts:
    36
    is this new release working well out of the box on windows 2003 server, particularly on recent DELL laptops.

    On those DELL desktops and Laptops I have recently in 1-2 years, I do not know why no releases of GSS working without BSOD repeats except for the 1.100beta release. Hope this new release is stable. Any Jason's input on this. I am going to pay for App/Reg Defend license of uses. Please respond.

    Thanks.
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Great answer, thanks :)
     
  15. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ Jason: will we still be able to change to a theme that makes GSS look like v1.110 and have the alert in the same style ?

    As nice as this new one looks, its to messy and noisey for me, its probably the double lines with the mixture of different fonts styles, text lengths etc....makes the lines/information go all over the place, the status panel on the image gss_new01.jpg is excellant, but the other two images are confusing and might as well be written in klingon :ouch:

    Sorry, forgot to add for some reason image 3 (gss_new03) looks less messy and better then image 2 :blink:

    Can you tone down the colors abit and make the 'Home' menu on image 1 a tad bigger :) , thanks, apart from that, you doing really great, I can't wait for the next build, sounds a fantastic build for sure :D

    Hugs,
    Fluffy
     
  16. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I have removed the little networking support I added in one of the alphas from AppDefend, mostly because of the upcoming issue of GhostWall and AppDefend in GSS. Since AD's simplistic approach to being a firewall wasn't really that helpful without network rules + other things.

    But yes , GhostWall will make an appearance once the AppDefend/RegDefend versions have gone final.
     
  17. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The themes are completely configurable, and even the layout is able to be changed (within certain constraints).

    I can understand your viewpoint about it looking a little "messy", but on the other hand this is showing you all the relevant information at a glance now. It's one of those things that after you've spent 5 minutes with it you realize it's a lot better than the way it was as it looks more complex than it actually is. Ideally though you won't need to spend much time in the editors anyhow, that's the direction I am trying to go.

    There are still some UI improvements I need to make to the base GhostGUI code, tooltips, better keyboard navigation, and things like this, but it will come in a later version.
     
  18. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    @ Jason: Thanks for you reply and information, much appreciated, I will look forward to giving it a spin, I think you are on to a winner no matter what you do, your work is always the best to all of us :D

    Hugs,
    Fluffy
     
  19. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Jason,

    Is it (= mutex scan) doing it like TDS-3 was doing many years ago (Memory Mutex Scan)?
    (for those not familiar with the old TDS-3, see screenshot here:
    https://www.wilderssecurity.com/showpost.php?p=19435&postcount=2 )
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Good to hear news of another update. :) However the phrase "will mark the beginning of its phase into a non alpha/beta state" has a disturbingly indeterminate feel to it...
     
  21. topmoxie

    topmoxie Registered Member

    Joined:
    May 25, 2006
    Posts:
    36
    Yeh this is also indeterminent And the question of when? Well editing wise, the GUI is already functional, it is simply a matter of tweaking things and adding some other small items. I will be releasing everything (new GUI, new driver, etc) on friday as a beta, with subsequent smaller updates after that until the final is ready.


    FRIDAY
     
  22. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Similar yeah, except TDS-3 worked from user mode and scanned all active handles as reported by the kernel. AppDefend doesn't actually let the system create the mutex, but it can report it as active to fool the malware.
     
  23. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The release has been pushed back a few days due to some RegDefend bugs which popped up and some features I realized said would be completed by next beta which weren't. Thankfully all the bugs found have been quashed (unless new ones are found... :) ), so it should be coming out within 24 hours as I finish up the features I promised - which will also help with the beta reporting. Apologies all around!
     
  24. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Hey Jason, the new GSS looks awesome, well done, been a long coming eh!

    Keep in touch,

    Rodrigo
     
  25. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
Thread Status:
Not open for further replies.