reactions on NISFileCheck guidelines

Discussion in 'NIS File Check Forum' started by FanJ, Mar 7, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

  2. FanJ

    FanJ Guest

    This reaction was from Liquid_Fish on March 7, 2002; 7:34 am:

    [hr]
    Wow!  Excellent stuff keep it coming.   The explanation on checking was extremly helpful.  Thanks.

    [hr]
     
  3. FanJ

    FanJ Guest

    Hi Liquid_Fish,

    Thanks! Credits go also to Joseph and  Albert!

    I hope you don't mind that I moved your reaction to this new thread. The reason is that I wanted the original thread only for the guidelines and general tips.
    Before I was yesterday able to temporarily close that thread, my connection was shut off; I guess due to some maintenance by my provider.
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    I just wanted to thank you for taking the time to root through all that verbiage I sent you.

    You've updated it and made it more concise than it was originally.  

    It was old (now about 10 months) and I suspect you're just now coming to the hard part! :D

    I also tend to be a bit long-winded, but so far I have absolutely no problems with what you've done to make it more concise.

    I would like to make sure that people understand that you're slowly working through something that must have been on the order of a 90+ kB HTML page.  That's no small undertaking.

    What makes it even more important is that the original version of this file is apparently no longer available on the site to which it was initially posted.

    I presume you've made Albert aware of this so that he can identify any further modifications that may now be required?

    Good work!  And thank you very much for undertaking what can often be a thankless job.
     
  5. FanJ

    FanJ Guest

    Hi Joseph,

    Thanks !!!  :)
    And thanks to you for giving me permission to use it!
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol fan j i love you but my head hurts i swear sometimes i suffer from A.D.D so basicly this software keeps tabs on all running programs to see if they been alterd right that way you know if something has been tamperd with?

    im hopeing i got that right you got to remember im a newby so dont frag me to harsh just want to be sure.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Thanks Jan and JVMorris,

    Very informative.

    I do use SFC regularly (Win98 SE)  but this one sounds like a much more potent and capable proposition

    Excellent!
     
  8. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Very close, but NIS File Check is actually a bit more comprehensive than that.  It can be used to monitor all programs that can be executed, not just those currently running.  (Or maybe that's what you meant in the first place.)  

    Technically, NIS File Check monitors the executables stored on your system, not the programs currently loaded into RAM.  And it only does this when you tell it to or schedule it to.  If you want to monitor real-time changes in the programs and data files, then Albert's other utility is a better choice.  (Indeed, it can be rather informative just to run File Alarm for a bit and see what all the disk read/write activity on your system is all about.)

    For most of us, executables should only rarely change.  For example,
    • When we deliberately modify or update an executable,
    • when the operating system or disk file system corrupts a file, or
    • when something very nasty happens to one of our executables
    So, unless you've just updated a major application, you normally won't see NIS File Check indicating too many changed files.  (That's good -- just like not seeing your anti-virus software constantly flashing alerts.)  And, if you haven't deliberately changed or updated the file, then you most definitely will want to investigate a bit further to find out what has happened.
     
Thread Status:
Not open for further replies.