Secure Folders to protect folders (and use as anti-executable)

And what about programs from companies about which is known quite a lot? Are they better or more trustworthy by default? What about GOOGLE Chrome, for instance? I know something about this company, but this does not necessarily mean that I trust them more than a programmer whose name is little known. In this particular case, I definitely trust the SF programmer more than Google (I use SF but I would never, ever use Google Chrome).

 

Hm yes, that is a good point. Hard to tell, but that will probably always be the case - except you go for Open source only. But that wont be possible So you are right...

 

Open source? Hm... are they all trustworthy?

 

The only thing that could nuke Secure Folders is if MS decide to keep introducing .NET versions, and later decide to drop older versions; SF relies on .NET framework being installed.

I think I have come across 9 alternatives, but none of them provide "no-execution", or the McDreamy option of "policy/group based no-execution", to prevent trustworthy apps viewing untrustworthy directories based on user needs. I think it can be coded up.

 

Thanks for your post, marzametal. I have also come across similar apps but they are not really alternative because they don't provide the options you find in Secure Folders ("no-execution" in particular). I found some apps that were developed ten or fifteen years ago; they are all "dead" now. Two or three newer alternatives I have come across are not that bad, but they are definitely inferior to Secure Folders in one way or another, so I wouldn't regard them as real alternatives. It can only be hoped that MS updates will not nuke SF one day.

 

Regarding the portable-mode Secure Folders kernel driver discussion, out of curiosity, I decided to try out portable-mode. On my system, portable mode SF is calling the following driver:

C:\Windows\system32\drivers\rdbvid.sys

I assume the kernel driver file name is likely randomized, But anyway, portable-mode SF still utilizes a kernel mode driver.

You can use NVT's Kernel Mode Drivers Manager (http://www.novirusthanks.org/products/kernel-mode-drivers-manager/) to see which kernel mode driver is being utilized by SF. This program is free and also has a portable version.

 

Indeed - sysnet.sys on my system. Publisher = Promosoft Software Limited ...

 

What would be interesting for me is: Can software to protect folders really protect from Randomware? Has there been any testings?
I mean, is the protection only done superficially, or is it really done in low-level kernel mode?

After trying the latest hide folders v5 yesterday, when enabling the read-only protection for a folder, I saw the following prompt:


So it seems to really be blocked by windows mechanisms so that I needed to become admin to access it. And even after pressing "continue", write-access was not allowed properly.

So Im wondering whether that really helps against ransomware.

Thanks!

 

Guten Morgen TestPersonX,
I don't know whether Secure Folders or similar programs are sufficient protection against ransomware. However, I think that such programs can be safely regarded as an additional layer of security which may at least prevent less sophisticated ransomware from encrypting your files.

 

Yes unfortunately, no one wants to test it I guess
But from the prompt shown in the screenshot above, the protection seems to be done via NTFS access rights - maybe this would yield good protectionm, as long as ransomware is not executed with full superuser rights.

 

Yes, this is also my understanding. Would be interesting to see some anti-ransomware tests from developers.

 

I don't mind letting some Ransonware loose on my system... very intrigued to see what SF can do. I can't give it a shot for a couple of days; away from PC at the moment, only got time to pop in and check posts. Gonna' have to lower some security though, such as AppGuard and SRP, maybe even Group Policy for the Ransomware to be allowed to run... it'll be a good test anways; been itching to try it for over a month; guess I haven't had the ***** for it... even though I have proper backups to restore from.

...might be against TOC to ask for some sources; guess I could go the usual route and check out what MalwareTips has to offer?

 

Bahh! Well i have a good honeypot of a new set up just for this purpose and would like to determine the outcome to share too. Temporarily though i have to replace the HDD in it first and i haven't even got it on order yet but maybe this week. So busy.

If anyone does get to test the value of SF please list the Platform such as Windows 7, 8, 8.1 64 or 32 bit etc.

Could prove to be a small game changer if it holds water. If not? Nothing ventured is nothing gained right?

 

Damn, forgot I have that icon sitting in taskbar, waiting for on-demand use. Thanks for reminding me Sir!

 

this icon is easy to forget

 

Why not test it on a virtual machine? Back in the days I did test HIPS against malware once in a while, Neoava Guard couldn't stop destructive file infectors (same as ransomware) even though it was a topnotch HIPS.

 

Hi Rasheed...

What I am trying to do is see how this ransomware stuff reacts on my system, as opposed to some ISO install into a VM.

 

One feature I love about SF is keyboard shortcuts to fast toggling:
Alt+z > Protection Enabled
Alt+x > Protection Disabled

 

well the home page domain seems up for sale lol. So I guess the author decided to abandon this software?

So how does one download this software now?

 

Yes, look at my signature.

 

Salutations/Greetings!

@marzametal, Post 214: What was the outcome on your PC with Secure Folders?
And everybody else?

> And does it matter that SF has not been updated?

And what is your opinion on the following for protecting file/folders......ect.?


http://hummerstudio.com/filewall.php-
http://www.mbbsoftware.com/Products/Act-On-File/2012/Modules.aspx#TheCryptorModule

http://www.comss.info/page.php?al=IObit_Protected_Folder_free
https://www.steganos.com/en/steganos-safe-17

https://www.demonsaw.com/
http://www.superbasis.de/copymik/index.htm

http://filehippo.com/download_anvi_folder_locker_free/
https://www.boxcryptor.com/en

https://translate.google.bs/translate?hl=en&sl=ru&u=http://anvidelabs.org/asf.html&prev=search
http://www.winability.com/folderguard/

http://www.cypherix.com/lock-folder/
http://www.cubeitz.com/data-guard/



Looking forward to your comments/opinions.


Kind regards,

 

I locked a whole USB drive with X:\ letter. I'm wondering if a malware, specially cryptomalware, could be able to change drive letter to have access to it?

If so could that malware make use of diskmgmt.msc to attempt to change the letter?
Is it possible for malware to accomplish that by any other means different than diskmgmt.msc?

I did run a test trying to change it manually from diskmgmt.msc but SecureFolders seems to block the change:



Needles to say when I stopped its protection I was able to change the drive letter. After this SF seems to me very strong protection.

 

@Mister X

Thx for testing, pitty secure folders is not capable of "seeing" windows 10 apps, otherwise it works perfectly on Windows 10.

How Secure Folders seems to work

1. It creates a basic user with limited rights (a normal Windows Mechanism)
2. Ads ACL (Access Control Lists) to the protected folders (a normal Windows Mechanism) while removing those rights from other users
3. Runs trusted programs under the limited user it created (comparable with psexec of sysinternals)

With so many default windows mechanisms used, I wonder why Windows OS does not include such protection mechanisms. Secure Folders a perfect example of Google's design philosophy (be nimble, use what is already available in the OS)