Secure Folders to protect folders (and use as anti-executable)

Discussion in 'other anti-malware software' started by Windows_Security, Oct 21, 2014.

  1. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,322
    And what about programs from companies about which is known quite a lot? Are they better or more trustworthy by default? What about GOOGLE Chrome, for instance? I know something about this company, but this does not necessarily mean that I trust them more than a programmer whose name is little known. In this particular case, I definitely trust the SF programmer more than Google (I use SF but I would never, ever use Google Chrome).
     
  2. TestPersonX

    TestPersonX Registered Member

    Joined:
    Jul 13, 2009
    Posts:
    32
    Hm yes, that is a good point. Hard to tell, but that will probably always be the case - except you go for Open source only. But that wont be possible :) So you are right...
     
  3. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,322
    Open source? Hm... are they all trustworthy?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Well I've had it installed, and use it and it seems to work as advertised. Also I've seen no ill effects or problems it's created.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    The only thing that could nuke Secure Folders is if MS decide to keep introducing .NET versions, and later decide to drop older versions; SF relies on .NET framework being installed.

    I think I have come across 9 alternatives, but none of them provide "no-execution", or the McDreamy option of "policy/group based no-execution", to prevent trustworthy apps viewing untrustworthy directories based on user needs. I think it can be coded up.
     
  6. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,322
    Thanks for your post, marzametal. I have also come across similar apps but they are not really alternative because they don't provide the options you find in Secure Folders ("no-execution" in particular). I found some apps that were developed ten or fifteen years ago; they are all "dead" now. Two or three newer alternatives I have come across are not that bad, but they are definitely inferior to Secure Folders in one way or another, so I wouldn't regard them as real alternatives. It can only be hoped that MS updates will not nuke SF one day.
     
  7. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Regarding the portable-mode Secure Folders kernel driver discussion, out of curiosity, I decided to try out portable-mode. On my system, portable mode SF is calling the following driver:

    C:\Windows\system32\drivers\rdbvid.sys

    I assume the kernel driver file name is likely randomized, But anyway, portable-mode SF still utilizes a kernel mode driver.

    You can use NVT's Kernel Mode Drivers Manager (http://www.novirusthanks.org/products/kernel-mode-drivers-manager/) to see which kernel mode driver is being utilized by SF. This program is free and also has a portable version.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,245
    Location:
    Under a bushel ...
    Indeed - sysnet.sys on my system. Publisher = Promosoft Software Limited ...
     
  9. TestPersonX

    TestPersonX Registered Member

    Joined:
    Jul 13, 2009
    Posts:
    32
    What would be interesting for me is: Can software to protect folders really protect from Randomware? Has there been any testings?
    I mean, is the protection only done superficially, or is it really done in low-level kernel mode?

    After trying the latest hide folders v5 yesterday, when enabling the read-only protection for a folder, I saw the following prompt:
    2016-01-03 12_32_07-Zugriff auf den Zielordner wurde verweigert.png

    So it seems to really be blocked by windows mechanisms so that I needed to become admin to access it. And even after pressing "continue", write-access was not allowed properly.

    So Im wondering whether that really helps against ransomware.

    Thanks!
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,322
    Guten Morgen TestPersonX,
    I don't know whether Secure Folders or similar programs are sufficient protection against ransomware. However, I think that such programs can be safely regarded as an additional layer of security which may at least prevent less sophisticated ransomware from encrypting your files.
     
  11. TestPersonX

    TestPersonX Registered Member

    Joined:
    Jul 13, 2009
    Posts:
    32
    Yes unfortunately, no one wants to test it I guess :)
    But from the prompt shown in the screenshot above, the protection seems to be done via NTFS access rights - maybe this would yield good protectionm, as long as ransomware is not executed with full superuser rights.
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,322
    Yes, this is also my understanding. Would be interesting to see some anti-ransomware tests from developers.
     
  13. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I don't mind letting some Ransonware loose on my system... very intrigued to see what SF can do. I can't give it a shot for a couple of days; away from PC at the moment, only got time to pop in and check posts. Gonna' have to lower some security though, such as AppGuard and SRP, maybe even Group Policy for the Ransomware to be allowed to run... it'll be a good test anways; been itching to try it for over a month; guess I haven't had the ***** for it... even though I have proper backups to restore from.

    ...might be against TOC to ask for some sources; guess I could go the usual route and check out what MalwareTips has to offer?
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,781
    Location:
    U.S.A. (South)
    Bahh! Well i have a good honeypot of a new set up just for this purpose and would like to determine the outcome to share too. Temporarily though i have to replace the HDD in it first and i haven't even got it on order yet but maybe this week. So busy.

    If anyone does get to test the value of SF please list the Platform such as Windows 7, 8, 8.1 64 or 32 bit etc.

    Could prove to be a small game changer if it holds water. If not? Nothing ventured is nothing gained right?
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Seriously if you are going to do this protect your system. When I tested the ransomware over the Appguard leak, I used ShadowDefender and shadowed all three of my disks. It's protection held.

    Pete
     
  16. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Damn, forgot I have that icon sitting in taskbar, waiting for on-demand use. Thanks for reminding me Sir!
     
  17. guest

    guest Guest

    :argh:

    this icon is easy to forget
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,435
    Location:
    The Netherlands
    Why not test it on a virtual machine? Back in the days I did test HIPS against malware once in a while, Neoava Guard couldn't stop destructive file infectors (same as ransomware) even though it was a topnotch HIPS.
     
  19. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Hi Rasheed...

    What I am trying to do is see how this ransomware stuff reacts on my system, as opposed to some ISO install into a VM.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,793
    Location:
    Mexico
    One feature I love about SF is keyboard shortcuts to fast toggling:
    Alt+z > Protection Enabled
    Alt+x > Protection Disabled
     
  21. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    927
    Location:
    UK
    well the home page domain seems up for sale lol. So I guess the author decided to abandon this software?

    So how does one download this software now?
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,793
    Location:
    Mexico
    Yes, look at my signature.
     
  23. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    605
    Location:
    U.S. Citizen
    Salutations/Greetings!:)

    @marzametal, Post 214: What was the outcome on your PC with Secure Folders?
    And everybody else?

    > And does it matter that SF has not been updated?

    And what is your opinion on the following for protecting file/folders......ect.?


    http://hummerstudio.com/filewall.php-
    http://www.mbbsoftware.com/Products/Act-On-File/2012/Modules.aspx#TheCryptorModule

    http://www.comss.info/page.php?al=IObit_Protected_Folder_free
    https://www.steganos.com/en/steganos-safe-17

    https://www.demonsaw.com/
    http://www.superbasis.de/copymik/index.htm

    http://filehippo.com/download_anvi_folder_locker_free/
    https://www.boxcryptor.com/en

    https://translate.google.bs/translate?hl=en&sl=ru&u=http://anvidelabs.org/asf.html&prev=search
    http://www.winability.com/folderguard/

    http://www.cypherix.com/lock-folder/
    http://www.cubeitz.com/data-guard/



    Looking forward to your comments/opinions.:geek:


    Kind regards,
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,793
    Location:
    Mexico
    I locked a whole USB drive with X:\ letter. I'm wondering if a malware, specially cryptomalware, could be able to change drive letter to have access to it?

    If so could that malware make use of diskmgmt.msc to attempt to change the letter?
    Is it possible for malware to accomplish that by any other means different than diskmgmt.msc?

    I did run a test trying to change it manually from diskmgmt.msc but SecureFolders seems to block the change:

    diskmgmt.png

    Needles to say when I stopped its protection I was able to change the drive letter. After this SF seems to me very strong protection.
     
  25. @Mister X

    Thx for testing, pitty secure folders is not capable of "seeing" windows 10 apps, otherwise it works perfectly on Windows 10.

    How Secure Folders seems to work

    1. It creates a basic user with limited rights (a normal Windows Mechanism)
    2. Ads ACL (Access Control Lists) to the protected folders (a normal Windows Mechanism) while removing those rights from other users
    3. Runs trusted programs under the limited user it created (comparable with psexec of sysinternals)

    With so many default windows mechanisms used, I wonder why Windows OS does not include such protection mechanisms. Secure Folders a perfect example of Google's design philosophy (be nimble, use what is already available in the OS)
     
    Last edited by a moderator: Jan 29, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.