Sentinel - Free once again!

Hey everyone

Just dropping in to announce that Sentinel (http://www.runtimeware.com/?page=p_sentinel2) is now a Freeware product once again!

For those of you not familiar with it: Sentinel is a windows based file integrity checker that will automatically execute your anti-virus program whenever it finds a discrepancy. In addition, it comes with a startup registry watcher.

Its been a while Sentinel has been on these forums - but just a quick update: Sentinel now includes SHA-1, CRC32 and MD4 checksum algorithms

Oh and...Greetings to tsr and bellgamin

 

great to hear it
I hope it stays free

 

I will take a look at it...

 

Looks interesting, must take a closer look

 

Don't worry about that - it WILL stay free forever

 

Hi all, I ask, how good is Sentinel to protect registry?mmm

 

It's grrreat to see you here at Wilders again! I'm surprised you made Sentinel a freebie. It was well worth every penny you were asking before, and then some. No doubt you have struck it rich in a state lottery, so $$$ no longer concerns you --- tra-la-la.

That is indeed an excellent addition. Does it watch all the startup/autorun registry items mentioned HERE? And/OR is it configurable as to which registry items it protects? I hope so -- but then, I'm the sort of fellow who sits down to a free lunch and complains at the lack of linen napkins.

The Lord bless you and keep you.
The Lord make His face shine upon you,
And be gracious unto you.
The Lord lift up His countenance upon you,
And give you peace.

bellgamin

 

bellgamin,

I believe you were the one who recommended Watcher. I installed it, and like it.
Does Sentinel do much of the same thing? I know Watcher does not call up the AV. Being one who does not know much, and who is cautious about installing a new program I need to know more about it and if it conflicts with other programs such as Watcher or another anti-malware program.

Thanks,
Jerry

 

I'm happy that you are satisfied with Watcher. By the way, the Watcher has *graduated* -- to the extent that it is now downloadable from SnapFiles -- my favorite spot for both shareware & freeware.

Watcher & Sentinel are in a category of security software known as "Integrity Checkers." They check files for changes by making a *hash number* (a.k.a. "checksum") for each protected file. The odds of that hash number being duplicated by accident, or by a spurious file, are very very VERY small (but are NOT zero).

Each time an Integrity Checker polls a protected file, it compares the current hash number for that file with the hash number it previously recorded for that same file. Even the teeniest, tiniest change in a file will result in a revised hash number.

If the *before & after* hash numbers for a given file are not exactly the same, then the Integrity Checker will notify you that the file has been changed. After receiving such notification, you are on your own to determine whether or not the change to that file is suspicious or explainable.

An example of an explainable change occurs when a file is updated because of a specific action you have taken.

If a specific change to a file seems suspicious, then you can do such things as check it with your antivirus & antitrojan programs.

I am not an expert on Watcher or Sentinel, so the following represents merely my OPINION as to the principle differences between these two integrity programs...

1) Watcher polls a smaller spectrum of sensitive files than does Sentinel.

2) If you know what you're doing, you can configure Sentinel more extensively than is possible with Watcher.

3) AFAIK Watcher does not disclose WHICH type of hash number it uses. Therefore, I assume it is probably using CRC32. CRC32 is quite secure unless you run up against a really serious, technically competent threat by a full-on expert. Sentinel allows you to use CRC32 but ALSO offers the option of more *powerful* checksums known as SHA-1 and MD4. (In general, the more powerful checksums slow your computer down a bit more than CRC32. The speed impact isn't a big deal IF you have a current vintage cpu OR if you run integrity checks in the off-hours.)

4) Sentinel has a Registry Watcher module. I haven't used Sentinel in a while so I have no hands-on experience with its Registry Watcher module. Based on Sentinel's website's description, its Registry Watcher module evidently polls certain key items within your registry in (more or less) "real time" & will notify you if a change is being made. Watcher has no equivalent capability -- it only checks the registry at start-up, or on-demand.

There is no inherent reason why any integrity checker would conflict with any other program of any type.

If you want to learn more about integrity checkers, then I highly recommend you to read FanJ's superb thread HERE.

I suggest you give Sentinel a try. IMHO you needn't uninstall Watcher to do so. As for me, I prefer Watcher because it is minimalist and effective for my present security set-up & needs.

 

I have PG+RegDefend+NOD32+ZA PRO 6... should I ue sentinel?

 

Does Sentinel slow down the computer? and does sentinel works in a limited user account?

 

Actually, the real reason is slightly different

Not nearly as many of the entries listed there - but it does include a couple that were not listed in that list (specifically, the registry keys responsible for spawing executables upon execution of certain file types):
HKEY_CLASSES_ROOT\htafile\Shell\Open\Command
HKEY_CLASSES_ROOT\exefile\shell\open\command
etc

And here are some replies for POS:

Because Sentinel is an On-Deman scanner, you can decide when to run it. When it is running, it will bog down the hard drive but your CPU useage will be relatively minimal. Sentinel allows you to automatically run it when you load Windows (Login) - and it also comes with a "Secure Shut Down" icon that you can place on your desktop (it will perform various scans and shutdown your pc automatically).

Also, I havent tested it with a limited user account. Sentinel does not modify any files, it just reads them. So unless you aren't allowed to access a specific folder (or have registry access limitations) I dont see how it would not be able to operate correctly.

 

Seems a nice program to run every week, 2 weeks or month, to check the system...

Thanks

 

It is a very nice program, I bought it some time ago and don't regret it one bit It's a good way to focus your antivirus, or use a freebie for a second opinion on the areas that really matter.

Thanks Derek, hopefully this will get your other products some additional attention.

 

Hi, I have been to the website and this program looks very interesting, but I was wondering What OS can it be used on?

 

Sentinel can be used on almost every version of Windows:

Windows 98/ME/NT/2000/XP/2003

 

Gonna give it a tryout.

 

I can only say: it's a great and very usefull security program!

 

Yeah!!! i think this software is great, as it checks your system automatically on start-up and there's also an option to check the system on shutdown. This is really cool man. Haven't tried yet any integrity checkers, but this one I think is really impressive... especially as it is freeware.

 

I've installed this yesterday, first opinion, very very good. I like that fact that if it find any changes to your files during scanning, it'll launch your AV to scan that particulat file

 

This is perfect to use for freebie on-demand only scanners. A good example here is a2 free.. since it supports commandline operation for both scanning and updating, you could use it for just this, without using any resources full time. I just wish Ewido would support commandline scans

 

Watcher & Sentinel are in a category of security software known as "Integrity Checkers." They check files for changes by making a *hash number* (a.k.a. "checksum") for each protected file. The odds of that hash number being duplicated by accident, or by a spurious file, are very very VERY small (but are NOT zero).

I dont suppose someone would explain this to me and the importance of having these types of programs up and running on a system?

 

You will find integrity checkers in use by 99.99% of commercial networks -- THAT's how important that IT's consider an integrity checker to be.

IF you do a good job of specifying the directories & files types that are to be monitored by an integrity checker, then it will give you a superb *additional layer of protection* against malware of all types.

Namely, an integrity checker will tell you whenever there is a change/addition/deletion to any of the files/directories it is monitoring. Since any given malware generally HAS to add or modify a file, an integrity checker can give the alarm even when there are no signatures for that particular malware, & the heuristics of your security programs don't spot anything suspicious.

However an integrity checker leaves the burden on YOU for determing which changes/additions/deletions are okay, & which are suspicious or baaaad.

That's about all I know. To wit...

***I'm doubtful that an integrity checker will be of much value against a rootkit, once that thingee gets into your computer & hides itself from Windows applications.

***Neither do I know if using a HIPS (such as Online Armor) will make an integrity checker unnecessary.

***I do hope that those who DO know will enter this discussion, because I certainly am interested in learning more.

Shalom........ bellgamin

 

hi, Bellagamin.

Ok I now understand why these programs are important.

'' If you know what you're doing, you can configure Sentinel more extensively than is possible with Watcher.''

But im still not sure of what files i would need it to check? And does it come with a large amount of files that it already looks at to see if there are any changes?

Avec

 

I agree. Though I'm doubtful the usefulness of calling your primary AV (set to resident memory scan) to check these changed files, since they would undoubtedly be scanned already. It makes more sense to me to call a secondary on demand scanner. But even then as stated by the amazing and usually right Bellgamin, the main use of intergrity checkers is independent of AV. You are supposed to investigate any changed critical file, though running a AV check is only one of the steps involved.

Not necessarily. the classical basic linux usermode rootkit, replaces copies of system files with their own trojanised copies bearing the same name. An intergrity checker could conceivably pick them up, unless, some other tricks are used to counter integrity checkers.

In addition, the standard way of detecting rootkits (boot up on a secure base OS) often requires the use of an intergrity checker.

But i think you are usually right.

Well given that HIPS can mean practically anything, it depends on the type of HIPS. Most HIPS with execution monitor for example provide limited intergrity checks for exe already. Some might provide for dlls.