Sentinel - Free once again!

Discussion in 'other anti-trojan software' started by RuntimeWare, Dec 20, 2005.

Thread Status:
Not open for further replies.
  1. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    Hey everyone

    Just dropping in to announce that Sentinel (http://www.runtimeware.com/?page=p_sentinel2) is now a Freeware product once again!

    For those of you not familiar with it: Sentinel is a windows based file integrity checker that will automatically execute your anti-virus program whenever it finds a discrepancy. In addition, it comes with a startup registry watcher.

    Its been a while Sentinel has been on these forums - but just a quick update: Sentinel now includes SHA-1, CRC32 and MD4 checksum algorithms :)

    Oh and...Greetings to tsr and bellgamin :)
     
  2. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    great to hear it :D
    I hope it stays free ;)
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I will take a look at it... ;)
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Looks interesting, must take a closer look
     
  5. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    Don't worry about that - it WILL stay free forever :)
     
  6. Hi all, I ask, how good is Sentinel to protect registry?mmm
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    It's grrreat to see you here at Wilders again! I'm surprised you made Sentinel a freebie. It was well worth every penny you were asking before, and then some. No doubt you have struck it rich in a state lottery, so $$$ no longer concerns you --- tra-la-la.:D

    That is indeed an excellent addition. Does it watch all the startup/autorun registry items mentioned HERE? And/OR is it configurable as to which registry items it protects? I hope so -- but then, I'm the sort of fellow who sits down to a free lunch and complains at the lack of linen napkins.:p

    The Lord bless you and keep you.
    The Lord make His face shine upon you,
    And be gracious unto you.
    The Lord lift up His countenance upon you,
    And give you peace.

    bellgamin
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    bellgamin,

    I believe you were the one who recommended Watcher. I installed it, and like it.
    Does Sentinel do much of the same thing? I know Watcher does not call up the AV. Being one who does not know much, and who is cautious about installing a new program I need to know more about it and if it conflicts with other programs such as Watcher or another anti-malware program.

    Thanks,
    Jerry
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I'm happy that you are satisfied with Watcher. By the way, the Watcher has *graduated* -- to the extent that it is now downloadable from SnapFiles -- my favorite spot for both shareware & freeware.

    Watcher & Sentinel are in a category of security software known as "Integrity Checkers." They check files for changes by making a *hash number* (a.k.a. "checksum") for each protected file. The odds of that hash number being duplicated by accident, or by a spurious file, are very very VERY small (but are NOT zero).

    Each time an Integrity Checker polls a protected file, it compares the current hash number for that file with the hash number it previously recorded for that same file. Even the teeniest, tiniest change in a file will result in a revised hash number.

    If the *before & after* hash numbers for a given file are not exactly the same, then the Integrity Checker will notify you that the file has been changed. After receiving such notification, you are on your own to determine whether or not the change to that file is suspicious or explainable.

    An example of an explainable change occurs when a file is updated because of a specific action you have taken.

    If a specific change to a file seems suspicious, then you can do such things as check it with your antivirus & antitrojan programs.

    I am not an expert on Watcher or Sentinel, so the following represents merely my OPINION as to the principle differences between these two integrity programs...

    1) Watcher polls a smaller spectrum of sensitive files than does Sentinel.

    2) If you know what you're doing, you can configure Sentinel more extensively than is possible with Watcher.

    3) AFAIK Watcher does not disclose WHICH type of hash number it uses. Therefore, I assume it is probably using CRC32. CRC32 is quite secure unless you run up against a really serious, technically competent threat by a full-on expert. Sentinel allows you to use CRC32 but ALSO offers the option of more *powerful* checksums known as SHA-1 and MD4. (In general, the more powerful checksums slow your computer down a bit more than CRC32. The speed impact isn't a big deal IF you have a current vintage cpu OR if you run integrity checks in the off-hours.)

    4) Sentinel has a Registry Watcher module. I haven't used Sentinel in a while so I have no hands-on experience with its Registry Watcher module. Based on Sentinel's website's description, its Registry Watcher module evidently polls certain key items within your registry in (more or less) "real time" & will notify you if a change is being made. Watcher has no equivalent capability -- it only checks the registry at start-up, or on-demand.

    There is no inherent reason why any integrity checker would conflict with any other program of any type.

    If you want to learn more about integrity checkers, then I highly recommend you to read FanJ's superb thread HERE.

    I suggest you give Sentinel a try. IMHO you needn't uninstall Watcher to do so. As for me, I prefer Watcher because it is minimalist and effective for my present security set-up & needs.
     
    Last edited: Dec 22, 2005
  10. POS

    POS Guest

    I have PG+RegDefend+NOD32+ZA PRO 6... should I ue sentinel?
     
  11. POS

    POS Guest

    Does Sentinel slow down the computer? and does sentinel works in a limited user account?
     
  12. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    Actually, the real reason is slightly different ;)

    Not nearly as many of the entries listed there - but it does include a couple that were not listed in that list (specifically, the registry keys responsible for spawing executables upon execution of certain file types):
    HKEY_CLASSES_ROOT\htafile\Shell\Open\Command
    HKEY_CLASSES_ROOT\exefile\shell\open\command
    etc

    And here are some replies for POS:
    Because Sentinel is an On-Deman scanner, you can decide when to run it. When it is running, it will bog down the hard drive but your CPU useage will be relatively minimal. Sentinel allows you to automatically run it when you load Windows (Login) - and it also comes with a "Secure Shut Down" icon that you can place on your desktop (it will perform various scans and shutdown your pc automatically).

    Also, I havent tested it with a limited user account. Sentinel does not modify any files, it just reads them. So unless you aren't allowed to access a specific folder (or have registry access limitations) I dont see how it would not be able to operate correctly.
     
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Seems a nice program to run every week, 2 weeks or month, to check the system... :)

    Thanks :p
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It is a very nice program, I bought it some time ago and don't regret it one bit :) It's a good way to focus your antivirus, or use a freebie for a second opinion on the areas that really matter.

    Thanks Derek, hopefully this will get your other products some additional attention. :)
     
  15. T772

    T772 Guest

    Hi, I have been to the website and this program looks very interesting, but I was wondering What OS can it be used on?
     
  16. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    Sentinel can be used on almost every version of Windows:

    Windows 98/ME/NT/2000/XP/2003
     
  17. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Gonna give it a tryout.
     
  18. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I can only say: it's a great and very usefull security program!:)
     
  19. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Yeah!!! i think this software is great, as it checks your system automatically on start-up and there's also an option to check the system on shutdown. This is really cool man. ;) Haven't tried yet any integrity checkers, but this one I think is really impressive... especially as it is freeware. :cool:
     
  20. 0pium_Dealer

    0pium_Dealer Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    106
    I've installed this yesterday, first opinion, very very good. I like that fact that if it find any changes to your files during scanning, it'll launch your AV to scan that particulat file :)
     
  21. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    This is perfect to use for freebie on-demand only scanners. A good example here is a2 free.. since it supports commandline operation for both scanning and updating, you could use it for just this, without using any resources full time. I just wish Ewido would support commandline scans :(
     
  22. Avec

    Avec Guest

    Watcher & Sentinel are in a category of security software known as "Integrity Checkers." They check files for changes by making a *hash number* (a.k.a. "checksum") for each protected file. The odds of that hash number being duplicated by accident, or by a spurious file, are very very VERY small (but are NOT zero).

    I dont suppose someone would explain this to me and the importance of having these types of programs up and running on a system?
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You will find integrity checkers in use by 99.99% of commercial networks -- THAT's how important that IT's consider an integrity checker to be.

    IF you do a good job of specifying the directories & files types that are to be monitored by an integrity checker, then it will give you a superb *additional layer of protection* against malware of all types.

    Namely, an integrity checker will tell you whenever there is a change/addition/deletion to any of the files/directories it is monitoring. Since any given malware generally HAS to add or modify a file, an integrity checker can give the alarm even when there are no signatures for that particular malware, & the heuristics of your security programs don't spot anything suspicious.

    However an integrity checker leaves the burden on YOU for determing which changes/additions/deletions are okay, & which are suspicious or baaaad.

    That's about all I know. To wit...

    ***I'm doubtful that an integrity checker will be of much value against a rootkit, once that thingee gets into your computer & hides itself from Windows applications.

    ***Neither do I know if using a HIPS (such as Online Armor) will make an integrity checker unnecessary.

    ***I do hope that those who DO know will enter this discussion, because I certainly am interested in learning more.

    Shalom........ bellgamin
     
  24. Avec

    Avec Guest

    hi, Bellagamin.

    Ok I now understand why these programs are important.

    '' If you know what you're doing, you can configure Sentinel more extensively than is possible with Watcher.''

    But im still not sure of what files i would need it to check? And does it come with a large amount of files that it already looks at to see if there are any changes?

    Avec
     
  25. I agree. Though I'm doubtful the usefulness of calling your primary AV (set to resident memory scan) to check these changed files, since they would undoubtedly be scanned already. It makes more sense to me to call a secondary on demand scanner. But even then as stated by the amazing and usually right Bellgamin, the main use of intergrity checkers is independent of AV. You are supposed to investigate any changed critical file, though running a AV check is only one of the steps involved.

    Not necessarily. the classical basic linux usermode rootkit, replaces copies of system files with their own trojanised copies bearing the same name. An intergrity checker could conceivably pick them up, unless, some other tricks are used to counter integrity checkers.

    In addition, the standard way of detecting rootkits (boot up on a secure base OS) often requires the use of an intergrity checker.

    But i think you are usually right.

    Well given that HIPS can mean practically anything, it depends on the type of HIPS. Most HIPS with execution monitor for example provide limited intergrity checks for exe already. Some might provide for dlls.
     
Thread Status:
Not open for further replies.