Sentinel

Discussion in 'other anti-virus software' started by Notok, Sep 12, 2004.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I had not seen this program mentioned here before, so I thought I'd bring it up.

    Sentinel
    http://www.runtimeware.com

    It's an integrity checker for home desktops that works with your existing Antivirus program. It scans your System32 directory by default (any any other directories you specify) creating a cryptographic hash of vulnerable file types (supports CRC32, MD4, MD5, & SHA-1) at Windows startup and directs your AV to scan specific files that have changed. Support for algorithms above CRC32 was added promptly by request, download and run the updater to get those options. You can enter settings for 2 AVs, and it includes a process monitor (shows child processes which you won't see in Task Manager) and a really nicely done viewer to see what's set to run at startup in your registry, and can scan for changes there on startup (on demand) & just on demand too.
     

    Attached Files:

  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Here's an example of one of the logs..
     

    Attached Files:

  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Do you know which AV's are compatible with Sentinel?

    It seems very reasonably priced. Any other thoughts on this program i.e. stability and comparison to other similar software?
     
    Last edited: Sep 12, 2004
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    In terms of power, I would rank the 3 main integrity checkers as follows...

    #1- AdInf by the Dialogue Science organization. It is the *KAV of integrity checkers.* Incredibly fast & powerful. Prices: $19.95 {standard version} || $24.95 {PRO} version.
    #2- Fingerprint. Free
    #3- Sentinel. Price $10.

    Sentinel is quite good, but has a very strange, off-brand updater.

    Fingerprint is free, & is equal to Sentinel in monitoring integrity. Fingerprint has humongous latitude for configuration & tweaking. Sentinel has fewer configurations &, hence, is friendlier for newbies to use. Also, Fingerprint uses MD5 hash, whereas Sentinel can hash with SHA-1, which is a more secure algorithm than MD5 because SHA-1 has slightly less collision potential than does MD5. However, SHA-1 is significantly slower than MD5. That should not be a significant obstacle for those who do their *big scans* during the off-hours.

    AdInf is in a class by itself. It alone has enterprise versions. It alone has earned an internationally high reputation. It is fast & powerful. It is effective against stealthy stuff, inexplicable changes in *bad sectors*, & other hacker tricks that neither Fingerprint or Sentinel can deal with.

    If you are truly paranoid, or if your job security is in any way tied in with the security of a network, GET AdInf!!!

    If you are just an *average user* seeking increased security, you won't go wrong with either Sentinel (easy) or Fingerprint (a bit more difficult).

    P.S. -- At Wilder's, FanJ is a long-time user of AdInf -- a good *fellow-user* to have around. :-*
     
  5. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum


    AV's supported
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    They each have their strengths.

    Fingerprint looks good if you are solely interested in finding out whether certain files, or groups of files, have changed, without integrated virus scanning. It would be a good substitute for, or addition to, File Checker if you wanted to check large amounts of files at scheduled intervals.

    Sentinel is good for sweeps of specified file types in selected directories *and registry startup entires* It doesn't have individual file contol like Fingerprint, but it does have utilities for process and registry monitoring. Easy to use, but still plenty configurable if you spend some time looking through it. I wouldn't say "less configurable" than Fingerprint, but rather just different.. different concepts with the same tool. Wide range of anti-virus support (they have a semi healthy list of compatible AV products, but you can use ANYTHING that supports command line arguments)

    ADinf looks good for older systems with a very limited range of anti-virus support (Dr Web, AVP, and McAfee only) It has unique options for Bad Sector, Boot Sector, and Stealth Virus scanning. The only thing I could find on subject of bad sector tricks was that stealth virii will put code in the boot sector to start with Windows and protect itself by making Windows think it's just a bad drive sector and leave it alone. Modern BIOSes and later versions of Windows (especially XP) protect against this behavior, and thus we haven't seen these kinds of things for a while. BUT if you are using Windows 9x and one of those 3 AVs, this looks like a tool not to be passed up.

    If you want to test for boot sector vulnerability, you can download an old utility called VIRWARN that tests to see if your BIOS has the virus warning. The reason it was made was that some Windows 95 users were having problems installing Windows because that warning would block it from writing the boot loader, so this utility was made to test it and allow you to turn it off, on some motherboards, if needed. When you run this on XP you get a message saying that an application has tried to gain direct access to the harddisk, which cannot be supported.

    http://web.inter.nl.net/hcc/J.Steunebrink/virwarn.htm

    Direct access to hardware was one of Windows 9x' most serious security vulnerabilities that was never allowed with the NT based OSes (but also why gaming support took so long to get right.) Thankfully, now that 2000/XP are the most popular OSes, we don't see such severly destructive malware as much anymore. However I think this underscores the value for such options as what ADinf supports if you still use 9x.
     
  7. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    It never fails - whenever Sentinel gets a nice review on Wilders, my logs jump up a tad above average :D

    I just wanted to drop by and say thanks to all the people here who are taking the time to review Sentinel - I really don't get enough feedback from the average user, and these posts really help in my quest to make Sentinel a better overall solution.

    I would like to encourage anyone who has a question or comment (no matter how brutal) to ask me directly, or even post here. I was planning on making an update within the next two weeks (depending on how busy I'll be at work/school) to make the initial setup a little more intuative for average users - but I'm always open to suggestions for future upgrades.

    Bellgamin: Still using Sentinel ;) ? I did a little trip down memory lane on wilders after I searched for Sentinel, and ran across the old thread here: https://www.wilderssecurity.com/showthread.php?t=4736 - wow..that was a while ago :)
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I am a long time admirer of Integrity Checkers, & that very much includes Sentinel. I gave your latest version a trial not long ago. It's a great program.

    Another difference between Sentinel & AdInf I forgot to mention is the fact that Sentinel answers the mail -- quickly, friendly, always helpful. As for sending a message to AdInf -- don't hold your breath while waiting for a reply. ;)

    Keep up the good work RTW. I hope you hang out here at Wilders a lot. :)
     
  9. RuntimeWare

    RuntimeWare Registered Member

    Joined:
    Nov 9, 2002
    Posts:
    24
    Well not as much as I'd like to - probably only a couple times a month..but this is one of the best security forums out there. So many people coming from multiple perspectives of internet/computer security...really makes it interesting.
     
Thread Status:
Not open for further replies.