Terra Privacy -- Dynamically generated whitelists

Discussion in 'other anti-malware software' started by hawki, May 26, 2017.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Great feedback guys, I agree that a security tool should be easy to understand and easy to configure. I'm sure Terra Privacy will address this.
     
  2. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    Perhaps the current interface doesn't convey the value of the underlying technology. Hacker Deterrent Pro isn't a utility, and therefore cannot be priced at a utility level. Hacker Deterrent Pro requires a team of programmers: Server Programmers, Kernel-Level Programmers, Browser Extension Programmers, etc. We also invest heavily in the strongest security testing suites (including Core Impact which in and of itself can cost companies an average of $50,000 per year). Then there's intellectual property costs, support costs, etc. All told, Hacker Deterrent Pro has required a greater than $1 million investment to reach the beta stage which doesn't include ongoing support.

    Naturally, costs don't matter if the end product doesn't accomplish something demonstrably incredible. Fortunately, you can test the value of Hacker Deterrent Pro yourself by doing the following:
    • Purchase or download free trials of Norton, BitDefender, Kaspersky, Malwarebytes, etc. Choose any you want and even layer as many as you want on top of each other.
    • Then install any browser plugin from any company of your choosing. The only requirement is that the browser plugin uses the internet to access a remote site (as opposed to plugins that solely run internally without seeking an outbound connection). Some examples include Ghostery and NoScript.
    • See if your downloaded security suite allows the browser plugin to communicate via the internet without your express permission.
    • Compare the result with Hacker Deterrent Pro.
    Why is this important? From an operating system and security standpoint, there's absolutely no difference between the communication path of a browser plugin and a browser-injected trojan. If your security system allows browser plugins to communicate on the internet without your express permission then your security system allows browser-injected trojans to communicate on the internet without your express permission. This was the greatest challenge to solve with Hacker Deterrent Pro. We needed to be able to stratify webpage traffic from internal browser traffic, in order to provide genuine protection against browser-injected trojans.

    The developmental costs of Hacker Deterrent Pro have been worth it due to one fact: Hacker Deterrent Pro blocks the trojans that other security systems don't. Our website contains videos documenting the reality of this fact. Very importantly, these trojans are relatively trivial for hackers to create -- leaving your computer wide open for attack by hackers of almost any skill level if you aren't using Hacker Deterrent Pro.

    We admittedly decided to release Hacker Deterrent Pro after completing the back end prior to the GUI design development cycle -- realizing that the GUI will indeed undergo many changes. The reason for our choice is straightforward: We want to give people the opportunity to block app-injected trojans and browser-injected trojans now; rather than having to wait. After all, the protection component works 100% in the current version. We don't want people to have to remain victims while they wait for the GUI development cycle. We believe the greatest value is in the protection itself.

    Currently, we don't know of any other security system that blocks this all-too-common malware (i.e. app-injected trojans and browser-injected trojans). While anti-malware attempts to stop injection in the first place, this is always a cat and mouse game with anti-malware on the losing end. Kindly checkout tools such as MetaSploit and Core Impact to see that trojan development tools are always ahead of anti-malware. What's needed is a technology that stops trojans from connecting to hackers' servers even after the trojans have successfully injected themselves into reputable apps and/or the browser. This is where Hacker Deterrent Pro uniquely shines.

    Rather than deny people the ability and right to protect themselves, we trust that those who want genuine protection will use our product to get that protection. We also trust that offering a genuine solution for the trojans that no other security software stops is of great value - even with the current interface. That being said, we truly respect your opinion and perspective.
     
  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Yes, its of great value.

    I see you making it a multi-tier product - charging more for enterprise use with top-notch features and tech support and a stripped-down mainstream product at an affordable rate for home users.

    In the long run, that would recoup the cost of developing it and bringing it to market. It has something to offer to every level of need and consumers can decide how much they want to pay and what level of protection works best for their needs.

    Including of course, upgrade paths to a different level should it be required.
     
  4. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    Hacker Deterrent Pro isn't a multi-tiered product at this stage. However, a future enterprise version will be forthcoming which will include LAN whitelisting and centralized administration.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for the informative post, and the fact that it can even block extensions from making outbound connections is really cool, no other tool that I know of is capable of doing this. I just wish I could fully understand how you guys manage to differentiate between legit and non legit traffic. And BTW, you never answered my question about the browser extensions, why are they needed?
     
  6. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    It's the browser extensions that allow us to separate page traffic from internal browser traffic. That's why they are needed.

    In short, webpage traffic follows a per tab communication path; whereas the rest of the browser traffic doesn't. The browser extensions are programmed to enumerate traffic on a per tab basis, and immediately report this specific traffic directly to the kernel firewall. Therefore, the kernel firewall knows that any browser traffic that's not reported by the browser extension must be internal browser communication, and thus such traffic is initially blocked. Browser-based trojans are thereby automatically blocked while legitimate webpage traffic automatically flows freely.
     
    Last edited: Jun 5, 2017
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see. That's what I already suspected, and that's why I mentioned extensions like Ghostery and uBlock, even though they are of course nothing like HD Pro. So let's say I browser to terraprivacy.com, you will see all domains and connections that are related to the website, you will then white-list them until they become inactive, and if malware tries to connect to hacker.com you will block it, because you know it's not related to any open website. Am I close into describing how it works?
     

    Attached Files:

  8. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    Precisely!
     
  9. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    On Wilders, we've noted new software tends to be sold to one of the major security companies because private developers or small startups don't have the deep pockets to really develop their software to their full potential.

    If Hacker Deterrent Pro is as good as it ultimately will be, expect there to be a lot of interest in someone buying it.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks, I finally can visualize it better, even though I'm not claiming to understand all of the details. But should HD Pro really be depended on extensions? Is it the only way to monitor this?
     
  11. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    There is another way of accomplishing the goal: SSL Interception. SSL interception has the advantage of being browser agnostic, however local SSL interception can introduce inadvertent security holes (see http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf) and remote proxy SSL interception can introduce significant performance issues.

    Kindly read the link above. In this study, every security product tested literally makes the computer more vulnerable instead of more secure.

    We are currently exploring novel ideas to overcome the security weaknesses of local SSL interception and/or the performance issues of remote SSL interception. The moment we have successful results on either front, we will move to this model instead. However, in no way will we follow the path of popular anti-malware programs that literally weaken user security in the pursuit of unmerited profit.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see, I would also prefer not to use the SSL interception method. But if I understood correctly, you need a way to monitor browser traffic, right? The thing is, I assumed you could simply do this with a network monitor. I mean, what if the extensions are disabled by the user or malware, is HD Pro then basically blind?
     
  13. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    If we were to use a network monitor then SSL interception would still be required because the SSL traffic is encrypted.

    The Kernel Firewall only allows browser traffic reported by the extension. Therefore, if the extension is disabled then all browser traffic is blocked. This is a purposeful design criteria. If a hacker disables the extension then he has only cut himself off from internet access anyway.
     
    Last edited: Jun 8, 2017
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874

    I downloaded and installed HDP - why it does default to HD even though I'm running the beta?
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Two things I don't like about it: the app firewall can't be closed when done without the application complaining HDP isn't installed - and it offers to uninstall the browser plugin.

    The other issue there is no systray icon to easily configure settings when needed. Some browsers like Cyberfox, Pale Moon and Qupzilla have to be added to the list.

    And it turns off network discovery and device sharing so network devices aren't visible in Network And Sharing Center.
     
  16. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    You can minimize HDP to remove it from the screen instead of closing it. This will preserve its functionality while not requiring any screen space.

    Yes, we currently support solely Chrome and Firefox. Other browsers will be added over time. In the meantime, if you have a particular need for a different browser you can click on the globe at the bottom of the screen to turn it red. This disables Transient Whitelisting, allowing you to use any browser you want. You will still see which sites the browser uses, but you won't have either Transient Whitelisting nor blocking capabilities for as long as this feature is turned off. Once you return to Firefox or Chrome you can turn Transient Whitelisting back on by clicking on the globe again.

    Hacker Deterrent Pro isn't designed to turn off Network and Device Discovery. In fact, it's currently designed to solely block internet-based packets; allowing all local packets through.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, I see. So if the extensions don't report anything, then the white-list is empty, so nothing can connect. Sounds clever to me.
     
  18. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    I uninstalled the current beta. No way to make my favorite browser permanent upon reboot.

    The app firewall should also allow users to manually add Internet facing apps. Right now, its dynamically generated, so not all apps
    will be listed. People should be able to add things like Windows Update to it so you don't have to turn off the application and lose protection when you need to run an update.

    That should make it a better and more functional product. A systray icon would make it easier to configure things on the fly.
     
  19. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    All apps are listed each time they attempt to access the internet. This includes Windows Update. Therefore, when you'd like to run Windows Update then you can always do so whenever you want. There's no need to "turn off the application and lose protection when you need to run an update."

    We do indeed currently support solely Firefox and Chrome - support for other browsers will be coming soon. However, HDP is the only approach that we know of that consistently stops browser-injected trojans. In our testing, HDP stopped 100%. We will soon be submitting the commercial version upon its release for independent third-party testing to demonstrate that our approach consistently exposes and blocks browser-injected trojans. These are the trojans that hackers use to bypass Norton, Bitdefender, Kaspersky, etc. Uninstalling HDP for the sake of using some other browser does mean that you are once again vulnerable to browser-injected trojans.
     
  20. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    If I'm not mistaken, you've changed the pricing of HDP from being $39 for a single PC to now being the same price for up to three computers? A good move but still not great value for money if you only want to protect one computer.
     
  21. Michael Wood

    Michael Wood Registered Member

    Joined:
    May 27, 2017
    Posts:
    42
    Location:
    Fort Lauderdale, FL
    Our product stops the app-injecting trojans that other cybersecurity products don't.

    Even the product before our current one already stopped trojans invisible to the most popular security products: https://youtu.be/ilPXQRKXjVc

    Now with our latest product, we also stop browser-injected trojans (https://terraprivacy.com/browser-injected-trojans/) and browser-imitating trojans (https://terraprivacy.com/browser-imitating-trojans/).

    Each person will need to decide if effective protection against the most common trojans is worth $40/yr or not. We, however, are very proud to be offering gamechanging security at this low price.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Do you think that HD Pro is able to block an in-memory trojan, even when it's injected inside a trusted system process? In the link you can read about in-memory ransomware, but it could have also been a trojan of course.

    http://blog.secdo.com/multiple-groups-exploiting-eternalblue-weeks-before-wannacry
     
  23. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    You can try to justify that high yearly price tag all you want, but there are few to no successful software operating at this cost
    that users are purchasing, Glasswire and a couple others but they have eared it and are well known software.
    If it is truly that expensive to run your operation then you need to refocus your marketing to the enterprise field,
    or optimize your business model.
    From the look and feel of this software it has quite a way to go before it is RTM (ready to market) and it has a lot to prove before
    it earns that kind of price tag for the public user. Don't take my word for it, we all will be watching this play out.
    Good Luck :thumb:
     
    Last edited: Jun 18, 2017
  24. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Agreed, and like i said he may want to adjust his marketing for Enterprise exclusively. Once he can prove the worth of this software
    in the correct manner he could ask that and more, but until then, even Enterprise will shun that price, let alone the general public.
    He's putting the cart before the horse by not substanciating or validating this software
    through the riggers of the proper testing to propel him forward.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Mike, I looked at your site. 1) I have other software that protects me from all the same things you list. Worse still it doesn't even cover my primary browser. I think _CyberGhosT_ has a good point about your price point. I wish you well, but am sceptical.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.