Sentinel 2.2.0

[greenknight]

Found this while browsing MajorGeeks list of antivirus apps. It's from an outfit called runtimeware, and it's not an AV program per se.

Advanced file integrity checker that integrates seamlessly with your anti-virus/trojan application(s).

Scan on Startup or use the Secure Shut Down feature to stop potential threats before they strike!

It sound interesting, but I couldn't find a lot of opinions about it; it doesn't seem to be widely used. I found a few who liked it a lot, none who had anything bad to say about it.

It sounds like it could be a useful security enhancement, or a waste of time and resources. Anybody know anything about it?

[Eldmannen]

I guess it keeps checksums of all files.

Kind of like Tripwire for Linux. Pretty good to have on a server.

[greenknight]

I guess it keeps checksums of all files.

Not all files:

Audits your system folder (as well as up to 20 other folders)...

It'd take all day if it watched all your files. It occurred to me that this was probably aimed at the server market, mostly - but it's free for home use, would it be worth installing on a home PC?

[Eldmannen]

I don't know. I've never used any such software.

[greenknight]

I may just give it a try. I've searched a bunch, the only problem related to it I found was somebody who couldn't get it to reinstall after he reformatted. This thing's been around for years (cost 10 bucks until this past year), if it caused any problems I should have found something.

[Eldmannen]

I would avoid to subjugate my computer to proprietary software.

[greenknight]

I would avoid to subjugate my computer to proprietary software.

I'm using Windows, that ship has sailed. There are lots of open-source file integrity checkers; mostly for Linux, at least one that's OS-independent (afick). I like the features this one has, anyway.

I got it installed (after running AV scans in Safe Mode, to make sure things were clean). Setup was pretty easy. After giving it a try, I disabled the startup scan to avoid a revolt by the other users - it takes a few minutes, and while you can cancel out of it, I know they wouldn't have liked it delaying startup. I plan to use the secure shutdown feature regularly, it does more anyway (also checks the Registry).

It's small, (2.67 MB installed), uses no resources, and lets you quickly check to make sure your system files haven't been altered - plus, it runs AV scans of any altered files. I think I like it.

[Eldmannen]

Nowadays I don't use Windows so much since I discovered Ubuntu Linux.

But when I used Windows, I still avoided proprietary software best I could, and used almost only free open source software for Windows.

[greenknight]

I care more about it being free than whether it's open source; and I care about how it functions, especially when it comes to security software. Other things being equal, I'll use open source - I even gave ClamWin a long tryout, longer than it deserved.

One other thing about Sentinel - by default it uses a CRC-32 algorithm, which is too easy to fool. Optionally, it can use MD4, MD5, or SHA-1, any of which is a better choice.

[Eldmannen]

CRC-32 or any checksum will probably offer adequate protection.

I don't think CRC-32 is used so much nowadays. MD5 is really popular, but has been broken too.

SHA-1 is pretty fine, I think.

[greenknight]

CRC-32 (or any CRC) is probably adequate, sure - only because it's not that widely used anymore, so there's little incentive to write code to defeat it. But it's very easy to check the SHA-1 box and rescan, so that's what I did.

[Eldmannen]

Well, mostly adequate because its unlikely that anyone would actually bother with checksums.

SHA-1 may take longer time to scan than CRC-32 though maybe...

[greenknight]

You've got a point, not too many home computer users install this type of app - and those who do are not the kind of easy targets malware writers feast on.

It doesn't take any longer with SHA-1, though, scans still take about 3 minutes.