SOFTCLAN INTEGRITY 2005

Publié le par Kareldjag aka Michel



SoftClan Integrity 2005






SoftClan Integrity is a spanish product available since 2000.


The old version is always available in english version but only concerns Windows 95/98/ME.


SoftClan Integrity 2005 protects the integrity of the system and also any data.


SoftClan Integrity prevents:




- any damage and alteration in critical files: active X control (.OCX), application (.EXE), apllication extension/modules (.DLL), System files (.SYS), configuration settings (.INI), device drivers (.DRV), virtual device drivers (.386), MS-DOS batch files (.BAT) etc,

 

-any change in control pannel configuration,


-data access and damages (theft/erasing etc),


-installation of new softwares, unauthorized downloaded files, new creation of files (.exe, .sys etc),

 


SoftClan can also permit specific rules to protect any file from reading and writing (then prevent the execution of untrusted or unknown applications).


This product provides a prevention protection and can limit the damage impact of attacks, infections (worms, virus etc) and unauthorized access.





This current version is only available in spanish language for the moment. An email sent by Ernesto H. from the SoftClan team informed me that english, french and german languages pack will be available in the future.




NB. A trial version can be downloaded on this page ("descargar desde").








TEST




Configuration: due to the particular protection of SoftClan Integrity 2005, all test files are run as unknown files and SCI2005 is activated at the same time by a hot key (F10 in my configuration).


  Warning alerts option is enabled (Mostrar mensajes de aviso).





 

***Execution protection with Leaktests:



SoftClan is the winner.







***Process Termination:



SoftClan Integrity 2005 is the winner.







NB. When the process is terminated, the GUI disappears from the systray and reapears 3 secondes later: the SCI service keeps the program in memory: to be able to stop the program, killing the service is firstly necessary.




-with CopyLock, the acces is denied and the process can't be terminated and deleted.


 

 


 

 

 


***DLL injection/implant:


SoftClan is the winner.







***Process Hijacking:



 


 


SoftClan Integrity 2005 is the winner. 





***API Manipulation:



-with APISpy32: SCI is the winner (another instance of SCI2005 can't be launched).





-with ExecuteHook: SCI is the winner (does not detect the global hook, but the two notepad's ones).






-with Kapimon: SCI is the winner (Windows\System32 protected in the configuration).




SoftClan is the winner against API manipulation test.





***Finjan Test:





NB. Access to desktop is denied as it was configured by the rules.



-Finjan Demo: SCI is the winner.



-Finjan VBS: SCI is the winner





-Finjan JPG: SCI is the winner



NB. For this test, if we enable the protection (F10) at the same time (running test  executable), then there is no possibility to create the "You have been hacked" folder on the desktop (desktop acces is denied).

If we enable the protection a few millisecondes after running the VBS for instance, then the folder is created but is empty.

 

 

 SoftClan Integrity is the winner against Finjan tests.







***Registry test:



-with Regtest 1: SoftClan failed.





-with Regtest 2: The computer can not be used (all applications can't be run) but there is no shutdown (PC blocked during 4 hours without a reboot).

I consider that SoftClan is the winner.



-with Scoundrel Simulator: SCI failed.








Others registry tests are not needful.


SoftClan failed against registry test.





***Simulate a trojan with Trojan Simulator:




SoftClan2005 is the winner: when we click on install, no action (startup entry) is possible.




***Memory Manipulation:



-with UH: SoftClan2005 failed.






-with PhysMem: SoftClan failed.




SoftClan Integrity 2005 failed against Memory manipulation test.




***DataTheft test with Trojan Demo:



SoftClan Integrity 2005 is the winner (no data were stolen).







***Service/driver Manipulation:



-service installation: SCI is the winner.








-service termination: SCI is the winner: the service restarts itself once terminated



-driver modification: SCI is the winner (driver not modified or reconfigured).



-unloading a driver: SoftClan Integrity 2005 is the winner.






SoftClan Integrity 2005 is the winner against driver/service manipulation.





***CDRom autorun:



SoftClan Integrity 2005 is the winner.





NB. SCI has the ability to deny any execution from external drives for any file (ex. jpg):






***Fake/Jokes Test:



-open/close the CDRom drive: SCI is the winner.



-launching several Windows applications at the same time: SCI is the winner.





SoftClan Integrity 2005 is the winner against jokes test.







***Buffer Overflow Test:



SoftClan 2005 failed.





***Deactivation Methods:





-trashcan: SCI is the winner.



-blacklisting: SCI is the winner.










CONCLUSION:


 



 


The Pros:




-integrated as a part of the system (some dll are modified during the set up, then it's suited to make a restore point or a back up before any installation),


-protects the integrity of the system from any damage and change,


-integrated on the shell explorer (more easy to set up rules),

 

 

 

-very powerful features and numerous/various rules and configuration possibilities,

 

-effective execution protection (.exe, dll, sys ... filtering) with the option "Mostrar mansages de aviso/Show warnings alerts,

 

-possibility to deny access to any file and folder (desktop, CDRom etc),







 
 
 


-any protected file/folder/area is hidden : if Windows services are protected, then an hidden process detector detects them as "wrong services",







-runs as a service (boot start),






-option for enabling/disabling the protection by a hotkey (F5, CTRL+Alt+M etc),


-effective self protection: application program, service,

 

-can be installed on all Windows versions: 95/98/Me/2000/XP etc,

 

-more prevention than detection protection: except for the configuration, SCI does not require the user's intervention (with alerts/mostrar mensajes de aviso disabled):


It can be considered as an" install it, configure it and forguet it",


- very good value for money (currently in the Euro zone: 16.53 euros),

 

-clean package (easy installation etc).


 




The Cons:




-no protection and configuration by default, but just a list of critical systems files and control panel applets,


-requires a malware behaviour knowledge to establish effective rules with no risk of misconfigurations,


-no helpful forum, and english faq for this new version,


- currently (july 2005) only available in spanish for this version ( in english for the old version: Window 98/2000/Me),


-instability of the hot keys command (can crash the system): it's suited to use the key quickly,

-limited choice for warning alerts (but it's quite logical: it's more a prevention than a detection defense),


-only 15 days for the trial: really not sufficient for an exhaustive evaluation,


-no forum or document (the help file is quite succint and does not provide some examples) which can help beginners and classical users for a high security level configuration:

 the more optimum is the configuration, the more effective is the protection.






COMMENTS:



SofClan Integrity is available since 2000 but is unfairly not well-known.

SoftClan Integrity 2005 is designed to protect system integrity and any data from modification, damage or alteration.


It's more a prevention defense than a detection one: that's its first quality.

SoftClan does not come with default rules, but once well configured, then it's transparent to the user:

 any unknown or unauthorized execution or event is automatically blocked.


Regarding the configuration, SoftClan Integrity 2005 can permit numerous possibilities: deny access to any file/folder (even desktop or external drives), deny execution and creation of any file/folder, protect any file/folder from reading and writing etc...


Unfortunately, if data can be easily protected, it can be difficult for classical users to elaborate rules against all kinds of malwares: in this case, knowing which file could be an infection vector seems quite helpful and necessary.

Like other prevention softwares (Abtrusion Protector, OSsurance Desktop), the efficiency should be more evaluated in a risky using (warez, P2P, brasilian and russian hack sites, porn sites, CoolWebsSearch domains etc).


With its best value for money, SoftClan is very interesting in a family computer environment (with several users accounts) and particularly in public computers environment (public library, internet cafes etc):

 it will be difficult for a classical user to bypass the protection and the administor of the computer can restrict rigts (which program can be used or not) and limit the action of any user (deny any download for instance).







COMMENTAIRES:




Injustement méconnu, SoftClan Integrity est un produit espagnol disponible depuis 2000 et qui est principalement destiné à protéger l'intégrité du système ansi que les données présentes sur le disque dur (images, pdf, macro documents etc).


C'est avant tout un logiciel de prévention, et c'est là l'un de ses atouts majeurs.

Dans sa configuration d'origine, il n'intégre aucune règle, mais seulement une liste préétablie de fichiers critiques ainsi que des éléments du panneau de configaration.

En fait, c'est à l'utilisateur d'établir un jeu de règles en fonction de ses objectifs et de ses connaissances: les possibilités sont nobreuses, et SoftClan permet de protéger n'importe quel document (telle une image au format jpg) et de prevenir la création, l'accès ou l'exécution de n'importe quel fichier (.exe, .drv etc) ou dossier.


Mais une configuration optimale permettant de s'assurer autant d'une protection des données que de préserver l'intégrité du système contre toute altération requiére de la part de l'utilisateur une bonne connaissance des différentes malveillance (comportement, fichiers vecteurs d'infection etc).


Bien configuré, SoftClan apparaît comme une solution trés intéressante autant sur un ordinateur personnel et familial que sur des postes publics (cybercafés, hôtel etc).

D'autant plus que le rapport qualité prix est actuellement (hors gratuiciels) le plus interéssant du panel (16.53 euros en zone Euro).


Malheureusement il n'est disponible qu'en espagnol pour la version Windows XP (une version en anglais est disponible pour Win 98/2000/Me).

Mais un pack de langue incluant le français sera diponible bientôt.










RATING: 8.5/10



Commenter cet article