c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $15

[c0ldshadow]

hi all, getting back into programming more now and just updated some of my software on http://deeptide.com/index.htm

special discount:

if anyone has donated $15 in the past or does so in the future while this coupon active i will give u a copy of 1 program for free=) if u are interested just send me an email at atarasov(!a!T)hushmail d0tcom

newest program is DeepTide Malware IDS

basically this program acts as a host intrusion detection system, and downloads a list of IP address associated with malware from https://zeustracker.abuse.ch and MDL and monitors network traffic for packets to or from the malicious IP addresses and alerts user if malicious packets are detected

IP parsing / extraction done w/ boost::regex, https URL contents downloaded w/ openssl and libcurl (annoying to compile openssl in devc++), winpcap used for network monitoring.

currently monitors a little over 4000 IPs


updated Compressed NTFS File Decompressor to v4.0

decompresses all compressed ntfs files on a drive



note: programs might not work unless run w/ administrative rights (right click and 'run as administrator'). might need to disable antivirus or firewall software and/or set a rule to allow the programs due to the downloading and low level operations used by software

hope u all find this useful. questions/comments/suggestions on software always welcomed=)

 

[Deleted member 8382]

Re: c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $1

Good idea!

 

[Asherz]

Re: c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $1

I followed what it does just about, but for people that might not be so computer literate what does it achieve?

 

[HIMNL9]

Re: c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $1

Hi, does your malware ids accept manually added IPs ? ..... like, a txt or something similar file, or an "add an IP" function, for insert other IPs, together with the downloaded ones ?

Also, is this a survey only program, or permit you also to block these IPs ? (i guess not, cause this is probably more easy using hosts, but i suppose asking don't kill ..... hope )

 

[c0ldshadow]

Re: c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $1

@asherz, yeh i need to rewrite it to be less technical i think lol

big picture is detect and alert user of suspicious network activity

for the file decompressor, big picture is Best practices for NTFS compression in Windows

HIMNL7, u certainly have some great ideas=)

this will be included for v2.o.. winpcap doesn't support the dropping of packets unfortunately

regarding the hosts file, this is a good idea. i will add the ability to block malware domains from MDL and zeustracker by adding them to hosts file

IP blocking not sure solution yet but domain blockage is def. possible. i like idea about adding/ips and domains manually for future version

 

[HIMNL9]

Re: c0ldshadow's DeepTide Software Updated - Free copies past/present donations >= $1

Well, i'm sorta of security maniac ..... i'm sometimes full of ideas about PC security, but without the ability needed for develope my ideas myself

Glad that you consider this idea not too much crazy ..... i always search all that what can close some of the usual holes in win safety (and, unfortunately, almost all the programs that i have to use for work are only for win ), and the most part of the safety programs around don't have any possibility to add anything manually ..... btw, my hosts file actually reached 600Kb .....

BTW, if i can ask ..... do you know any way, apart stop the related services, for get control of the autorun function about removable drivers ? ..... i mean, as you probably know, there's a lot of devices, also flashdisks, and lots of cds, that all the times that you put them in your system, try to execute something or install something, and all the times, they don't ask your permission ..... actually, seem that the only way for avoid them, is disable autorun and related services, but i still have some doubts, about the fact that some modules with ring 0 (kernel level) privileges can jump over this and still execute or install something, espacially cause i have already seen machines where, having as example auto-update disabled, something still installed some updates without ask to the user ..... and fear the possibility that, someone, can create a virus or something similar, that using these privileges, can jump over antivirus and similars, and install some rootkit or mess up the pc .....

So, i'm wondering if is possible to make (or if already exist), something that can be executed as service with kernel privileges, and that can survey any program that can try to launch itself, from any external connection (network too, if possible, but mainly removable drivers), and that can intercept them and advise the user, something like, "warning, the program X from the driver Y is trying to execute something, do you want to allow it ?" ..... and that can do this, regardless from what authorization, privileges or codes the program X may have, including microsoft ones (and, ofcourse, if this exist, i guess that is not microsoft that made it ..... )