FMA Intel-Secure™ 2014
- Thread starter Nico@FMA
- Start date
- Status
- May 11, 2013
- 1,687
Oeps forgot to ask if you guys can tell me what you think about this way of doing checks.
So honestly taking into account what the program can do and its potential afteral we are only scratching topside yet.
Then what would be the future of this program based upon its abilities?
So tell me what you guys think.
So honestly taking into account what the program can do and its potential afteral we are only scratching topside yet.
Then what would be the future of this program based upon its abilities?
So tell me what you guys think.
For me your checking procedure is all good , at its current state FMIAS is already a decent and complete tool for malware-cleaners ITs. now you will have 2 choices, continue this way and let it light by just improving its analysis and checks features (more oriented to professionals) or the tricky way to make it userfriendly (so maybe bloated) for the Average Joe users.
Personally, by focusing professionals you will spend less resources and gain a solid base of users that will gives you real feedbacks.
Personally, by focusing professionals you will spend less resources and gain a solid base of users that will gives you real feedbacks.
- May 11, 2013
- 1,687
Right i understand what you are saying, its a thin line between PRO or user F. But its also a rather easy choice with pretty simple adjustments.
Right now i am generating one logfile, if i would change the log file output so that each series of scans has its own log then yes you will get more logs but the data is more friendly to the eyes as you can get lost in a big log. And even with compare software you are going to get pain in the eyes due to all the data. so if i were to trim down and divide the logs into smaller logs then you got both the prof level and to a large degree a Ufriendly program. I know for a fact that the program will NEVER consume more then 100mb right now its below 25mb and intent to keep it that way 100mb usage during peak is NOT acceptable for me. But time will tell as i am sure you guys have a pretty good view of what i intend to do and NO i will not bloat the program, however due technical limitations i will have to add Microsoft modules as sub bridges between various scans, you have to understand that the command line and command engines within the OS itself are not limitless and without bridges you will run out of options and more importantly you will run out of technical ability.
So yes i will have to add additional tools and i will do so when i see fit and when the program needs it but right now the one and only thing i am going to do is turn every option into active mode because you guys did not realize that you where only using 25% of the actual capability within the program, yes the options have been added since the first GUI version, but i did disable them for technical reasons.
You are not going to test a formula 1 race car the first day and try to hit top speed without good testing and pre analyses.
So when i turn on all the options i think a world will open.
Now given the few idea's i have and some tweaks to some commands that are already present, i will have a even more capable program then it was originally written for.
However this requires patience, local testing and patience.
And i have ENOUGH of both. But the end result will be something to be proud on. Every software writer would class his software project kick ass and revolutionary even if its just to make them feel good, but i guarantee when the program is ready and its only 50% of what i did envision it to be? Then the only thing i can say is: Holy #####.
Kind regards nico
Yes a separate log corresponding to each check; it is what i suggested you already. This project is taking the right path 
- May 11, 2013
- 1,687
Now this is something that makes me happy VERY happy.
- May 11, 2013
- 1,687
If you got any recommendations then please list them for me, because as you can see i follow up on your advise (staff recommendations)
@All others i would like to know who has downloaded my program and who is planning to review it? and when?
Little update the server i bought is not ready yet i expect it to be online in the next 2 days, it did have some delay due to legal matters because the new host needed to verify that my software is legit and virus free before i can be certified to host setup.exe files and update scripts which work with my program. But it all has checked out so i am even more happy then i already was.
- May 11, 2013
- 1,687
It has been a while when i posted a new update.
So here it goes.
Currently the software is going trough a major overhaul, to enable it to use more complex logging techniques.
As it is right now there are limitations that cannot be bypassed, hence i needed to change some key aspects so other scripting languages can be used within the program to enhance present and future options.
Due to the massive work i will not update the current version yet.
Also we are working on a alternative tagging feature that will allow file tracking this due the fact that the past weeks the program done 4 successful investigation projects at some of our clients and it worked great.
But if a company has over 400TB on their network then going trough the logs is a bit problematic.
So we now are going to build a tagging system where we can pinpoint which files to exclude and which files to scan.
Anyway long story short LOTS of work.
Also the new webpage takes a bit longer as the whole script is being rewritten to enable us to have remote and live support for clients and this is a LOT of work.
Hence why the old webpage is still up to cover for the time being.
That being said i was thinking let me give you guys a update.
Cheers
So here it goes.
Currently the software is going trough a major overhaul, to enable it to use more complex logging techniques.
As it is right now there are limitations that cannot be bypassed, hence i needed to change some key aspects so other scripting languages can be used within the program to enhance present and future options.
Due to the massive work i will not update the current version yet.
Also we are working on a alternative tagging feature that will allow file tracking this due the fact that the past weeks the program done 4 successful investigation projects at some of our clients and it worked great.
But if a company has over 400TB on their network then going trough the logs is a bit problematic.
So we now are going to build a tagging system where we can pinpoint which files to exclude and which files to scan.
Anyway long story short LOTS of work.
Also the new webpage takes a bit longer as the whole script is being rewritten to enable us to have remote and live support for clients and this is a LOT of work.
Hence why the old webpage is still up to cover for the time being.
That being said i was thinking let me give you guys a update.
Cheers
- May 11, 2013
- 1,687
FMA Intel Secure Core Update 1-14/AB
FMA1System features:
This whole list of small looking updates are in-fact one of the biggest micro updates the program has seen yet.
The adaptive way of cross referencing data to source using this new update will be a true winner as a windows system has limited options to outsmart FMA Intel Secure, we all knew that there where some limited ways to have FMA Intel Secure read wrong data and produce based upon a few exploits within the windows OS.
But with this update these vulnerabilities do not affect FMA Intel Secure and its ability to produce accurate results.
FMA2Network features:
TCP, UDP, ICMP freeze core ability
This update gives FMA Intel Secure the option to freeze the settings during scanning to avoid internal and external factors to morph new settings into the TCP stack or network settings. As we all know active malware has the ability to make real time changes in order to mask its presents, and while FMA Intel Secure cannot be tricked, it certainly can be bypassed by having FMA Intel Secure read placebo data. This technique is often used by randsomware and by some connection hugging Trojans which broadcast placebo data into the windows OS while the actual data has been altered. Now by freezing the actual data and core of the TCP, UDP and ICMP stacks and hooks you can actually peel away the placebo data and get to the source of the real data hidden underneath.
It also fixes some small bugs between the FMA modules, as there was a authority conflict between various cross referencing techniques that caused the data to source scans to be somewhat vulnerable towards active malware.
However this is now tested and solved.
FMA3Internet features:
Adaptive Data Control and Service Inspection (ADCSI)
ADCSI will fetch data from all FMA Modules and give each log entree a specific HASH identification tag, while its also giving the local data on the windows OS a HASH tag, which will avoid corruption after the initial scan.
These H-ID tags are being hard coded into the core DLL strings within each executable and service data files.
The idea behind it is that we want each FMA Module to check its own data collection and to dynamic cross ref data with the local settings but also with official sources to determine the true default values of a file and then hardcode them.
So that future scans can actually rollback changes made to that particular file.
It will also speed up scanning process as FMA Intel Secure does only have to release the H-ID strings to readout changes made to the data.
ADCSI and H-ID are both in-house technologies which are custom developed for FMA Intel Secure.
problematic systems and servers will benefit most from this update due to the reason that the hidden master admin account within the OS itself has a invisible safe mode setting which is basically the true default of the system, by adding a H-ID to it for the duration of the scan and monitoring process you will actually have a real time antimalware effect upon the very data you scan.
Because H-ID requires a unique counter H-ID key to unlock the core setting of the file in question.
It is technically speaking 100% impossible for a malware to interrupt of hijack this process.
Keeping this in mind we are in the final phase of developing this module and the first massive changes are being implemented within this update. However the activation of this ability will be done in the next revision update as we are still gathering data from our clients and research partners.
On a personal note so much has been said and so much has been written about FMA Intel Secure, and i would like to take this opportunity to say something:
I started this idea many years ago and it has taken the better part of my life to realize this project.
And as time passes we all see where this is going, as i am really making a effort in trying to give this project reason and respect to be out there amonghst other great software.
Will it be flawless? Will it be bugfree? Will it be a success?
To all 3 questions i can say YES and NO.
Yes it will be flawless, Yes it will be bugfree and it will be a success.
That is however within testing parameters....
So the truth is it will NEVER be flawless, it will NEVER be bugfree and it might not be a success.
And there is nothing i can do about it, i cannot guarantee that everything will be great.
But i can guarantee that ALL resources available to make FMA Intel Secure work and work properly are being used.
Real data environments and real networks have each their own unique data structure and configuration so its only logic that my soft is facing a uphill task in producing correct results.
So again NO it will not be flawless but it sure as hell is going to be entertaining to see internet criminals behind bars as they yet have to realize that while my program is far from perfect, it is still a leap ahead of most others as has been proven time after time after time.
And if its up to me then i am not going for a perfect program, but ill settle for a working one, and everything else is a bonus.
Update will be released very soon. (I will announce it soon)
EDIT EDIT EDIT:
DID I ALREADY MENTION THAT THIS UPDATE INCLUDES 64-BIT FULL INSTALL?
DID I ALSO MENTION THAT A MAC AND LINUX VERSION IS NOW IN BETA PHASE?
DID I MENTION THAT WE ARE WORKING ON FULL RECOVERY IMAGE WITH ALL THE NECESSARY TOOLS TO BRING BACK A DEAD SYSTEM?
DID I MENTION THAT WINDOWS 7 UP TO 8.1+ WILL BE FULLY SUPPORTED?
THEN ILL GUESS THAT I ALSO DID NOT MENTION THAT FMA INTEL SECURE... NO NOT TELLING YET <evil grins>
Cheers Nico
FMA1System features:
- Auto Browser and system junkfiles removal
- Harddisk volume and serial logging
- Installed system software list
- Active and hidden processes scan and logging
- Advanced process handler scan and logging
- Legit windows services and rogue services scan and logging
- Extended services status scan and logging
- Advanced start-up scan and logging
- Driver audit and signature scan and logging
- Windows bootmanager scan and logging
- Kernel Transaction scan and logging
- System Policy scan and logging
- Group Policy scan and logging
- ALL above cross reference scan and logging
- Limited Spyware detection
- Limited Exploit detection
- Limited Browser Trojan detection
- Harddrive health status logging
- Harddrive corruption logging
- Shadowcopy health & validation capacity
- Start-up hash validation and backtrack changes
- Kernel validation and corruption check
- Driver validation and backtrack capacity
- Group policy corruption check
- Data resources monitoring and logging
This whole list of small looking updates are in-fact one of the biggest micro updates the program has seen yet.
The adaptive way of cross referencing data to source using this new update will be a true winner as a windows system has limited options to outsmart FMA Intel Secure, we all knew that there where some limited ways to have FMA Intel Secure read wrong data and produce based upon a few exploits within the windows OS.
But with this update these vulnerabilities do not affect FMA Intel Secure and its ability to produce accurate results.
FMA2Network features:
- Valid and rogue connections scan and logging
- IP routing table scan and logging
- All active listening TCP and UDP connections scan and logging
- Active TCP connections and (PID) logging
- Logging statistics TCP, UDP, ICMP, and IP protocols
- Bytes and packets sent and received statistic logging
- scan and log components for all executables
TCP, UDP, ICMP freeze core ability
This update gives FMA Intel Secure the option to freeze the settings during scanning to avoid internal and external factors to morph new settings into the TCP stack or network settings. As we all know active malware has the ability to make real time changes in order to mask its presents, and while FMA Intel Secure cannot be tricked, it certainly can be bypassed by having FMA Intel Secure read placebo data. This technique is often used by randsomware and by some connection hugging Trojans which broadcast placebo data into the windows OS while the actual data has been altered. Now by freezing the actual data and core of the TCP, UDP and ICMP stacks and hooks you can actually peel away the placebo data and get to the source of the real data hidden underneath.
It also fixes some small bugs between the FMA modules, as there was a authority conflict between various cross referencing techniques that caused the data to source scans to be somewhat vulnerable towards active malware.
However this is now tested and solved.
FMA3Internet features:
- Advanced internet connection repair and logging
- DNS scan, logging,repair, cleaning
- ARP tables scan, logging, repair, cleaning
- Full IP INT scan and reset capability
- Advanced firewall audit and repair
- Firewall helpers scan, logging and repair
- Logging of all allowed programs
- Logging of current profiles and repair
- Deep level firewall configuration analysis and repair
- Deep level ICMP configuration scan, logging and repair
- Full Inspection firewall services and dependencies (Logging and repair)
- Firewall state inspection and logging
- Full firewall extended logging
- Advanced MCB scan, logging and repair
- Advanced open ports scanning, logging and repair
- Advanced firewall rule inspection, repair and logging
- History logging for historical firewall notifications
- Extended firewall OP mode scan and repair
- Advanced winsock readout, logging and repair
- Past and present full route information readout & logging
Adaptive Data Control and Service Inspection (ADCSI)
ADCSI will fetch data from all FMA Modules and give each log entree a specific HASH identification tag, while its also giving the local data on the windows OS a HASH tag, which will avoid corruption after the initial scan.
These H-ID tags are being hard coded into the core DLL strings within each executable and service data files.
The idea behind it is that we want each FMA Module to check its own data collection and to dynamic cross ref data with the local settings but also with official sources to determine the true default values of a file and then hardcode them.
So that future scans can actually rollback changes made to that particular file.
It will also speed up scanning process as FMA Intel Secure does only have to release the H-ID strings to readout changes made to the data.
ADCSI and H-ID are both in-house technologies which are custom developed for FMA Intel Secure.
problematic systems and servers will benefit most from this update due to the reason that the hidden master admin account within the OS itself has a invisible safe mode setting which is basically the true default of the system, by adding a H-ID to it for the duration of the scan and monitoring process you will actually have a real time antimalware effect upon the very data you scan.
Because H-ID requires a unique counter H-ID key to unlock the core setting of the file in question.
It is technically speaking 100% impossible for a malware to interrupt of hijack this process.
Keeping this in mind we are in the final phase of developing this module and the first massive changes are being implemented within this update. However the activation of this ability will be done in the next revision update as we are still gathering data from our clients and research partners.
On a personal note so much has been said and so much has been written about FMA Intel Secure, and i would like to take this opportunity to say something:
I started this idea many years ago and it has taken the better part of my life to realize this project.
And as time passes we all see where this is going, as i am really making a effort in trying to give this project reason and respect to be out there amonghst other great software.
Will it be flawless? Will it be bugfree? Will it be a success?
To all 3 questions i can say YES and NO.
Yes it will be flawless, Yes it will be bugfree and it will be a success.
That is however within testing parameters....
So the truth is it will NEVER be flawless, it will NEVER be bugfree and it might not be a success.
And there is nothing i can do about it, i cannot guarantee that everything will be great.
But i can guarantee that ALL resources available to make FMA Intel Secure work and work properly are being used.
Real data environments and real networks have each their own unique data structure and configuration so its only logic that my soft is facing a uphill task in producing correct results.
So again NO it will not be flawless but it sure as hell is going to be entertaining to see internet criminals behind bars as they yet have to realize that while my program is far from perfect, it is still a leap ahead of most others as has been proven time after time after time.
And if its up to me then i am not going for a perfect program, but ill settle for a working one, and everything else is a bonus.
Update will be released very soon. (I will announce it soon)
EDIT EDIT EDIT:
DID I ALREADY MENTION THAT THIS UPDATE INCLUDES 64-BIT FULL INSTALL?
DID I ALSO MENTION THAT A MAC AND LINUX VERSION IS NOW IN BETA PHASE?
DID I MENTION THAT WE ARE WORKING ON FULL RECOVERY IMAGE WITH ALL THE NECESSARY TOOLS TO BRING BACK A DEAD SYSTEM?
DID I MENTION THAT WINDOWS 7 UP TO 8.1+ WILL BE FULLY SUPPORTED?
THEN ILL GUESS THAT I ALSO DID NOT MENTION THAT FMA INTEL SECURE... NO NOT TELLING YET <evil grins>
Cheers Nico
Last edited:
- May 11, 2013
- 1,687
Still around and going strong, but much work and to less time sums it all up.
- May 11, 2013
- 1,687
Big and amazing jump, FMA evolve from a cat to a tiger ^^ , by the way i wait the Linux version
Yes the Linux project is a big project but it gets a lot of love atm, specially since we are going to use Debian & Fedora hybrid as the core.
During our testing it proved to be a extremely stable and fast combination, however adding a live update feature is a bit problematic as FMA does not like Linux sub network routines, so we need a external Linux program to bridge that.
But yeah FMA is still going strong, in-fact it has grown at least 300%, granted it all was rather slow passed as projects and testing took lots of time, but now multiple projects finish on the same time table bringing development into synergy with the program itself.
So i could not be more happy.
That being said i was wondering what MT and its members do think about FMA and what its about.
I notice that there is not much talk and lots of the active members do like comments but do not post them, so let me drop the ball here and ask people to come forward and comment on FMA as i am really itchy to find out the mood on MT.
Cheers
Your making a custom linux OS too? Sorry, I jumped a bit if your not. I was going to do that once but then I decided to just make a OS from scratch. It was very hard, I didn't get passed printing text, listing files on the OS drive (floppy as I had to use it to work (virtual floppy)) and typing text and a background color. All was done in Assembly. BL register for background color (was 16 bit).
- May 11, 2013
- 1,687
Well making a Linux OS is hard indeed but yet it is very simple.
The aim is not to have a full OS but the aim is to have a Linux driven recovery OS which allows you a graphical user interface while boosting everything a technician need to recover a crashed system without having to fire up the crashed OS on the target computer.
We want to access the system below ANY OS perimeters and from there recover the important data.
This way we do not carry malware to the next hard drive and it helps speeding up the investigation on the target system.
Normally a program works from the inside of the OS, we actually going to turn that around and have a program work prior to the parameters set by a OS and Linux is great for that, hence why most bootcd's and recovery tools are Linux driven.
And while Linux is a totally different beast then Windows the very DOS driven firmware handling is pretty much the same and legacy based so ones you understand that you can actually make a cross OS Linux system recovery tool that will work on all Linux versions and with minor changes even works on Windows systems.
hi,
thanks to Nvt, i had a very detailed private session to witness the new incoming release of FMA-IS , and i can say i am very impressed.
in addition to the process monitor ( with termination capabilities) and various checks (resulting in very detailed logs ) available in the earlier versions, FMA has now a real-time monitor (quite light on resources).
what does it do? in fact it monitors, logs then displays all changes happening to any files in the system, nothing can be hidden from it.
- Windows System Files are crosschecked against a legit list via several methods and any irregularities can then be pinpointed right-away.
- services are logged and reveal informations
- created/modified files are shown in the GUI with full path, so if you have a bit of knowledge , you can see if something is wrong.
the new release will satisfy advanced users and is more friendly to average ones.
thanks to Nvt, i had a very detailed private session to witness the new incoming release of FMA-IS , and i can say i am very impressed.
in addition to the process monitor ( with termination capabilities) and various checks (resulting in very detailed logs ) available in the earlier versions, FMA has now a real-time monitor (quite light on resources).
what does it do? in fact it monitors, logs then displays all changes happening to any files in the system, nothing can be hidden from it.
- Windows System Files are crosschecked against a legit list via several methods and any irregularities can then be pinpointed right-away.
- services are logged and reveal informations
- created/modified files are shown in the GUI with full path, so if you have a bit of knowledge , you can see if something is wrong.
the new release will satisfy advanced users and is more friendly to average ones.
- Status
Similar threads
