For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")

[Decopi]

For additional security/privacy, an interesting open-source project (upgraded from "PrivateWin10", work in progress, currently at early alpha/beta):

- Comprehensive UI for tweaking settings, as well as options to block system access to files and registry keys in order to enforce security/privacy. "MajorPrivacy" is designed to not only provide a line of defense against regular malware but also defend the user from legitimate but overreaching software, such that the software can be safely used and the companies behind it won’t be able to access anything the user did not choose to make available.

- New driver to add the necessary kernel features to properly enforce advanced security/privacy presets. The driver can monitor/filter, file/registry access as well as protect processes from being manipulated by other processes. Kernel-based process isolation ensures that authorized processes cannot be tampered with, providing the highest level of protection from other processes and even a high level of protection from adversarial processes running with administrative or system privileges. Using the process protection feature of the KernelIsolator driver Major Privacy can protect unprivileged user processes from being compromised and their secrets exfiltrated, even from threads running with system or administrative privileges.

- Own rule-based software restrictions (preventing unauthorized or undesired applications from running).

- Folder protection feature that restricts access to confidential data to authorized processes. The ability to protect processes in combination with its ability to restrict access to files and folders helps to protect personal data.

- Encrypted Protected Volumes, created using the ImDisk driver and the ImBox component, which are already known from Sandboxie's encrypted sandboxes utilizing DiskCryptor's encryption implementation. When mounted, these volumes can be protected with the File/Folder protection feature to ensure that only trusted and authorized processes can access the plaintext data. This combination provides a robust layer of security for sensitive information (access to confidential data is only possible when the user provided the correct password and the tool is actively filtering filesystem accesses).

- The privacy agent logs file, registry and network access and provides comprehensive logs and visualizations of process activity on the host system, enabling the users to check if their applications are only doing what they want them to do.

- More details:
Process Protection: Protect user processes in secure enclaves from other processes including elevated and system processes. (Progress: 45%)
Software Restriction: Block undesired processes from starting and undesired Dll’s from loading. (Progress: 45%)
File/Folder Protection: Protect selected files and folders from being accessed by unauthorized processes. (Progress: 20%)
Registry Protection: like File/Folder Protection just for registry keys. (Progress: 20%)
Network Firewall: Advanced network firewall to manage outbound and inbound communication. (Progress: 80%)
DNS Inspection: Monitor DNS cache and trace events to determine which domains are being accessed by running processes. (Progress: 70%)
DNS Fitlering: Filter all DNS requests with a set of pre-defined block lists (pi home compatible) and own custom rules. (Progress: 0%)
Proxy Injection: Force arbitrary processes to use pre-defined network proxies. (Progress: 0%)
Secure Drives: Create encrypted volumes stored in disk images fully guarded by File/Folder protection to prevent unauthorized access to confidential data. (Progress: 40%)
Tweak Engine: Hardens windows configuration by disabling undesired telemetry and cloud features. (Progress: 90%)

GitHub (@DavidXanatos): Releases · xanasoft/MajorPrivacy

More info: Major Privacy v0.95.0 BETA

Demo video:

 

[Bot]

Thanks for sharing this comprehensive information about the MajorPrivacy project. It seems to be a promising tool for enhancing security and privacy, especially with features like kernel-based process isolation, software restrictions, and encrypted protected volumes. The upcoming additions like DNS proxy filtering and a powerful firewall engine also sound interesting. I'll definitely check out the GitHub link and the demo video you've provided.

 

[Trident]

Definitely worth trying.

 

[silversurfer]

Thanks for sharing @Decopi Interesting project
In general for any software published for beta testing, keep in mind at the current state of development, rather be carefully and testing first only in full VMs such as VirutalBox and VMware.
If you following the related Wilders forums thread (link already included in the OP#1) Major Privacy v0.95.0 BETA there users reporting issues like BSOD, just meant as warning

 

[Decopi]

Thanks for sharing @Decopi Interesting project
In general for any software published for beta testing, keep in mind at the current state of development, rather be carefully and testing first only in full VMs such as VirutalBox and VMware.
If you following the related Wilders forums thread (link already included in the OP#1) Major Privacy v0.95.0 BETA there users reporting issues like BSOD, just meant as warning

Yeap, you're absolutely right!, but the Dev is a very well-known guy, he has a good reputation, good stuff etc, and as you saw at Wilders, in a matter of a few hours he patched and updated the bug. By the way, that happened in alpha stage, now it's in beta stage, and before posting my current thread, I tested this beta version, and it's fine, there is no BSOD, it's safe to test.

That said, the software is still a beta version, while I don't expect any major problems, it's true that most of its features are still under development.

When the official version is released, with all the announced features, I understand that it can be an interesting software for security/privacy, perhaps a mix of customizable VoodooShield with Firewall, which in a granular way will allow control over executables and non-executables. Also, it can be a security layer against zero-day-attacks.

The impact on hardware will still have to be analyzed, as well as the complexity of the UI (because if it is too technical, it will not be accessible to average users).

 

[n8chavez]

Thanks for sharing @Decopi Interesting project
In general for any software published for beta testing, keep in mind at the current state of development, rather be carefully and testing first only in full VMs such as VirutalBox and VMware.
If you following the related Wilders forums thread (link already included in the OP#1) Major Privacy v0.95.0 BETA there users reporting issues like BSOD, just meant as warning

Why are you trying to needlessly scare people off? That's rude! I'm in that Wilders thread, and the BSOD issue, that I reported, was fixed already. It's a non-issue.

 

[silversurfer]

Why are you trying to needlessly scare people off? That's rude! I'm in that Wilders thread, and the BSOD issue, that I reported, was fixed already. It's a non-issue.

Seriously, what part is rude from me, are we here in kindergarten I wrote "In general for any software published for beta testing..."
Anyway, feel free to report my comment(s), MT Staff might agree with you or I can delete my comment if that makes you happy

 

[n8chavez]

I'm undoubtedly sure the developer works hard on his software, and it's not nice to try and needlessly scare people off from using it. If there was a valid concern, sobeit. But it's not.

 

[Trident]

I'm undoubtedly sure the developer works hard on his software, and it's not nice to try and needlessly scare people off from using it. If there was a valid concern, sobeit. But it's not.

At the moment, the software is far from being stable, it is beta and until Dec last year was even alpha. Maybe it works for you and for 10 users in Wilders but that doesn’t mean it will work fir everyone.

Kudos to @Decopi for getting us familiar with this software, definitely worthy addition to any security portfolio, but it includes a bunch of kernel drivers which have not stood the test of time, bunch of components that are not even digitally signed yet and bunch of hooks that modify all software’s overall behaviour.

At this moment users should only test on non-production devices and environments, unless you can provide a guarantee that it won’t mess anyone’s system up…?

 

[Decopi]

At the moment, the software is far from being stable, it is beta and until Dec last year was even alpha. Maybe it works for you and for 10 users in Wilders but that doesn’t mean it will work fir everyone.

Kudos to @Decopi for getting us familiar with this software, definitely worthy addition to any security portfolio, but it includes a bunch of kernel drivers which have not stood the test of time, bunch of components that are not even digitally signed yet and bunch of hooks that modify all software’s overall behaviour.

At this moment users should only test on non-production devices and environments, unless you can provide a guarantee that it won’t mess anyone’s system up…?

IMHO, "MajorPrivacy" is a security/privacy software in development, but with enormous potential, therefore it's worth keeping under the radar and monitoring its development (that's the reason I posted my thread).

As I mentioned in my previous comment above, when the official version is released, if all the features work, if there is also a friendly UI, and if the hardware impact is acceptable etc etc etc... this software can become an interesting mix of VoodooShield and Firewall on steroids (including granular control over executables and non-executables, not found in most software).

Obviously, everything will depend on the user's profile. In my case, this software can potentially address many of my needs, I'm not a fan of antivirus/malware, I prefer to control software that is customizable at a granular level, also I have a focus on privacy, and I give a great importance to Firewall functions. Therefore, this software is interesting for me, I hope it'll be interesting for many other people, but I perfectly understand (and it's natural) that many users will not see even the slightest benefit in this software.

That said, here at MalwareTips you @Trident already know that I consider you one of the people with the greatest technical knowledge, (and you're also professionally dedicated to security/privacy; you run a company in this area), I learn a lot from you and I trust your opinions, so it would be great to receive your criticism and recommendations about this software and its development. Thank you!

 

[Trident]

@Decopi definitely great potential there, I see many use cases, how successful the software will be, would depend on how well potential bypasses are being managed. The UI, this is free software, so I don’t expect miracle there.

That being said, I can see from original post that a lot of functions are work in progress. Considering this software is most probably developed on one-man-show basis and taking into account that it roots deeply within windows… via kernel drivers, as well as adds hooks (which amongst other things, may turn out to be incompatible with AV hooks), I would say a year is needed. That’s the testing period needed after all features have been finalised, which will probably take 6-12 months by itself.

 

[Decopi]

@Decopi definitely great potential there, I see many use cases, how successful the software will be, would depend on how well potential bypasses are being managed. The UI, this is free software, so I don’t expect miracle there.

That being said, I can see from original post that a lot of functions are work in progress. Considering this software is most probably developed on one-man-show basis and taking into account that it roots deeply within windows… via kernel drivers, as well as adds hooks (which amongst other things, may turn out to be incompatible with AV hooks), I would say a year is needed. That’s the testing period needed after all features have been finalised, which will probably take 6-12 months by itself.

You're right.

I'm sure you already know David Xanatos (Dev of "MajorPrivacy", "Sandboxie", etc), due to his software production in quantity and quality, David earned my respect, I have the belief that he finishes what he starts, and he does it quickly and well... so I hope this "MajorPrivacy" software will develop well.

And who knows, in the future we may see a new software: A mix of "Sandboxie" and "MajorPrivacy". Someone will say that Comodo already does that, but Comodo is old, not upgraded nor updated, even worse, it's full of dangerous bugs. Also, compared to "MajorPrivacy", in Comodo there is not the same granular control of executables/non-executables, in Comodo not even the Firewall has modern granular control (Comodo does not distinguish "services" from "executables").

Again, this "MajorPrivacy" software is not ready today, but is something interesting to have under the radar.

 

[Digmor Crusher]

Yeap, you're absolutely right!, but the Dev is a very well-known guy, he has a good reputation, good stuff etc, and as you saw at Wilders, in a matter of a few hours he patched and updated the bug. By the way, that happened in alpha stage, now it's in beta stage, and before posting my current thread, I tested this beta version, and it's fine, there is no BSOD, it's safe to test.

That said, the software is still a beta version, while I don't expect any major problems, it's true that most of its features are still under development.

When the official version is released, with all the announced features, I understand that it can be an interesting software for security/privacy, perhaps a mix of customizable VoodooShield with Firewall, which in a granular way will allow control over executables and non-executables. Also, it can be a security layer against zero-day-attacks.

The impact on hardware will still have to be analyzed, as well as the complexity of the UI (because if it is too technical, it will not be accessible to average users).

Yes, he;'s a very competent developer and provides excellent support, however IMO Sandboxie is like a perpetual beta now and is over complicated compared to earlier versions.

 

[n8chavez]

Yes, he;'s a very competent developer and provides excellent support, however IMO Sandboxie is like a perpetual beta now and is over complicated compared to earlier versions.

There are two versions of Sandboxie. If you want a not-overly-complicated version don't use Sandboxie plus.

 

[oldschool]

Yes, he;'s a very competent developer and provides excellent support, however ... ... is like a perpetual beta now and is over complicated compared to earlier versions.

Indeed, you can fill in the blank in your reply with some other software. Even the most well-intentioned and competent developer can over-think the concept and start adding features that might sound great but needlessly complicate things. I can think of some other software that fit the bill but won't mention any names. And in the end, if it's a one-man show that alone is a built-in pitfall, especially when it's something feature packed.

 

[Decopi]

There are two versions of Sandboxie. If you want a not-overly-complicated version don't use Sandboxie plus.

I follow your posts at Wilders, and I want to thank you because I think your proactive participation/collaboration in the development of MajorPrivacy is important.

Wilders is great, and I understand that it would be redundant for you to post at the same time on Wilders and MalwareTips, but it'll be great if you share here (in this or your own thread) the evolution of your conclusions regarding MajorPrivacy over time. IMHO, posting here on MalwareTips may invite more participants to test MajorPrivacy, which may accelerate its development.

 

[Trident]

And in the end, if it's a one-man show that alone is a built-in pitfall, especially when it's something feature packed.

Well it is an open source software but let’s face it, how many people will dedicate their time to develop the software pro-bono…? As well as how many of these contributions will be meaningful…
Double manipulation of the system, both low level, inside the kernel and high level, by injecting code in every process is a big deal. It requires very high skill level to be done in a way that’s doing the job, securely and without hurting performance.

Sandboxie is more use it dump it, this wants to work together with your AV software 24/7, to cover you in the event it fails…

 

[oldschool]

Double manipulation of the system, both low level, inside the kernel and high level, by injecting code in every process is a big deal. It requires very high skill level to be done in a way that’s doing the job, securely and without hurting performance.

This is a perfect example, especially when it's one man. No dedicated outside eyes or other developers to validate things. Of course, as you say, what can one expect for free?

 

[oldschool]

@Trident It just came to me that this project sounds a bit like Black Fog.
BlackFog Anti Data Exfiltration and Ransomware Prevention

 

[Decopi]

Well it is an open source software but let’s face it, how many people will dedicate their time to develop the software pro-bono…? As well as how many of these contributions will be meaningful…

That's totally true! Even if the software concept is exceptionally good, most open-source software ends up incomplete or abandoned over time.

But there are several "Black Swans" (Nassim Taleb) in open-source software, which successfully evolved, and were even later bought by security/privacy software companies.
Sandboxie is an inverse case, David Xanatos forked from Sophos, and made Sandboxie-classic and plus. I have no idea why David created MajorPrivacy, but if by any chance his idea is in the future to merge Sandboxie with MajorPrivacy... it'll be nice!