Update SecureMyBit Stable - Released

Discussion in 'Backup, Sync and Encryption' started by JM Security, Jun 24, 2016.

  1. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,228
    64,826
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    Thanks Bro @JM Security for the new version and all your hard work. :)
     
  2. askmark

    askmark Level 11

    Aug 31, 2016
    512
    4,202
    united kingdom
    Windows 10
    Default-Deny
    Me three ;)

    Thanks @JM Security for creating and sharing this new version of your indispensable software program. It just gets better and better!
     
  3. Svoll

    Svoll Level 12

    Nov 17, 2016
    554
    6,418
    Student/Engineering Failure
    US
    macOS Sierra
    Norton
  4. tim one

    tim one Level 19
    Trusted AV Tester

    Jul 31, 2014
    904
    9,098
    Europe
    Windows 10
    Emsisoft
    First of all great new UI and update @JM Security :)
    I want to give just a graphic suggestion:

    Cattura.PNG

    Just to write a description of the menu indicated in the screenshot, otherwise maybe not all people know to select an item from the menu and if you don't select any item in the menu, the tab content doesn't provide any information.
     
  5. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Hello Yash!
    Just remove the executable of the previous version and extract the .rar of the 1.8. You should have the same options you set in version 1.6
     
  6. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Thank you @askmark :) :)
    Thank you @Svoll I will submit as False Positive ;)
    Great suggestion @tim one thank you :)
     
  7. Sr. Normal 2.0

    Sr. Normal 2.0 Level 5
    Trusted

    Sep 14, 2016
    235
    6,281
    Talavera, España
    Windows 10
    Norton
    Too late, but now i´m a proud user.
    @JM Security my friend, thanks for this great soft :)
     
  8. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Thank you @Sr. Normal 2.0 I'm really happy that you like it! :)
     
  9. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    #89 JM Security, Dec 30, 2016
    Last edited: Dec 30, 2016
    Download SecureMyBit 1.9 Stable (added new encoding extension system, several bug fixes, minor graphic improvements, other bug fixes in log file)

    [​IMG]

    The new version include a more powerful and secure encoding system for the extension of the encrypted file(s), which can protect more the encrypted file(s) against a ransomware.
    An encrypted file now becomes:

    Code:
    filenameSMB_<encodedextension>-[Encrypted]


    smbext.PNG

    System Specs graphic improvement done (Thanks to @tim one )

    Thanks also to @Wave and @DardiM for the suggestions about the encoded extension.
     
  10. kev216

    kev216 Level 18
    Content Creator Trusted

    Aug 6, 2014
    897
    12,015
    Belgium
    Windows 10
    Sophos
  11. tim one

    tim one Level 19
    Trusted AV Tester

    Jul 31, 2014
    904
    9,098
    Europe
    Windows 10
    Emsisoft
    Awesome new version bro, that's for sure! Now the encrypted files are safer versus ransomware which use for example "contains" function to search files by extensions IMO. A test or review, would verify if it works fine. Already updated now ;)
     
  12. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Thank you @tim one ,yes I think it would be more difficult for ransomware to identify files and encrypt them, since these files have the extensions encoded.
     
    AtlBo, Wave, Sr. Normal 2.0 and 6 others like this.
  13. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    AtlBo, Wave, Sr. Normal 2.0 and 6 others like this.
  14. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,228
    64,826
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    Just upgraded, thanks Bro. ;)
     
    AtlBo, Wave, Sr. Normal 2.0 and 6 others like this.
  15. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Thanks guys :)
     
    Svoll, AtlBo, Wave and 5 others like this.
  16. iangcarroll

    iangcarroll Level 1

    Jan 24, 2016
    9
    37
    Birmingham, MI
    This program does not erase your password from memory when it is entered. If you run a malicious program after you encrypt or decrypt a file, or if law enforcement decides to dump your memory, you are screwed, though I doubt this would be generically targeted by malware at the moment. Closing the application gives you something (mainly protection against userland malware), though it will likely remain in memory for some time (or until a reboot). The fact it can minimize itself to the system tray (thus preserving the password in memory) is amusing.

    This will be an annoying issue to fix (sorry) because you have little control over memory in C#. Essentially, you need to zero all instances of the password once you're done with it. This is pretty hard. The UI elements or cryptography libraries might store their own non-zeroizable version of the password, and any string manipulation you do on the password might result in it being silently copied, making it hard to actually find what memory regions to zero. For example, my password is stored in 73 distinct memory regions inside the process. This is C#'s fault, but something that needs to be addressed.

    Obviously, if you rewrite the cryptography portion in C(++), it will become much easier to zero memory.

    If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
     
  17. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Hello, thanks for your feedback. I will try to fix this critical bug. About the source code I decided to not share it with anyone, because it is closed-source. The main purpose of SecureMyBit is to protect against backdoors and malware which are able to send files remotely. A virtual keyboard is already provided against keylogger. I think you misunderstood the fact of system tray: if you minimize the window of SecureMyBit the program remains in memory, and there is no difference to minimize it with or without the system tray icon. If you close SecureMyBit, it will be deleted from memory.
     
    Svoll, AtlBo, DardiM and 6 others like this.
  18. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Hello to all! :)

    I'm really glad to announce that a new review of SecureMyBit by FindMySoft is avalaible here:

    » Download SecureMyBit Free

    Thank you all! :)
     
    Svoll, AtlBo, DardiM and 6 others like this.
  19. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,980
    SecureMyBit Developer
    Unknown
    Some explanations on SecureMyBit:

    I would want to explain that every software is developed with a specific purpose, surely it is possible to implement new features and improve the ones already in place, and this is my work. But the main purpose of SecureMyBit, as I already mentioned, is to encrypt files and folders against malware, such as Backdoors, etc. So, even if the malware manages to connect to a server and send file(s), then the files are protected (or a PC access by someone). And by closing the program it will be removed from memory. With the latest version also the extension encoding system has been implemented, so there is more chance to be safer with ransomware(this doesn't mean all ransomware).
    I will add additional info on the software on the homepage, in the "key features"
    thanks for understanding.
     
    Svoll, AtlBo, Sr. Normal 2.0 and 6 others like this.
  20. Wave

    Wave Guest

    @iangcarroll Sorry to burst your bubble but I've got a few problems with your post, I'll outline them, of course this is just my personal opinions...

    Of course, law enforcement can dump he memory and obtain the password... A malware analyst could do the same, or an attacker who has a bit of knowledge with reversing software... In fact, there would be easier ways to do it depending on how the password is stored and since the product is developed with the Microsoft Intermediate Language (MSIL - basically the .NET framework since it runs under the Common Language Runtime), anyone can reverse it to obtain some pseudo-code which is readable back to a language based in .NET (and deobfuscate it should it have these mechanisms applied, or unpack it, etc... Same way malware analysts do).

    I don't think what you are talking about is really a concern which should be necessary to the developer, he's probably focusing on other things right now. There are tons of encryption programs which will have the same problem you are referring too, and if someone is determined enough then there's nothing you can do - for example, you can watch the network traffic to obtain the decryption keys from ransomware as it transmits the keys, depending on numerous factors.

    This has nothing to do with user-mode or kernel-mode, it's a user-mode application and therefore it can be attacked from other user-mode applications - a device driver to protect the process and the process' threads is not necessary, it's not an Anti-Virus product.

    He can still free the memory, and .NET has a garbage collector which automatically free's up memory - essentially, if he really wants, he can probably Platform Invoke to the Win32/NTAPI and use those functions for the encryption methods as opposed to using the .NET APIs which lead back to the Win32 -> NTAPI anyway. Then he can use functions like NtClose, ZeroMemory,... Or he can make a ASM/C/C++ DLL (native) and have the encryption take place there, and then P/Invoke to call the functions so the main functionality is done in ASM/C/C++ but the GUI is based in .NET.

    Honestly I don't think any of this is necessary for him to bother focusing on right now, it's just a normal encryption utility project he is working on, and to me it looks like he's going in the direction of hiding files from ransomware and encryption against normal people, not advanced analysts and forensic teams.

    Sorry but I don't know what you expect, he's a .NET developer, he can't just learn a lower-level language overnight... It seems to me you just want the source code, you even checked about his obfuscation? ....
     
    Svoll, AtlBo, Azure Phoenix and 6 others like this.
Loading...
Similar Threads Forum Date
SecureMyBit DHScan (EXE Analyzer) - Beta Released Other Security for Windows Nov 5, 2017
Video Review SecureMyBit vs KeyLoggers (Test) Video Reviews Sep 13, 2017
Video Review SecureMyBit vs Cerber 3 Ransomware Video Reviews Nov 1, 2016