Separate names with a comma.
Discussion in 'Backup, Sync and Encryption' started by JM Security, Jun 24, 2016.
Thanks Bro @JM Security for the new version and all your hard work.
Thanks @JM Security for creating and sharing this new version of your indispensable software program. It just gets better and better!
i know this is a FP, Loving the program, updated new signature today and AV gave me a FP on Securemybit..
Antivirus scan for ee665081eaab5c24c038c35bbbfd5097eb627988bc47569024d64fd6a922fe66 at 2016-12-04 10:20:07 UTC - VirusTotal
First of all great new UI and update @JM Security
I want to give just a graphic suggestion:
Just to write a description of the menu indicated in the screenshot, otherwise maybe not all people know to select an item from the menu and if you don't select any item in the menu, the tab content doesn't provide any information.
Just remove the executable of the previous version and extract the .rar of the 1.8. You should have the same options you set in version 1.6
Thank you @askmark
Thank you @Svoll I will submit as False Positive
Great suggestion @tim one thank you
Too late, but now i´m a proud user.
@JM Security my friend, thanks for this great soft
Thank you @Sr. Normal 2.0 I'm really happy that you like it!
Download SecureMyBit 1.9 Stable (added new encoding extension system, several bug fixes, minor graphic improvements, other bug fixes in log file)
The new version include a more powerful and secure encoding system for the extension of the encrypted file(s), which can protect more the encrypted file(s) against a ransomware.
An encrypted file now becomes:
System Specs graphic improvement done (Thanks to @tim one )
Thanks also to @Wave and @DardiM for the suggestions about the encoded extension.
I really like the new UI Great work @JM Security
Awesome new version bro, that's for sure! Now the encrypted files are safer versus ransomware which use for example "contains" function to search files by extensions IMO. A test or review, would verify if it works fine. Already updated now
Thank you @tim one ,yes I think it would be more difficult for ransomware to identify files and encrypt them, since these files have the extensions encoded.
Great @JM Security
Upgraded just now
Just upgraded, thanks Bro.
This program does not erase your password from memory when it is entered. If you run a malicious program after you encrypt or decrypt a file, or if law enforcement decides to dump your memory, you are screwed, though I doubt this would be generically targeted by malware at the moment. Closing the application gives you something (mainly protection against userland malware), though it will likely remain in memory for some time (or until a reboot). The fact it can minimize itself to the system tray (thus preserving the password in memory) is amusing.
This will be an annoying issue to fix (sorry) because you have little control over memory in C#. Essentially, you need to zero all instances of the password once you're done with it. This is pretty hard. The UI elements or cryptography libraries might store their own non-zeroizable version of the password, and any string manipulation you do on the password might result in it being silently copied, making it hard to actually find what memory regions to zero. For example, my password is stored in 73 distinct memory regions inside the process. This is C#'s fault, but something that needs to be addressed.
Obviously, if you rewrite the cryptography portion in C(++), it will become much easier to zero memory.
If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
Hello, thanks for your feedback. I will try to fix this critical bug. About the source code I decided to not share it with anyone, because it is closed-source. The main purpose of SecureMyBit is to protect against backdoors and malware which are able to send files remotely. A virtual keyboard is already provided against keylogger. I think you misunderstood the fact of system tray: if you minimize the window of SecureMyBit the program remains in memory, and there is no difference to minimize it with or without the system tray icon. If you close SecureMyBit, it will be deleted from memory.
Hello to all!
I'm really glad to announce that a new review of SecureMyBit by FindMySoft is avalaible here:
» Download SecureMyBit Free
Thank you all!
Some explanations on SecureMyBit:
I would want to explain that every software is developed with a specific purpose, surely it is possible to implement new features and improve the ones already in place, and this is my work. But the main purpose of SecureMyBit, as I already mentioned, is to encrypt files and folders against malware, such as Backdoors, etc. So, even if the malware manages to connect to a server and send file(s), then the files are protected (or a PC access by someone). And by closing the program it will be removed from memory. With the latest version also the extension encoding system has been implemented, so there is more chance to be safer with ransomware(this doesn't mean all ransomware).
I will add additional info on the software on the homepage, in the "key features"
thanks for understanding.
@iangcarroll Sorry to burst your bubble but I've got a few problems with your post, I'll outline them, of course this is just my personal opinions...
Of course, law enforcement can dump he memory and obtain the password... A malware analyst could do the same, or an attacker who has a bit of knowledge with reversing software... In fact, there would be easier ways to do it depending on how the password is stored and since the product is developed with the Microsoft Intermediate Language (MSIL - basically the .NET framework since it runs under the Common Language Runtime), anyone can reverse it to obtain some pseudo-code which is readable back to a language based in .NET (and deobfuscate it should it have these mechanisms applied, or unpack it, etc... Same way malware analysts do).
I don't think what you are talking about is really a concern which should be necessary to the developer, he's probably focusing on other things right now. There are tons of encryption programs which will have the same problem you are referring too, and if someone is determined enough then there's nothing you can do - for example, you can watch the network traffic to obtain the decryption keys from ransomware as it transmits the keys, depending on numerous factors.
This has nothing to do with user-mode or kernel-mode, it's a user-mode application and therefore it can be attacked from other user-mode applications - a device driver to protect the process and the process' threads is not necessary, it's not an Anti-Virus product.
He can still free the memory, and .NET has a garbage collector which automatically free's up memory - essentially, if he really wants, he can probably Platform Invoke to the Win32/NTAPI and use those functions for the encryption methods as opposed to using the .NET APIs which lead back to the Win32 -> NTAPI anyway. Then he can use functions like NtClose, ZeroMemory,... Or he can make a ASM/C/C++ DLL (native) and have the encryption take place there, and then P/Invoke to call the functions so the main functionality is done in ASM/C/C++ but the GUI is based in .NET.
Honestly I don't think any of this is necessary for him to bother focusing on right now, it's just a normal encryption utility project he is working on, and to me it looks like he's going in the direction of hiding files from ransomware and encryption against normal people, not advanced analysts and forensic teams.
Sorry but I don't know what you expect, he's a .NET developer, he can't just learn a lower-level language overnight... It seems to me you just want the source code, you even checked about his obfuscation? ....