11 May 2011

Winpooch


Winpooch, also called Winpooch Watchdog, is a free open source intrusion-prevention system that detects and blocks malware from computers runningMicrosoft Windows. The application only supports 32-bit Windows XP up to and including Service Pack 2
Winpooch development was ceased on 13 June 2008.
Features
Starting with version 0.6.0, kernel-mode hooking was implemented through a kernel-mode driver, allowing Winpooch to monitor the Windows kernel and system services. It was, however, notorious for causing Blue Screens of Death.
Winpooch uses a permissions system to allow or restrict individual programs from performing operations associated with the network, system registry, filesystem(including wildcards) and process control. It does this by intercepting various potentially dangerous system calls, only allowing certain user-defined applications and actions to be run. Optionally, it also supports several antivirus scanners such as ClamWin and BitDefender to actively scan files for malware before they attempt to run.
Winpooch is based on path-based rules (strictly the static paths of programs). For non-defined actions (or actions for which the user asked to be notified), the choice the user is presented with is to Accept/Feign/Reject the action or to declare a specific rule for this action. If declaring a specific rule, the user can select whether the rule should be applied quietly, reported in a log, or a screen notification.
Kernel level v0.6.0 introduced a problem of constant Blue Screens of Death as a result of Winpooch's opt-in approach for kernels, as it could only simulate pre-programmed kernels. Each new version since v0.6.0 reduced the number of kernels that were still not simulated well, but certain kernels still do not currently work with the program.

Download Here

No comments:

Post a Comment