DriveSentry personal data firewall
I recently tried out DriveSentry, a personal data firewall that works on a PC as well as a removable drive.
According to DriveSentry.com…..”DriveSentry complements your existing anti-virus tool by detecting threats to your system using a patent-pending technology. DriveSentry is an intelligent firewall for your drives that works by allowing only applications that you authorize to write to your files. An example is that you can grant access to Microsoft Word to write to a document, but a virus attempting to do the same would trigger a warning”.
The most interesting claim made by the company is that DriveSentry can be used to “enhance your conventional anti-virus software by protecting against zero day attacks. If DriveSentry can actually achieve this, then it would solve a lot of security issues.
Test on WinXP machine
I performed a simple test to try out DriveSentry on my local machine. This test was performed on a Win XP SP2 machine running an updated AVG antivirus.
1. First I wrote a simple js code that can modify the hosts file of a Windows machine.
2. When I ran this js file, the AVG antivirus did not give any alert. The code changed my hosts file!
3. I then installed DriveSentry on my machine and configured it to protect the c:\\windows\\system32\\drivers\\etc\\ folder.
4. I then again ran the js code. DriveSentry blocked it and showed a medium risk level.
5. However the “online advice” option recommended that I “ALLOW write access“.
Conclusion: Drive Sentry seems to have a lot of potential. The product is still in beta so there are lots of improvements expected. The “online advice” system will to grow with the user base. The database of user “advice” is currently too small to trust.