You are here

portable Winpooch? : Anti-spyware, associates with ClamWin AV

14 posts / 0 new
Last post
BrianAll
Offline
Last seen: 4 years 5 months ago
Joined: 2008-02-13 13:44
portable Winpooch? : Anti-spyware, associates with ClamWin AV

Program: Winpooch Watchdog

License: Open Source/GPL

Description: detects, blocks spyware and trojans; associates with ClamWin to provide realtime AV protection as well.

Website: http://winpooch.free.fr/

Info: The main abilities are to control programs' attempts to:

* Be executed (Winpooch can also virus scan any executed files first)
* Be terminated
* Read files (Winpooch can also virus scan any read files first)
* Write files
* Read the registry
* Write into the registry
* Listening to ports (i.e. opening up incoming ports as servers)
* Connecting to other computers (i.e. opening up outgoing ports)
* Sending information to other computers through outgoing ports

Winpooch is open source (no liscenceing issues)and will associate with ClamWin AV, already a portable app. It would be a great idea to add an antispyware program to the PortableApps suite, especially since this one works with an app already in the suite. Winpooch adds realtime protection for viruses through ClamWin, one of the major features this app does not provide.

Sound like a good idea?

Patrick Patience
Offline
Last seen: 2 years 11 months ago
DeveloperModerator
Joined: 2007-02-20 19:26
Kinda Sorta

Right now, Windows Vista, and apparently my XP Pro aren't supported, I don't know if pre-XP is supported either. Winpooch goes a little RAM happy, and ZGitRDun8705 was saying it looks like it might install itself as a service.

Personally, I'd like to see what John has thought of this though.

Tim Clark
Tim Clark's picture
Offline
Last seen: 11 years 8 months ago
Joined: 2006-06-18 13:55
Agreed

"I'd like to see what John has thought of this though"
Agreed

Tim

Things have got to get better, they can't get worse, or can they?

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 6 years 1 month ago
Joined: 2006-11-18 10:26
link wrong

Letting you know the link in the original post is wrong and there is no "www" in it and it craps out (it doesn't redirect to the correct URL).

Try: http://winpooch.free.fr/

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

BrianAll
Offline
Last seen: 4 years 5 months ago
Joined: 2008-02-13 13:44
Update, more info

The link at the top of the page is now changed. Sorry about that inconvienence.

Here is Total Uninstall's log of Winpooch:

DETECTED CHANGES

FILE SYSTEM
Folders created:2
Folders deleted:0
Files created:50
Files deleted:0
Files modified:0
Size:1.92 MB

REGISTRY
Keys created:8
Keys deleted:0
Values created:36
Values deleted:0
Values modified:0
Size:2.33 KB

I'll be back later with another post with more info.

BrianAll
Offline
Last seen: 4 years 5 months ago
Joined: 2008-02-13 13:44
Extensive info

Here's some more extensive information from the log:

File and Registry directories created by winpooch:
*new file or folder (asterix is not present in actual filename)

C:\Program Files\Winpooch*
(created 11 files, one subfolder containing language tranlations [not counted] )
Total 1.92 MB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winpooch*
(one value created)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winpooch_is1*
(16 values created)

HKEY_LOCAL_MACHINE\SOFTWARE\Winpooch*\Language*
(one value created)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPOOCH*
(9 values; 2 subfolders created)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winpooch*
(9 values, 2 subfolders created)

When running (idle), Winpooch allocated 9396 K of memory.

BTW, I am running XP PRO, and Winpooch works fine. According to the sourceforge page Winpooch will run on all 32-bit windows (NT,2000,XP) Win2K, WinXP, and Server 2003. Looks like vista users are left out for now. I don't know whether the program will not run in Vista, or if it will hap-hazardly run without support.

About the ClamWin association, it's a little more complicated then one may think. ClamWin has no real time protection or spyware detection. Winpooch has these features, but it has no scanner of it's own. So for Winpooch to properly function as an Antispyware program, the user must also have Clamwin or another supported AV. This means that winpooch would be best offered as a package with ClamWin Portable.

Also, here's the download page. The one at the top is just the offical site, and directs to the sourceforge project for more info and downloads anyway.
http://sourceforge.net/project/showfiles.php?group_id=122629

rab040ma
Offline
Last seen: 4 months 1 week ago
Joined: 2007-08-27 13:35
Those files and keys are

Those files and keys are from the installer, right? Or are they created/written just when the program runs?

There's a difference between what the installer does and what the program requires. Many of the keys and files the installer makes are for its own use, and the program will run quite happily without them. Enumerating them is part of the process, but the next step is to figure out which are needed and which are not.

If you run the program from D: and it writes in "C:\Program Files", that's a pretty impolite program. No program written in the last six years should be writing anything in "C:\Program Files". The installer can set it up and do all sorts of things in "C:\Program Files", and undoubtedly will, but the program should not write changes there.

So the question is, what registry keys and files does the program (not the installer) write to? Which are the ones it requires (it won't run without them)? Some programs try to write in HKLM, but if that is restricted just go on without a pause.

MC

BrianAll
Offline
Last seen: 4 years 5 months ago
Joined: 2008-02-13 13:44
Hmm...

The only thing I am 100% sure of is that those keys and files were not present on my PC before I installed Winpooch.
No, the program itself does not write in the Program Files Directory, the installer does; but these files would obviously be needed for a portable edition. In fact, i think all the directories in the filesystem would probably be needed by the program, however I am not sure about the registry. The only thing I can think of that would find out which are needed by the program is to remove some and see how the app reacts. Any other suggestions?
Thanks.

Aciago
Aciago's picture
Offline
Last seen: 5 months 3 weeks ago
Joined: 2007-01-24 14:23
Try

Copying the installed folder to a new location and then remove the installed App... then try running the app from its new location, just to see if it works as it... At the same time, you can see if ti write new setting on the registry when is running but not installed... Just an idea.

If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report Biggrin

BrianAll
Offline
Last seen: 4 years 5 months ago
Joined: 2008-02-13 13:44
Good Idea

Sorry I took so long to get back to this.
Yes, that's a great idea and I will definitely try it. However, How do I portablize/export the registry keys that are needed? Do I need a plugin for NSIS?
I'm new to the portable apps process, but I think it's a great initiative.

Darthinator
Darthinator's picture
Offline
Last seen: 13 years 11 months ago
Joined: 2008-10-11 16:40
Nice Idea

I really like the idea of this and I hope it will happen, Good Luck!

cbk
Offline
Last seen: 5 months 4 days ago
Joined: 2008-04-26 16:26
Even better Idea to those whom wrote clamwin and winpooch

I am aware that clamwin is the open source (and windows) version of clam av, but shouldn't they combine the two programs together... just for the windows crowd.

Bahamut
Bahamut's picture
Offline
Last seen: 11 years 5 days ago
Joined: 2006-04-07 08:44
Winpooch patches the kernel.

Winpooch patches the kernel. Definite no-no for a portable app.

Vintage!

RMB Fixed
Offline
Last seen: 12 years 11 months ago
Joined: 2006-10-24 10:30
..

actually it uses kernel-mode hooking through a kernel-mode driver, but still a no-no for a portable app .
besides : "In 2008-06-13, The author has announced he quit developing the program, leaving v0.6.6 uncompatible with Windows XP Service Pack 3"

Topic locked