PepiMK
2005-10-24, 18:17
As a teaser, here are a few screenshots:
http://www.safer-networking.org/images/runalyzer/runalyzer01.png
Picture 01: The usual autostart manager, which is in itself is nothing new really. The special thing about it is the color highlighting of entries, which is based on our new LASSH algorithm identification of system entries. This identification is based on a database shipped with RunAlyzer, but more important... see picture 03 ;)
http://www.safer-networking.org/images/runalyzer/runalyzer02.png
Picture 02: Another typical configuration thing - BHOs. Though in this case it lists really a lot of Windows/Internet Explorer places in addition. And again, like in most sections, identification based on LASSH. Also, please notice the small symbol next to the company name Adobe Systems..., which indicates that this file is digitally signed (something that Microsoft is still missing in most of their files, but makes it easier to verify a files source).
By the way, do you see the root of the tree structure showing C:? This is because RunAlyzer automatically detects Windows installations on all attached drives, thus allowing it to be run from a BartPE CD and manage inactive installations as well. They're simply shown under the drive they're installed on.
http://www.safer-networking.org/images/runalyzer/runalyzer03.png
Picture 03: ok, this is the new thing. In addition to the shipped database, RunAlyzer does look for more information on our servers, and can submit new entries to our servers in anonymized form, where our professional detectives will analyse and classify those entries. Since RunAlyzer shows really a lot of entries, results from an online analysis can be stored to speed up future actions.
http://www.safer-networking.org/images/runalyzer/runalyzer04.png
Picture 04: of course, if you want, RunAlyzer can also create a system report compatible to that of Spybot-S&D (and maybe to other log applications as well ;) ), but based on the previous classification through our LASSH database optionally condensed to show only open and bad entries to avoid huge logs that are difficult to read.
http://www.safer-networking.org/images/runalyzer/runalyzer01.png
Picture 01: The usual autostart manager, which is in itself is nothing new really. The special thing about it is the color highlighting of entries, which is based on our new LASSH algorithm identification of system entries. This identification is based on a database shipped with RunAlyzer, but more important... see picture 03 ;)
http://www.safer-networking.org/images/runalyzer/runalyzer02.png
Picture 02: Another typical configuration thing - BHOs. Though in this case it lists really a lot of Windows/Internet Explorer places in addition. And again, like in most sections, identification based on LASSH. Also, please notice the small symbol next to the company name Adobe Systems..., which indicates that this file is digitally signed (something that Microsoft is still missing in most of their files, but makes it easier to verify a files source).
By the way, do you see the root of the tree structure showing C:? This is because RunAlyzer automatically detects Windows installations on all attached drives, thus allowing it to be run from a BartPE CD and manage inactive installations as well. They're simply shown under the drive they're installed on.
http://www.safer-networking.org/images/runalyzer/runalyzer03.png
Picture 03: ok, this is the new thing. In addition to the shipped database, RunAlyzer does look for more information on our servers, and can submit new entries to our servers in anonymized form, where our professional detectives will analyse and classify those entries. Since RunAlyzer shows really a lot of entries, results from an online analysis can be stored to speed up future actions.
http://www.safer-networking.org/images/runalyzer/runalyzer04.png
Picture 04: of course, if you want, RunAlyzer can also create a system report compatible to that of Spybot-S&D (and maybe to other log applications as well ;) ), but based on the previous classification through our LASSH database optionally condensed to show only open and bad entries to avoid huge logs that are difficult to read.