Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Announcing another new 1.6 feature: OpenSBI

  1. #1
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,571

    Default Announcing another new 1.6 feature: OpenSBI

    Ok, it's time to announce the second big feature in Spybot-S&D 1.6 I think

    Next to the time a scan takes, what is the second biggest complaint? Probably missing detections for various threats. What can be done about that? We decided for a way that has the most advantages in our opinion: opening up our database to anyone willing to help.

    The OpenSBI Wiki

    The OpenSBI format is an additional database format understood by Spybot-S&D that intends to offer detection options in a user friendly way, by offering a text syntax that uses a simplified structure. While it does not offer everything we can do in official SBI databases, it should be much easier to learn.

    The aforementioned wiki is a new place filled with exact documentation on how to create custom detection databases, helpful tools, and more.

    The wiki is available to registered users only currently. If you are registered here at the forum, you can use the same login information for the wiki. Write access is currently also disabled for non-expert groups (no offense meant, just trying to avoid yet another place that constantly needs to be checked for spambots ).

    FileAlyzer OpenSBI Edition

    The OpenSBI Edition of FileAlyzer, linked above in new beta version 1.6.0.3, offers various options to refine file detection parameters by offering you to convert many of the file properties you see into advanced file parameters.

    RegAlyzer OpenSBI Edition (link updated to 1.6.0.12)

    The OpenSBI Edition of RegAlyzer offers you to convert registry values and keys into various OpenSBI registry commands.

    RunAlyzer OpenSBI Edition

    RunAlyzer offers you to create OpenSBI commands for various types of entries from their context menus. Just right-click them and look out for Copy SBI rule to clipboard.

    OpenSBI Edit Lite

    Using a text editor to create detection databases would be error prone and complicated, so we've deciced a code editor for just this special purpose. This editor supports syntax highlighting, code completion and context sensitive help.

    Still, writing everything by hand is a lot of trouble, so we went ahead and created some import filters. With just a click, you can take the output logs of for example InCtrl5, HijackThis, SysInternals' FileMon or RegMon (with a public importer plugin interface that allows every developer to easily add more), select those entries on the list that belong to the malware you've monitored, and it will convert them to ready OpenSBI code.

    The editor will be available for download as well soon, until then, the link above will just lead to the wiki page describing it

    More to come...

    There are more features for OpenSBI in work (one important missing part you might already guess), so stay tuned.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  2. #2
    Member
    Join Date
    Dec 2006
    Location
    definitely the USofA
    Posts
    98

    Default login character flaw?

    Quote Originally Posted by PepiMK View Post
    <snip fulltext_above>
    The OpenSBI Wiki

    The aforementioned wiki is a new place filled with exact documentation on how to create custom detection databases, helpful tools, and more.

    The wiki is available to registered users only currently. If you are registered here at the forum, you can use the same login information for the wiki. </snip>
    Argh, wiki does not recognize me as a registered user with my SSD login info ..
    Quote Originally Posted by wiki.spybot.info login ui
    Login error: There is no user by the name "ME_2&". Check your spelling.
    ja-right possibly the '&' character? Mmm, if the sub still doesn't recognize, I may need to register a more compatible username, sigh let this be a lesson in uniquity .. kids, don't do as I do

  3. #3
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,571

    Default

    Yes, an amp is surely a somewhat difficult character; since user names in Mediawiki have the same restrictions as page titles have, and can be passed as parameters to scripts, an & could be imagined to cause problems.

    To be honest though, the integration is quite conservative yet and anything but a to z and 0 to 9 is currently not possible.

    I just tried to access a page with your username, and found that the amp was correctly interpreted, just the underscore was converted to a space. I took me an eternity, but I also finally found the Wikipedia (best reference for Mediawiki ) page on technical restrictions: the amp shouldn't be a problem any more!
    I'll have to read the code of the integration plugin again though to see how I can safely improve this, especially the space vs. underscore thing (since it's a Wiki-display-only thing though, the underscore might be less problematic than a space).
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  4. #4
    Member
    Join Date
    Dec 2006
    Location
    definitely the USofA
    Posts
    98

    Default danke

    Trying out the new OpenSBI editions - FileAlyzer and RunAlyzer seem fine (whoa, never bothered much with RunAlyzer before .. that is one pretty darned comprehensive app! with a lot of learning to familiarize with . Not sure why but the new RegAlyzer 16011 did not even load, (similar errmssg as with an install of RegAlyzer 15810) .. so back to 1568 there.

    /see/ further in http://forums.spybot.info/showpost.p...31&postcount=7

    btw, gratz on the RC1 - looking forward :D %26

  5. #5
    Senior Member TwistedMike's Avatar
    Join Date
    Apr 2008
    Location
    Canada
    Posts
    129

    Default does this help you?

    If we create a custon detection would this help you with creating more updates for spybot, or is this just for our purposes only?
    For the fastest, safest browsing experience get Google Chrome

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,571

    Default

    Not everything regarding OpenSBI is public yet, but the intention behind it indeed includes the purpose to help every Spybot user, not just yourself

    The forum is going to have a section dedicated for this purpose, with integration into the editor to submit new patterns, users being able to rate and comment detections, etc..

    The goal is to have high quality detections possibly becoming part of regular updates; as well as a "Favorite" function here on the forum that would allow you to create a personalized update.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Junior Member
    Join Date
    Jan 2006
    Posts
    4

    Default ~ also broken

    Any chance you can make ~ work for logging into the wiki. If not, don't worry about it. I can make a dummy account to check it out.

  8. #8
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,571

    Default

    According to the Mediawiki documentation, that isn't a forbidden character, so when I update the wiki bridge plugin, it should get allowed Well, maybe I shouldn't push it too far down the todo list, since it sounds easy...

    I tried to add it (the ~ letter), might work now.
    The & needed some special treatment since the forum internally treats it as &amp;, but should work now as well.
    I've also added spaces and tested them.

    Finally, I've played around with underscores. Since Mediawiki converts them to spaces, that got a bit complicated. I could try to convert all spaces to underscores to look up the account if the first lookup does not succeed, but that would mean that a second account with the same name but a space instead of an underscore could impersonate the first one, which isn't acceptable of course, so I see bad luck for underscores for now :-/
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  9. #9
    Senior Member Tom.K's Avatar
    Join Date
    Jul 2006
    Location
    The Universe / Milky Way / Solar System / Earth / Europe / Croatia
    Posts
    735

    Default

    Is there any way to set . (dot) to work for logging in wiki ?
    N/A.

  10. #10
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,571

    Default

    I added to dot to the list of allowed letters
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •