Product Review: FileDefense
At the end of November, SubRosaSoft released “FileDefense” – a new application for securing Mac OS X computers. SubRosaSoft makes and sells a number of utilities as well as some freeware for Macs; I primarily know of them for their MacForensicsLab and MacLockPick programs. From their website:
“FileDefense is a program that forms the first line of defence in file access. It is a set of programs that provide an easy interface to locking down files and making sure that unwanted access is not given to malicious scripts, applications and services on the your computer.”
My first thought: It sounds a bit like a “Little Snitch” but for files. I’ll come back to that later.
Installation of the App is very straightforward, the typical ‘drag to Applications.’ After either chosing to continue as a Trial or Registering the software, you’re instructed to Restart your Mac.
Upon restarting, I got a few warning messages from programs that were set to run automatically upon login. Here’s a shot of my Google Notifier starting up:
(click for full-size)
It’s helpful to have read the Help file provided with the program (or available in the main GUI window) to understand what each of the options means. I’ll detail it here at least breifly:
Kill – Exactly as you expect — if a program tries to open / modify a file and you get notified, you can select Kill to completely stop that access from happening. The Kill option also Force-Quit’s the offending application.
Allow This – Again, the options are well-named. The Allow This option allows the Application that’s attempting to read / modify the file to complete THIS ONE ACTION. In practice you’ll find that if you’re paranoid and choose the Allow This option, you’ll likely have to select it multiple times. More on this later.
Allow All – The last option is the preferred one for well known applications, basically saying “Allow this program to touch whatever files it wants.”
The window also shows the Process ID (PID) of the program in question, which you can view from a Terminal using ‘ps’ or ‘top’ or a number of other utilities.
The FileDefense manual details a few scenarios where the program would be useful, but it doesn’t take long to see the benefit of it. That being said, like any programs that monitor network access / file reads / program execution, the initial use usually reveals things happening that were not expected. In my case on Startup, I was getting alerted to only the Gmail Notifier and Growl, but not much else. Starting more complex programs like Adobe Photoshop or even Leopard’s Time Machine showed a considerable number of files being touched. If you were to select ‘Allow This’ on either of these, be prepared to hit it many, many times as files are opening and modified.
The Main GUI screen FileDefense has two tabs that control most of the important aspects of it’s use. As you Allow applications and system Services to modify files, the Trusted Applications and Trusted Services tabs get populated with program info, such as:
(click for full-size)
Any program that you haven’t yet Allowed will still prompt you when they initially try to read / write / modify / change permissions on ANY file. This is extremely useful in a world where people are downloading and trying new applications on a regular basis.
FileDefense is a unique program that picks one thing and does it well. I tried writing a few ‘nefarious’ shell scripts and then running them in subversive ways, but no matter what I tried, it always caught them. I’m confident that it would stop any rogue application that misbehaves. Regarding my initial thoughts about FileDefense being sort of like a “Little Snitch” but for files — I think it’s a fair and flattering comparison.
Note: One one of my Macs, the 30 minute demo stopped working after a few reboots, before the 30 minute limit had passed. I notified SubRosaSoft support who is looking into the issue.
FileDefense is a Universal Binary and is available from SubRosaSoft for $59.95.
Thanks to MacSecure reader Rob for suggesting this topic.
Loading...