Anvil has landed

Anvil File Security has landed… with a thud, albiet, a later than planned thud! We had a false start on the initial day of release but got there in the end. So… what’s what?

Introduction

What is Anvil? Anvil is ransomware and malware file protection technology built around the premise of locking down folder access. Ransomware and malware is a significant issue with attacks becoming more sophisticated in how they are infecting targets. While there are any number of products to protect against infection, they generally rely on heuristic analysis to block malware, most often, the malicious application is missed, or discovered after files have been damaged. Anvil changes all that with a clever rules-based engine that gives full control over access to any folder on your system. I regularly listen to Security Now podcast with Steve Gibson, and he said it best… “In my opinion, this is the biggest concern that exists now is the threat from software that encrypts” (episode 696, 8th of January, this year). Well, Steve… I couldn’t agree more!

Features

The primary and most basic feature is Anvil’s rule-based technology. This is modelled on an old school firewall, using cascading rules to either allow or deny access to a target folder, for a given application or applications. That said, who wants to be working out a bunch of rules… well I would, but most others have little interest in such things, so we have a nice web-based interface that creates and manages the rules for you. Before we take a look at that, let’s talk rules!

Rule break down

Here we are going to get a little nerdy and break down what a rule is, and how they work. First, a rule is made up of 3 key components

  1. the target folder (or folders)
  2. the target application (or applications)
  3. the type of access… can write, cannot write, can read, cannot read etc. These are expressed as W+ to allow write, W- deny write, R+ allow read etc.

Each rule is evaluated, and if a match is found, access as per the matching rule is granted. If no match is found, the next rule is evaluated and so on. Consider the following example –

Rule 1
Folders: "\My Text Files", Applications: "Notepad.exe" Access:L+R+W+
Comment: Allow write access for Notepad

If no match, move on to the next rule
Rule 2
Folders: "\My Text Files", Applications: "*" Access:L+R+W-
Comment: Block write access for all applications

If no match, move on to the next rule
Rule 3
Folders: "*", Applications: "*" Access:L+R+W+
Comment: Allow full access for all folders and applications

So if you save a file into the folder “My Text Files”, using Notepad, rule 1 is a match, and write access is allowed (because of the W+). Rule 2 is a blocking rule and is in place to catch any application accessing the “My Text Files” folder (notice the W-). Basically, rules 1 and 2 combined, only allow Notepad to write to the folder. The final rule, rule 3, is a default rule created for each drive that allows full access. Obvious blocking an entire drive would not be a great idea, so if access is not matched by any other rule, then we allow full access. I should point out that while it is possible to modify this default rule, we do not recommend doing so.

Other than basic access rules (i.e. + for access, – for deny), Anvil also has a number of feature-based rules.

Request mode (W?) – So instead of a flat out “-” for deny, we can have a “?” for “request access”. When the rule is matched, Anvil displays a dialogue asking you how to process.

The request mode dialogue

Immutable mode (W1) – An immutable folder, or vault as we’ve called it, is a folder that allows full access, but no modification. That mean you can save a file there, but once written, it cannot be modified.

Encrypted mode (W*) – A folder where files are encrypted on the fly using TNO (trust no one) encryption. Note, this rule type is disable in the first releases.

Learning mode (W>) – This is more of a temporary rule, and when used, Anvil monitors and records all applications that access the target folder. When learning mode is disabled, the rule access if changed to W- and the applications that were recorded are added to the “allow” rule for future access.

A friendly face

Enough of the techie stuff, let’s talk interface. Having built a number of client/server style applications over the years, one of the killer issues is the UI/UX and maintaining client compatibility with every changing server code. In addition… building great looking clients is no walk in the park, and often, the best tools to do this may cause other issues. For example, the Drive Bender manager is built using .NET, while it looks great, the baggage that needs to be installed to make it work is not.

When designing Anvil, we wanted 1) Clean, easy to use and easy to maintain interface… 2) Minimum dependencies, the smallest number of files to install, which means all native code. So we decided on a web client, and any machine side code had to be native… you can literally dump the Anvil files anywhere and Anvil will run.

The client interface, running in Chrome

There are some additional client tools such as a taskbar application for notifications, and a command line tool, so users can go old school and manage rules with cryptic commands.

Where do you get it, and what’S the cost?

It is available now… if you head to https://portal.anvil-fs.com and register, then follow the bouncing ball all should be golden. We have written up an installation guide if you need more help. Once installed, you are good to go, again we have put together a guide to get started.

As noted in previous blog posts, we are limiting the number of early access users, as of this post more 50% of the available slots are gone, so don’t mess about getting registered.

As for cost, pretty straight forward
For “early access” users…

  • Premium license – $1.50/month ($18/year)
  • Premium license for existing Drive Bender / Xtender users – $1/month ($12/year)
  • For comparison, the standard, non early access license users will be $2/month

Finally, we would love to hear your feedback, good or bad. You can leave comments here, or in the Division-M community site. If you have any technical question, shoot us a support ticket at https://support.division-m.com