Mid-year update… more banging on the Anvil, and free give away

This is our mid year update… along with an Anvil article we posted on our support channel which dives into the pros of running Anvil along side third-party AV solutions, backups, and even Microsoft’s Controlled Folder Access. We are also offering a limited time, free Anvil Premium life time license give away… don’t miss out.

Cloud Xtender

First out of the gate… a major update has been released for Cloud Xtender! v3 landed a few weeks ago and is a major update over v2… with most of the code base having been upgraded from our Drive Xtender development. If you havent upgraded, do so as there are many fixes and performance enhancments. There has also been a price rise, however, if you were trialling Cloud Xtender before the rise, drop a line to support and we’ll give you a discount.

Drive Bender

Drive Bender v3.2 is in the works… for the most part, this is a bug fix release, along with some minor feature updates which will include better Anvil integration. We are looking at an August/September release… as usual, subject to change 😉

Drive Xtender

We’ve had a bunch of users ask about Drive Xtender’s progress. While we are still actively developing Drive Xtender (it formed the core of the latest Cloud Xtender release), there is still much to do. Over the coming months, we will have a better idea of its future and will post an update.

AnviL

We have had some interesting feedback around Anvil… most notably, around the UI and getting Anvil up and running… of which, we have taken on board and made some major improvements (well, that’s the hope), along with constantly building on the documentation. We’ve also had many users ask what the benefit of running Anvil over Windows 10’s “Controlled Folder Access”, or other AV solutions? To answer that question (and others), I wrote an article in our support channel and thought I would share it here.

In addition, we have created and release a number of videos

Why Anvil

First, what is Anvil’s purpose? Its primary purpose is to protect files from unwanted or unintended modification. The most obvious source of which is malware and ransomware. Anvil does this by providing a rules-based engine that is very binary in nature… that is we don’t rely on guessing who are the good and bad actors, we simply have rules that determine access for all.

Doesn’t normal AV software protect files? Generally no, while a number of AV solutions do have some form of file monitoring, it’s often an afterthought and offers little in the way of configuration. Anti-virus mostly relies on process filtering, to catch malware as it attacks or infects your system. So to answer the question, no, they generally won’t offer the explicit file protect Anvil can.

Won’t backups protect my files? Well yes… and no. You should always backup regardless,  but backups can be a double-edged sword, if you have multiple backups in rotation, and you catch things quickly, you may be able to restore clean files… but in a lot of cases, you are left with backups of the very encrypted files you are trying to restore.

The exception as previously noted… how does Windows Defender differ? Windows Defender, under Windows 10 (1709 and above) has a feature called “Controlled Folder Access”, which, if configured correctly, can perform in a similar manner to Anvil… however, there are a number of caveats.

  • You must be running Windows 10, 1709 and later (duh).
  • You need to be running Windows Defender, if you run another AV solution, this feature is disabled.
  • You are relying on Windows Defender to determine which actors are good, and which actors are bad. Now, we would argue that, if such detection was robust, there would be no need for Controlled Folder Access in the first place. The key issue here is that a lot of malware can get through such detection either through Windows exploits, or trojan style attacks, for example, a malicious “signed” application (more on these later).
  • Lastly, and this biggest caveat is that an application, that has gained administrative rights, is able to programmatically “whitelist” itself, bypassing any scrutiny by Controlled Folder Access.

So in summary, AV solutions don’t offer explicit file protection, backups can be hit and miss, and all bets are off if running Controlled Folder Access and the malicious app bypasses detection or gains admin privileges… which can often be obtained through some form of social engineering (following a link in an email for example), so this is far easier than you might think.

Now, with regards to “signed” applications… unfortunately, signed applications are fast becoming an entry point for attacks. The number of major software vendors losing control of their certificates is growing at an alarming rate. Those users that have installed Anvil, and run the getting started wizard, would be aware that the default protection allows for “all” signed application… we do recommend locking access down to specific certificates, and we are working on improving this in future versions.

So this brings us to… why Anvil? Well, let’s start by saying, “prevention is better than a cure”… here is a rundown

  • Having explicit rules around folder access leaves no room for ambiguity
  • Rules cannot be changed even if the malicious app gains admin privileges
  • Rights to change folder access is determined “off machine”, that is, authentication occurs in the cloud, and not on the host machine. A token, with a limited life, is generated on the Anvil server and is required to modify any rules.
  • Anvil was developed with a security-first ethos, not a “safe default” mindset. We are working on a support channel article that will detail the security framework Anvil employs… I’ll post a link here when it is complete.
  • In addition, Anvil is a file system platform that allows us to bolt on features such as folder level file encryption, file duplication and cloud drive support.

The future ahead? The Anvil roadmap has a number of features which are locked in to version releases.

v1.3 – Folder level encryption. This feature allows you to specify a folder, and encrypt all content that is written to it. The encryption is TNO (trust no one) and is only accessable by the user. When accessing a folder protected by encryption for the first time, the user will be prompted for the passphase (certificates are coming), and how long the access will persist (i.e. just for the file/application instance, for the login session etc).

v1.4 – Enterprise support. These include, deploying and managing readonly configurations to clients (no Anvil account required, all is managed from a single user). Deploying and managing base configuration to existing Anvil users.

v1.5 – Folder level duplication. This feature is taken directly from Drive Bender, you can have a file duplicated, in realtime, to another location.

V1.?? – There are a number of other feature we are looking at, including cloud access (using technology taken straight out of Drive Xtender), and an “events” engine, that can fire based on file system access… plus a bunch of other features.

Finally… we have a number of free Anvil Premium lifetime licenses to give away. To get yours, simply create an Anvil account, install Anvil and send your first impression to support (good or bad) along with the email address used to create the Anvil account… we’ll then apply a lifetime license to your account, simple as that.

Ok, thats all for the moment… leave a comment, and lets us know what you think!

Roon and Smooth Stream using Drive Bender

Recently we had a user ask how to improve pool performance when using Roon while connected to Drive Bender backed storage…. let’s take a look!

A Roon with a view

Roon is a high-end music management and streaming solution that can deliver music to many different audio platforms (see What is Roon). Personally, I’m a big fan of Roon (kudos to the dev team, IMHO very well engineered software), and have been running Roon using a Drive Bender pool as the storage endpoint for some time… so I thought I would share my experience.

The setup

The Roon platform is a powerful piece of kit, and, in my case, it streams upsampled content to my Devialet Expert Pro 220 (I’ve just ordered a Denafrips Terminator)… all transported over ethernet. The Roon server is a dedicated Linux machine, with the music files stored on a Drive Bender pool, sitting on an oldish Windows Home Server 2011 machine (out of interest, this is the old server we tested on back in the day). As anyone that has used Roon knows, it can be quite demanding on the hardware it interacts with, while the Roon server hardware is fine (Core i7 with plenty of RAM), the Drive Bender pool server is a rather old, bloated machine attached to 12 hard drives that are anywhere from 3 to 10 years old (I say bloated as it has never been rebuilt). The music pool itself contains some 10,000 music files, consisting of lossless WMA and WAV files (Roon does not support WMA). Most of these files are lossless rips of my CD collection, however, there are quite a few 192/24 and DSD hi-res files.

In operation

During playback, Roon pulls the files from the Drive Bender pool over ethernet, processes it, then sends it on to the Devialet, resulting in some magically musically experiences right? Well, not always… when I first set everything up, I would get the odd stutter every few tracks, which was very annoying, to say the least. After eliminating the Roon server hardware as the cause, I started to look at the pool and discovered a couple of the hard drives, while still healthy, had less than stellar performance, which is a Roon no-no. Luckily I know a thing or two about hard drives, and decided to do some testing and connected these same drives directly to Roon via USB, no real improvement… bugger! Now I’m not privy to how the Roon team go about pulling data from the assigned storage and didn’t have the time to investigate. So it seemed to me the only solution was to replace these otherwise healthy drives with new, faster ones… but wait, I hadn’t tried Smooth Stream, a feature that has been part of Drive Bender since v1 (yes I know, you would have thought this would have been my first go to fix… but hey, forest for the trees blah blah blah). I enabled Smooth Stream, and boom, I’ve never heard a single stutter since!

smooth_stream

Hindsight is 20 20

This was the very same problem experienced by our Drive Bender user recently… and thanks to my own experience, I suggested he enable Smooth Stream, and bingo… all was golden!

Safety first

Re my old drives… I’ve spent many years building my ripped library, I can’t imagine how many hours have been consumed ensuring rips are error-free, and all metadata was in place (pre Roon). For those reading this and concerned over the age of some of the drives in my music pool… fear not, I run duplication on my music folder, so I’m happy that nothing will be lost.

Final thoughts

Being a Roon fan, and a fan of cloud storage, the next logical step is to combine the two. While Roon does support Dropbox, I prefer a local storage endpoint, or to clarify, an endpoint that appears to be local. Using a modded version of the Smooth Stream code, and some other cloud components I had laying around, I’ve been doing some prototyping on a solution and will be using the Denafrips Terminator to test the results. In my view, having Roon stream your own collection directly from the cloud is a no brainer, and Smooth Stream may well be the key. Let me know what you think, and is this something other users would be interested in?

Drive Bender v3, arrived… and 2019!

First up, welcome to 2019. It’s been a busy year for us here at Division-M, as we’ve also been involved in a number of side projects that have impacted our 2018 schedule… but, such is the software business, onwards we go into 2019!

We have just released v3 of Drive Bender. This particular release, while having a long beta cycle, does bring with it a number of security-focused features. The first of which is the “Pool Firewall”. This world first feature allows a user to lock down access to a specific folder, by only granting access to pre-approved applications. This protects files from ransomware and other malicious application wanting to alter files without authorization. This is achieved using rules that allow a user to lock down access to folders for specific “approved” applications. For example, you can specify an “Office” folder (and subfolders) that only allow “Word”, “Excel” etc to write to the “Office” folder(s). We have posted a short tutorial on the Pool Firewall here.

The next security based feature we have included is “Side Channel Protection”. This is a technology that has been requested for some time and protects the individual drives that make up the pool from being modified outside of the pool itself. So, even if a drive letter has been mapped to any of the physical drives, any attempts to write to these drives will be blocked… once again ensuring file integrity. The last feature I want to mention is “Drive Idle”… this is more of a performance/eco feature. While it is included in the v3 release, it is disabled by default due to some ongoing issues experienced by some users… we will circle back to this in the new year and work towards sorting the bugs. FYI – The Drive Idle feature was the cause of the lengthy beta cycle, in the end, we decided to push v3 with this disabled, just to get it out the door.

A couple of final Drive Bender notes… first I’d like to give a shout out to all the users that helped with the v3 beta, we have a lot of users involved in this version, so thanks to all! Finally, there is a price increase coming before the end of January… so spread the word.

The next piece of news revolves around Drive Xtender, and what is happening with its progress. All was on track until we switched gears and decided to work on Drive Bender v3, and it’s Pool Firewall feature (you can read why here)… we are expecting to resume moving forward with Drive Xtender early 2019.

Finally… we have some exciting news about a new product that has been developed in parallel with our Drive Bender v3 and Drive Xtender work, but first, some background. During the Drive Bender v3 development phase, the idea of a Pool Firewall raised a lot of interest… so much so that one of the most commonly asked questions was, “can we create a single pool drive (i.e. basically mapping an existing drive via a Drive Bender mount point) and use this new feature to protect files and documents on this drive”?  Well, you could, but that is a lot of overhead given you are not using Drive Bender for its primary intended purpose, pooling!

So, late in 2018, we decided to release a new product called “FolderWALL”. FYI – This was the internal name given to the Pool Firewall technology used in Drive Bender. This is a standalone product designed to protect files sitting on non pooled drives, and again, it works by allowing access to folders for given processes. Now, as users running v3 of Drive Bender will note, the configuration of these rules can be a little complex… so we have gone to great lengths to make FolderWALL easy to set up and maintain. The FolderWALL interface is based on our Drive Xtender interface technology, and is web-based, requiring very minimal effort to install and get up and running. Here is a brief list of features (* denotes premium features, ** not implemented, will depend on feedback):-

  • File write restrictions to designated folders
  • File read and list restrictions on designated folders
  • A request option, file write restrictions based on a prompts to the user (failing to respond results in access denied)
  • Learning mode, instead of defining rules, simply run in learning mode and allow FolderWALL to build the rules for you
  • An immutable file system, files can be written to the folder but once written, can never be changed
  • Command line interface, if your keen, you can go old school and go to the console
  • Encrypted writes, files are written using TNO (trust no one) encryption, only you hold the keys to decrypt files*
  • Action based file system changes, all file-based changes trigger actions that can perform external tasks*
  • Cloud services access, use Drive Xtender cloud components to sync to cloud services**

Now, when is FolderWALL going to made available? Well… it has been in development for some time and is all but ready to go. The “early release” version is set to drop on the 1st of February 2019… this is not a beta, but a full release, minus some incomplete features, this release will be limited to a small number of users, you can secure your license by registering at portal.folderwall.com. While you can sign up, you cannot install FolderWALL until the 1st of February, however, as I’ve noted, we are limiting the number of initial users, so if you are interested, get in quick!

The wrap-up… we are excited about FolderWALL, and given the rise in ransomware attacks, FolderWALL offers “world first”, rule-based file protection against such attacks. In the coming days, I will post further details of FolderWALL, including pricing, stay tuned!

Update – The early access release date has been changed to the 14th of February