This is our mid year update… along with an Anvil article we posted on our support channel which dives into the pros of running Anvil along side third-party AV solutions, backups, and even Microsoft’s Controlled Folder Access. We are also offering a limited time, free Anvil Premium life time license give away… don’t miss out.
First out of the gate… a major update has been released for Cloud Xtender! v3 landed a few weeks ago and is a major update over v2… with most of the code base having been upgraded from our Drive Xtender development. If you havent upgraded, do so as there are many fixes and performance enhancments. There has also been a price rise, however, if you were trialling Cloud Xtender before the rise, drop a line to support and we’ll give you a discount.
Drive Bender v3.2 is in the works… for the most part, this is a bug fix release, along with some minor feature updates which will include better Anvil integration. We are looking at an August/September release… as usual, subject to change 😉
We’ve had a bunch of users ask about Drive Xtender’s progress. While we are still actively developing Drive Xtender (it formed the core of the latest Cloud Xtender release), there is still much to do. Over the coming months, we will have a better idea of its future and will post an update.
We have had some interesting feedback around Anvil… most notably, around the UI and getting Anvil up and running… of which, we have taken on board and made some major improvements (well, that’s the hope), along with constantly building on the documentation. We’ve also had many users ask what the benefit of running Anvil over Windows 10’s “Controlled Folder Access”, or other AV solutions? To answer that question (and others), I wrote an article in our support channel and thought I would share it here.
In addition, we have created and release a number of videos
First, what is Anvil’s purpose? Its primary purpose is to protect files from unwanted or unintended modification. The most obvious source of which is malware and ransomware. Anvil does this by providing a rules-based engine that is very binary in nature… that is we don’t rely on guessing who are the good and bad actors, we simply have rules that determine access for all.
Doesn’t normal AV software protect files? Generally no, while a number of AV solutions do have some form of file monitoring, it’s often an afterthought and offers little in the way of configuration. Anti-virus mostly relies on process filtering, to catch malware as it attacks or infects your system. So to answer the question, no, they generally won’t offer the explicit file protect Anvil can.
Won’t backups protect my files? Well yes… and no. You should always backup regardless, but backups can be a double-edged sword, if you have multiple backups in rotation, and you catch things quickly, you may be able to restore clean files… but in a lot of cases, you are left with backups of the very encrypted files you are trying to restore.
The exception as previously noted… how does Windows Defender differ? Windows Defender, under Windows 10 (1709 and above) has a feature called “Controlled Folder Access”, which, if configured correctly, can perform in a similar manner to Anvil… however, there are a number of caveats.
- You must be running Windows 10, 1709 and later (duh).
- You need to be running Windows Defender, if you run another AV solution, this feature is disabled.
- You are relying on Windows Defender to determine which actors are good, and which actors are bad. Now, we would argue that, if such detection was robust, there would be no need for Controlled Folder Access in the first place. The key issue here is that a lot of malware can get through such detection either through Windows exploits, or trojan style attacks, for example, a malicious “signed” application (more on these later).
- Lastly, and this biggest caveat is that an application, that has gained administrative rights, is able to programmatically “whitelist” itself, bypassing any scrutiny by Controlled Folder Access.
So in summary, AV solutions don’t offer explicit file protection, backups can be hit and miss, and all bets are off if running Controlled Folder Access and the malicious app bypasses detection or gains admin privileges… which can often be obtained through some form of social engineering (following a link in an email for example), so this is far easier than you might think.
Now, with regards to “signed” applications… unfortunately, signed applications are fast becoming an entry point for attacks. The number of major software vendors losing control of their certificates is growing at an alarming rate. Those users that have installed Anvil, and run the getting started wizard, would be aware that the default protection allows for “all” signed application… we do recommend locking access down to specific certificates, and we are working on improving this in future versions.
So this brings us to… why Anvil? Well, let’s start by saying, “prevention is better than a cure”… here is a rundown
- Having explicit rules around folder access leaves no room for ambiguity
- Rules cannot be changed even if the malicious app gains admin privileges
- Rights to change folder access is determined “off machine”, that is, authentication occurs in the cloud, and not on the host machine. A token, with a limited life, is generated on the Anvil server and is required to modify any rules.
- Anvil was developed with a security-first ethos, not a “safe default” mindset. We are working on a support channel article that will detail the security framework Anvil employs… I’ll post a link here when it is complete.
- In addition, Anvil is a file system platform that allows us to bolt on features such as folder level file encryption, file duplication and cloud drive support.
The future ahead? The Anvil roadmap has a number of features which are locked in to version releases.
v1.3 – Folder level encryption. This feature allows you to specify a folder, and encrypt all content that is written to it. The encryption is TNO (trust no one) and is only accessable by the user. When accessing a folder protected by encryption for the first time, the user will be prompted for the passphase (certificates are coming), and how long the access will persist (i.e. just for the file/application instance, for the login session etc).
v1.4 – Enterprise support. These include, deploying and managing readonly configurations to clients (no Anvil account required, all is managed from a single user). Deploying and managing base configuration to existing Anvil users.
v1.5 – Folder level duplication. This feature is taken directly from Drive Bender, you can have a file duplicated, in realtime, to another location.
V1.?? – There are a number of other feature we are looking at, including cloud access (using technology taken straight out of Drive Xtender), and an “events” engine, that can fire based on file system access… plus a bunch of other features.
Finally… we have a number of free Anvil Premium lifetime licenses to give away. To get yours, simply create an Anvil account, install Anvil and send your first impression to support (good or bad) along with the email address used to create the Anvil account… we’ll then apply a lifetime license to your account, simple as that.
Ok, thats all for the moment… leave a comment, and lets us know what you think!