Softpedia >Windows >Security >Security Related >Tiny Watcher >  Changelog

Tiny Watcher Changelog

What's new in Tiny Watcher 1.501

May 11, 2009
  • New features
  • SHA-1 algorithm is used for deep scan of files, config hash and processes. It makes it very hard if not impossible for a virus to infect a binary without being detectable. Implementation of SHA-1 is from Jun-ichiro Itoh, copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  • Non-administrator user run is now supported (e.g. power user or restricted access user).
  • Customizable lists for monitored directories and registry keys.*
  • Snapshot is now saved to a single, protected file. Makes an attack against Tiny Watcher harder. Also makes it easy to save a copy of your snapshot or send it to someone else for sharing advices or getting help.
  • Deleted files can be monitored.*
  • Directories can be declared "volatile".*
  • Common installer for all Windows versions.
  • Documentation files now included in the installer (help was only online until now).
  • Changes
  • Faster scan (about one third faster).
  • Name changed to "Tiny Watcher". Note that this is in no way a subset of the previous versions!*
  • Files declared "volatile" are not anymore removed from snapshot if physical file disappears.
  • Other minor changes.
  • Bug fixes
  • Rare Random crash on XP pro (at least) at the end of the scan (occured usually when system is rather busy, e.g. during boot time).
  • Warning window appeared without having the focus.
  • Regedit pilot in Win98 did not always select entry name correctly.
  • In some cases disabling/enabling/removing a reg entry was refused.
  • WinXP and above: no more warnings on processes of another session (when logged first as admin, then lower privilege user).
  • Win98: crash when using contextual menus.
  • Abusive error message (tprofile.cpp, line 897) when an application creates a QWORD entry in a monitored registry key.*
  • Other minor fixes.

New in Tiny Watcher 1.11 (Oct 31, 2006)

  • New action "Volatile": available for changed registry entries and files, it allows to mark an item as "volatile". No further warning will be generated when this item changes again in the future.
  • "Confirm" action is now available for a process file that cannot be accessed. Big thanks to Gary P. Simmons, and John J. Zahn for mentioning the problem to me.
  • "Confirm" action is now available for a process which executable file path cannot be obtained (still not sure that the case will happen, though; please contact me if you see one).
  • "Registry" action now pilots regedit.exe to find the relevant key (very convenient).
  • "Explorer" action now automatically selects the file when the explorer opens (big thanks to Luke Hamburg for suggestion).
  • Contextual menu if right-clic on an item in the warning list.
  • New action "Show content" (in contextual menu only). Shows a file's content. The command is customizable from the Options window (default is running notepad).
  • "Explorer" and "Show content" propose a popup menu for selection if more than one file path is mentioned in the warning (before that the first file was taken by default).
  • Added ".../system32/drivers/etc/hosts" file to scanned files. Some malware are known to modify this file to "forbid" access to popular antivirus websites.
  • "Remove" action on a running process terminates it brutally (added because some malwares block the opening of the Task Manager).
  • Warning list table now remembers the width of each column (thanks Luke Hamburg for suggestion).
  • "Select all" button instead of "Confirm all". To do a "Confirm all", click "Select all", then "Confirm".
  • Explorer button is not "greyed" anymore even if no path is found in warning message (path defaults to "C:").
  • Machine refuses to shutdown when watcher is open (problem list or systray icon).
  • "=" in a file name makes watcher give "file created" warning endlessly.
  • Special characters in a file name makes watcher give "file created" warning endlessly (followed by an error message if user "confirms" the warning).
  • Systematic crash after error message (t_util.cpp, line 908) if Watcher.ini contains a line like entry=" (only one opening quote, empty string). Thanks a lot, Mister Barn! :)
  • Files which were in ignore list once were staying ignored even if removed from the list.
  • Problems when running 2 instances together (and error message main.cpp, line 194). Now shows a regular error message "Watcher is already running".
  • Abusive error message if user uses the ENTER key over the systray icon (instead of space or mouse click).
  • Abusive error message (chkTask.cpp, line 141) when a scheduled task has no executable path (ignore was continuing fine). Thanks to Doug for signaling the problem.
  • Abusive error message (chkFile.cpp, line 389) when choosing "Disable" on a new directory (ignore was continuing fine).
  • Abusive error message (t_util.cpp, line 252) when selecting a warning that contains a path with redundant "/" or "" (like "C:Windowsfoo.bat").