FREQUENTLY ASKED QUESTIONS
|What is Peek Inside?
Peek Inside examines the contents of a computer system in order to determine what it is being used for. In the process of finding out what the user(s) of the computer are doing with it, the files that prove or suggest a behavior are reported.
What are the system requirements?
Why was Peek Inside written?
Although the issue of user privacy has been a concern since the 1980s, the time between 2002 and the present is really the era of massive privacy breaches. However, not much has been done to truly expose the problem or to allow the people who need to prove a situation to do it.
There isn't much love for the "Peek Inside", its really a program that exists out of necessity because of such rampant abuses that the present 18% of all U.S. Citizens having been victims of identity theft will probably grow to 75% or more in the upcoming years. While the focus has been on stopping vulnerabilities, there has not been nearly as much emphasis on data leaks, sensitive information exposure, or other "broad" points of failure.
Peek Inside is a prototype of one type of "broad spectrum" security analyzers that works at the host level.
Why is Peek Inside free software?
Although the possibility exists for a commercial version sometime in the future, the point right now is that the industry needs "more transparency" in security software (that is, people have the ability to know exactly what is being done), more collaboration and more experimentation of new thoughts and ideas in this technology area.
Why did you write it in Microsoft J#?
Actually, Visual J# is a sweet language, especially for middleware applications that involve security functions. C# is nice, but there's a 20:1 ratio of security experts from Administration or Networking backgrounds compared to security experts from programming backgrounds. J# is based on Java, a relatively simple language, and promotes extremely fast development of applications.
Many languages make the mistake of being too complicated for the job. For example, WBEM's CIM language is a strict type-cast language used for system administration functions. For most administrators, this language looks like it would be hell to learn (since its not a part of their education to learn) and so why have a super-difficult language for a novice audience?
The primary different between Java and Visual J#, and -why- its such a nice security platform, is that it has the ability to directly control Microsoft .NET components (such as the registry, the desktop, the file-system, etc.)
Because of the connection between low and high level, with an emphasis on simplicity of design, J# is probably the best programming language for advancing Microsoft Security components. In reality, its more or less "the red-headed stepchild" of programming languages and may wind up going away like its predecessor J++ did.
Where do I get a copy of Microsoft J#, and how expensive is it?
You can download it free from Microsoft here. They say it might not be free in the future, but for the time being its all that's necessary to compile Peek Inside.
I'm looking at the source code and all I can say is, "What the heck is this?"
Okay, Eric's first rule is that Eric can redefine the universe. That's one of the reasons he's a wicked cool programmer. :) In this case, and in the case of the ImmuneSoft program, the software uses a core data element called a "dynamic". Its basically an in-memory XML representation. There is no "relational database" anywhere in sight. If you are looking for tables, forget it.
The point is, as data goes through filtering mechanisms, facts of information are added to records that are largely memory resident. At the end of the process of comparing and examining, the reports can be made based on facts that are present. This process is a lossless analysis and can used to be connected to real-time systems. This method is also extremely good for event-driven architectures. Its also pretty easy to code, if you know the syntax. :)
More details can be published if you want to know them, nobody has asked. This isn't exactly a "made up" method of programming, experimentation with meta-data driven architectures have been going on for awhile. However, to the best of our knowledge, nobody has built quite as much of a real-time meta-data framework as in the Immunesoft suite.