Winpooch
From Wikipedia, the free encyclopedia
 |
This article does not cite any references or sources. (December 2007) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
| Winpooch Watchdog | |
|---|---|
 Winpooch 0.6.6 |
|
| Developed by | Various contributors |
| Latest release | 0.6.6 / April 23, 2007 |
| OS | Windows 2000, 2003 and XP |
| Genre | Intrusion-prevention system |
| License | GPL |
| Website | winpooch.sourceforge.net |
Winpooch is a free open source intrusion-prevention system that detects and blocks malware from computers running Microsoft Windows. It does this in two ways. First, it intercepts many potentially dangerous system calls, only allowing certain user-defined applications and actions to be run (see Rules). Optionally, it also supports several antivirus scanners such as ClamWin and BitDefender to actively scan files for malware before they attempt to run.
As of version 0.6.0, kernel-mode hooking has been implemented through a kernel-mode driver, allowing Winpooch to monitor the Windows kernel and system services. It was, however, notorious for causing Blue Screens of Death.[citation needed]
Winpooch uses a permissions system to allow or restrict individual programs from performing operations associated with the network, system registry, filesystem (including wildcards), and process control.
Contents |
[edit] Rules
Winpooch is based on path based rules (strictly the static paths of programs). For non defined actions (or actions for which the user asked to be notified), the choice the user is provided with is to Accept/Feign/Reject the action or to declare a specific rule for this action. If declaring a specific rule, the user can select whether the rule should be applied quietly, reported in a log or to the screen.
[edit] Blue Screen of Death
The kernel level v0.6.0 introduced a problem of constant Blue Screens of Death. The problem resulted from Winpooch's opt-in approach for kernels - it could only simulate pre-programmed kernels. Each new version since v0.6.0 reduced the number of kernels that were still not simulated well, but certain kernels still can't currently work with the program.[citation needed]
[edit] See also
[edit] External links
This article related to software which runs on Microsoft Windows is a stub. You can help Wikipedia by expanding it.
