Tiny Watcher, version history
Main help page
Luke Hamburg: Many features, changes and fixes below were originated or helped by suggestions made by Luke through his numerous emails. Big thanks to him! I have marked the ones I can remember with a *, hoping I did not forget too many.
Jean-Christophe Arnulfo and Jacques Wisson, as friends, were not able to escape my request for a painful alpha testing. Thanks to their initial reports and suggestions Tiny Watcher can be used and tolerated by a regular human being.
A few other people occasionally wrote to signal a problem they encountered. Thanks to them, Tiny Watcher is now working better for the mass of silent and happy others.
- SHA-1 algorithm is used for deep scan of files, config hash and processes. It makes it very hard if not impossible for a virus to infect a binary without being detectable. Implementation of SHA-1 is from Jun-ichiro Itoh, copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- Non-administrator user run is now supported (e.g. power user or restricted access user).
- Customizable lists for monitored directories and registry keys.*
- Snapshot is now saved to a single, protected file. Makes an attack against Tiny Watcher harder. Also makes it easy to save a copy of your snapshot or send it to someone else for sharing advices or getting help.
- Deleted files can be monitored.*
- Directories can be declared "volatile".*
- Common installer for all Windows versions.
- Documentation files now included in the installer (help was only online until now).
- Faster scan (about one third faster).
- Name changed to "Tiny Watcher". Note that this is in no way a subset of the previous versions!*
- Files declared "volatile" are not anymore removed from snapshot if physical file disappears.
- Other minor changes.
- Rare Random crash on XP pro (at least) at the end of the scan (occured usually when system is rather busy, e.g. during boot time).
- Warning window appeared without having the focus.
- Regedit pilot in Win98 did not always select entry name correctly.
- In some cases disabling/enabling/removing a reg entry was refused.
- WinXP and above: no more warnings on processes of another session (when logged first as admin, then lower privilege user).
- Win98: crash when using contextual menus.
- Abusive error message (tprofile.cpp, line 897) when an application creates a QWORD entry in a monitored registry key.*
- Other minor fixes.
The "known problems" of version 1.10 are all fixed by this version. Here is the detailed list of all changes made:
- New action "Volatile": available for changed registry entries and files, it allows to mark an item as "volatile". No further warning will be generated when this item changes again in the future.
- "Confirm" action is now available for a process file that cannot be accessed. Big thanks to Gary P. Simmons, and John J. Zahn for mentioning the problem to me.
- "Confirm" action is now available for a process which executable file path cannot be obtained (still not sure that the case will happen, though; please contact me if you see one).
- "Registry" action now pilots regedit.exe to find the relevant key (very convenient).
- "Explorer" action now automatically selects the file when the explorer opens.*
- Contextual menu if right-clic on an item in the warning list.
- New action "Show content" (in contextual menu only). Shows a file's content. The command is customizable from the Options window (default is running notepad).
- "Explorer" and "Show content" propose a popup menu for selection if more than one file path is mentioned in the warning (before that the first file was taken by default).
- Added ".../system32/drivers/etc/hosts" file to scanned files. Some malware are known to modify this file to "forbid" access to popular antivirus websites.
- "Remove" action on a running process terminates it brutally (added because some malwares block the opening of the Task Manager).
- Warning list table now remembers the width of each column.*
- "Select all" button instead of "Confirm all". To do a "Confirm all", click "Select all", then "Confirm".
- Explorer button is not "greyed" anymore even if no path is found in warning message (path defaults to "C:\").
- Machine refuses to shutdown when program is open (problem list window or systray icon).
- Special characters in a file name generate the "file created" warning endlessly (followed by an error message if user "confirms" the warning).
- Systematic crash after error message (t_util.cpp, line 908) if watcher.ini contains a line like entry=" (only one opening quote, empty string). Thanks a lot, Mister Barn!
- Files that were in ignore list once were staying ignored even if removed from the list.
- Abusive error message (main.cpp, line 194) when running 2 instances together. Now regular message box.
- Abusive error message if user uses the ENTER key over the systray icon (instead of space or mouse click).
- Abusive error message (chkTask.cpp, line 141) when a scheduled task has no executable path (ignore was continuing fine). Thanks to Doug for signaling the problem.
- Abusive error message (chkFile.cpp, line 389) when choosing "Disable" on a new directory (ignore was continuing fine).
- Abusive error message (t_util.cpp, line 252) when selecting a warning that contains a path with redundant "/" or "\" (like "C:\Windows\\foo.bat").