The main functionality of FileDefense comes from changing the way your OS operates by adding a layer of security at the layer that we feel is the most important - the file access layer. The way we see it, the amount of damage any application can do to you is based on whether it can access your personal files. The more you can limit this, the less damage even the most malicious program can do. We feel strongly about data protection. And our strategy for protecting your data is not to attempt to protect networks or your fellow Mac users, but to focus on protecting your personal files, and doing that well.
Free e-Mail Technical Support
Snow Leopard Not Supported
Mac OS X 10.6 Snow Leopard is not currently supported by FileDefense
OS X without FileDefense installed:
When you run an application without FileDefense installed in the operating system, the application essentially has free reign over your personal documents. It is free to read them, write to them, or delete them. There are no restrictions for what an application to do to any or all of your files. For example, if a sinister programmer so chose, he or she would be able to write a program that corrupts all of your personal files in seconds so that they are beyond repair. Or perhaps a program may chose to silently relay your personal data to a network destination of its choice without you ever knowing. This is why viruses and trojan horses can be so devastating when they get loose - there are few safety nets in place for when an application is run. Traditionally, opening an application is like letting it loose on your system
OS X with FileDefense installed:
When you have FileDefense installed, every single file an application opens is questioned and brought to your attention, thereby limiting the damage it can do if it is malicious.
If you do not yet trust an application, every file the application is trying to access (along with what it is trying to do to that file) is presented to you in a dialog, giving you the control to decide whether you want to allow the application to be able to access the document in question. You can even run a destructive virus with confidence that the damage it can do is limited. As soon as it starts accessing your files you will be alerted about it, and you will be able to force quit it and remove it from your system, all by simply choosing from 3 buttons on a dialog box.
Relevant press articles:
The three buttons:
Although simple in presentation, the three buttons allow you to fully control what an application can do on your system by setting rules for which files it can access. Using the three buttons you can effectively sandbox an application, so you know that no matter what it will only be able to access the documents you have expressly granted it access to. As you can see the three buttons are as follows: Kill, Allow This, and Allow All. The descriptions of each are as follows:
Allow All:
When you are using an application that you fully trust you can choose Allow All to give the application free reign on your system without having any more of these dialogs appear for it. It will effectively disable FileDefense for this application. This is desirable because the majority of the applications most people use tend to be from completely trusted sources. As such FileDefense comes with a list of preset trusted applications (which you are free to edit on installation) so that you do not have to go through the initial setup procedure of granting pre-installed applications from trusted sources access to files yourself. An example of such an application is Safari.app.
Allow This:
Using this button you can watch and restrict each file that the application tries to access. If you continually click this button then for every new file that the application in question tries to access, another dialog similar to this one will appear. This way you can monitor every file that the application is trying to access, and from this you can judge whether you can trust it. For example if you were using an peer-to-peer application and it was trying to open open some files that you are downloading, this would be acceptable behavior and you would click Allow This because it is not doing anything wrong for now. However if started opening your private files in your documents folder then you may want to select the Kill option and contact the author of the program for an explanation on why it is behaving like that.
Kill:
This will force quit the application and disallow it to access this or any other file until next time you run it. This option is present for cases where you see that the application appears suspicious (eg, it is trying to read a file it should not need access to), and you decide not to trust it for now.
FileDefense used in 3 basic scenarios:
Scenario 1:
In this scenario you have just installed an application from a source you trust thoroughly, perhaps you have been using their software for years and it is a well reputed company. In this case you would normally click Allow All so that unnecessary dialogs do not appear asking you whether you want to allow the application to open specific files. FileDefense protection will be disabled for this application because you trust it.
Scenario 2:
In this scenario you start running some software from a source that you do not yet trust or distrust. Perhaps it is some peer to peer filesharing software. In this case you would click Allow This repeatedly for each file it attempts to access so long as you are happy to trust it with whichever files it is accessing at the time. You would continue doing this, and so long as the application does not try to access anything that you do not want it to access you could allow it to run normally, with it being able to open only the files which you have previously clicked Allow This for. If at any time it tries to access a new file that you have not granted it access to (even days later), a new dialog will appear asking you for your choice before it will be allowed to access that document. This effectively allows you to sandbox an application so you know at all times exactly what it is capable of doing based on the parameters you have set.
Scenario 3:
This scenario starts of the same as scenario 2. You run some software that you do not yet trust or distrust. However in this case, after clicking Allow This several times, it starts to open some files that you do not think it should need access to, and you question why it would want to be accessing those files. Perhaps a peer-to-peer application starts to read your private documents that should be completely unassociated with it. In this case it is accessing your personal files and you start to feel suspicious, you choose the Kill option to force quit the application, and then either do not run it again or perhaps contact the author for an explanation behind the application's behavior. If the program did turn out to be malicious then you can be sure that any data that it did read or write is completely limited to the files that you granted it access to. And since you did not allow it to access any of the files that are precious to you, you can rest assured that the data contained in those files is still private and safe.
System Requirements:
FileDefense is programmed to run on the following minimum specification:
- Apple Macintosh G4 800MHZ or faster
- Mac OS X (version 10.4 or newer, Leopard Compatible)
FileDefense v1.5 Manual
1: Introduction
What is FileDefense?
FileDefense is a program that forms the first line of defense in file access. It is a set of programs that provide an easy interface to locking down files and making sure that unwanted access is not given to malicious scripts, applications and services on the your computer.
FileDefense automatically alerts you when any program is accessing files and prompts you to accept or deny that access. To this end FileDefense provides security second to none, stopping virii, trojan horses, malicious scripts and network services from accessing personal information, passwords or any other data that they should not have access to without your permission.
Conventions in this Manual
A number of conventions have been used during the writing of this manual.
Reference to FileDefense Features
You will find often that elements of the application are referred to in Initial Caps and ‘Single-Quoted’. Text from buttons are in bold.
Quick Tips
Quick Tips
Also included are “Quick Tips” in black bordered boxes with grey header boxes and bold titles.
Chapters & Titles
A “section page” breaks each chapter and core headings are in brown + bold, whilst sub headings are always in blue + bold, with further subtitles in bold.
Menu Shortcut References
In this manual we refer to shortcuts in the following format:
[button name] + [button name] + [button name]
with as many bracketed button names as is required.
2: Getting Started
System Requirements
FileDefense is programmed to run on the following minimum specification:
• Apple Macintosh G4 800 MHZ or faster
• Mac OS X (version 10.4 or newer)
• 512 MB of RAM
• CD-ROM drive for installation from CD
How To Obtain the Latest Version
FileDefense is available as a Universal Binary; enabling it to work on both older PPC and newer Intel-based Apple Macintosh Systems.
Downloading From the Web Site
The user can install the latest version of FileDefense by visiting the official web site at: http://www.subrosasoft.com
A download link, along with version information, is accessible on the product page of the site. Simply click the respective link and a compressed archive file will automatically begin to download to the user’s desktop, or specified download location.
FileDefense versions are distributed in a ZIP archive format and can be decompressed in the Mac OS Finder with a simple double-click of the file. This will place the decompressed application file in the same location as the original ZIP archive, in this case the desktop, or “Downloads” folder in 10.5.
Having decompressed the application we strongly recommend placing this copy of FileDefense then into the workstation’s “/Applications” Folder and the original ZIP archive file be deleted.
Web-Enabled Version Checking
Once FileDefense is installed it will by default ‘Web Check’ for up-to-date versions of the software. FileDefense auto-performs version comparison at start-up and in doing so will attempt to make an HTTP request to the SubRosaSoft web server. You can disable this check at any time by selecting “Disable Web Check” from the Edit menu.
Disabling web check or disconnecting you computer from the network will not affect the operation of the software. You can re-enable web check at any time by using the Edit menu command “Enable Web Check”.
When prompted to download the latest version, simply accept and the latest version ZIP archive will be downloaded to your computer.
Quick Tip: Web Check
This function operates by making an request to the web address:
http://www.subrosasoft.com/FileDefenseVersion.txt
The contents of which is then checked against the installed software.
At no point is any identifying information specific to the user’s computer transmitted by FileDefense to our servers.
Updating the Application
Updating FileDefense is easy. First make sure FileDefense isn’t running, and then download a newer version as described above in “Downloading from the Web Site”, or alternatively “Web-Enabled Version Checking” downloads the file for you. Once the compressed archive is expanded you can copy the newer application file to the location of the existing FileDefense version. When prompted by the finder to “Cancel” or “Replace”, click Replace.
Installing FileDefense
Initial Setup
Once the FileDefense application is in the Applications folder, double-click the icon to activate the installation process. You will be greeted with the FileDefense splash screen. It has the software version number and is emblazoned with the FileDefense, Universal Binary and Mac icons.
After a few seconds this will close and the you will be presented with the registration window. Having filled the respective boxes with your registration number and clicked the ‘Registration’ button, you are presented with an installation dialog window. This is the last chance to quit FileDefense prior to actual installation. The final dialog box has the following options/buttons:
- Red • Close Window – which will quit FileDefense
- Install – which will provide final confirmation to go ahead and install the necessary files.
After clicking Install you may be prompted to enter the administrative username and password for the workstation onto which the software is being installed. This is needed so that FileDefense has the necessary permissions to install files where required. Once the admin details have been accepted, FileDefense will install. After the process has completed a computer restart prompt will appear. This can be closed and you can choose to restart the system immediately or leave it until later, when more convenient. However, FileDefense will only be enabled on the next startup.
Uninstalling FileDefense
FileDefense can be uninstalled at any time. To do so start FileDefense by double clicking on it then select “Uninstall” from the FileDefense menu.
You will then be prompted to confirm the uninstall. Again, click on the Uninstall button and the de-installation process will begin. Once it is complete FileDefense will quit. To completely remove FileDefense, drag & drop the application into the Trash from the Finder.
Next time FileDefense is opened the installation procedure will be required in order to use the software. If you decide you do not wish to continue with the install process, simply quit the application.
Help and Technical Support
Finding Help
Help can be found both via the small context sensitive information clips that appear when you mouse over a window element, as well as the standard help menu at the top of the screen. Contextual tool tips include buttons and parts of FileDefense that require some form of user interaction.
In addition, the core of the help documents are contained within the main window that appears after you have launched the FileDefense application, as text next to the controls. They are also available online at http://www.subrosasoft.com/.
Technical Support
We provide free technical support via:
E-mail: support@subrosasoft.com
Phone: +1 (510) 870-7883
10am to 6pm Pacific Standard (GMT -8) Monday to Friday
Fax: +1 (510) 868-3407
In addition to any support question(s), please include ALL of the following pieces of information:
• Valid registration number or purchase information.
• System configuration(s) – Memory, Macintosh model, etc.
• System OS version.
System related information can be found by using the “System Profiler” application in the /Applications/Utilities folder.
3: Using FileDefense
Protecting Your Data
The main functionality of FileDefense comes from changing the way your OS operates by adding a layer of security at the place we feel is the most important - the file access layer. The way we see it, the amount of damage any application can do to you is based on whether it can access your personal files. The more you can limit this, the less damage even the most malicious program can do. We feel strongly about data protection. Our strategy for protecting your data is not to attempt to protect networks or your fellow Mac users, but to focus on protecting your personal files, and doing that well.
OS X without FileDefense installed:
When you run an application without FileDefense installed in the operating system, the application essentially has free reign over your personal documents. It is free to read them, write to them, or delete them. There are no restrictions for what an application can do to any or all of your files. For example, if a sinister programmer so chose, he or she would be able to write a program that corrupts all of your personal files in seconds so that they are beyond repair. Or perhaps a program may chose to silently relay your personal data to a network destination of its choice without you ever knowing. This is why viruses and trojan horses can be so devastating when they get loose - there are few safety nets in place for when an application is run. Traditionally, opening an application is like letting it loose on your system.
OS X with FileDefense installed:
When you have FileDefense installed, every single file an application opens is questioned and brought to your attention, thereby limiting the damage it can do if it is malicious.
If you do not yet trust an application, every file the application is trying to access (along with what it is trying to do to that file) is presented to you in a dialog, giving you the control to decide whether you want to allow the application to be able to access the document in question. You could even run a destructive virus in most cases with confidence that the damage it can do is limited. As soon as it starts accessing your files you will be alerted about it, and you will be able to force quit it and remove it from your system, all by simply choosing from 3 buttons on a dialog box.
The access permissions request dialog comprised of 2 parts:
1. Access request details
2. Permissions buttons
Access Request Details:
The authorization request reads as follows: that the listed application (3rd line) is attempting to open the files (4th line), the request involves the properties (5th line) with the Process ID (6th line), what would you like to do?
The Three buttons:
Although simple in presentation, the three buttons allow you full control over what an application can do on your system by setting rules for which files programs can access. Using these three buttons allows you to sandbox an application, so you know that no matter what it will only be able to access the documents you have expressly granted it access to. The three options are as follows: Kill, Allow This, and Trust Program.
Trust Program
When using a full trusted application Trust Program gives the application free reign over the system without requiring further permissions dialogs. This effectively disables FileDefense for the application. This is often desirable because the majority of daily used applications are from completely trusted sources. To this end FileDefense comes with an editable list of pre-chosen trusted applications, avoiding the need to go through and grant each of these applications in turn as they start.
Allow This
Using Allow This you can watch and grant access for each file that an application tries to access in turn. At any point when the application happens to step beyond the bounds of what you consider to be acceptable requests, you can use the Kill option to stop the application in its tracks.
By clicking Allow This in the dialog box repeatedly, you can set up a restricted set of allowed files that the application or service in question can open without further authorization dialog boxes appearing.
Kill
This will force quit the application and disallow it to access this or any other file until next time you run it. This option is present for cases where you see that the application appears suspicious (eg, it is trying to read a file it should not need access to), and you decide not to trust it for now.
FileDefense used in 3 basic scenarios:
Scenario 1:
In this scenario you have just installed an application from a source you trust thoroughly, perhaps you have been using their software for years and it is a well reputed company. In this case you would normally click Trust Program so that unnecessary dialogs do not appear asking you whether you want to allow the application to open specific files. FileDefense protection will be disabled for this application because you trust it.
Scenario 2:
In this scenario you start running some software from a source that you do not yet trust or in fact distrust. Perhaps it is some peer to peer filesharing software, or an application downloaded with it. In this case you would click Allow This for each file it attempts to access, so long as you trust the application accessing the specified file. So long as the application does not try to access anything that you do not want it to access, it is allowed to run normally, only being able to open the files for which you have previously clicked allow. If at any time it tries to access a new file that you have not granted it access to (even days later), a new dialog will appear asking you for your choice before it will be allowed to access that document. This effectively allows you to sandbox an application so you know at all times exactly what it is capable of doing based on the parameters you have set.
Scenario 3:
This scenario starts of the same as scenario 2. You run some software that you do not yet trust or distrust. However in this case, after clicking Allow This several times, it attempts to access files that you do not think it should need access to, and you question why it would want to be accessing those files. Perhaps a peer-to-peer application starts to read your private documents that should be completely unassociated with it. In this case it is accessing your personal files and you start to feel suspicious, you choose the Kill option to force quit the application, and then either do not run it again or perhaps contact the author for an explanation behind the application's behavior. If the program did turn out to be malicious then you can be sure that any data that it did read or write is completely limited to the files that you granted it access to. Since you did not allow it to access any of the files that are precious to you, you can rest assured that the data contained in those files is still private and safe.
Managing Application File Access Rights
File access authorization can be managed both by the dialog boxes illustrated above, and by the main window of the FileDefense application. Here you can see which applications and services you have previously granted file access to, and add new trusted applications or remove them.
To access the FileDefense main window, locate the original FileDefense application and double click it (it should be in your ‘/Applications’ Folder). This will bring the main window to the front.
Services & Applications
Having started the FileDefense main window, click the associated tab or icon to display the required information for the application or service you desire.
Adding Services and Applications
There are two ways to add an application or service to the trusted applications or services list. You can either click Allow All in the dialog box that pops up, or you can drag and drop an application or service in the main window.
Removing Services and Applications
To remove a service or application from its “trusted” status in FileDefense, open the main window and select the respective tab. Then select the desired application(s) or service(s) for removal and press “Delete” on the keyboard. Having removed the item from the list, the next time you open the removed application it will create the authorization dialog box illustrated above, as if it is a freshly installed application.
Enabling & Disabling FileDefense Protection
To avoid possible conflicts with the installation of new software or the running of an application for the first time it is possible to temporarily disable FileDefense. This can easily be done from the respective switch on the top right-hand side of the main application window as detailed above. To activate or de-activate just click the button and flip the switch.
When switching FileDefense protection on and off you do not need to restart your Mac system.
