Parrot Security Center development

Idea:

  • Protect home users
  • There are users want to have AV and other security solutions
  • Control all security tools (defensive) in a place
  • Checked https://github.com/OWASP/SecureTea-Project and didn’t happy with it (web server / installation failed)
  • Want to bring some custom method to protect users

Goal:

  • Use backend security tools
  • Create some custom controllers and maintain everything in hand
  • Use nim lang with gintro library (GTK): Fast, easy to read and maintain. Great community!
  • Native GUI application

Status:

  • Playing with ClamAV
    Screenshot%20at%202019-12-24%2002-26-21

Todo:

  • Complete ClamAV controller
  • Better code syntax
  • Custom firewall rules with nftables
  • Anonsurf buttons in it
4 Likes

Ive never had sucess with ClamAV and ive never heard anyone say anything good about that Anti Virus Package. It throws more Fales Positives than real positives in my experience. Plus if your using PenTest/Redteam OS and I get it that your talking about the Home Addition, but no ones going to be reverse Engineering Maleware on that distro and its not easy to get Viruses on Linux if your behind a VPN and using a Firewall Correctly. Plus isnt every Parrot Applications using AppArmor?

Check out this Git page for Algo? https://github.com/trailofbits/algo
Ive been using this for building my on VPNs and Honestly Im looking for people who want to Start a VPN Startup, and Maybe Even Working with Parrot guys to Add a Revenue System for them? How does that Sound?

I believe that is marketing from other AV solutions.

2 weeks ago a member sent me a sample of Linux coin miner and Clam AV is 1 of 4 AV solutions can detect it (tested on virus total).

Yes I am focusing Home users.

There are more way to infect malware. It depends on how users use their system and AV is 1 method. For example: An user download a binary file on internet by HTTP protocol or FTP protocol. Someone hijacks the connection and injects malware into the binary file. AV will be a good solution to check the file (ofc AV could not detect malware because of signature problem).

AV is a part of this project and i’ll add more features to protect users. Firewall policies will be included and i’ll do IPS if i can.

Turned out clamAV is the biggest fail. Simple scan task takes 400mb RAM (800MB for full database). That is only clamscan task.

At this point, Having a thorough firewall ruleset shipped with default .iso would seem like a best bet for the first layer of defense of home users. I did send you a preset firewall rulset a few weeks ago @dmknght & a few exclusion like anonsurf ports and you’ll be ready with a robust firewall, test it out :blush:

Speaking on clamav, putting gui to work seems like a potential unnecessary workload. @Meet has a database of millions of malware signatures/hashes, exclude the ones for windows, mac, android & iOS and combine it with clamav sig database & run it via CLI. We can put a module together that is CLI, easy on resources and even more easy to operate. just few easy commands like “scan -all” that triggers a scan command on the backend side to scan the entire filesystem with a restricted limit on how many files/signatures are to be matched, but having our own sig database would mean we are the one to host server that pushes upgrades and since malware keeps evolving, we’ll have to push updates like every 6 hours and users will have to upgrade from their side soo often. Its basically like setting up our own department of malware analysis, which im pretty sure we aren’t ready for at the moment. Heuristic behavior based detection is a different topic, whole lot of different commands to finegrain the detection more on that in our personal chat on the messaging app.

Or what we can do is, ship the user-sec toolset with both home and well as security edtion, home edition comes with default firewall&malware sig ruleset enabled since it would reduce user interaction and less misconfiguration (aka pain in the ass) and security edition does come with with user-sec toolset but disabled by default assuming that people who choose to use security edition know what they’re doing.

What do you say?

I agree. It should be on todo soon (must test and check and other things). We are having so many big jobs todo :frowning:
GUI is something user friendly. I think i can contact that dude and try the backend on Linux if the code can be used on Linux.

Agree princess!

1 Like