Tiny Watcher, version history

Thanks

Luke Hamburg: Many features, changes and fixes below were originated or helped by suggestions made by Luke through his numerous emails. Big thanks to him! I have marked the ones I can remember with a *, hoping I did not forget too many.

Jean-Christophe Arnulfo and Jacques Wisson, as friends, were not able to escape my request for a painful alpha testing. Thanks to their initial reports and suggestions Tiny Watcher can be used and tolerated by a regular human being.

A few other people occasionally wrote to signal a problem they encountered. Thanks to them, Tiny Watcher is now working better for the mass of silent and happy others.

Version 1.50

New features

SHA-1 algorithm is used for deep scan of files, config hash and processes. It makes it very hard if not impossible for a virus to infect a binary without being detectable. Implementation of SHA-1 is from Jun-ichiro Itoh, copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
Non-administrator user run is now supported (e.g. power user or restricted access user).
Customizable lists for monitored directories and registry keys.*
Snapshot is now saved to a single, protected file. Makes an attack against Tiny Watcher harder. Also makes it easy to save a copy of your snapshot or send it to someone else for sharing advices or getting help.
Deleted files can be monitored.*
Directories can be declared "volatile".*
Common installer for all Windows versions.
Documentation files now included in the installer (help was only online until now).

Changes

Faster scan (about one third faster).
Name changed to "Tiny Watcher". Note that this is in no way a subset of the previous versions!*
Files declared "volatile" are not anymore removed from snapshot if physical file disappears.
Other minor changes.

Bug fixes

Rare Random crash on XP pro (at least) at the end of the scan (occured usually when system is rather busy, e.g. during boot time).
Warning window appeared without having the focus.
Regedit pilot in Win98 did not always select entry name correctly.
In some cases disabling/enabling/removing a reg entry was refused.
WinXP and above: no more warnings on processes of another session (when logged first as admin, then lower privilege user).
Win98: crash when using contextual menus.
Abusive error message (tprofile.cpp, line 897) when an application creates a QWORD entry in a monitored registry key.*
Other minor fixes.

Version 1.11

The "known problems" of version 1.10 are all fixed by this version. Here is the detailed list of all changes made:

New features

New action "Volatile": available for changed registry entries and files, it allows to mark an item as "volatile". No further warning will be generated when this item changes again in the future.
"Confirm" action is now available for a process file that cannot be accessed. Big thanks to Gary P. Simmons, and John J. Zahn for mentioning the problem to me.
"Confirm" action is now available for a process which executable file path cannot be obtained (still not sure that the case will happen, though; please contact me if you see one).
"Registry" action now pilots regedit.exe to find the relevant key (very convenient).
"Explorer" action now automatically selects the file when the explorer opens.*
Contextual menu if right-clic on an item in the warning list.
New action "Show content" (in contextual menu only). Shows a file's content. The command is customizable from the Options window (default is running notepad).
"Explorer" and "Show content" propose a popup menu for selection if more than one file path is mentioned in the warning (before that the first file was taken by default).
Added ".../system32/drivers/etc/hosts" file to scanned files. Some malware are known to modify this file to "forbid" access to popular antivirus websites.
"Remove" action on a running process terminates it brutally (added because some malwares block the opening of the Task Manager).
Warning list table now remembers the width of each column.*

Changes

"Select all" button instead of "Confirm all". To do a "Confirm all", click "Select all", then "Confirm".
Explorer button is not "greyed" anymore even if no path is found in warning message (path defaults to "C:\").

Bug fixes

Machine refuses to shutdown when program is open (problem list window or systray icon).
Special characters in a file name generate the "file created" warning endlessly (followed by an error message if user "confirms" the warning).
Systematic crash after error message (t_util.cpp, line 908) if watcher.ini contains a line like entry=" (only one opening quote, empty string). Thanks a lot, Mister Barn!
Files that were in ignore list once were staying ignored even if removed from the list.
Abusive error message (main.cpp, line 194) when running 2 instances together. Now regular message box.
Abusive error message if user uses the ENTER key over the systray icon (instead of space or mouse click).
Abusive error message (chkTask.cpp, line 141) when a scheduled task has no executable path (ignore was continuing fine). Thanks to Doug for signaling the problem.
Abusive error message (chkFile.cpp, line 389) when choosing "Disable" on a new directory (ignore was continuing fine).
Abusive error message (t_util.cpp, line 252) when selecting a warning that contains a path with redundant "/" or "\" (like "C:\Windows\\foo.bat").