Core Force

Infobox_Software
name = Core Force


caption = Core Force
developer = CoreLabs
latest_release_version = 0.95 beta
latest_release_date = January 17, 2008
operating_system = Microsoft Windows
genre = Personal firewall
license = Apache license 2.0
website = [http://force.coresecurity.com/ force.coresecurity.com]

Core Force is a freeware personal firewall that incorporates modules for the control of processes (it is what is commonly referred to as a HIPS, acronym of Host Intrusion Prevention System). The software allows the user to control incoming and outgoing packets, as well as the behavior of programs: the permissions to read, write, execute, and delete files, and the permissions to read, write, and delete registry keys can be constantly monitored and/or limited.

Core Force's declared goal is to guarantee security characteristics that make it possible to protect from malware, trojans and external attacks that use 0-day exploits or that take advantage of weaknesses in the operating system and in the software in use.

In November 2007, the developers of Core Force claimed that the software is to be considered discontinued, due to "the advent of Windows Vista and the incorporation of functionality similar to Core Force in other major desktop operating systems (Linux, Mac OS X)" [cite web | url = http://force.coresecurity.com/index.php?module=xarbb&func=viewtopic&tid=319 | title = CORE FORCE Forums - General | accessdate = 2007-11-06] . Also according to the developers, there is a chance that the project will be turned into Open Source, but no decision has been currently made.

Features

Core Force provides inbound and outbound stateful packet filtering for TCP/IP, fine-grained filesystem and registry access control and program integrity validation. Configuration rules and policies can be created and enforced on a system-wide level or for specific programs.

The design of the packet filtering is based on the security methods and source code of OpenBSD's PF firewall. It is not a complete porting of OpenBSD's PF, as it lacks support of the most advanced rules of the latter and, unlike PF, it can work on a per-application basis, loading and unloading rules dynamically at application runtime, and it can be configured to require runtime user confirmation on certain connections. Core Force's firewall supports TCP flags and ICMP type/code flags, and can filter many network layer protocols.

The files and registry access control components are implemented as a kernel-level filter that mediates communication between the operating system and filesystem drivers. Permissions to create, read, write, execute, delete and list operations can be specified using wildcards and recursion masks. These permissions do not replace the normal Windows user permissions, but are complementary to them: Core Force will always enforce its additional restrictions for the same program under different accounts, but the original restriction will still apply.For instance, Core Force can enforce filesystem restrictions for a chosen program (and optionally for all the processes spawned by it) to prevent it from writing to a certain directory: these restrictions will always apply to that program (unless disabled) whenever it is run, even if the user running it has writing rights to that directory. Likewise, a user without administrative rights will normally not be able to write to the Windows system directory, even if this is explicitly allowed in Core Force, because the "regular" Windows filesystem restrictions still apply. In this sense, when used appropriately, Core Force provides a method for sandboxing dangerous applications.

Since the installation process, Core Force offers various preconfigured security levels and policies, which can apply to the operating system as a whole or to single programs. All programs for which a specific configuration is created are identified by a SHA-1 hash of the file's contents that is checked every time the program runs.

The software has a clean yet not spartan interface, and also offers a "learning wizard" for the automated creation of rules (however, as specified in the documentation, these will typically need manual tweaking). The rules can enforce different actions based on the detected activities: Core Force can autonomously permit or block these activities, or can alternatively notify the user through pop-ups that prompt for a decision; in this case the user can eventually decide to make the new rule permanent.

The program benefits from a Community of users (in development phase), not very large but of high profile. The Community members can freely create pre-rolled configuration 'plugins' which are tailored for particular programs and make them available for others to import and use.

The rather complex nature of the program makes Core Force a product probably intended for users with some technical experience.

System requirements

Core Force runs on:
*Windows 2000 Professional or Server Edition, Service Pack 4 or above;
*Windows XP Professional or Home Edition, Service Pack 1 or above.

The software also requires the aforementioned to have Internet Explorer 6 or later installed. A hardware configuration of a Pentium III 800 MHz with at least 128 MB RAM or equivalent is necessary, but the requirements to avoid excessive slow-downs suggest much less restricted system resources.

License

The actual code of Core Force is not publicly available; however, due to its Apache license 2.0, the software is completely free for commercial or noncommercial use and can be freely reverse engineered, disassembled or decompiled.

External links

* [http://fileforum.betanews.com/search?search=Core+Force Current FileForum Rating]
* [http://www.securityfocus.com/archive/1/417898 Security Focus Press Release From Core Force Team]
* [http://force.coresecurity.com Core Force]

References