Whiterabbit-uk,

We apologize for any inconvenience.
Your phenomenon occurred because we blocked an unregistered program from using WebCam.

If you register "Steam Client" as an allowed program, this program allows to use WebCam for Steam.
The display time of the Pop-Up screen asking whether to block or not is increased more than the current time, and the user will have enough time to choose.

Thanks

rich,
Yes.
If a program that is not part of the Safe List attempts to use the WebCam, a pop-up window will ask if you want to allow or block the program.
You can of course change the permissions later.

We also always allow WebCams for IE, Chrome, Safari, Opera and FireFox.

Thanks

xSecuritas, I want to block my microphone in certain circumstances in Chrome. Is there a way to do that? On a tab basis?

rich,
Currently, we allow webcam and microphones for all browsers regardless of tab(url).

1. Control webcam by url (tab) - ie, edge, safari, firefox is possible. But for chrome and opera, I have to think about it. Because chrome has recently changed its url acquisition method.

2. Disable use of webcam/mike in the browser regardless of the tab (url), is possible with minor modifications.

***I think that your suggestion is nice.
Please give me some times.
I will check it again

Thank you.

*** support@xsecuritas.com

From the description above: "If some programs access your WebCam or microphone, then you will first see a pop-up window asking you to confirm your approval. You only allow use of WebCam or Microphone for programs you trust."

BTW: The same function ist already included in Windows 10!

Peter Blaise,

Well. It's a matter of using terms. Sorry.

Rather than telling to block malware, it is more appropriate to block unauthorized programs.

We block the use of the webcam in the following ways:

1. Allows WebCam-using programs to be installed when installing MS Windows.

2. We also allow many popular programs (Skype, Viber, etc.), which are allowed by policy, and you can disable them.

3. Therefore, it may seem that this program is not playing a role when using only the programs that we basically allow.

4. However, try removing Skype, Viber, etc. from the policy.
You can see that the webcam is blocked.

** When configuring the allowable program, you can register the process name or digital signature.

Denis,
Programs provided by xSecuritas are not complicated uninstall.
However, only passwords are required to prevent other users from uninstalling the program.
When uninstalling the program, the following Option is available.
"Delete the data files when uninstalling the program" checkbox
  => If you select this, all the policy files (database), etc. will be deleted.

Dave, Ahhh NO sorry, I'm not that selfish! I am just pointing out that this software provides a false sense of security. There are no 100% secure software only solutions everything is circumventable, even disabling in BIOS could hypothetically be reversed by ring0 control of the hardware registers set by the BIOS to disable the webcam. Filter drivers aka rootkit filters are not a panacea since the API normally used that the filter intercepts to enforce control is bypassable in exactly the same way that anti-malware programs detect malicious rootkits by comparing direct access with API access... if they are different there is a rootkit running. At which point the registry API can be bypassed and the devices drivers can be accessed directly bypassing the filter driver altogether. Or the malware could attack the rootkit filter and program to disable or remove it.

TK, I am grateful that TK has informed me of the wrong part of the program or the part to fix.
I also know that I can not completely block 100% malware, so I am wondering how to handle it. Rootkits and more ...

LoLiTa, What is your IP address?

LoLiTa, I'm interested, how do I connect to you? :-)

Joe,

Actually No [& it's *mic* BTW].

In fact, I'd think that if it was that easy & prevalent, then gov agencies like the NSA and companies like NSO Group Technologies wouldn't bother engineering their own stuff.

Chuck, if you take it seriously you'd need more than this! start by disabling the interfaces you can in the BIOS or as a last resort in device manager and delete or NULL the driver files for the device manager disabled devices... or to be sure unplug the built in microphones and webcam device in the laptop lid...

Alexey, How do you unplug a camera that's builtin to your laptop? Would not simply turning on Airplane mode work as well as for the microphone?

laptoper, just go to device manager and disable camera. It is fast and easy.

Alexey, laptop camera or mike can easily masked with a small tape when not in use

Some computers have BIOS settings to disable as well.

laptoper, a tiny piece of electrical tape works wonders, 100% opaque, a dab of silicon caulk works as well (removable when dried up).

Alexey,

If you can turn it off, malware can turn it on. Turning it off in Device Mgr. would probably work with some malware, but there's no guarantee it'll stop all malware.

Joe, hello namesake, just my 2 cents :-)
A piece of dark cloth put over the top of a laptops cover (and the camera) works just as well but sounds less risky, as glue from the electrical tape can leave a mess. Also, that silicon may not be that easy to remove if it gets inside the microphone's "hole". I'm not sure if it's possible to turn a camera on w/o illuminating the its light, but I believe disabling both the camera and microphone should suffice (the light coming on would be a warning?). I personally use a different arrangement (not for privacy reasons, just like a big screen and "regular" keyboard as much as privacy). Plug my laptop at home to an external monitor and keyboard. The laptop sits off the desk, so if someone hacks my camera, they will see the touchpad area....

laptoper, just keep the volume control on your mike settings to 0 value and nobody can hear anything and on your camera, just set the brightness button to 0 or dark and nobody can see anything.

laptoper, you either unplug the built in webcam and microphone assemblies yourself if you are a compitent computer repair technician, OR hire a compitent computer repair technician to do it for you. It's not rocket science and is 100% secure. Disabling within device manager is using the Device manager MMC addin to change registry settings that could have been done by other means like group policy editor or a 3rd party designed program that makes or even unmakes those changes... and 3rd party software *could* enumerate the imaging devices and look for a disabled webcam and re-enable it. What can be disabled in software by windows adminstration tools can be re-enabled by third parties with sufficent skillz. If I can think it you can be assured the NSA and other nation states cyber espionage teams can do it, and so could black hat criminal hackers if organised crime financed it.

mike, It can be made significantly more difficult for malware or anything to re-enable a device manager disabled device if you first trash the drivers .sys file in some way i.e. copy over an invalid driver file renamed to the proper drivers name so that windows cannot load the driver even if the device was re-enabled... then disable it.

laptoper, At my work we install webcams in laptops that don't have one (find spare USB inside, route the cable, drill a hole, etc.).
To unplug one is 100x times easier :P Just open the lid and pull the connector. As a little bonus you can also cut only the power and connect an external switch.

Stan, Because modern computers come with webcam built into machine. they are not the separate thing like you have.

Robert, i have yet to see a tower pc with built in camera ,mic granted many use laptops but many also use towers

walter, I have a Dell Inspiron all-in-one with a built-in camera and microphone.

.
[ Frank D ],

You can download the service manual and see how to open the computer and unplug the camera and microphone.

Then using any external microphone and camera that is completely controllable and easily unpluggable on demand when not in use will give you back control.
.

Frank D, the plugs are internal and usually fairly accecesible... try searcing for a service manual for your machine and get adventurous or hire an engineer to open it up to disconnect the mic and camera and use USB webcam and external plugin mic if and when you want to use them. and unplug them when done.

TK, use an Edding for your built-in cam and a dummy microphone plug to disable the built-in microphone – voilà!

Julia, sorry plugging in a dummy microphone only disables SOME soundchips internal mic inputs... On many one can choose either internal or external microphone using standard DirectSound API Only way to be CERTAIN is to physically unplug the internal devices, not having heard of an Edding google suggests it could be a perminant marker pen ... it is unlikely that simply drawing on the lense will completely obscure the view via the camera but it will ruin the cameras lens... whilst unplugging the camera does leave the lens and camera intact and undamaged if the device is sold in the future or one wanted to re-instate the camera at some point in the future.

Peter Blaise, Thank you. I didn't want to actually disconnect my webcam and microphone, I just wanted to let everyone know that there are desktops with built-i webcams and microphones. But thank you for your reply and information.

Robert, laptops may have a built-in webcam -- which you just put a piece of tape or you can purchase webcam "sliders" to enable/disable the camera. As well, in device manager camera/microphone can be disabled. "modern computers" (no such thing) does not come with a webcam UNLESS you add it as an "accessory" when purchasing a workstation. I do not even give Microsoft via Win10 PRO access to my camera/microphone, why would I give the access to this program? I cannot trust an overseas software company access to the media devices.

TK, The Filter Drive can not be stopped programmatically.
Also, to make it more secure, periodically check whether the filter is loaded, and if the filter is unloaded, it is better to apply the load method again.

xSecuritas, I seriously doubt the filter driver can be prevented from being stopped programatically... I don't mean can be asked to stop using service controls but can be forced to have its process thread ended. Also unless you register the driver with windows file protection and use trustedinstaller owner in the installation process it is a simple matter for an elevated process to rename your driver file and replace it with an empty file of the same name which obviously will never restart once the drivers service thread is ended... .sys driver files are not held open once instantiated so can be renamed, deleted even relaced with a different file altogether with the appropriate elevated rights... I could also devise a procedure to adjust the replacememt empty .sys file ACL to make it impossible for you to restore your original .SYS file... you best opetion would be to use a random file name on each instantiation... Or hash checking the file before instantiating it and replacing it with a different named driver file which then is instantiated if the previously named drivers file had been corrupted in some way. Also do you protect approved cam or sound card applications from having code injected into them from being hijacked by malware and getting access to the camera and microphones indirectly through the approved applications?

TK,

"you best opetion would be to use a random file name on each instantiation... Or hash checking the file before instantiating it and replacing it with a different named driver file which then is instantiated if the previously named drivers file had been corrupted in some way. "
=>
This drive is loaded at boot time. So I guess it would be difficult to change the name each boot time, but what if I use file filter to not rename, delete, or modify the drive file (sys)?. ih this case, I think that I can protect my sys file.

And for code injection problem, this part is not yet processed. It seems to be a security enhancement to prevent code injection soon.

TK, * If an unregistered application attempts to access to webcam or microphone, ask the user whether to allow the this operation.
* When the main program is terminated, all programs can not access the WebCam or microphone.

Peter van Rijswijk, and if the filter driver service and the main program are killed then all bets are off and full access is restored to all processes.

LadyLei, Yes. Our company name is xSecuritas, which is different from the Securitas company in Sweden.
When I emphasized the meaning of security, I put an X as a prefix.

LadyLei, Yes there is no real world address for the offices of this company just a maildrop address in USA used by many (12) companies of no fixed abode, and the domains whois data is not that of a legitimate corporate entitiy but that of a private individual using a whois anonymizer service based in Canada.... and the software is based upon old fashioned rootkit filter drivers to perform the claimed actions which as most technicians know is just a band aid that can easily be circumvented by many techniques. In addition their "secure" website suports obsolete TLS 1.0 and so allows older now known to be not-secure browsers that only support TLS 1.0 to perform financial data transactions which should NOT be allowed. They should either move the checkout functionality to a different server enforcing a minimum of TLS1.2 https connection to procede or server side detect the TLS1.0 connection and refuse to offer the checkout page unless the visitor switches to a modern spec'd browser that does support TLS1.2 or better. The owners have been made aware of this security vulnerability in their servers architecture since previous giveaways but they have chosen to not impliment https minimum industry security requirements for secured web transactions.

TK, Thanks for that info. I don't get why someone wants to hide who they are if they are being straightforward with their business. Despite the developers explanation about the name, it still strikes me a pretty shady move. Could have just called it XSecurity and avoided the appearance of being part of a well known company.

Will not be trying this for three reasons: first I don't see a need for it on my machine, second just strikes me as a poor way to start a business and does not inspire trust for users and third, no real user reviews or trusted sites testing it.

xSecuritas, I prefer to remove the webcam API communication chain completely by disabling the webcam in the BIOS settings that way there is no way to access the webcam hardware via ANY windows API or conventional driver... That way I don't have to rely on 3rd party software to maintain its controls in order to prevent undesired camera access. Only once in over 20 years of using the internet have I felt the need to use a webcam... so no need here to give any programs selective access to the built in webcam. If a program demands a camera to operate I just use a virtual camera that provides a static test card image to the windows camera API.

TK, I agree to Disable the BIOS and Perfectly Block the WebCam.
However, in this application, I chose a way to block the WebCam or microphone to control the Registry access.

The reason is to use it when using a PC, some programs use WebCam, and others do not use WebCam.

Of course, if the malicious program does not refer to the Registry, WebCam Disable may not work.

xSecuritas, oh dear... so you don't filter the driver chain itself just selected device entries within the registry... I presume you do know that WIndows 10 does include access controls for APPs though I personally would never trust those or any controls presented to the end user knowing that MS likes to maintain closed source security through obscurity rather than real peer reviewed access controls and security measures.
Which also means if the service I mentioned which is your filter driver is stopped by software fault or attack then all protection would either cease or all registry read access would become blocked depending upon how the filter driver is inserted into the registry access chain.

TK, We do filter the driver and everything else for the registry.
On Windows 10, there is no other way,

xSecuritas -- nice try but all of this can be handled w/o an "app", in fact its more secure if handled via BIOS, or OS or inside the offending application. I can disable all recording devices in device manager and even more secured via the BIOS. After what happened in the US 2016 elections, its now more than ever more important to NOT let any software on my workstation, as any software installed could be a potential for hacking/spying/tracking. So will not allow any foreign software on my workstation. I can write what I need myself.

DEBUG,

Hi?
Thank you for your good advice.
The motives for making this application is as follows.
Of course, you can disable the WebCam through BIOS or Device Manager. However, my purpose is to make WEBCAM available only to application that is allowed by the user, and to block others.
Well. And in my application there is no BackDoor or malware at all.

Thank you for your feedback and I hope that everything is going well with you.