Good day everyone. I just tried GeSWall yesterday after getting tired of Sandboxie slowing down my browser but i have some doubts which i hope someone can help me with, thanks.

1. Isn't the latest version should be v2.3.1? When i launch GeSWall Console, it shows version v2.3.0.

2. I did their test by running the demo VBScript but why is Disable Window File Protection able to get through?

http://www.gentlesecurity.com/pix/demo6_1.png

3. How many security levels are there? According to gentlesecurity, there are 4 in total with Isolate network applications being the highest layer - http://www.gentlesecurity.com/docs/seclevels.html

4. I'm using Opera web browser as Trusted with auto isolation. When i save some files for example an image with GIF extension, the file can be later opened in unisolated window. If i read the instructions correctly, shouldn't files created by an isolated program be isolated as well, unless there is a specific application rule?

5. I've created a Deny Create rule for system32 folder in Resources but is there anything else i should do to improve security?

hello lucy, this forum doenst' really have that many experienced geswall users. did you try emailing geswall's support team? they are very responsive. i found a glitch in the software and it was fixed and uploaded in 5 minutes :D

Hi Lucy, take a look at the thread of Aigle "Playing with sandboxie"

My experiences with virtualization aps:

I have tried Sandboxie, but did not like the slow down of my system. The ap worked perfectly.

GeSWall is fast, but I kept problems when printing. GeSwall did not allow the spooler to print pages. When I logged out and in again, GeSWall seemed to release the spool and the pages were print. Although the helpdesk of GeSwall is amazing reponsive (for a free product), they did not know how to fix it (because you need to allow two spool programs of my HP deskjet with the same internal product name, when adding the second spooler as "always trusted", GeSwall tells you have already one program with the same name, althoug the rule is named differently)

Then I tried Buffezone free for FireFox. Was easier to install and more straight forward. was slower than GeSWall. BufferZone had one problem: when you put an USB stick in the computer it freezes. When you pull out the USB stick the problem is gone. Considering the ease of use, it is workable (just not put the USB stick in when Bufferzone is active). It is a pity BufferZone free is only for one treath gate ap).

Because my company made an arrangement to enhance PC security at home. We got an license of DefenseWall and 150 euro's to buy an external drive (we also got a script to make a bootable BartPE with DriveimageXML for restore after disasters/backup programs drive and the free syncback to backup/restore your data drive). I am now using DefenseWall.
I must say DefenseWall is very easy to use. Is just a bit slower than GesWall, but faster than BufferZone (and a lot faster than SandBoxie). For speed reference: I have a AMD Athlon 3400 with 1MB (about 740K free after windows boot).

Hi guys, i emailed GeSWall's tech support few days ago and Brian (from GeSWall) has been a great help. Here are the questions i asked and his answers, just in case new GeSWall users like me would like to know.

-{ Quote: "Brian L. Walche to me

Dear Lucy,

thanks for your notes!

> 1. According to the download page, GeSWall should be v2.3.1 but
> after installed, the console shows it\'s v2.3.0

the current version is 2.3.1, that is minor bug, Console does not show
minor versions.

> 2. I ran your demo VBScript and the results were exactly the same
> as the screenshot. However, i\'d like to know why would \"Disable
> Window File Protection\" fail the test.

GeSWall doesn't block "disabling windows file protection", that is as
expected. The demo script just reports all things attacker would do,
and without disabling file protection we cannot show how GeSWall
prevents trusted files modifications while Windows File Protection is
failing.


> 3. How many security levels are there? The user manual has
> \"Isolate network applications\" being the 4th and highest level but i can\'t find it.

It is mistake in the documentation, we have dropped "Isolate network
applications" level as it caused too many incompatibility issues.

> 4. I have Opera v9.02 for web browser and it\'s set to \"Trusted
> and auto isolate\". I notice there are files like images or songs
> when downloaded, they are later launched in unisolated window.
> Shouldn\'t files created by an isolated program be isolated as well,
> unless there is a specific application rule?

Indeed, an application that opens files downloaded by isolated browser
must be isolated by GeSWall. But GeSWall will isolate this way only "known"
applications, which are currently described in its Application
Database. The current list: <http://www.gentlesecurity.com/safe.html>
What applications do you use for images and songs? You can
add an application definitions for them in the GeSWall Console and
they will be isolated on access to "untrusted files".
Please note, that is related only to non-executable files, executable
files downloaded by isolated browser will be isolated regardless
Application Database definitions.

> 5. I\'ve created a \"Deny Create rule\" for system32 folder in
> Resources but is there anything else i should do to improve security?

I would suggest to setup a confidential folder in the GeSWall Console,
the folder where you keep some private files which are normally must
not be used by isolated applications. Files within confidential folder
would be protected from leaking through isolated applications. By default,
GeSWall sets up My Document\Confidential, however you can add another
confidential folders in the GeSWall Console
<http://www.gentlesecurity.com/docs/resources.html>.

"Deny create" for system32 doesn't improve the security, please have a
look at this FAQ article: <http://www.gentlesecurity.com/docs/geswallfaq04.html#q3>
The full FAQ: <http://www.gentlesecurity.com/docs/geswallfaq00.html>


Thanks,
Brian L. Walche
GeSWall Support
GentleSecurity S.a.r.l.
www.gentlesecurity.com" }-

My second email
-{ Quote: "Thanks for the reply, it has answered everything but i have some new questions.

1. Where does GeSWall store the log file? What is the maximum file size and is there any option to clear them?

2. I've added a rule for application "FlashGet" before your recent database update.Other download manager rules are added but FlashGet isn't updated. Shouldn't it merge my own rules with latest?

3. All access Permission for Opera are set to "Allow" but according to the log, Opera only redirects or deny access to a file or registry. Does this mean if an application is isolated, the access permission is changed to REDIRECT and DENY?

I have some suggestions which "might" prove useful. Regarding my last question 4, why not have an option of unknown applications be added automatically after user confirmation and then set to auto isolation? And you should probably update the documentation to prevent confusion in the future.

Anyway, GeSWall is an excellent program and i hope you guys can keep up the good work. Thanks again." }-

His reply
-{ Quote: " Brian L. Walche to me

1. log files are stored in '%SystemRoot%\geswall\logs' directory,
a file per-day. The files are deleted automatically one by one when
their overall size exceed 10% of the free disk space. There is no a
user interface to clear them on demand, only to delete files manually.

2. On update GeSWall checks if an application already present there
and merge the existing rules and ones that coming from update. The
merge algorithm behavior depends on various conditions. In case, an
application is created "manually" GeSWall must not touch existing
rules but just add/update those that are created automatically.
For FlashGet GeSWall must add these two:
%getdir%(%longname%(%HKEY_CURRENT_USER\Software\JetCar\JetCar\General\AppPath%))\Default.jcd
HKEY_CURRENT_USER\Software\JetCar

So, if you don't see them, then there is a problem there. Please let
me know, if it is a case.

3. Logs contain info only about restricted access, if access is
permitted ("Allow") then it is not appear in logs. Normally rules
describe resources which are required for application functionality.
The rest is restricted.

> I have some suggestions which "might" prove useful. Regarding my last
> question 4, why not have an option of unknown applications be added
> automatically after user confirmation and then set to auto isolation? And

It worked in a similar way before, but without rules enabling access
to viable application resources(files/regestry/etc.), many applications
just fail or do not work as expected. Additionally there are too many
interconnections and too many application use a network in some way,
so shortly you would get nearly all applications isolated by this way,
which could be undesirable.

Thanks for your valuation! Actually we have an ongoing beta program for
GeSWall 2.5, which must be released early October. If you don't mind
I'll send a download link next week." }-

I don't print out my logs so i'm not sure about the printer spooler problem, but GeSWall is working fine for me although it took me a while to learn how it works.

As i have an old pc, CPU and memory usage is one thing i'd look into. GeSWall's 2 processes (gswui & gswserv) have almost zero CPU usage while memory consumption is about 4-6MB in total . How about Bufferzone and DefenseWall?

GeSWall will be releasing beta for v2.5 and i'm really looking forward to it.

Hi Lucy,

GeSWall is really a nice concept. It is the less CPU draining virtaulization ap I have used. Second is DefenseWall, BufferZone is a bit harder on your resources. For Sandboxie you need to have a very powerfull PC (I have a AMD Athlon 3400 which works fine with GeSwall, DefenseWall and BufferZone).

The nice thing about GeSWall is that it is free (and Brian of GeSWall, like Ilya of DefenseWall really try to help you). To play (paid) downloads of music I had to set Windows Media Player as always trusted. This goes against the idea to secure oneself against downloads, because I also download music with LimeWire.

BufferZone is also free for just one treath gate application (as fas as I know you can either install BufferZone for FireFox or IE or LimeWire). BufferZone is more install and forget than GeSWall. DefenseWall is easier to install, but you have to acquire a life-time lisence (no yearly renewal cost).

From a free-ware point of view I should first try GeSwall and Sandboxie, (Although I prefer GeSWall much better). Then try BufferZone (because the free ware version only protects against one treath gate application, but when you only surf the Internet and do not download files with P2P, bufferzone covers your needs).

When you both browse plus P2P-download, DefenseWall is the best option (cheapest, fastests, easy), follwed by BufferZone and GreenBorder (is more costly).

So I should try fiddle with GeSWall some more, before changing to a paid application. I use Antivir (free) and CyberHawk (free) along side with DefenseWall, no more other security applications (except static defense like SpywareBlaster and the CPU capabilities to enable DEP for all program in Windows).

With this setup it takes around 5 seconds for IE 7 to start up the first time, when opening a second tab it is displayed within 2 seconds. I only use IE 7, because my favourite music pay download site, requires Active X.

(So please fellows do not start making comments on IE it is a necessity in stead of choice).

Regards Kees

-{ Quote: "
As i have an old pc, CPU and memory usage is one thing i'd look into. GeSWall's 2 processes (gswui & gswserv) have almost zero CPU usage while memory consumption is about 4-6MB in total . How about Bufferzone and DefenseWall?
" }-

My computer is P2-450, 384Mb.

Ilya,

I am very satisfied with DefenseWall, but I tried to give an objective answer. Brian (of GeSwall) and you (DefenseWall) both offer excellent support, unmatched with other applications I have had (like Internet Security 2006, SpySweeper or Kazaa Gold, Kazaa's Gold support is a real pain in the ass, their only response is to enable your FireWall and re-install Kazaa, that's is joke considering I only use the inbound firewall of my Router)

Regards Kees