I have received the info by e-mail. Final version should come in a few weeks.

What is new:
1. Untrusted files browser
2. Isolated applications browser
3. Windows Explorer built-in zip support
4. Installers recognition
5. Updated application security levels
6. Keyloggers prevention fix
7. Windows Vista compatibility fixes
8. Updated Application Database (confidential \Device\PhysicalMemory,
no_create %systemroot%\system32, and others)

I have yet to install it, will do it soon. Anyone wants to try, PM me.

woohoo! IMHO the most important new features have to be 1) the isolated files browser and 2) the built in zip support in windows.

this is gonna rock :D

Sweet, the final release seems close. I'm very happy with 2.6 so I'll wait for the final build.
Thanks aigle :)

I just installed it. Some isolated application freeze/ delay on its initial launch that was encountered off and on with 2.7 beta 1 is gone. Working OK! It was the main bug i found in last beta. This RC version must be stable and usable by anyone I think. Will know in a few days.

Just tested the keyloagger test against which GW failed last time. It,s intercepted now.:thumb:

{QUOTE-> Just tested the keyloagger test against which GW failed last time. It,s intercepted now.:thumb: <-QUOTE}

gangsta! thanks aigle :) :thumb:

since i haven't tested the beta, i do have a request : if you can, can you post a picture of the isolated files browser?

It,s here.

nice! thanks again aigle.

U are welcome.:)

I received many PMs for the download link. I replied to all. If I miss someone, pls PM me again.

Also pls if u note any bug, post here.

Thanks

Hi aigle,

Do you have any information on the featureset of the free version?

GeSWall struck me as a very formidable sandbox indeed, though usability issues prevented me from adopting it. Looking forward to the new version.

Are u looking for this?

http://www.gentlesecurity.com/professional.html

Well, yes, but I meant for the new version.

Specifically, I'm interested in knowing whether the free version has the ability to scan for untrusted files.

Free version features must remain identical. Atleast they did not mention any change. About untrusted file scan, I am not sure as it seems to be a trial of pro version but I will ask later and inform u.

Post edited:

{QUOTE-> I received many PMs for the download link. I replied to all. If I miss someone, pls PM me again.

Also pls if u note any bug, post here.

Thanks <-QUOTE}

Hi all,

Thank you very much aigle for the post & the PM

Regards,

MaB

You are welcome.:)

Hi,

Just found a bug (already report it at GS support) : if i move a file labelled as untrusted from one partition to another, GW loses its untrusted state (the file is no more untrusted)

Regards,

MaB

Good catch!

GeSWall with those features arguably overcomes the main disadvantage to SandboxIE.
Good development!

I would just add a thing or two, heh, it's an obsession.

{QUOTE-> Hi,

Just found a bug (already report it at GS support) : if i move a file labelled as untrusted from one partition to another, GW loses its untrusted state (the file is no more untrusted)

Regards,

MaB <-QUOTE}

It's not a bug, see http://www.gentlesecurity.com/docs/labels.html
Only when renaming a file or when moving a file to another folder in the same partition, the untrusted label will stay. When moving a file to another partition the untrusted label will be removed.

I did not know this before. Thanks

I noted that f I copy an isolated file to other partition via explorer.exe( explorer.exe is always trsuted), isolated file looses its label and becomes trsuted.

But if I copy an isolated file to another partition via isolated browser( say IE), file reamins untrusted.

Are there any useful custom rules I can add to the base set?

1 day left for trial...might want to extend the time...

{QUOTE-> It's not a bug, see http://www.gentlesecurity.com/docs/labels.html
Only when renaming a file or when moving a file to another folder in the same partition, the untrusted label will stay. When moving a file to another partition the untrusted label will be removed. <-QUOTE}

Hi,

Thanks Henk for the link, i was not aware of this and i never noticed this behaviour before this release.

Regards,

MaB

{QUOTE-> 1 day left for trial...might want to extend the time... <-QUOTE}
How come? I have still 14 days left.

{QUOTE-> Are there any useful custom rules I can add to the base set? <-QUOTE}
http://www.wilderssecurity.com/showthread.php?t=180489&highlight=GesWall

Thanks aigle. For me this is by far the best program of its type . Hope it continues to thrive and develop.

Let,s hope so!

Thanks aigle for this and also for the previous file you sent me,unfortunately i have had no time to experiment until now,but i will in a few days time.
I notice you run NeoavaGuard and EQSecure along with the new GeSWall,so i hope it will continue to be a very compatible companion to my ProSecurity 1.40, as version 2.6 still is.

I hope so. I have no on access AV. I sometime even turn off EQS or change its mode to a behavior blocker rather than a full blown HIPS. NG works as an outbound FW too.

{QUOTE-> http://www.wilderssecurity.com/showthread.php?t=180489&highlight=GesWall <-QUOTE}

Having both lisences of GeSWall Pro and DefenseWall, the only usage advante GW has over DW is that you can mark Directories as confidential. The only exception you want to make is that your e-mail is allowed to access you folders containg e-mail, but not th eother folders.

I have never been able to explain Ilya the benefits of this GW feature.

GW is a little faster than DW, overall DW is easier to use and does not has Digital Right Management problems when buying WMA copyrighted music. By the way the new build is looking good, hope Brian and CS are doing well. Any Idea when a Vista64 version will be available? (that is the advantage of using comparative technology on different machines, you can swap setups)

How does Safespace compare with Geswall? This is to those that have extensively used both.

{QUOTE-> How does Safespace compare with Geswall? This is to those that have extensively used both. <-QUOTE}
I think zopzop can answer this.

{QUOTE-> Any Idea when a Vista64 version will be available? <-QUOTE}
Never asked Brian. Will try to ask him on next contact. Are u using Vista 64 bit?

{QUOTE-> I have never been able to explain Ilya the benefits of this GW feature. <-QUOTE}
In future versions of DW I'm planning to do a little bit more powerful separation feature- more secured, simpler in use.

{QUOTE-> How does Safespace compare with Geswall? This is to those that have extensively used both. <-QUOTE}

I use Geswall (Pro version 2.7.1) and have also tested Safespace.

Some differences I noted are given below (only differences in features, not going into bugs):

Safespace allows folders to be vitualized for apps running in safespace (anything stored in for instance the windows directory will be virtualized and be cleared after a reboot). Geswall however does allow isolated apps to store files in any folder (unless explicitly denied by a resource or application rule). Only when an isolated app wants to (over)write or change a trusted file, this file will be virtualized. This virtualized file is removed as soon as the app ends.

Safespace is less configurable than Geswall (safespace does not support application specific rules).
For example, in Geswall you can run Outlook Express isolated and give it full access to your emails while denying all other isolated apps access to your emails (by creating appropriate resource/application rules). In Safespace, you can only create a rule which allows all apps (running in safespace) full access to you emails.

Configuring Safespace is more work (object exclusion requires shutdown of safespace and its services and the use of a separate app to define the object inclusion) than configuring Geswall.

Finding out why an app does not function when running in safespace is also a lot more work than with Geswall which has the very convenient Application Wizzard (Pro version only).

By default Geswall has a lot of applications preconfigured (Pro version) while safespace has only two apps preconfigured.

In Safespace untrusted files are tagged more permanently (when moving/copying untrusted files to any other partition/folder, the file remains untrusted). In Geswall moving/copying a file to another partition results in the (new) file being tagged trusted.

Safespace has a separate and good anti-keylogger function, although Geswall also prevents keylogging (I believe only screenshot #2 of ALKT 3 is not prevented by the latest (beta) version).

Geswall uses kernel mode only for ptotection, while Safespace has some user-mode virtualization (see http://forums.artificialdynamics.co.uk/messages.aspx?TopicID=5).

{QUOTE-> Never asked Brian. Will try to ask him on next contact. Are u using Vista 64 bit? <-QUOTE}

My son's gaming rig is Vista64. He always favoured GW above DW.
He is now using Haute Secure with IE7 (he even dropped FF, because he believes the combo IE7 + HS is safer and faster than FF).

My wife on the other asked me to remove GW from the PC. She had gotten the PC of my Son, I got her old one as a play PC. Turned out that GW did not handle Digital Rights Management well. When Brian posted a remedy, I could not test it. DW had to stay on her PC, simple and safe.

A lot of Virtualisation/sandboxes programs have issues with DRM. Sandboxie latest time I tried (was a few releases ago). SafeSPace are working on it (only WMA files gave an issue). Maybe because Ilya is a house fan and buys music (?), his application was the only who handled it out of the box.

Regards

Thanks henk, that was quite helpful for me. It seems Geswall is more to my liking judging from what you said.

Both Geswall and Safespace deny untrusted applications from reading/writing to trusted applications. But what about the other way around...trusted applications reading/writing to untrusted applications? How do both compare?

Gargoyle,

A. In GW as well as SS, a trusted app can delete an untrusted file, which is as it should be otherwise your AV or AS would not be able to disinfect your system once compromised.

B. In SS a trusted app, for instance word loaded with a trusted document, will not be able to overwrite an untrusted file i.e. word will not be able to save the trusted document to an existing untrusted document. GW, however, will allow this and the overwritten untrusted document will remain tagged as untrusted. As long as we don't talk about confidential (GW) / private (SS) information, I prefer the GW approach.

If the loaded trusted document is confidential/private my preference would be the SS approach (prevent confi/private info to be saved in untrusted files which can be read by any application, even when running isolated (GW) or in safespace (SS)). Both GW as well as SS are however not able to prevent this kind of leakage of confidential/private information totally. See also point D below, which I consider a bigger hole.

D. Both SS and GW allow an app (for instance word) loaded with confidential/private info (word document) to save it (using for instance Save As) in a non-confidential/non-private folder, where it can be read by any isolated (GW) / in safespace running (SS) application. So, a leakage of confidential/private info can easily occur if the user does not pay attention to this.

This possibility can be considered a user responsibility: do not save confi/private info outside your confi/private marked files/folders!

E. With GW, a trusted application as for instance word loaded with a confidential document can become isolated when it tries to access the internet or an untrusted document. For instance when you use Save As to store the document under another name or in another folder and during moving to the appropriate location (folder) an untrusted doc file is encountered. In this case the user may accidently save the confi doc which will then be marked as untrusted and hence is accessible (when not saved in an confidential file/folder) by isolated apps. I have reported the problem with Save As (similar holds for Open) to GW (Brian) which told me that this is considered a serious problem, which has to be adressed in one of the next major versions.

Note: I did not yet test SS that much as I did GW, so SS may also have additional problems not yet discovered. From my email exchanges from Brian (GW) I do know that GW wants to solve any problems in kernel mode instead of in user-mode (like SS does partially as I noted before). Solving problems in user-mode is more easier done, but also less secure (can be easily circumvented). This is why it may take GW some time to solve the problem.


Hope this helps,

Henk

Point D would not happen and Point E is unlikely for me as I would keep my confidential files in the same confidential folders and not mix them up.


Thanks once again Henk. As a newbie to Geswall, I need to understand this program more closely and your detailed explanations go a long way in bridging that gap.

Being a total newbie to Geswall, I want to do the following two things but am stuck even after reading the manual:

Make the files and programs I download from the internet to have no right to read/write to anything but the directories that would allow them to function normally. Everything else is confidential to them. For all they know, they are the only files and applications that exist on the computer.

Geswall allows untrusted applications to interact with one another. That is something I do not want at all. For example, I don't ever want an untrusted applications, such as a game I downloaded, be able to read and even modify my isolated web browser in any way.

Use VM I think!

Aigle is right.

I tried to achieve something similar years ago, when I used Tiny Firewall (from Tinysoftware, which included a classical HIPS). Let me tell you that this is not something you will achieve easily at all. For each untrusted application you need to find out exactly what resources are needed to run properly (files, registry entries, OLE/COM, pipes,etc.), which for each application will take days (but more likely weeks), involves many BSODs, with the nice effect that after updating the application you have to check everything all over again.

Basicly, you will spend all your free time configuring and have no time to enjoy the game you downloaded.
In fact you would be better off if you had not downloaded the game at all.

My advice: just forget it or use a VM to run your untrusted game in as Aigle suggested.

Here is the next RC.

www.XXXXXXXXXXXXXXXXXXXXX.rc2.msi

Just change rc1 to rc2 in the previous download link. I have yet to install it. They have claimed to fix some high CPU suage issues that i reported( issues arose only during some specic testing with GW, no CPU usage issues in ordinary day to day use on my system BTW).

Have fun! Final release should come in the ened of Jan!

I have installed RC 2 version. No issues yet.

I am very happy that they fixed an old annoying bug for me that was there since from version 2.6 or even before! Bug was as follows:

{QUOTE-> If I try to create a file in Deny Create folders ( like Start Up folder) by an isolated application like IExplore.exe, I get attack notification and the creation of file is denied. That is Ok and expected but
at the same time, isolated application ( IExplore.exe) starts using almost 100% CPU and if I close this isolated application, although its GUI disappears, it still remains running in process explorer, using most of CPU. I had to kill it manualy via proces explorer each time. So there are two issues in this scenario:

1- Isolated application that is blocked to creat a file uses almost 100% CPU
even after u stop it from creating the file.

2- Isolated application continues to run, using almost 100% CPU( in Proess
explorer) even if it is closed and its GUI disappears."

See the snapshot here: ( IEXplore.exe in Process Explorer- high CPU suage and no visible window).

http://farm3.static.flickr.com/2385/2175743488_02fb1dd32c_o.jpg <-QUOTE}

I tried it with RC 2 and it has been fixed. Very nice. :thumb: :thumb:

{QUOTE-> Here is the next RC.

www.XXXXXXXXXXXXXXXXXXXXX.rc2.msi

Just change rc1 to rc2 in the previous download link. I have yet to install it. They have claimed to fix some high CPU suage issues that i reported( issues arose only during some specic testing with GW, no CPU usage issues in ordinary day to day use on my system BTW).

Have fun! Final release should come in the ened of Jan! <-QUOTE}

Hi all,

Many thanks aigle for the link and the information

Regards,

MaB

Thanks, aigle. Getting ready to try it now. :) .

Thanks all of u as well, for trying it and giving ur feedback!

Anyone using GW on Vista?
I wonder how well it runs on Vista. I remember that Brian was especially interestred for feedback from Vista users but I use only XP.