Hello everybody,

I would like to offer my new DefenseWall HIPS program for beta-testing purposes. A registration
period for 100 years is guaranteed to all active testers.

DefenseWall is a full-functional software sandbox for the trojan/adware/spyware protection and
works with Windows 2000/XP operating systems. The program idea is easy and simple. All applications
are divided into trusted ones and untrusted ones. Everything is allowed for the trusted
applications, but there are many restrictions for the untrusted ones. The restrictions are as
follows: modification of the file system sensitive folders (ex., My Documents, Windows, Program
Files), registry keys (ex., autorun, browser and system application settings, etc.), and entire
system (installation/changing/deleting of the drivers and services,
protection of the \\Device\\PhysicalMemory, setting of the global window hooks (against so-called
keyloggers), etc.).

DefenseWall HIPS protects trusted applications from being modified by untrusted ones. All the
processes launched by untrusted appications are also untrusted. In case of dangerous behavior the
untrusted application gets blocked by the DefenseWall HIPS and the program notifies the user about
that by a red icon in the system tray. The main feature of the DefenseWall HIPS is the "Close all
untrusted applications" button. If you feel that the system behavior is strange or there are some
unknown processes in the Task Manager - just push this button and all the untrusted applications
with trojans/advare/spyware inside will be instantly closed. And, because it is impossible for the
untrusted applications to modify autorun settings, they will never be run any more. Later you may
clean them up during the planned antivirus scan.

The program is very light-weight, uses minimum CPU resources, shows no popup windows: everything
is easy and simple.

The program itself is a full-functional 30-days beta.
http://www.softsphere.com/cgi-bin/redirect.pl?Name=DEFENSEWALL


There is no help file by now. Also there is no registration functionality so far.

i tried seems like a new concept. instead of sandboxing untrusted apps, it sandboxes trusted apps and lets u close everything else. also is supposed to crash/close if u try adding a lot of entries for trusted apps? i tried adding all my current processes and it closed without saving it.

edit: nvm the list for for untrusted apps and i figured out why it was crashing. u cant add "system" to the list.

It looks very interesting, let´s try it and see what happens

-{ Quote: "i tried seems like a new concept. instead of sandboxing untrusted apps, it sandboxes trusted apps and lets u close everything else. also is supposed to crash/close if u try adding a lot of entries for trusted apps? i tried adding all my current processes and it closed without saving it." }-
The conception of the DefenseWall program is to isolate trusted processes from the untrusted one. Untrusted are the processes witch use potentially dangerous context from the Internet (browsers, e-mail, P2P and IM clients, scripts engins, e.t.c). All the untrusted apps may be closed by "Close all untrusted applications" button.
-{ Quote: "
edit: nvm the list for for untrusted apps and i figured out why it was crashing. u cant add "system" to the list." }-
You don't have to add system processes ("System","svchost","lsass") to untrusted. Otherwise there will be problems with user/sharings/drivers/services manipulations. To protect system processes you may use firewall (even build-in) or good buffer overflow protection program.

how can defensewall protect you from malware? if u aquire malware thru IE then i doubt closing IE would do anything about the malware.

-{ Quote: "how can defensewall protect you from malware? if u aquire malware thru IE then i doubt closing IE would do anything about the malware." }-
Oh, you haven't understand the ideology of the DefenseWall. OK, I explain. If malware was run some additional processes, thay will be untrusted because their parent process is untrusted. So, malware can not modify system and IE settings to autorun. And if we close all the untrusted processes (not only IE, this button close all untrusted!), the malware file will never get run. There is a great difference between malware file (it is harmless) and malware process.

-{ Quote: "Oh, you haven't understand the ideology of the DefenseWall. OK, I explain. If malware was run some additional processes, thay will be untrusted because their parent process is untrusted. So, malware can not modify system and IE settings to autorun. And if we close all the untrusted processes (not only IE, this button close all untrusted!), the malware file will never get run. There is a great difference between malware file (it is harmless) and malware process." }-
so if IE is untrusted then it runs malware, the malware is also untrusted? thus closing IE closes the malware. am i correct?

-{ Quote: "so if IE is untrusted then it runs malware, the malware is also untrusted? thus closing IE closes the malware. am i correct?" }-
Not quite. Yes, malware will be untrusted, but it won't be closed if you close IE. It will be closed if you push "Close all untrusted applications" button with the DW.

Basically it works like this

1) You have trusted or untrusted programs

2) Untrusted programs will spawn children processes which are untrusted too.

3) There is a button to close all untrusted programs.

4) Untrusted programs are restricted from doing a list of stuff.

Easy enough to understand.

I'm not certain what's new about the concept. Is it Point 2? Point 2 seems obvious and normal.

I'm unclear about this though. You say

-{ Quote: "
DefenseWall HIPS protects trusted applications from being modified by untrusted ones." }-

How about untrusted applications from being modified by untrusted ones?

Eg Couldn't adware or spyware started by IE , modiy IE (untrusted)?

I suppose it depends a lot on what "modify" means. And if untrusted applications are restricted enough (the list you gives seems to be above the same as a limited user account previlages), it can't do much harm anyway even to another untrusted program

-{ Quote: "
Basically it works like this
1) You have trusted or untrusted programs
2) Untrusted programs will spawn children processes which are untrusted too.
3) There is a button to close all untrusted programs.
4) Untrusted programs are restricted from doing a list of stuff.
" }-

Quite right! Just minor corrections:
1) You have trusted or untrusted applications, not programs -- DW has nothing to do with programs (i.e. program files on disks).
2) Untrusted applications may (or may not) spawn child processes. All these "children" will be treated as untrusted too.
3) Correct!
4) Untrusted applications are restricted from doing a lot of stuff (ex., modify valuable registry keys, install/uninstall/start drivers, affect another processes (no matter trusted or untrusted), install system-wide hooks, etc.)

-{ Quote: "
I'm not certain what's new about the concept. Is it Point 2? Point 2 seems obvious and normal.
" }-
Sure!

-{ Quote: "
How about untrusted applications from being modified by untrusted ones?
Eg Couldn't adware or spyware started by IE , modiy IE (untrusted)?
" }-
No, it could not (in most cases, I guess :))! See point (4).

-{ Quote: "
I suppose it depends a lot on what "modify" means. And if untrusted applications are restricted enough (the list you gives seems to be above the same as a limited user account previlages), it can't do much harm anyway even to another untrusted program" }-
Absolutely correct!

I kind of wonder if some of the confusion here comes from the loose usage of the term 'sandbox' around Wilders. Running DefenseWall puts IE in the sandbox, anything that comes through IE cannot affect anything outside the sandbox (meaning drive-by-downloads, this wouldn't include things you manually downloaded, saving to a download directory, and manually started). So if spyware came through, it wouldn't be able to do any of the critical things needed to infect the system, and it wouldn't be able to really even see any processes outside the sandbox. When you restarted windows, that file would be closed and would not restart next boot. I don't know what all registry areas it protects, but I imagine this would mean that you wouldn't be getting BHOs, homepage hijacks, etc., however you would still be able to download Flash player and install it just fine. This has it's ups and downs, but theoretically you won't be getting rootkitted through your browser anytime soon.

-{ Quote: "Running DefenseWall puts IE in the sandbox, anything that comes through IE cannot affect anything outside the sandbox (meaning drive-by-downloads, this wouldn't include things you manually downloaded, saving to a download directory, and manually started)" }-
Not qiute. You may set the downloaded installation executable as untrusted and install the application! Most of them will be correctry installed (I mean, if they don't use drivers or, for example, shell extention modules and need no autorun). It is not possible to overwrite executables, but it is possible to install new one.

DefenseWall is looking good so far, very easy to use. The only issues I'm having are the event log filling up to the point that my system can't load it into memory, and some occassional freezing of untrusted applications. Not bad for a first beta release. I like the concept, though.. I think it will provide good defense against drive-by-downloads especially. Anyone else have any opinions?

The new beta version is released. Some issues are added and improved. The download link is the same.

The new beta version is released.

I can't access the download link. I will try it again at a different time.
This happens regularly with some other websites too, sometimes access, sometimes not.
After all these bytes have to swim through the ocean, before they get in Belgium.

-{ Quote: "I can't access the download link. I will try it again at a different time.
This happens regularly with some other websites too, sometimes access, sometimes not.
After all these bytes have to swim through the ocean, before they get in Belgium." }-
Huh, very strange! I've just tryed to download the file and it was OK! And the bytes are don't have to swim to Belgium! www.whois.sc/softsphere.com

If you will be unable to download the file- mail me to support [at] softsphere [dot] com and I will mail it to you.

-{ Quote: "Huh, very strange! I've just tryed to download the file and it was OK! And the bytes are don't have to swim to Belgium! www.whois.sc/softsphere.com

If you will be unable to download the file- mail me to support [at] softsphere [dot] com and I will mail it to you." }-
Ilya, I finally got access to the first link and I could download the file in 3 seconds. I had access to the second link too. Case closed. :)

Hi,

This is a very interesting concept. Could you provide more information about your company. I like to have a good understanding of a company's background before I install its products on any of my machines. For example, does your company have any references? Thanks.

Rich

Ilya Rabinovich,
I installed DefenseWall (DW) on my win2000proSP4-computer and it seems to work.
I consider myself as a NEWBIE, but I will do my very best to understand DW.
I probably will have more questions in the future, but let's start with simple things, because this is my very first contact with DW (and HIPS software).
Is my reasoning correct or incorrect in the next paragraphs ?
Please tell me, otherwise I will be lost from the beginning.

DW-icon
I have a question about the DW-icon in the system tray, which looks like a white circle with a very little circle in the middle and a light blue small bar through the white circle.
That's how the DW-icon looks after rebooting my computer, but I also saw another DW-icon, that looks exactly the same, but the very little circle is RED.
I don't know when the color changed, but I'm 100% sure you know.
What does that mean exactly and has the DW-icon other changes as well ?

Add/Remove Untrusted window
After installing DW, I had already SEVEN untrusted applications in this window. Is that correct ?

1. C:\Program Files\Internet Explorer\iexplore.exe
2. C:\Program Files\Outlook Express\msimn.exe
3. C:\WINNT\system32\hh.exe
4. C:\WINNT\system32\winhlp32.exe
5. C:\WINNT\system32\system32\tftp.exe
6. C:\WINNT\system32\system32\ftp.exe
7. C:\WINNT\system32\system32\ntvdm.exe

I recognize at least TWO of them :
1. "MS Internet Explorer", which is my DEFAULT browser and I use Mozilla Firefox for surfing.
2. "MS Outlook Express", which I don't use and I also don't use MS Outlook 2000. I use Mozilla Thunderbird.
I assume that DW considers some applications as untrusted by default, but only based on the operation system, because both applications and probably the others too, come with win2000proSP4. Is that correct ?

DW didn't consider the following applications as untrusted by default, because :
1. "MS Outlook 2000" comes with MS Office 2000, which is ANOTHER software, than win2000proSP4.
2. "Mozilla Thunderbird" is also ANOTHER software, than win2000proSP4.
I assume that it is up to the USER, to make a decision (trusted or untrusted) for each software, than doesn't come with win2000proSP4 or any other windows. Is that correct ?

Since "MS Internet Explorer" and "MS Outlook Express" are considered as untrusted softwares by default,
I assume that in my case, I have to do some changes in this window :
1. I have to add "C:\Program Files\Mozilla Firefox\firefox.exe" (my most used browser)
2. I have to add "C:\Program Files\Mozilla Thunderbird\thunderbird.exe (my only email-software)
3. I have to remove "C:\Program Files\Outlook Express\msimn.exe", because I don't use "MS Outlook Express".
Is that correct ?

I also assume that once an application is listed as untrusted, that this application will be treated as untrusted, each time I open this application, even when I start this application in a different way, like clicking on the exe-file in MS Windows Explorer, clicking on an icon on my desktop, ...
All applications, which are NOT listed as untrusted are considered as trusted applications.
Is that correct ?

Hi,ErikAlbert!

-{ Quote: "
DW-icon
I have a question about the DW-icon in the system tray, which looks like a white circle with a very little circle in the middle and a light blue small bar through the white circle.
That's how the DW-icon looks after rebooting my computer, but I also saw another DW-icon, that looks exactly the same, but the very little circle is RED.
I don't know when the color changed, but I'm 100% sure you know.
What does that mean exactly and has the DW-icon other changes as well ?" }-Icon (will be changed to better one with the release) turned to red if unrtusted application have made some possible dangerous action. See "events log" dialog sheet to see what was happend.

-{ Quote: "
Add/Remove Untrusted window
After installing DW, I had already SEVEN untrusted applications in this window. Is that correct ?

1. C:\Program Files\Internet Explorer\iexplore.exe
2. C:\Program Files\Outlook Express\msimn.exe
3. C:\WINNT\system32\hh.exe
4. C:\WINNT\system32\winhlp32.exe
5. C:\WINNT\system32\system32\tftp.exe
6. C:\WINNT\system32\system32\ftp.exe
7. C:\WINNT\system32\system32\ntvdm.exe

I recognize at least TWO of them :
1. "MS Internet Explorer", which is my DEFAULT browser and I use Mozilla Firefox for surfing.
2. "MS Outlook Express", which I don't use and I also don't use MS Outlook 2000. I use Mozilla Thunderbird.
I assume that DW considers some applications as untrusted by default, but only based on the operation system, because both applications and probably the others too, come with win2000proSP4. Is that correct ?" }-Yes.There is default untrusted executables list into DW. If it find known executable on the disk during installation process, DW adds it into untrusted list. In the future default list will be enhanced with the others browsers, e-mail client, P2P and IM clients, e.t.c..

-{ Quote: "
DW didn't consider the following applications as untrusted by default, because :
1. "MS Outlook 2000" comes with MS Office 2000, which is ANOTHER software, than win2000proSP4.
2. "Mozilla Thunderbird" is also ANOTHER software, than win2000proSP4.
I assume that it is up to the USER, to make a decision (trusted or untrusted) for each software, than doesn't come with win2000proSP4 or any other windows. Is that correct ?" }-Yes.

-{ Quote: "
Since "MS Internet Explorer" and "MS Outlook Express" are considered as untrusted softwares by default,
I assume that in my case, I have to do some changes in this window :
1. I have to add "C:\Program Files\Mozilla Firefox\firefox.exe" (my most used browser)
2. I have to add "C:\Program Files\Mozilla Thunderbird\thunderbird.exe (my only email-software)
3. I have to remove "C:\Program Files\Outlook Express\msimn.exe", because I don't use "MS Outlook Express".
Is that correct ?" }- Yes. 100% correct.

-{ Quote: "
I also assume that once an application is listed as untrusted, that this application will be treated as untrusted, each time I open this application, even when I start this application in a different way, like clicking on the exe-file in MS Windows Explorer, clicking on an icon on my desktop, ..." }-Yes, your assumption is 100% correct.

-{ Quote: "
All applications, which are NOT listed as untrusted are considered as trusted applications.
Is that correct ?" }-Yes.

Ilya,
Thank you for answering all my questions and I added Firefox and Thunderbird and removed MS Outlook Express, without any trouble.
-{ Quote: "
Icon (will be changed to better one with the release) turned to red if unrtusted application have made some possible dangerous action. See "events log" dialog sheet to see what was happend.
" }-
I understand now the meaning of red and that's what I really wanted to know.
I agree with you that the icon could be improved, at least the warning part, but this is a minor detail and can be improved much later.

I also took a look at the "Event Log" and they were all "Attempt to create new key" (Event type = Registry) for MSIE and Firefox.
I assume that these new keys weren't created in my registry, because of the word "Attempt" in the message.
You used the expression possible dangerous action, which also means that the action could be innocent too.
That doesn't bother me, BUT is it possible that these un-executed innocent actions can cause a malfunction in my MSIE or Firefox sooner or later ?
I assume not, but I'm not really an expert in registries.
For the record : MSIE and Firefox are still working fine, I'm just asking.

-{ Quote: "
I also took a look at the "Event Log" and they were all "Attempt to create new key" (Event type = Registry) for MSIE and Firefox.
I assume that these new keys weren't created in my registry, because of the word "Attempt" in the message.
You used the expression possible dangerous action, which also means that the action could be innocent too.
That doesn't bother me, BUT is it possible that these un-executed innocent actions can cause a malfunction in my MSIE or Firefox sooner or later ?
I assume not, but I'm not really an expert in registries.
For the record : MSIE and Firefox are still working fine, I'm just asking." }-In fact, I have no such events with my MSIE and Firefox. Could you send me the compressed log file (defensewall_log.log in DW folder) I could look at it? Anyway, your assumptions are right.

-{ Quote: "In fact, I have no such events with my MSIE and Firefox. Could you send me the compressed log file (defensewall_log.log in DW folder) I could look at it? Anyway, your assumptions are right." }-
I've sent an email to you with the requested file.
Meanwhile, I will try the buttons on each DW-window.

Ilya,
I played with all the buttons and I only mentioned the buttons with a problem or a question.

Event Log

Filter
This button doesn't work. No reaction at all.
I assume you will program this button in a later version ?

Delete and Delete All
These buttons work fine, but without confirmation and that's not good.

Add/Remove Untrusted
I have two general remarks for this window.
If you don't agree with this, it's 100% OK with me, I'm just telling what I think.
After all you are the boss and it's not my application.
It's not important either, but I design applications myself and we have some rules at work and I'm sooo used to them.

1. Is there a difference between "remove" and "delete" ? If not I would change the title in :
"Add/Delete Untrusted", because "Add - Edit - Delete" are most used in database updatings.
Another reason is that you used "Delete" in the "Event Log window".
Or you use "Remove" all the way, or you use "Delete" all the way, but using two different words for the same action is confusing and certainly for non-English users.

2. I would change the sequence of the Add-options into : Add Application, Add Folder and Add Process.
Most less-knowledgeable users know or will find out what applications and what folders are, but I have many doubts, if these users know or will ever understand what processes are.
A less-knowledgeable user will rather untrust applications and folders, than processes, but keep the button "Add Process" anyway for knowledgeable users.
I know less-knowledgeable users very well, I worked with them all my life and I know in advance what they will think about "Add Process".
That's why I'm not a big fan of HIPS softwares, but DW is userfriendly enough upto now.

Add Application
I fully understand this button.

Add Folder
I understand this button, but what are the consequences when I exclude a folder ?
Can you give me one practical example, why I would exclude a folder ?

Add Process
This one bothers me the most. Can you give me one practical example ?

Remove
If you agree with my first general remark, this button should be called "Delete".
If not leave it, like it is. The button works fine.

Run As Trusted
I assume that this button makes it possible to run an untrusted application as a trusted application for one time only ?

Close All Untrusted
I don't have any problem with the button of this window and it works fine.

I have still questions, but I need some time to formulate them in English.

A picture is worth a thousand words... are there any screenshots of this interesting sounding program? I would like to see some of it "in action" :)

-{ Quote: "A picture is worth a thousand words... are there any screenshots of this interesting sounding program? I would like to see some of it "in action" :)" }-There are 2 problems with the screenshots.

1. The program's interface is not improved yet. It is coming soon...

2. You will see only the icon turned red when in action. It is not a application firewall with hte butefull annoyeing windows "in action"....

Ilya,
WSFuser's question was :
-{ Quote: "so if IE is untrusted then it runs malware, the malware is also untrusted? thus closing IE closes the malware. am i correct?" }-
Your answer was :
-{ Quote: "Not quite. Yes, malware will be untrusted, but it won't be closed if you close IE. It will be closed if you push "Close all untrusted applications" button with the DW." }-

What happens if I close IE and I do NOT click the button "Close all untrusted applications" (suppose I forgot it) ?

Ilya already answered that (reread the quote). if u only close IE, the malware will stay.

-{ Quote: "Ilya already answered that (reread the quote). if u only close IE, the malware will stay." }-
And that's what you call a good solution ?

i guess not but how do u make IE close its child processes when it exits?

-{ Quote: "i guess not but how do u make IE close its child processes when it exits?" }-
Certainly not with a button. Never depend on a manual action of the user, when something MUST happen like in this case. You just don't do that.
I don't know the solution, but if a button is the only way to do this, then DW has a very weak point.

-{ Quote: "
What happens if I close IE and I do NOT click the button "Close all untrusted applications" (suppose I forgot it) ?" }-You just close IE and that is all. Nothing more and nothing less. Anyway if you have malware inside the untrusted application zone it will be unable to stay in system after the reboot and harm you.

-{ Quote: "You just close IE and that is all. Nothing more and nothing less. Anyway if you have malware inside the untrusted application zone it will be unable to stay in system after the reboot and harm you." }-
OK. If closing IE is enough, why do I need this button after all ?

-{ Quote: "OK. If closing IE is enough, why do I need this button after all ?" }-
-{ Quote: "I don't know the solution, but if a button is the only way to do this, then DW has a very weak point." }-Closing IE is enought only for IE closing :). If you close some application it doesn't mean that you close all the child processes. There are two ways to close untrusted application with no window:
1. With the Task Manager application.
2. With the "Close all untrusted applications" button.
If you don't use DW, the only way to close application with no window is Task Manager. I give you the simple way to close malware process and you suppose, that it is a weak pojnt. Very strange logic.....

-{ Quote: "Closing IE is enought only for IE closing :). If you close some application it doesn't mean that you close all the child processes. There are two ways to close untrusted application with no window:
1. With the Task Manager application.
2. With the "Close all untrusted applications" button.
If you don't use DW, the only way to close application with no window is Task Manager. I give you the simple way to close malware process and you suppose, that it is a weak pojnt. Very strange logic....." }-
Isn't there a technical way to find out if a parent application was closed by the user ? If that is possible you can do it all automatically.

-{ Quote: "Isn't there a technical way to find out if a parent application was closed by the user ? If that is possible you can do it all automatically." }-Yes, technically it is possible. But there are two problems.
1. Untrusted processes are not separated from each other. They are executes into one untrusted applications zone.
2. For example, you click on the e-mail link and your e-mail client automatically runs. The parent process is IE. After that IE closes. And your e-mail client closes with IE. But your letter is still doesn't written!
So, if I start to close applications user don't wont to close- that is very bad idea. Would you like if I start to close applications you don't want to close?

-{ Quote: "Yes, technically it is possible. But there are two problems.
1. Untrusted processes are not separated from each other. They are executes into one untrusted applications zone.
2. For example, you click on the e-mail link and your e-mail client automatically runs. The parent process is IE. After that IE closes. And your e-mail client closes with IE. But your letter is still doesn't written!
So, if I start to close applications user don't wont to close- that is very bad idea. Would you like if I start to close applications you don't want to close?" }-
If it is designed this way, then it is indeed a problem. You can't blame me for trying. :)

So I assume when a trusted application "Acrobat Reader", which is started from an untrusted application MSIE (to read a PDF-document), that "Acrobat Reader" will be treated temporary as an untrusted application.

Nevertheless, the button "Close all untrusted applications" MUST be used for other applications, than browsers.
Applications are normally closed by clicking on the "X" in top right corner of the window and this is a habit of users.
So it's most likely that an user will forget to use this button, when he closes an untrusted application and he certainly has to remember that the application is untrusted.
A red border on the untrusted application window would help to remind him that he is working with an untrusted application and to use this button for closing this application.

If some malware comes through IE, and you close IE, that malware will still remain untrusted.. so if you click the button to close all untrusted apps, that malware will close. DW isn't designed to automatically terminate malware, it's designed to keep it from infecting your system, which it will do. The malware may be able to run, but it won't be able to do much. If you discover it, you can close it all easy enough, but if not then it will be gone next reboot.

DW is, by no means, a "cure-all".. but should you end up picking up some malware, it will act as 'damage control' and will not present a problem when removing. You won't get unwittingly rootkit'ed running DW, for example :) Overall I'm really liking DW, very unintrusive. In many ways it's what I've been looking for to extend DropMyRights.. if you were to run DW using a limited user account, you could have very strong protection, although it doesn't pretend to be a replacment for your AV, AS, & FW, which I also appreciate.

-{ Quote: "Nevertheless, the button "Close all untrusted applications" MUST be used for other applications, than browsers.
Applications are normally closed by clicking on the "X" in top right corner of the window and this is a habit of users.
So it's most likely that an user will forget to use this button, when he closes an untrusted application and he certainly has to remember that the application is untrusted.
A red border on the untrusted application window would help to remind him that he is working with an untrusted application and to use this button for closing this application." }-The "Close all untrusted" button is really more of a panic button. You could use it after every session if you wanted to, but you really only need to if you think you've got an infection on your hands and you want it stopped NOW.

Hehe, after all the apps we're used to here on Wilders, apps like DW do take a bit of getting used to. Honestly I'm doing a bit of the same, but if you've used DropMyRights, it's probably the best way to think of it.. it just handles more than reduced privileges do.

The new beta is released.

1. New cool icons

2. Explorer right-click menu integration

3. All the applications started directly from the archives are
untrusted now. Build-in explorer zip/unzip, FAR and Total Commander are
supported.

4. The rules are work now with the .msi, .bat and .cmd script. So, you
can place them as untrusted. Also they will be untrusted it you run
them directly from the archive. The list of the supported unzip apps
is the same as 3.

I'm very sorry, I've found the error in the driver. The improved version is in the old place.

-{ Quote: "Hi,

This is a very interesting concept. Could you provide more information about your company. I like to have a good understanding of a company's background before I install its products on any of my machines. For example, does your company have any references? Thanks.

Rich" }-

I know all you guys are caught up in the glory;D , but some of us are also interested in background info about this company like richrf asked.

Ilya can you respond?

Thanks

-{ Quote: "The new beta is released.

1. New cool icons

2. Explorer right-click menu integration

3. All the applications started directly from the archives are
untrusted now. Build-in explorer zip/unzip, FAR and Total Commander are
supported.

4. The rules are work now with the .msi, .bat and .cmd script. So, you
can place them as untrusted. Also they will be untrusted it you run
them directly from the archive. The list of the supported unzip apps
is the same as 3." }-

I assume you are talking about DefencePlus v2.10 and NOT about DefenseWall v1.0 :
two different softwares in the same thread is very confusing IMHO.

P.S. :
I wonder what the difference is between "Defence" and "Defense".
Defense doesn't exist in my dictionary, only defence.
I guess both spellings are allowed.

-{ Quote: "I assume you are talking about DefencePlus v2.10 and NOT about DefenseWall v1.0 :
two different softwares in the same thread is very confusing IMHO." }-

No, Defensewall has been updated :o

-{ Quote: "No, Defensewall has been updated :o" }-
If that is true why is the link in the very first post of this thread still referring to DefenseWall v1.0 and not DefencePlus v2.10.
I prefer to wait until Ilya gives me an answer to clear this up.

I see no mention of "Defenceplus" anywhere in this thread - forgive me if I'm wrong.
You can wait for Ilya, but I'm telling you the program is updated :) (defensewall)

-{ Quote: "
You can wait for Ilya, but I'm telling you the program is updated :) (defensewall)" }-
That's very true Toadbee and that update can be downloaded from the link in the very first post of this thread.
In fact Ilya referred always to that link for updatings of DefenseWall.
DefenseWall has even a new DW-icon in the system tray, so there must have been some updatings.
BUT DefencePlus is IMHO not the same as DefenseWall. I could be wrong of course, but I want an answer from Ilya, because he knows everything.

-{ Quote: "
P.S. :
I wonder what the difference is between "Defence" and "Defense".
Defense doesn't exist in my dictionary, only defence.
I guess both spellings are allowed." }-

One`s English and the other`s US. ;)

-{ Quote: "I assume you are talking about DefencePlus v2.10 and NOT about DefenseWall v1.0 :
two different softwares in the same thread is very confusing IMHO.

P.S. :
I wonder what the difference is between "Defence" and "Defense".
Defense doesn't exist in my dictionary, only defence.
I guess both spellings are allowed." }-
i actually found both defence and defense on hyperdictionary, both are nouns. also about the two products, i think defenceplus is their current product (link (http://www.softsphere.com/)) and defensewall is a beta product currently not listed.

beetlejuice69 & WSFuser,
Thanks for explaining defense and defence LOL.
In Belgium, we learn English, not American and there are indeed some differences in spelling. This is probably one of them, like favourite and favorite.

I would have used the word "Defense" too, but I noticed the difference when I saw the names DefencePlus and DefenseWall, so I was confused as a foreigner LOL.

America changed the spelling of a lot of English words...not sure why.

eg. Many english words ending in 'our', translated into american, end in 'or' eg armour=armor honour=honor colour=color etc

There are numerous others that I keep meaning to keep a track of, but can never seem to remember them off the top of my head...heh, MS has language zones, but even then, for example, MS Office...I have it set to Australian/English spelling (exactly the same), but it still has occasional 'errors' marked in red, that are correctly spelt english, but would be an error in american spelling.

A fun Test with defensewall -

Run Advanced Process Termination v1.9 as untrusted, and you'll see it's got no game - that is to say, nothing to kill ;D Except for untrusted applications of course. Looks good!

-{ Quote: "I know all you guys are caught up in the glory , but some of us are also interested in background info about this company like richrf asked.

Ilya can you respond?

Thanks" }-Perhaps you/richrf should specify what you want to know? The fact that Ilya found a major security flaw with KAV should say something. DefencePlus has also been around a bit, you might do some Googling on it.. apparently buffer overflows are all the buzz around the real security circles :)

-{ Quote: "I see no mention of "Defenceplus" anywhere in this thread - forgive me if I'm wrong.
You can wait for Ilya, but I'm telling you the program is updated (defensewall)" }-I seem to be in the same boat.. no idea where the confusion would come from. DefencePlus is a separate program only mentioned on the website.

DefenseWall is really shaping up.. I've not had a single problem with the last couple of versions (of course I will as soon as I hit 'send').

-{ Quote: "Perhaps you/richrf should specify what you want to know? " }-

Just wanted to know some background info like the name of this company, how long in business, endorsments for any of his other products. I think for some people like me, the more I know about the vendor the better. Especially when you have never heard of this person/software before. I thinks that's legitimate for anyone to ask.

It sounds like a nice product, thats why I said "I know you guys are in glory" because you all love testing this stuff out. You know, "the kid with the new toy".:)

-{ Quote: "Perhaps you/richrf should specify what you want to know? The fact that Ilya found a major security flaw with KAV should say something. DefencePlus has also been around a bit, you might do some Googling on it.. apparently buffer overflows are all the buzz around the real security circles :)
.
" }-

I hope you are implying this isn't part of the 'real security circles' :P

Anyway I think I will trying out Defensewall this week. I'm looking for something that i can safely run untrusted freeware software.

-{ Quote: "I know all you guys are caught up in the glory;D , but some of us are also interested in background info about this company like richrf asked. " }-
I've sent him PM.
-{ Quote: "
Ilya can you respond?
Thanks" }-
Look into your PM.

-{ Quote: "I've sent him PM.

Look into your PM." }-

Ilya why so secretive? Why not post it here?

-{ Quote: "Ilya why so secretive? Why not post it here?" }-But why I should? This thread is about beta-testing of the product. Admins are watching! If you are interesting in some other information, not related to the topic- start the new thread or send me PM.

I've just added new item into explorer context menu+ some inner improvenemts. If you have had the beta with the error I was mentioned, you need to uninstall you current version of the DefenseWall, reboot, install this one, register and reboot.

There is one more improvement (the last one for today). I need your opinion about new untrusted windows caption view...

-{ Quote: "I hope you are implying this isn't part of the 'real security circles' " }-LOL, yeah, I suppose that was a bad choice of words.. I was reffering to the more technical/programming oriented circles where the developers and security professionals tend to discuss things.. you'll notice that I am here typing this, though, and not there talking about it :)

Subject matter of thread....Beta-testing of the DefenseWall Host Intrusion Prevention System....not Guest posting @ Wilders.

The posts with a side discussion concerning Guest posting were moved here (http://www.wilderssecurity.com/showthread.php?t=101410).

thanks bubba, as always a wise decision.

Liked the sound of your program so I installed it.
Looked good at first, small memory use <3mb
First thing I noticed was my computer hard rebooting
when double clicking NFO files. Odd.
Then I tried to Zip a file using the right-click menu - you
guessed it - hard reboot.

I tried both those actions a number of times and same
result. Uninstalled DefenseWall and all is well.

Winzip wasn't in the restricted apps nor my default
NFO Viewer. Only the default apps and my internet apps
were restricted. Obviously a hook thing going on there.

Shame.

Any thoughts?


Would certainly try this again if there is a solution to the above.

You should realize that this and Anti-Malware (I'm assuming you're the same person that posted in their forum) are both still in beta. The solution at this point would be to report the problem to the developer and work with them to see it resolved. You would also be expected to report any other problems or ideas for improvment, in return you would be granted a free license to the program :)

Well said there Notok.

Man, I have not been around this place much lately. I must try to get back into the swing of things. :)

-{ Quote: "
Any thoughts?

Would certainly try this again if there is a solution to the above." }-I was just checking .nfo and winzip work. Everything is fine. I would advize you to download the latest beta (maybe, you have not the latest one?) and check if you still have problems. If you have any, I need your minidump files (.dmp files within %windir%\minidump folder).

Cheers for the replies

was using
DefenseWall_v1_00.exe: 172,363 bytes
MD5: 1bc6ab460111bed93631e09994960a80

have downloaded the latest one and will give it a wirl
MD5: 7cc2162684a2c94f762c904b4d6cf119

if I have the same problem I'll dig out the minidump

===

Notk

I'm well aware these are betas ;)

'The solution at this point would be to report the problem
to the developer and work with them to see it resolved.'

Mmmh, I thought that's what I was doing here and over at the
BufferZone ;)

Btw, I was getting hard reboots with these two programs especially not too long ago as well, it turned out to be one of the sticks of my RAM dying.. you might want to give something like MemTest86+ (http://www.memtest.org/) a go, just to be sure. My RAM was 6 month old Kingston RAM, so I wouldn't have expected it.

Notok

Thanx for the reply

Installed the latest version and everything is working
as it should be :)
NFO's and context Zipping are fine

fingers crossed :)

If those problems come back I'll keep your experience in mind
and check with that little proggy.

========

I notice that the icons for Untrusted apps often disappear
when you click on the Event Log then back to Untrusted.

No biggy :)

I see there are 10 files added to Untrusted by default.
Which apps (or type of apps) are recommended for inclusion
in the Untrusted group? I presume browsers, ftp, p2p apps etc.
What else do other testers put in there?

=========

There's a spelling error on the Close All Untrusted page
2nd line '... - trusted and untrusted...'
looks like you need to add a space just before the dash as well
'... two groups - trusted and untrusted.'
and maybe the start of the next sentence needs a space too, it's
hard to tell though.

I know these things can be difficult to spot as I've worked
as a proof-reader ;)

=========

The following sentence after this doesn't read very well.
May I suggest
'Your system is protected from untrusted applications by preventing
the modification of sensitive system areas.'

or

'Your system is protected from untrusted applications by preventing
them modifying sensitive system areas.'

It's one of those awkward sentences ;)

-{ Quote: "
fingers crossed

If those problems come back I'll keep your experience in mind
and check with that little proggy." }-I would suggest giving it a go anyway.. trust me, it sucks to find out the hard way :) Once you get the CD burned, you just boot up and go.. If I remember right, you pretty much just hit 'enter' to confirm it to go, very easy. Just let it run for a good hour or so.

-{ Quote: "I see there are 10 files added to Untrusted by default.
Which apps (or type of apps) are recommended for inclusion
in the Untrusted group? I presume browsers, ftp, p2p apps etc.
What else do other testers put in there?" }-Yup, pretty much anything that communicates over the internet.. include IM and email.

-{ Quote: "
I see there are 10 files added to Untrusted by default.
Which apps (or type of apps) are recommended for inclusion
in the Untrusted group? I presume browsers, ftp, p2p apps etc.
What else do other testers put in there?
" }-All the applications are connected with the dangerous Internet content.

-{ Quote: "
There's a spelling error on the Close All Untrusted page
2nd line '... - trusted and untrusted...'
looks like you need to add a space just before the dash as well
'... two groups - trusted and untrusted.'
and maybe the start of the next sentence needs a space too, it's
hard to tell though.

I know these things can be difficult to spot as I've worked
as a proof-reader ;)

The following sentence after this doesn't read very well.
May I suggest
'Your system is protected from untrusted applications by preventing
the modification of sensitive system areas.'

or

'Your system is protected from untrusted applications by preventing
them modifying sensitive system areas.'

It's one of those awkward sentences ;)" }-Thanks a lot for your suggestions.
If you still intend to test DW, contact me (support [at] softsphere [dot] com) and I will send you your 100-year key.

Testing right now :)

It just caught Firefox trying to do a bunch of stuff with ;)
tftp, wscript, cscript, outlook & IE etc
while I was browsing
This could be quite normal and only brought to my attention
because I'm using DefenseWall.

Attempt to delete key HKCR\GOPHER\shell\open\ddeexec\Application\
Attempt to delete key HKCR\CHROME\shell\open\ddeexec\Application\
Attempt to delete key HKCR\FTP\shell\open\ddeexec\Application\
Attempt to delete key HKCR\HTTPS\shell\open\ddeexec\Application\
Attempt to delete key HKCR\http\shell\open\ddeexec\Application\

=======

Is there anyway for the program to list which Untrusted app
is registered as running? Perhaps some indicator in the
Untrusted window.

==========

I also noticed that the Firefox icon is sometimes shown against
the Untrusted app that it tried to use/run. It doesn't display this
all the time though. Ditto for the Event window. Sometimes it's
just the offending apps icon (Firefox) and sometimes the icon
of the Untrusted app e.g. IE, Outlook etc

Something similar to the report in my first post

'I notice that the icons for Untrusted apps often disappear
when you click on the Event Log then back to Untrusted.'

Not a Biggy :)

-{ Quote: "Testing right now :)

It just caught Firefox trying to do a bunch of stuff with ;)
tftp, wscript, cscript, outlook & IE etc
while I was browsing
This could be quite normal and only brought to my attention
because I'm using DefenseWall.

Attempt to delete key HKCR\GOPHER\shell\open\ddeexec\Application\
Attempt to delete key HKCR\CHROME\shell\open\ddeexec\Application\
Attempt to delete key HKCR\FTP\shell\open\ddeexec\Application\
Attempt to delete key HKCR\HTTPS\shell\open\ddeexec\Application\
Attempt to delete key HKCR\http\shell\open\ddeexec\Application\
" }-Very strage. I have no such the messages with the FF and even have no such the reg. keys! Do you have the messages just running the FF or during the browsing?
-{ Quote: "
Is there anyway for the program to list which Untrusted app
is registered as running? Perhaps some indicator in the
Untrusted window." }-In the next version. Now I'm too busy by applyeing skin with my interface and running version 1.0.
-{ Quote: "
I also noticed that the Firefox icon is sometimes shown against
the Untrusted app that it tried to use/run. It doesn't display this
all the time though. Ditto for the Event window. Sometimes it's
just the offending apps icon (Firefox) and sometimes the icon
of the Untrusted app e.g. IE, Outlook etc

Something similar to the report in my first post

'I notice that the icons for Untrusted apps often disappear
when you click on the Event Log then back to Untrusted.'

Not a Biggy :)" }-Will be fixed with release version (it has another GUI structure).

-{ Quote: "Attempt to delete key HKCR\GOPHER\shell\open\ddeexec\Application\
Attempt to delete key HKCR\CHROME\shell\open\ddeexec\Application\
Attempt to delete key HKCR\FTP\shell\open\ddeexec\Application\
Attempt to delete key HKCR\HTTPS\shell\open\ddeexec\Application\
Attempt to delete key HKCR\http\shell\open\ddeexec\Application\" }-

I get those as well. I'm not sure what causes it because it only seem to happen randomly.

in the HKCR\FTP\shell\open\ddeexec\Application\
I have another app as well as Firefox. This is Directory Opus
which supports ftp and can set as default downloader for ftp's

here's an image from my registry
http://img385.imageshack.us/img385/2773/snap26755dm.jpg

Looks like the reg entries I posted happen when Firefox
is fired up and closed down. Could be an extension in
Firefox maybe?

==================

meant to add

I was trying out some Extensions for Firefox today and set
the download manager to scan files with an anti-virus.
DefenseWall stopped this doing various things

for example
Attempt to open process C:\WINNT\system32\smss.exe
Attempt to open process C:\Program Files\JGsoft\EditPadPro5\EditPadPro.exe

It was Anti-Vir and seems to check all running processes when it's
opening. How can you allow this to run and do it's checking?
The only alert I get from Process Guard is Anti-Vir trying to read
Winlogin which is because I hadn't added Anti-Vir to the Protected
apps section and allowing it to Read. The program did open ok

It wouldn't be a work around to add it to the Untrusted then run
it as Trusted as it's being called by something else. It's no biggy
though but it just struck me that an alert to enable an app as
Trusted might be a good idea. I don't intend to have this anti-virus
do checking for every download - was just trying stuff out :)

-{ Quote: "in the HKCR\FTP\shell\open\ddeexec\Application\
I have another app as well as Firefox. This is Directory Opus
which supports ftp and can set as default downloader for ftp's

here's an image from my registry
http://img385.imageshack.us/img385/2773/snap26755dm.jpg

Looks like the reg entries I posted happen when Firefox
is fired up and closed down. Could be an extension in
Firefox maybe?" }-I don't know. Maybe....
-{ Quote: "
meant to add

I was trying out some Extensions for Firefox today and set
the download manager to scan files with an anti-virus.
DefenseWall stopped this doing various things

for example
Attempt to open process C:\WINNT\system32\smss.exe
Attempt to open process C:\Program Files\JGsoft\EditPadPro5\EditPadPro.exe

It was Anti-Vir and seems to check all running processes when it's
opening. How can you allow this to run and do it's checking?
The only alert I get from Process Guard is Anti-Vir trying to read
Winlogin which is because I hadn't added Anti-Vir to the Protected
apps section and allowing it to Read. The program did open ok

It wouldn't be a work around to add it to the Untrusted then run
it as Trusted as it's being called by something else. It's no biggy
though but it just struck me that an alert to enable an app as
Trusted might be a good idea. I don't intend to have this anti-virus
do checking for every download - was just trying stuff out :)" }-1. You will be able to install FF extentions under trusted mode only (just caution)!
2. All the processes spawn by untusted are untrusted too. It is not possible to convert untrusted process to trusted one.
3. It is not possible to alert because of the program's ideology (it means no alert windows at all).
So, if you run antivirus as untrusted it wil be untrusted by all means. And it is not possible to make it trusted on-the-fly!

Yep, after posting the last part of my previous post I realized this
wouldn't work ;o)

====

Fired up my Win98 box the other day - the good old dayz ;o)
and I still have Kerio v2.15 on there and it reminded me of
one of the main things missing from that proggy. When
you enter rules it automatically gets moved to the end
of the rules and you have to move it up the rules line
by line. A pain in the butt ;o)
Could you add similar move buttons for the Add/Remove
Untrusted Window? I had to remove Firefox from the list
the other day as it didn't seem to update some added
Extensions. Anyway Firefox is now at the bottom of the
added programs and I'd like to be able to move it up so
that it's visible and easy to reach for running as trusted.

:O)

Hello,
I wanted to test your application on my test pc. The moment I tried to execute the installer, PestPatrol alerts that a "pest" is loaded into memory: "Downloader.Lunii". Now, I know that PestPatrol is bloated with false positives, and I'm not assuming anything. Could you please explain this?
I can send you the screenshot of the message if it interests you.

Still, I decided to install and see what happens.

Suggestions:
1. I can close DefenseWall with a simple right click on the systray icon. How about you protect the process from closing by user and / or other processes by password?
2. Instead of letting the user decide which applications are untrusted, why not default everything to untrusted (except basic crucial system files). That way, no trouble can happen because the user merely forgot to add a program to the untrusted list.

Cheers,
Mrk

-{ Quote: "Fired up my Win98 box the other day - the good old dayz ;o)
and I still have Kerio v2.15 on there and it reminded me of
one of the main things missing from that proggy. When
you enter rules it automatically gets moved to the end
of the rules and you have to move it up the rules line
by line. A pain in the butt ;o)
Could you add similar move buttons for the Add/Remove
Untrusted Window? I had to remove Firefox from the list
the other day as it didn't seem to update some added
Extensions. Anyway Firefox is now at the bottom of the
added programs and I'd like to be able to move it up so
that it's visible and easy to reach for running as trusted.
" }-Done. You will see the "Move item up" button when release happends.

-{ Quote: "Hello,
I wanted to test your application on my test pc. The moment I tried to execute the installer, PestPatrol alerts that a "pest" is loaded into memory: "Downloader.Lunii". Now, I know that PestPatrol is bloated with false positives, and I'm not assuming anything. Could you please explain this?" }-No. That is the problem of the PestPatrol. It could be because of the UPX (standard compression for the RAR SFX modules as mine one).
-{ Quote: "
I can send you the screenshot of the message if it interests you." }-Thanks, but I don't need it.
-{ Quote: "
Suggestions:
1. I can close DefenseWall with a simple right click on the systray icon. How about you protect the process from closing by user and / or other processes by password?" }-The password is not in need, because the protection is independent to GUI.

-{ Quote: "
2. Instead of letting the user decide which applications are untrusted, why not default everything to untrusted (except basic crucial system files). That way, no trouble can happen because the user merely forgot to add a program to the untrusted list." }-Well, it is possible to do, but I'm not so sure it will dramatically rise the security level. And I see many troubles, security holes and incompatibilities that way. I suppose, that the smart user will be able to use my program effectively, what is about non-smart one- the computers are made not for them.

-{ Quote: "
I had to remove Firefox from the list
the other day as it didn't seem to update some added
Extensions.
" }-
Fyi - the explorer context menu for defensewall works on shortcuts, So if you happen to have FF shortcut on your desktop, you can right-click - head to the defensewall menu item and choose "Run as Trusted". That will save you having to add it back in your list when you're done updating.

'Done. You will see the "Move item up" button when release happens'

:)

------

Toadbee

Cheers for the tip :)

I actually hadn't noticed that I'm ashamed to say

You can also select the program in the Untrusted list and "Run as trusted", which I actually find more convenient :)

-{ Quote: "You can also select the program in the Untrusted list and "Run as trusted", which I actually find more convenient :)" }-

;D Yes I realized that after I posted as well. that's the really big obvious button ;)

You do have to close out of all FF instances first before the "run as trusted" aspect works.

-{ Quote: " Yes I realized that after I posted as well. that's the really big obvious button " }-LOL, yes.. not as bad as the time I went to the post office during election time and asked if they have voters pamphlets (or something, it was years ago).. the lady just glared at me and then pointed up.. there was a fifty foot long banner right above the window stating the answer to my question.. and this was after I had been waiting in line for 10 mins. ;D

Hello,
Several things I need to suggest / ask:

1. First, how much user friendly do you want your application to be? For instance, there is a default set of apps that are set as untrusted. However, there are no explanations about them. It could be useful if you added a short explanation what potential hazard a certain application carries and why running it as untrusted is useful. Now, I know you said the computers are not for illerate, and I agree, but I think that since we cannot prevent the illeterate from using machines, we could make the experience as painless as possible.

2. When running Firefox, I get these, like some other users:
Attempt to delete key HKCR\GOPHER\shell\open\ddeexec\Application\
Attempt to delete key HKCR\CHROME\shell\open\ddeexec\Application\
Attempt to delete key HKCR\FTP\shell\open\ddeexec\Application\
Attempt to delete key HKCR\HTTPS\shell\open\ddeexec\Application\
Attempt to delete key HKCR\http\shell\open\ddeexec\Application\

3. I must ask again: If I kill the Defense Wall process, does the protection remain effective at kernel level? Because once I kill it, the process is gone from Task Manager. Likewise, the user can add or remove processes from the unstrusted list easily. Password protection could be nice, let's say for computers with multiple users. Let's say a parent doesn't want his kids to disable untrsuted apps or close Defense Wall altogether, so a password could come handy to prevent the killing of the process or any changes.

4. What other services / apps do you recommend as untrusted?

5. Haven't checked it yet, but when you run p2p apps as limited windows user, for instance, eMule, then you cannot search servers and such. Is this the case with Defense Wall as well?

Mrk

-{ Quote: "Hello,
Several things I need to suggest / ask:

1. First, how much user friendly do you want your application to be? For instance, there is a default set of apps that are set as untrusted. However, there are no explanations about them. It could be useful if you added a short explanation what potential hazard a certain application carries and why running it as untrusted is useful. Now, I know you said the computers are not for illerate, and I agree, but I think that since we cannot prevent the illeterate from using machines, we could make the experience as painless as possible." }-There is a text on the first dialog sheet. Is it not enought for the illerate?

-{ Quote: "
2. When running Firefox, I get these, like some other users:
Attempt to delete key HKCR\GOPHER\shell\open\ddeexec\Application\
Attempt to delete key HKCR\CHROME\shell\open\ddeexec\Application\
Attempt to delete key HKCR\FTP\shell\open\ddeexec\Application\
Attempt to delete key HKCR\HTTPS\shell\open\ddeexec\Application\
Attempt to delete key HKCR\http\shell\open\ddeexec\Application\
" }-I don't know what is this, I have no such the messages. The only think I can tell- filter it!
-{ Quote: "
3. I must ask again: If I kill the Defense Wall process, does the protection remain effective at kernel level? " }-The protection is still effective. It is 100% independent from the GUI.
-{ Quote: "
Because once I kill it, the process is gone from Task Manager. Likewise, the user can add or remove processes from the unstrusted list easily. Password protection could be nice, let's say for computers with multiple users. Let's say a parent doesn't want his kids to disable untrsuted apps or close Defense Wall altogether, so a password could come handy to prevent the killing of the process or any changes." }-Yes, maybe you're right about parental passwords. I'll think about this feature more deeper after the version 1.0 release.
-{ Quote: "
4. What other services / apps do you recommend as untrusted?" }-Browsers,e-mail,IM and P2P clients. Maybe, WinZip/WinRAR if you like to run applications right from the archives.
-{ Quote: "
5. Haven't checked it yet, but when you run p2p apps as limited windows user, for instance, eMule, then you cannot search servers and such. Is this the case with Defense Wall as well?" }-I'm not sure. DW doesn't limitate the network activity.

In the Event Log window it would be very helpful to have the
latest alert at the top of the window - the reverse of the
way it is just now :)

Also, does DefenseWall check md5 hashes of the
programs in Untrusted? If not, this might be a
good thing - maybe :)

-{ Quote: "In the Event Log window it would be very helpful to have the
latest alert at the top of the window - the reverse of the
way it is just now :)" }-I'll think about this.
-{ Quote: "
Also, does DefenseWall check md5 hashes of the
programs in Untrusted? If not, this might be a
good thing - maybe :)" }-I see no reason why.

Hello,
How does Defense Wall compare to DropMyRights, if at all?
Mrk

-{ Quote: "Hello,
How does Defense Wall compare to DropMyRights, if at all?
Mrk" }-DW is much more powerfull and easyer then DropMyRights.

Hi,
What I meant is in what way is the protection different? DropMyRights prevents programs runing with it from changing certain tokens. What does Defense Wall do?

-{ Quote: "Hi,
What I meant is in what way is the protection different? DropMyRights prevents programs runing with it from changing certain tokens. What does Defense Wall do?" }-Block the dangerous actions (security token independent).

Hi,
Found a typo:
When you click add untrusted, you have option to add process and application. It reads applicatoin!
Mrk

-{ Quote: "Hi,
Found a typo:
When you click add untrusted, you have option to add process and application. It reads applicatoin!
Mrk" }-Oops!

Today DefenseWall showed 2 Untrusted Apps running - Firefox & Net
Transport. Firefox threw up an error and closed - and Dr DooLittle (watson)
showed his face. I closed Net Transport after it finished downloading
but DefenseWall still showed 1 Untrusted running. I checked with Task
Manager and nothing there so I hit the Close All Untrusted and nothing
happened - there was still 1 untrusted running somewhere ;)

Something to do with Dr Watson perhaps?

-{ Quote: "Today DefenseWall showed 2 Untrusted Apps running - Firefox & Net
Transport. Firefox threw up an error and closed - and Dr DooLittle (watson)
showed his face. I closed Net Transport after it finished downloading
but DefenseWall still showed 1 Untrusted running. I checked with Task
Manager and nothing there so I hit the Close All Untrusted and nothing
happened - there was still 1 untrusted running somewhere ;)

Something to do with Dr Watson perhaps?" }-System debugger (like Dr Watson) runs as a child processes to the crashed one. So, Dr Watson has being runned as untrusted, because theis parent process (FF) is untrusted.

Hi, guys!

The DefenseWall HIPS RC1 is released. There are a lot of the improvements!

1. Cool skinned interface.

2. "Secured files" feature (the files and folders unaccessible for the untrusted apps).

3. "Process details" feature.

4. Disable/Enable untrusted feature.

5. More registry keys are protected.

6. Spooler protection.

Averything is in the old place: http://www.softsphere.com/cgi-bin/redirect.pl?Name=DEFENSEWALL

The release is coming soon!

Good news :)

cheers Ilya

This is an amazing little program, I'm very impressed.

Is it ok to make wording suggestions to make some of the dialogue less ambiguous? This is a top-notch app, and I'd love to see it look its best.

-{ Quote: "
Is it ok to make wording suggestions to make some of the dialogue less ambiguous? This is a top-notch app, and I'd love to see it look its best." }-Yes, I'm always opened for the any suggestions.

Great job on the updating :)

Looking just about right I would say. Wording on Close All Untrusted
is good.
One small error - isn't there always - in the install dialogue
first page. It should read 'DefenseWall is a strong...'

The Add/Remove Untrusted section is perfect :)

Nice one

-{ Quote: "
One small error - isn't there always - in the install dialogue
first page. It should read 'DefenseWall is a strong...'
" }-Thanks. Will be fixed.

I'd like to see examples of what the Secured Files section is about and
how it is used.
Seems a little baffling to me.

It might also be a good idea to have some sort of indication that there
is now a process explorer when you click the bar above the Close All
Untrusted Applications button. This isn't obvious at all.

Are there any extra skins yet?

:)

-{ Quote: "I'd like to see examples of what the Secured Files section is about and
how it is used.
Seems a little baffling to me." }-The files and the folders you can not access form the untrusted applications.
-{ Quote: "
It might also be a good idea to have some sort of indication that there
is now a process explorer when you click the bar above the Close All
Untrusted Applications button. This isn't obvious at all." }-Will be described in help file.
-{ Quote: "
Are there any extra skins yet?" }-No.

Since a couple of days I am a happy camper with DefenseWall HIPS 1.0!

Thanks Ilya for the superb support!

It runs so smooth and I cant see any slowdown in surfing!

Best Regards

Hi guys.

The DefenseWall is released. The improvements are:

1. Help file.

2. Build-in support of the Mozilla Suite/FireFox and Opera browsers as untrusted.

3. All the folders are protected now (not only %windir% and %Program Files%).

4. Rooles are now active for the .cpl files.

5. Multiple symlinks error fixed.

6. Internal improvements.

7. Bugs fixed.


Great thanks to all my beta-testers! I LOVE YOU! Without your help the product couldn't be as good as it is now!

P.S. I'm looking for the local area resellers.

Great stuff :)

Nice to see the Help file at long last
It's been a valuable little addition to my security

Good luck, I hope it does well


--> http://www.wilderssecurity.com/showthread.php?t=109721 :)

The next (1.10) version is released.

The start of this thread.How do you get the 100 years rego and stop the popups.

Can't understand why a lot of other people aren't trying your software out and telling how good or bad it is.

Well for a newbie trialing your proggy,all I can say is goodgye all resource eating software.With a router firewall and Defensewall anything else is not needed.

But still have Ewido and E-Trust as on demand just in case.

-{ Quote: "The start of this thread.How do you get the 100 years rego and stop the popups.

Can't understand why a lot of other people aren't trying your software out and telling how good or bad it is." }-
I don't know. I can only guess why. As I suppose, the people are too inertive and trust only in PR'ed soft. I have no resources for the massive PR company for now :(.

-{ Quote: "
Well for a newbie trialing your proggy,all I can say is goodgye all resource eating software.With a router firewall and Defensewall anything else is not needed.

But still have Ewido and E-Trust as on demand just in case." }-
Yes. The program is designed for the very low-resources computers as mine one.

Anyway, I'm trying to make my job the best and to make the best protective software for everyday use for everybody.

Great stuff and interesting addition to my setup

Thanks for a great app, I hope it does well:)

Nice to see the Help file

BSODW.
Just got around to checking out DW, version 1.11, sounded great....
BSOD on reboot during install and every boot after that.
Used last system settings that worked to get in and uninstall it.
WinXPsp2. Ms-antispyware. AVG. That was all that was to boot up with this testrun of DW, and it BSODdomized me:'( ;D

This looks very good. Each release is an improvement. The interface is looking polished. Documentation is improving.

I'm running it with jetico and antihook and everything seems to be "co-existing" nicely.

Pretty impressive so far. Thanks for the opportunity to participate.

cheers

On the SoftSphere site (under "about us") there's a reference to an official forum. Any ideas as to where it is? Can't find it anywhere.

Thinking of purchasing but am reluctant with such new software.... and little things like this also put me off.

Otherwise seems great ;D

Puddingalien!

Did you use v 1.11?

Did you mail support? Normally you get a quick answer and if its a bug you probably will get a fix also quick enough.

Best Regards

Yep can't complain about support.One day sent off 4 email queeries and recieved replys within several minutes of each.Pretty darn good.

-{ Quote: "On the SoftSphere site (under "about us") there's a reference to an official forum. Any ideas as to where it is? Can't find it anywhere.

Thinking of purchasing but am reluctant with such new software.... and little things like this also put me off.

Otherwise seems great ;D" }-
There was the forum, but it was switched off by the hoster during the phpbb-worm epidemic. I just have no time to rise it up now. All my time I spend to improve the program and to work with the users anwering questions.

As about the purchasing- that is your choise, but I'd like to note, that only this will help me to fix all the "little things" and to continue hard work under the project.

-{ Quote: "BSODW.
Just got around to checking out DW, version 1.11, sounded great....
BSOD on reboot during install and every boot after that.
Used last system settings that worked to get in and uninstall it.
WinXPsp2. Ms-antispyware. AVG. That was all that was to boot up with this testrun of DW, and it BSODdomized me:'( ;D" }-
Just mail me ASAP your latest minidump file (%windir%\minidump folder, the latest .dmp file) to support [at] softsphere [dor] com, I'll solve the issue very quick.

-{ Quote: "As about the purchasing- that is your choise, but I'd like to note, that only this will help me to fix all the "little things" and to continue hard work under the project." }-

Well I did just place my order & am waiting on my key. The software impressed me too much to pass up :)

In the future, a dedicated forum would be nice/helpful, however I understand why resources may be focused elsewhere.

Thanks ;D

-{ Quote: "Well I did just place my order & am waiting on my key. The software impressed me too much to pass up :)

In the future, a dedicated forum would be nice/helpful, however I understand why resources may be focused elsewhere.

Thanks ;D" }-
The key is sent.

So far it seems excellent. I'm still learning.

You might consider putting the web-site address somewhere on the main panel. Make it easier to locate you :)

cheers

"You might consider putting the web-site address somewhere on the main panel. Make it easier to locate you"

That's a simple but good idea. Also could the interface be resizable?

Has anyone added more programs to the untrusted list for extra security or are the default settings ok.

-{ Quote: " Also could the interface be resizable?" }-
I'm afraid not. The skin is built as non-resizable.

-{ Quote: "Has anyone added more programs to the untrusted list for extra security or are the default settings ok." }-

I've just added all my internet facing programs and winrar. Apart from that i'm running default.

I have firefox in my untrusted list - yet when I run it it sometimes does not show up as a untrusted app on the front tab.

Yet if I try IE - shows instance always on front tab

Event seem to record everything - but now If I look on the front panel - DW says that Firefox is trusted? but it is in my untrusted list.


Bit dazed and confused

Franklin - anything that connects to the internet
I've added these so far

FTP proggies - FlashFXP, FTPSpy
Browsers - Opera
Download Managers - Net Transport
Weather programs - Mr Weather
Newsgroup proggies - PowerGrab, Grabbit, SoulSeek

======

Starfish_001
I've never seen Firefox running as trusted when it should be Untrusted
The only anomily I've seen is when Dr Watson fires up, it never gets
listed under Untrusted even though 1 Untrusted app is listed - You Have
One Untrusted Process... etc

=============

It's been a great addition to my security and no problems with updating
Low on resources and exists with all my security apps with no problems
at all.

One Happy Camper here :)

Ilya,

As a new registered user of DefenseWall HIPS v1.11, I have been experiencing some consistent and intermittent problems with Opera v8.51 and Eudora v7.0.1(free w/ads) which are listed or I have included as an "untrusted" application.

1.) Scrolling up and down through the bookmarks is consistently slow or sluggish in Opera.
2.) On an intermittent basis, it takes an additional 1-2 seconds or more to open and close both Opera and Eudora.
3.) On an intermittent basis, random execution requests such as opening the bookmark panel, clicking a bookmark in the bookmark panel or deleting private data freezes up Opera briefly for a few seconds before resuming.
4.) On an intermittent basis, entering my password and checking for new mail freezes up Eudora briefly for a few seconds before resuming.
5.) On a consistent basis, I have observed that the DefenseWall icon in the system tray remains red/orange during the entire duration when using and long after closing/exitting an "untrusted" application such as Opera or Eudora.

FYI, the pc in question is a Dell with WinXP SP2, 3.2 GHz Intel P4 and 1 Gb RAM. The other resident, "active" security applications that I am running include: BOClean, Look'n'Stop firewall, NOD32, Online Armor and RegRun Platinum 4.5. Until proven otherwise, it appears that DefenseWall may be conflicting with both Opera and Eudora. A prompt reply and solution to this matter would be greatly appreciated.


Peace & Love,

CogitoErgoSum

-{ Quote: "Until proven otherwise, it appears that DefenseWall may be conflicting with both Opera and Eudora. " }-A good way to test this, in the meantime, would be to try shutting the others down one at a time to see if the problem is remedied. It may also be that one of these is conflicting with DW on your system.

Yes, Notok is right. I was testing DW with the Opera and I had no problem with it. Just try to switch off one-by-one all the resident programs but DW and see when the Opera's speed will back. Then report about the last app switched off- I'll try to reproduce the situation and to fix the problem.

-{ Quote: "
1.) Scrolling up and down through the bookmarks is consistently slow or sluggish in Opera.
2.) On an intermittent basis, it takes an additional 1-2 seconds or more to open or close both Opera and Eudora.
3.) On an intermittent basis, it takes additional time to check for new mail or send mail in Eudora.
4.) On an intermittent basis, entering my password and checking for new mail freezes up Eudora. The use of task manager is required to shut it down.
5.) On an intermittent basis, opening the bookmark panel or deleting private data freezes up Opera. The use of task manager is required to shut it down.
6.) On an intermittent basis, it takes additional time to visit or download my home/start page in Opera.
7.) On a consistent basis, I have observed that the DefenseWall icon in the system tray remains red/orange long after closing/exitting an "untrusted" application such as Opera or Eudora. Is this normal?" }-

Notok and Ilya,

I shut down BOClean, Look'n'Stop, NOD32, Online Armor and RegRun Platinum 4.5 one at a time repeating this sequence for both Eudora and Opera a few times. Unfortunately, I did not find any conclusive evidence that these apps. are conflicting with DefenseWall and causing problems with Eudora and Opera. FYI, interestingly, after shutting down Online Armor, I could only restart it by rebooting my computer. Could OA possibly be conflicting with DW or vice versa? Despite these findings, issues #1, #2 and #7 remain unresolved.


Peace & Love,

CogitoErgoSum

-{ Quote: "Notok and Ilya,

I shut down BOClean, Look'n'Stop, NOD32, Online Armor and RegRun Platinum 4.5 one at a time repeating this sequence for both Eudora and Opera a few times. Unfortunately, I did not find any conclusive evidence that these apps. are conflicting with DefenseWall and causing problems with Eudora and Opera. FYI, interestingly, after shutting down Online Armor, I could only restart it by rebooting my computer. Could OA possibly be conflicting with DW or vice versa? Despite these findings, issues #1, #2 and #7 remain unresolved.


Peace & Love,

CogitoErgoSum" }-
As about #1 and #2- I don't know. Contact me via e-mail, I'll try to send you test drivers with the part of the hooks switched off. This will help to understand (and to fix) the reason of the slow down.
As about #7- the icon terns red if there are some dangerous behaviour is blocked. Just send me the log file- I'll look at it.

sys tray icon disappeared? any ideas how to get to the GUI?

Starfish -
Check your task manager. Is defensewall.exe running?
If not, got start - programs and run defensewall.

If it is try end task on defensewall.exe (you are still protected), then restart defensewall like above.

Thanks forgot that defensewall.exe was just interface - killed and restarted fine

I have firefox in my untrusted list - yet when I run it it sometimes does not show up as a untrusted app on the front tab. But the title bar says defenceWall untrusted

If I look on the front panel - DW says that Firefox is trusted? but it is in my untrusted list and the title bar says defenceWall untrusted

If I hit the red button to close all nothing happens.

Gave up an rebooted


Ilya any ideas second time in 2 days?

-{ Quote: "I have firefox in my untrusted list - yet when I run it it sometimes does not show up as a untrusted app on the front tab. But the title bar says defenceWall untrusted

If I look on the front panel - DW says that Firefox is trusted? but it is in my untrusted list and the title bar says defenceWall untrusted" }-
What do you mean "front panel"? Front panel of what? The status is dislpayed within the title bar of the window and "Trusted and Untrusted processes- now running" dialog.

-{ Quote: "
If I hit the red button to close all nothing happens." }-
That is very strage. It shouldn't be like that. Try to investigate this question and contact me via e-mail on results.

-{ Quote: "What do you mean "front panel"? Front panel of what? The status is dislpayed within the title bar of the window and "Trusted and Untrusted processes- now running" dialog.


That is very strage. It shouldn't be like that. Try to investigate this question and contact me via e-mail on results." }-


Front panel first tab in your DW interface - close all untrusted

Indeed - a reboot cured it but this is the second time. Could this be something to do with process Guard. The process is non longer prottectd by PG?

-{ Quote: "Front panel first tab in your DW interface - close all untrusted
Indeed - a reboot cured it but this is the second time. Could this be something to do with process Guard. The process is non longer prottectd by PG?" }-

So starfish - you are saying the grey button "you have # untrusted process(es) running on your computer" isn't reporting that FF is running.

Sounds like PG or another app is interferring with the communication between the DW GUI and the DW sys driver.

I once forgot to keep PG in learning mode when upgrading DW - that caused some confusion, but if I remember right I reinstalled DW with PG in learning mode and now its OK - could that be worth trying?

Best Regards

-{ Quote: "So starfish - you are saying the grey button "you have # untrusted process(es) running on your computer" isn't reporting that FF is running.

Sounds like PG or another app is interferring with the communication between the DW GUI and the DW sys driver." }-

Firefox is untrusted yet in the trusted list - so yes . Only happened twice so far.

And yes I agree I think it probably is another Kernel app - PG or NOD nothing looks wrong but ...

Have Exchanged an email with Ilya. But at the moment need to make ireproduce on demand. ....

This is something I encountered during the beta as well, sometimes it just seems that it doesn't see untrusted apps, but it's hard to replicate. For the record I do not run PG, so that wouldn't be the highest on my list of suspects. I do, however, run NOD32.

Man, this is one long thread. I would like to beta-test Defense Wall HIPS, however I really do not want to read this whole thread. I would like to give my opinions on a few features of DW:

Beatifull interface, Two thumbs up for eye candy.

On the main page it says: "You have X# untrusted process(es) running on your computer.", when you click this it launches the "Trusted and Untrusted Details" window. It would be nice if you could move processes between the Trusted and Untrusted zones though this window.

When DW is already open and I try to open it from the Start Menu, I get an error saying: "Multiple instances are not allowed". It would be nice if the shortcut launched the main window of the current running instance instead.

I'm not sure if this has already been said, but it would be beneficial for DW to run as a service, this would add some security.

So far everything has been running smoothly, running on WinXP SP2 with all updates, using default settings and running IE frequently.

BTW, it is a really nice feature that user has the ability to add either proccess, folder or application to the untrusted list, makes it easy on the user.

Also, if there was an advanced mode that would allow custom default restrictions and custom restrictions per proccess, this would be nice.

And, when attempting to launch an untrusted application as trusted when the application is already open, a dialog box asking whether to close and restart the application as trusted automatically or not would be nice. Or even plain text notification in red under the options on the right letting the user know the application is already open and therefore cannot be launched trusted.

Here is an example of what I am suggesting(i'm sure you could implement it in a much nicer way):

-{ Quote: "Man, this is one long thread. I would like to beta-test Defense Wall HIPS, however I really do not want to read this whole thread." }-
The beta-test process is temporary closed. DW is release now. The beta-tesing will be switched on later, when I will be testing the next major release. As you understand (I hope), if I won't be selling the product I'll have to freeze the project and start looking for the work as a hired personal.

-{ Quote: "
On the main page it says: "You have X# untrusted process(es) running on your computer.", when you click this it launches the "Trusted and Untrusted Details" window. It would be nice if you could move processes between the Trusted and Untrusted zones though this window." }-
It is possible to move trusted process to untrusted zone, back action is impossible. I'll think about this feature, but a little bit later.

-{ Quote: "
When DW is already open and I try to open it from the Start Menu, I get an error saying: "Multiple instances are not allowed". It would be nice if the shortcut launched the main window of the current running instance instead." }-
Aha, will be done.

-{ Quote: "
I'm not sure if this has already been said, but it would be beneficial for DW to run as a service, this would add some security." }-
It won't add any security, because GUI is just a control panel. All the defense core is driver-level. You can close my GUI, but the protection will be working.

-{ Quote: "
Also, if there was an advanced mode that would allow custom default restrictions and custom restrictions per proccess, this would be nice." }-
I see no reasons. It is security hole. If everything is working fine- why to change it?

-{ Quote: "
And, when attempting to launch an untrusted application as trusted when the application is already open, a dialog box asking whether to close and restart the application as trusted automatically or not would be nice. Or even plain text notification in red under the options on the right letting the user know the application is already open and therefore cannot be launched trusted." }-
I see no reasons for now. For example, you launch IE as trusted already having IE running as untrusted. Why to close untrusted instances? Trusted IE will be reliably separated from the untrusted processes zone. How it will rise up the productivity of the user's work or security level? I don't understand..... Please, explain!

-{ Quote: "This is something I encountered during the beta as well, sometimes it just seems that it doesn't see untrusted apps, but it's hard to replicate. For the record I do not run PG, so that wouldn't be the highest on my list of suspects. I do, however, run NOD32." }-


I think we have a suspect

-{ Quote: "
I see no reasons. It is security hole. If everything is working fine- why to change it?" }-

Because some users might want to run certain programs in untrusted mode, but allow certain exeptions. If I am correct, running an e-mail client in untrusted mode prevents it from launching AntiVirus programs to scan incoming mail?

-{ Quote: "It won't add any security, because GUI is just a control panel. All the defense core is driver-level. You can close my GUI, but the protection will be working." }-

Good :D I should have checked before making such a suggestion.

-{ Quote: "I see no reasons for now. For example, you launch IE as trusted already having IE running as untrusted. Why to close untrusted instances? Trusted IE will be reliably separated from the untrusted processes zone. How it will rise up the productivity of the user's work or security level? I don't understand..... Please, explain!" }-

Some processes do not allow multiple instances(like messaging clients). Only reason I made this suggestion is for a more user friendly interface.

-{ Quote: "Because some users might want to run certain programs in untrusted mode, but allow certain exeptions. If I am correct, running an e-mail client in untrusted mode prevents it from launching AntiVirus programs to scan incoming mail?" }-
No, it is not. AV will be able to scan e-mails.

-{ Quote: "
Some processes do not allow multiple instances(like messaging clients). Only reason I made this suggestion is for a more user friendly interface." }-
If somebody will need it in-the-wild- I'll add it.

Something I don't understand is why FireFox:
Attempt to open process C:\Program Files\ESET\nod32kui.exe

Also, here is a scenario in which it would be usefull for the user to be able to allow exeptions for certain programs(This is FireFox again):
Attempt to overwrite file C:\Documents and Settings\*****\Application Data\Mozilla\Firefox\Profiles\lrkiveb8.default\search.rdf

In this situation it would be beneficial for the user to be able to allow FireFox to write to its own directory and all sub-directorys.
*But not instances launched by FireFox.

And The Bat!(www.ritlabs.com):
Attempt to set value DLLPath within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\

Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\

Attempt to set value EditFlags within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\

Attempt to set value URL Protocol within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\

Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\DefaultIcon\

Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\shell\open\command\

These are scenarios in which it would be usefull for the user to be able to allow exeptions for The Bat! to be able to modify its own registry entries.

A small error I just found(very small) is that when DW says "Attempt to set value within" there are two spaces between value and within. This is not anything that could affect the user, just thought I would let you know, incase you don't already.

Sonork(www.sonork.com, the client messaging software):
Attempt to create global windows hook with module C:\Program Files\Sonork\bin\srkhook.dll

Just a suggestion: Option to have small window temporarely appear with list of recent events for given time(maybe 30-60 sec. after event occurs the notification could dissapear)

Regarding attempts John:

You are actually pointing out the filter command. Select all, and then filter. Next, delete all and apply as to not be bothered with such nonsense again.

ie. DW's stronge point. :)

If you like to be bothered etc. try PG or App Defend.
Else, If you need those settings, run the bat as trusted (once)

What? The events I posted above are required for the applications to work correctly. If I leave them as trusted, I will not be using DW for security. If I leave them as untrusted they can't work correctly. What I am asking for is a way to allow for exeptions in rules. This option could simply be overlooked by users who do not need it, however it would be of great use to some.

-{ Quote: "Something I don't understand is why FireFox:
Attempt to open process C:\Program Files\ESET\nod32kui.exe" }-
NOD32 components.

-{ Quote: "
I believe I have found a small error in DW's Event Log:" }-
It is not a bug. You haven't applyed the changes. The events haven't being deleted.

search.rdf- is fixed.

As about Sonork- I'll add it's module into "white list" of the global hook modules.

Now about TheBat. The idea is simple. You run TheBat as trusted one time during the installation, it set up all the parameters it need for the correct work. Then you set it as untrusted and work as usuall. There is no need any "exception rules", everything is work correctly. If you don't want to see TheBat events- just filter them. The program is already designed the way you don't need to set up any "rules" or answer questions with the popup windows, everything is already working. Just add your application as untrusted and enjoy safe Internet. Yes, the ideology is different from the classic HIPS, but it's works!

-{ Quote: "NOD32 components." }-
And it's OK for DW to be blocking these? Shouldn't AntiVirus be allowed?

-{ Quote: "search.rdf- is fixed." }-
Cool

-{ Quote: "As about Sonork- I'll add it's module into "white list" of the global hook modules." }-
Thanks ;)

Ilya,

I have been trying your DW app for the past few days, really appreciate your nice clean approach in your HIPS. Working great so far, and I plan an registering (paying) at the end of my 30 day trial as long as no unforseen complications arise.

One sugestion for an added feature, It would be nice if there were an option for an audible beep/alarm when a suspicious event is recorded in the event log. I know you have the wall icon in the tray turn red, but sometimes you can miss that if you are not paying attention to the tray area.

Does anyone use the secured files option, if the HIPS is working propperly this should not be needed because malware should not be able to execute and spy my data. Could you please give some examples of how setting up the Secured Files area will better protect us.

Thanks for the great HIPS app, hope you do well with it!!!!

Are there any plans to allow for users to view or edit the 'white-list'?

-{ Quote: "And it's OK for DW to be blocking these? Shouldn't AntiVirus be allowed?
" }-
It is just one of the AV components. I suppose, that AV will be working anyway, because most part of the any AV is within the driver level.

-{ Quote: "
One sugestion for an added feature, It would be nice if there were an option for an audible beep/alarm when a suspicious event is recorded in the event log. I know you have the wall icon in the tray turn red, but sometimes you can miss that if you are not paying attention to the tray area. " }-
OK. I'll add it in one of the next releases.

-{ Quote: "
Does anyone use the secured files option, if the HIPS is working propperly this should not be needed because malware should not be able to execute and spy my data. Could you please give some examples of how setting up the Secured Files area will better protect us. " }-
"Secured files" are the files or folders untrusted processes can not access. It could be everything you add there. It is 100% depends on you what to add. But don't add windows or program files fiolders- your programs won't start!

-{ Quote: "Are there any plans to allow for users to view or edit the 'white-list'?" }-
No. The white-list are only hashes within the driver. Anyway, not many users will be able to add it by themself, it will be much easyer for them if I will be adding hashes by myself on-demand (as I have made with the Sonork client).

What about an auto-update feature, or is that only implemented for registered users?

-{ Quote: "What about an auto-update feature, or is that only implemented for registered users?" }-
I think about it night and days! It is not so simple to implement. There a lot of the underground mines within this feature implementation process. But, anyway, it will be done. It is #2 in my todo list (#1 is bug fix+immidiate feature requests).

Well I just going to say that you have a nice product in the works, only thing keeping me away from it is lack of exeptions and the hidden white-list thing you have going. Good Luck and I wish you the best.

I don't know If I should have created a whole new thread for this, I have a question. Are the following dll's and others associated with defense wall and/or defence plus: user321.dll
oleaut321rav.tmp
kernel321.rav.tmp
ntdll.rav.tmp
If not does anyone recognize these, I already tried searching for them.

-{ Quote: "I don't know If I should have created a whole new thread for this, I have a question. Are the following dll's and others associated with defense wall and/or defence plus: user321.dll
oleaut321rav.tmp
kernel321.rav.tmp
ntdll.rav.tmp
If not does anyone recognize these, I already tried searching for them." }-
This are DefencePlus temporary files.

Just installed the beta and havent found any problems yet, but I got to say that this is a nice piece of software for me too add to my setup ;D

-{ Quote: "Just installed the beta and havent found any problems yet, but I got to say that this is a nice piece of software for me too add to my setup ;D" }-
It is not beta. It is release. v1.11.

Ilya Rabonivich, temporary files? They are dll's mostly and they have to load with every application I use, can you maybe point me to a page that can explain why they have to load with every application or if you could take time to expain to me I would greatly appreciate it.

-{ Quote: "Ilya Rabonivich, temporary files? They are dll's mostly and they have to load with every application I use, can you maybe point me to a page that can explain why they have to load with every application or if you could take time to expain to me I would greatly appreciate it." }-
There are two different types of the temp files. Some of them (user32.rav, for instance) created on each reboot and allow DefencePlus to randomly change the base of the main system dlls to prevent return-into-libc attacks, the other (kernel321.rav.tmp, for instance ) are used within the ring3-hooks engine to decrease the virtual memory usage.

-{ Quote: "Ilya,

As a new registered user of DefenseWall HIPS v1.11, I have been experiencing some consistent and intermittent problems with Opera v8.51 and Eudora v7.0.1(free w/ads) which are listed or I have included as an "untrusted" application.

1.) Scrolling up and down through the bookmarks is consistently slow or sluggish in Opera.
2.) On an intermittent basis, it takes an additional 1-2 seconds or more to open and close both Opera and Eudora.
3.) On an intermittent basis, random execution requests such as opening the bookmark panel, clicking a bookmark in the bookmark panel or deleting private data freezes up Opera briefly for a few seconds before resuming.
4.) On an intermittent basis, entering my password and checking for new mail freezes up Eudora briefly for a few seconds before resuming.
5.) On a consistent basis, I have observed that the DefenseWall icon in the system tray remains red/orange during the entire duration when using and long after closing/exitting an "untrusted" application such as Opera or Eudora.

FYI, the pc in question is a Dell with WinXP SP2, 3.2 GHz Intel P4 and 1 Gb RAM. The other resident, "active" security applications that I am running include: BOClean, Look'n'Stop firewall, NOD32, Online Armor and RegRun Platinum 4.5. Until proven otherwise, it appears that DefenseWall may be conflicting with both Opera and Eudora. A prompt reply and solution to this matter would be greatly appreciated.


Peace & Love,

CogitoErgoSum" }-



As weell as the occasional Firefox problem. I have been geting Opera problems when many tabs are open - DF and Opera take the whole CPU until reboot


I have Outpost firewall, NOD32, Online Armor and RegRun Platinum 4.5 with AntiHack, Process Guard and Proxomitron running when this happen.


Quite sure Online Armor and RegRun Platinum 4.5 with AntiHack, Process Guard and Proxomitron cause no problems

Any Idea? Might be NOD / Opera/ DW?

-{ Quote: "As weell as the occasional Firefox problem. I have been geting Opera problems when many tabs are open - DF and Opera take the whole CPU until reboot


I have Outpost firewall, NOD32, Online Armor and RegRun Platinum 4.5 with AntiHack, Process Guard and Proxomitron running when this happen.


Quite sure Online Armor and RegRun Platinum 4.5 with AntiHack, Process Guard and Proxomitron cause no problems

Any Idea? Might be NOD / Opera/ DW?" }-
I'm working on it. I'll mail you the latest driver to check it out.

I have been reading this thread for a while, and have now downloaded v1.11 for testing.

Setup:
- Windows XP Pro SP2 English + most hotfixes, system installed with nLite (zapped Outlook, Messenger, MediaPlayer 9, and quite a few more)
- added later: Linksys router
- Outpost v3.0.557.5918 (437) with pretty tight application settings
- Process Guard v1.150
- NOD32 v2.51.8

My first comments:

1. Great idea, nice addition to the defense toolchest.

2. Firefox and Opera, although added to Untrusted, NEVER show up in the Event Log (IE does)

3. Minor typo: if you click Filter on the Event Log without specifying anything to filter, a message box comes up with "Tou have not..." - should be "You have not...".

4. . In the About box, I'd drop "the" in front of DefenseWall (i.e. it should read: "This version of DefenseWall...").

Will do some more testing, but I feel I'll have questions :-)

-{ Quote: "I'm working on it. I'll mail you the latest driver to check it out." }-


I'll try out tomorrow - Thanks for a great program

Hi, I just downloaded DW 1.11 from softphere and installed it on my XP PC which had Online Armor 1.1 build 595 running. After I rebooted it, DW would display an error dialogbox saying that "driver cannot be properly initialized". Right after it OA would display a similar dialogbox and OA's GUI trayicon would not appear. I went to the Windows task manager and noticed that OA's service was already loaded and running but OA's GUI component could not be launched. If I proceeded to uninstalled DW, OA would pop up and ask for my permission to do so. If I said "yes" and rebooted my PC, the same sequence of events would happen again. I had to boot into Windows safe mode to uninstall DW. I think there are conflicts between DW 1.11 and OA 1.1. After I uninstalled DW 1.11, OA 1.1 functioned properly once again.

Thanks,
Lu Chin

These are my event log entries for The Bat! Professional v3.64.01. I am posting them because they are slightly different from those posted by AJohn.

Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\
Attempt to set value EditFlags within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value URL Protocol within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\DefaultIcon\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\shell\open\command\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Shell\open\command\

DW does not allow system processes to be added as untrusted.
However, e.g. SVCHOST.EXE and RUNDLL.EXE may start unwanted communication. In Outpost Pro I can (and want to) limit what these system processes may do. So if I didn't have Outpost running, DW would allow such unwanted communication.
Or am I missing something?

-{ Quote: "
3. Minor typo: if you click Filter on the Event Log without specifying anything to filter, a message box comes up with "Tou have not..." - should be "You have not..."." }-
Yup, thanks!

-{ Quote: "
4. . In the About box, I'd drop "the" in front of DefenseWall (i.e. it should read: "This version of DefenseWall...")." }-
Well, I don't know. I'm not a native men.... Life will show!

-{ Quote: "
Will do some more testing, but I feel I'll have questions :-)" }-
Always welcome!

-{ Quote: "I think there are conflicts between DW 1.11 and OA 1.1. " }-
Yes, I know about the conflict. I'll see if I can do something.

-{ Quote: "These are my event log entries for The Bat! Professional v3.64.01. I am posting them because they are slightly different from those posted by AJohn.

Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\
Attempt to set value EditFlags within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value URL Protocol within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\DefaultIcon\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\shell\open\command\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Protocols\mailto\
Attempt to set value within the key HKLM\SOFTWARE\Clients\Mail\The Bat!\Shell\open\command\" }-

Different TheBat version- different logs. It is normal. The cure is the same- just filter it!

-{ Quote: "DW does not allow system processes to be added as untrusted.
However, e.g. SVCHOST.EXE and RUNDLL.EXE may start unwanted communication. In Outpost Pro I can (and want to) limit what these system processes may do. So if I didn't have Outpost running, DW would allow such unwanted communication.
Or am I missing something?" }-
Yes, you are. DefenseWall is not a firewall, it is sandbox HIPS! So, it doesn't control network connections at all. It creates virtual "untrusted processes" zone with the limited rights. If malware runs inside this zone it won't be able to out from this zone and to break the system integrity (to set up service/driver, set themself autostarted and so on).

Ilya Rabinovich,
Thank you for the clarification. The idea needs some getting used to :-)

Another question: Is there any way to UNfilter an event (i.e. make an event appear again after having filtered it earlier) ? Or is there a way to delete all filters? Or, better yet, to edit them?

-{ Quote: "DefenseWall is not a firewall, it is sandbox HIPS! So, it doesn't control network connections at all. It creates virtual "untrusted processes" zone with the limited rights. If malware runs inside this zone it won't be able to out from this zone and to break the system integrity (to set up service/driver, set themself autostarted and so on)." }-
So how does it differ from e.g. Process Guard in terms of what I can achieve with it? Is there anything PG can not do that DF can, or can do better? My apologies for the possibly dumb question, but I didn't find anything about this in this thread.

DW isolates untrusted apps so that they can't see any other apps on the system, other than whatever else is in the Untrusted list. DW will also prevent untrusted apps from modifying vulnerable files (PG doesn't protect any files) and you can select folders to be totally protected from untrusted apps. I'm sure there are probably a couple things I'm missing, but that's the main things DW can do that PG cannot.

-{ Quote: "I'm working on it. I'll mail you the latest driver to check it out." }-

All good so far - it is hard to get the problem to re-occur on quue but no probs with this version so far

Thanks Ilya for your answer. Does the price of Defensewall include that of annual updates? How does the current pricing work? How about any plans of integrating the function of DefencePlus into future versions of Defensewall?

Notok,
Thank you for the clarification.

-{ Quote: "
Another question: Is there any way to UNfilter an event (i.e. make an event appear again after having filtered it earlier) ? Or is there a way to delete all filters? Or, better yet, to edit them?" }-
As for now, you can delete filters.bat and restart GUI- it will delete all the filters. There is now other ways yet.

-{ Quote: "So how does it differ from e.g. Process Guard in terms of what I can achieve with it? Is there anything PG can not do that DF can, or can do better? My apologies for the possibly dumb question, but I didn't find anything about this in this thread." }-
PG and DefenseWall are different types HIPS. Ideologycaly PG is an application firewall (you can set your own roolset for the each application, but it need you a lot of the technical knowlege), DefenseWall is sandbox HIPS (it divides all the processes to "trusted" and "untrusted" and use build-in roolset for the "untrusted" one). Application firewall is for the professionals who want to control everything at their computers, sandbox is for the regular non-technical users. DefenseWall is much nore easy and simple in work for the user that PG. You see, it is always possible to make PG's control functionality as DW, but ideologicaly they are different!

-{ Quote: "Thanks Ilya for your answer. Does the price of Defensewall include that of annual updates? How does the current pricing work? How about any plans of integrating the function of DefencePlus into future versions of Defensewall?" }-
1. The price is $29 for the defense core+one year of the first-queue tech. support, online updates (I'll implement it in the 1.20+ version) and new version notification. After the license's time will expires, the defense core will be working (you've paid for it!), but all the extra advantages (online updates, first-queue tech. support, e.t.c) won't be available + one nag screen during program's start notifing you that your license's period is expired. It is $10 per year to switch the extra advantages on. If you don't need extra advantages- it is OK. The defense will be in working state anyway!
2. Yes, I have plans to integrate my buffer overflow defense into DefenseWall, but it need more time to have test it (I have the reports about DefencePlus unstable work at some computers, it should be fixed)+ I think that first I need to implement online updates functionality, it is more important feature.

Ilya Rabinovich,
Thanks for your replies.
-{ Quote: "As for now, you can delete filters.bat" }-
That's an interesting batch file you have there :-)
Not exactly the runnable type, is it? (I only saw paths and binary zeroes in it.)

-{ Quote: "
That's an interesting batch file you have there :-)
Not exactly the runnable type, is it? (I only saw paths and binary zeroes in it.)" }-
It is made to prevent filter file from being modified by the untrusted processes. That is why it is .bat extention!

Thanks Ilya for all your answers. I really like your program but have to wait until it works with my Online Armor before I will place an order.

-{ Quote: "1. The price is $29 for the defense core+one year of the first-queue tech. support, online updates (I'll implement it in the 1.20+ version) and new version notification. After the license's time will expires, the defense core will be working (you've paid for it!), but all the extra advantages (online updates, first-queue tech. support, e.t.c) won't be available + one nag screen during program's start notifing you that your license's period is expired. It is $10 per year to switch the extra advantages on. If you don't need extra advantages- it is OK. The defense will be in working state anyway!
2. Yes, I have plans to integrate my buffer overflow defense into DefenseWall, but it need more time to have test it (I have the reports about DefencePlus unstable work at some computers, it should be fixed)+ I think that first I need to implement online updates functionality, it is more important feature." }-

Hi,
Keep going Ilya. This looks promising. I think your product will be a fully featured monster by 1.5 or so.... Good luck!
Mrk

Ilya,

You may want to think about renaming this thread title to something like "Official Support thread for DefenseWall HIPS" and edit your first post describing when the product was released and keep a brief release history going in the first post.

You may be losing potential customers because they think the product is still beta when they see this thread going, after conducting a search of defensewall on this forum, and they may not read through all of this thread to realize it is now a released product. Some people will stay away from an app and not try it if they think it is still beta.

-{ Quote: "Hi,
Keep going Ilya. This looks promising. I think your product will be a fully featured monster by 1.5 or so.... Good luck!
Mrk" }-
Well, life will show...... I do my best! Thanks!

-{ Quote: "Ilya,

You may want to think about renaming this thread title to something like "Official Support thread for DefenseWall HIPS" and edit your first post describing when the product was released and keep a brief release history going in the first post." }-

Bolded part by me. I'm afraid that will be out of the question. That way this thread will come very close to sort of an Official support forum - and that's not the way it works over here, sorry ;) .

That said: this thread stays open as it is, and good luck to all involved ;)

regards,

paul

Sorry Paul,

You have a great forum community here and i did not realize I was breaking the rules by suggesting that. I sincerly apologize!!!!

-{ Quote: "Thanks Ilya for all your answers. I really like your program but have to wait until it works with my Online Armor before I will place an order." }-
I've just fixed some issues. You will see it in v1.20. Coming soon.....

Hi Ilya, will DW protect users when IE runs the Java VM?

Thanks.

-{ Quote: "Hi Ilya, will DW protect users when IE runs the Java VM?

Thanks." }-
Yes. It will be runned as untrusted if the parent IE is untrusted.

DefenseWall HIPS v1.20 is released! Online Armor compatibility issues are fixed, the program's speed is improved, enable/disable protection feature is added. So, I start to work under the online update module.

Thanks Ilya. That's great news for OA user like me. I will give DW 1.2 a quick test and see how things go.

I'm very sorry, I've found the system memory leaks inside the driver's routines. Nothing horrible, everything is fixed. Just re-download version and install over.

Excellent - I did havesome problems with the release version of 1.2

but I switched the driver with the beta of 1.20 driver you sent me and that seemed fine.

I'm terribly sorry, I've fixed mshta record within v1.20 and just found out that "Add/Remove Programs" is mshta script. So, it will be runned as untrusted within v1.20. I've just immidiately fixed it and released v1.21. Now it is OK with this window!

-{ Quote: "I'm terribly sorry, I've fixed mshta record within v1.20 and just found out that "Add/Remove Programs" is mshta script. So, it will be runned as untrusted within v1.20. I've just immidiately fixed it and released v1.21. Now it is OK with this window!" }-


Thanks - the Installer package is still called v1.20 rather than 1.21

-{ Quote: "I would like to offer my new DefenseWall HIPS program for beta-testing purposes. A registration
period for 100 years is guaranteed to all active testers." }-

I'm interested in testing and making constructive suggestions.
Is this registration offer for testers still valid?

Thanks Ilya for all the quick fixes. I was watching my system going down inexplicably after installing 1.20 and scratching my head. Now, it looked fine.

-{ Quote: "I'm terribly sorry, I've fixed mshta record within v1.20 and just found out that "Add/Remove Programs" is mshta script. So, it will be runned as untrusted within v1.20. I've just immidiately fixed it and released v1.21. Now it is OK with this window!" }-

Sorry I meant my system memory going down.

-{ Quote: "Thanks Ilya for all the quick fixes. I was watching my system going down inexplicably after installing 1.20 and scratching my head. Now, it looked fine." }-

-{ Quote: "Thanks - the Installer package is still called v1.20 rather than 1.21" }-

I've just downloaded 1.21 from my site for the test....

-{ Quote: "I'm interested in testing and making constructive suggestions.
Is this registration offer for testers still valid?" }-

Test program is temporary closed, because I need to earn money to continue my work. Test program will be continued later.

-{ Quote: "Thanks - the Installer package is still called v1.20 rather than 1.21" }-

Starfish - try clearing your firefox cache first ;D

Cheers for the update :)

had to use Enable/Disable the other day - worked fine

also had a worrying change of crc for defensewall.exe shortly
before I updated. Not sure what caused that. I keep backups
of all my important exe files so it wasn't a big deal

DefenseWall v1.30 is released. The number of the registry keys controlled is increased, DefenseWall's root registry key is unaccesible for the untrusted processes, now there are two work modes- regular mode and expert mode.

DefenseWall v1.31 is released. As usually, it is bugfix version. System Safety Monitor compatibility issue, short names within start process routine and occasional freezes of the untrusted processes are fixed. Also Disable protection feature is improved- restart is not in need anymore.

-{ Quote: "DefenseWall v1.31 is released. Also Disable protection feature is improved- restart is not in need anymore." }-

Thanks for the update -

and also for disable protection .....:)

Already from v 1.00 I added folders A: and D: to the untrusted list. When continuesly upgrading I checked and they were still untrusted every time, but now I went from 1.21 directly to 1.31 (expert mode) and suddenly those folders werent untrusted any more.

Does this mean that in the future I will have to - manually - check that all apps and folders I have myself added to unstrusted are still there and if not I will have to add them on manually after every upgrade. I hope not - I need to be able to trust that my settings are not changed by an upgrade.

Best Regards

-{ Quote: "Already from v 1.00 I added folders A: and D: to the untrusted list. When continuesly upgrading I checked and they were still untrusted every time, but now I went from 1.21 directly to 1.31 (expert mode) and suddenly those folders werent untrusted any more.

Does this mean that in the future I will have to - manually - check that all apps and folders I have myself added to unstrusted are still there and if not I will have to add them on manually after every upgrade. I hope not - I need to be able to trust that my settings are not changed by an upgrade.

Best Regards" }-

Aha, thanks a lot, it was a bug within the driver, I haven't noted it by myself. I'm very sorry. Now, I've already fixed it and you can download new bugfixed version- 1.32.

Might be just me .... a bit scewed up but .....


After installing the new version and rebooting I noticed that none of my untrusted processes had the defensewall titlebar - untrusted

Protection was set but......

I needed close all processess then toggle protection: off - on

restart processes to get protection ???

All seems to work fine now :thumb:

My 1.32 install worked fine.

Your probably much more savvy than me - but - when I downloaded and installed DW I used IE as trusted and set PG in learning mode. I once installed without PG in learning mode and that caused problems allthough I manually allowed everything PG asked for.

I could probably use IE untrusted during download and then install DW as trusted, but still PG in learning mode is a must.

Probably info of no use to anyone.

Best Regards

What files or folders can I safely add to the "secured files" tab in DefenseWall for improved security? I guess the "My Documents" folder would be one good example. Any comments or opinions would be greatly appreciated.

AwareSoul

-{ Quote: "What files or folders can I safely add to the "secured files" tab in DefenseWall for improved security? I guess the "My Documents" folder would be one good example. Any comments or opinions would be greatly appreciated.

AwareSoul" }-

In fact, it depends on you what to include there. As about "My Documents"- not very good idea, because you will be unable to save htlm pages with your browser there.

Thanks Ilya for the follow-up.


AwareSoul

One thing what I would like to see is improvement of the GUI, it has to become resizable and it should also be able to remember the size of the window and size of the columns. ;)

-{ Quote: "One thing what I would like to see is improvement of the GUI, it has to become resizable and it should also be able to remember the size of the window and size of the columns. ;)" }-

Main window's skin doesn't support resizing.

I guess it´s a big problem for me then, since I´m a real GUI geek. If I don´t like the GUI of a certain app, I will not use it. ;D

On the other hand, I'd prefer you concentrate on the "engine" instead of the exterior, because I care more about how well it does it's job, than how it looks.

cheers

-{ Quote: "On the other hand, I'd prefer you concentrate on the "engine" instead of the exterior, because I care more about how well it does it's job, than how it looks.

cheers" }-

Don't worry- I don't believe in GUI so much as you are!