Defensewall 3.0 goes Gold

Discussion in 'other anti-malware software' started by Threedog, Apr 20, 2010.

Thread Status:
Not open for further replies.
  1. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi,

    I understand your point of view and I agree that number of processes means nothing but every process consumes resources (memory, cpu, i/o... etc)

    I did today test and installed as you suggested new OA Premium v4.0.0.44 and really I thought it will be much lighter than when I tried it last time (about year ago). Indeed it's a little bit lighter but... only a little bit as I said.
    Below you will find results and methodology of my tests:

    Test machine: Windows 7 HP x32.

    1. Test no.1: resource usage during web browsing (Opera as a main browser and open simultaneously ~15 tabs with different content - two sites with flash animation) Results below for Online Armor and DefenseWall Personal Firewall:

    Online Armor (Web Shield enabled): http://img130.imageshack.us/img130/7102/oabrowsingprot.png
    oabrowsingprot.png

    Online Armor (Web Shield disabled): http://img594.imageshack.us/img594/9561/oabrowsingbez.png
    oabrowsingbez.png

    DefenseWall Personal Firewall: http://img191.imageshack.us/img191/6029/dwpfbrowsing.png
    dwpfbrowsing.png

    Winner: ex aequo DWPF and OA (with Web Shield disabled)


    2. Test no.2: resource usage during CNN TV-streaming in Windows Media Player 12:

    Online Armor: http://img594.imageshack.us/img594/4650/oastreaming.png
    [​IMG]

    DefenseWall Personal Firewall: http://img130.imageshack.us/img130/7121/dwpfstream.png
    dwpfstream.png

    Winner: OA


    3. Test no.3: resource usage during uTorrent activity - downloaded one of the Linux distro (Ubuntu) for test purposes:

    Online Armor: http://img714.imageshack.us/img714/4755/oatorrent.png
    [​IMG]

    DefenseWall Personal Firewall: http://img594.imageshack.us/img594/3420/dwpftorrent.png
    dwpftorrent.png

    Winner: DWPF


    4. Resource usage in Windows Task Manager - CPU Time, during all these test for OA and DWPF:
    http://img227.imageshack.us/img227/1992/wtm.png
    [​IMG]

    Winner: DWPF.


    Because of this I prefer to stay with my tandem: LnS and DW.
     
    Last edited: Apr 23, 2010
  2. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Good tests, Creer. Thanks for sharing. By the way, you can readily upload those screenshots to this forum. That way, readers of this thread, months from now, will still be able to see those screenies. The screenshots will eventually disappear from imageshack.

    Did you notice DW's widely varying usage of I/O in some of the tests?

    In my view these tests show that the difference between OA & DW is very narrow indeed, & shouldn't be a prime factor in deciding which of these 2 splendid security applications to use. I have licenses for both DW & OA, but have chosen to run OA -- mainly because of all the trash that DW leaves behind in its rollback area.
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Do you have "Automatically remove items from rollback list" on?
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    When I was running DW, I DID check-mark "Automatically remove items from rollback list". However, doing so only causes a monthly cleaning.

    Until I began using DW, my registry cleaner (Ace Utilities) always had ~30 registry items that it didn't clean because of its ignore list. After I began using DW, I added DW's registry items to Ace's ignore list because of your post that we shouldn't clean out DW's registry additions. At that time I checked the "Automatically remove items from rollback list" item on the Advanced>Options screen.

    Within 3 weeks Ace's ignored registry items had grown to over 150 items, & was increasing daily.

    I did a few rollbacks on my own, thinking they were safe, but with bad results.

    DW is an excellent security app, but I do not regard it as being truly "set-it-forget-it" with this growing rollback list issue. For instance, how can a user be absolutely certain that the mere passage of 30 days will make it safe to clean out this growing rollback list? Further, if an arbitrary 30 days auto-rollback is safe, wouldn't an arbitrary 60 days auto-rollback be even safer? Moreover, why would a 15 day auto-rollback be less safe? In other words, WHERE do you draw the line? Why is 30 days the "magic number"?

    My point -- the 30 day auto-dump is an arbitrary measure -- NOT a magical guarantee that something essential won't get dumped. Bottom Line -- I regard the 30 day auto-dump as a "hopeful compromise" for dealing with DW's propensity for using the registry as a waste basket.
     
  5. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    64 bit please? D:
     
  6. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    i was about to ask about registry cleaners when using DW...
    also HD defragmentation..
     
  7. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    No I didn't notice.

    As Ilya said I have set on "Automatically remove items from rollback list" and I really don't care about registry in that case. I also don't use registry cleaner on my Win7 machine and my system still works very well (I didn't notice differences between cleaning registry in Win7 - also I don't feel that without cleaning out my registry after 6 months, my Win7 OS runs slower or faster, it runs normal with ~100 applications on the board boot time takes about 25-30 seconds, I think not bad result at all.
    BTW. I read few months ago one of the MVP blog where she explained that the cleaning registry in Win7 is not needed since the registry is loading a bit different than in previous versions of Windows - unfortunately this page doesn't work: http://nicolemaschke.wordpress.com/...gistry-cleaners-and-windows-7-are-a-bad-idea/
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Bill,

    Stop using FF, try DW with Chromium and you will be surprised how light DW runs. Just had a look at my wife's PC. The delay of Chromium is not noticeable. The protection you get set out against the overhead DW generates is top class.

    Believe me, I set up all our PCs with build in protection of the OS, because I am a performance freak. DW is the only HIPS /sandbox/fw application which passes my very sharp performance criteria.

    Regards Kees
     
    Last edited: Apr 23, 2010
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    kees you are very picky:) you sound like me;) if a security software make my pc slow in any way is out of here:D
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep, JMonge

    DefenseWall's logs are also a nice indication how well a browser is designed. Becasue Chrome sandboxes it tabs, there are less calls to files and registry (to guard for DW). This had the advantage that DW runs even smoother with Chrome/Chromium


    @ Ilya

    I added two keys to Internet Explorer resource protection (and System)

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    Those keys are often attacked by 'nuisance/ad ware'. It has been so long ago since we discussed resource management optimisation. In my list I have them in a different colour, so I don't know whether we did not discuss them or whether you did not agree or that they were allready protected.

    Thanks
     
  11. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Hola Kees-sensei...

    I use Kmeleon, not FF. I use OA, not DW. That combo is faster than a dose of salts through a duck's bowels.

    I like DW except for such things as...
    1- It uses the registry for a dustbin. OA doesn't
    2- It fails Antitest's clipboard logging test. OA passes

    I do use FF(Noscript enabled) + Safe Online on those rare occasions when I am doing serious financial stuff, such as organizing a hostile takeover of AT&T. :rolleyes:

    Google Chrome is not something I will use or ever again install. Here are just a few of many reasons why Chrome is a no-way for me...

    1- It gives you NO choice as to which folder you want to install it in.

    2- Instead of installing it in C:\Program Files like most every other program, Google puts Chrome, without notification or asking permission, into C:\Documents and Settings.

    3- It updates directly to its own folder, instead of allowing you to download the update file so that you can scan it, save it for back-up, etc.

    4- When you uninstall Chrome, it leaves behind Google's updater. My firewall notified me that the bugger was trying to call home.

    5- There is no way within Chrome's user-interface to set the cache size or location.

    6- It silently auto-updates Flash-Player

    OTOH, I dearly looove Chrome+. It has NONE of Chrome's bad habits and ALL of Chrome's benefits.
     
    Last edited: Apr 24, 2010
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Bill,

    I have just about half the life experience of you so I am not asked to consider brand issues and sales optimisation at such take overs ;) I had thought you used Lynx in such occasions :thumb:

    Funny thing that a kameleon can be faster than a fox :D

    Warm regards

    Kees
     
    Last edited: Apr 24, 2010
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Got a PM question on DW's resource protection

    What it does?
    It seperates untrusted from untrusted. When you look in the resource management protection defaults, you can see that Outlook for instance has critical resource protected. This implies that a malware launced through javascript (parent process is for instance IE8 or FF, which are also untrusted processes) can't access you mailbox. This raises the bar for bots (they can't access your contacts).

    How to play with it?
    When you add a file/folder or registry key to "System" other untrusted can't access it any more. When you add something at IE8 (as I did) others can't access it. To be safe I also added these resources to System, so regular (trusted processes) are allowed to touch it.
    You can add a new process first, make sure it is also listed as untrusted process in the regular untrusted list. after having added a new process, you can add files/folders/registry etc.

    For whome intended?
    Resource protection is for power users and ex-GesWall users who had a lot of customisation in their console (like me). Ilya has optimised it default settings, so for 99,99% of the users it works perfectly out of the box. Do not forget that DW is a stronger than LUA environment, a lot of user space regsitry entries are protected by default. When you start to play with it, it is advised to select to show resource notifications.

    Regards Kees
     
  14. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi Bellgamin,

    I can't agree with this one, take a look at my screen below - it's DW notification about Clipboard logging:

    dw_clip.png
     
  15. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Even Ilya agrees that DW fails on clipboard logging, and he refuses to change it. See Here.

    Ilya has known about this weakness a long time (see Here) but feels that there are valid softwares that use the clipboard so he declines to prevent clipboard problem.

    However, it is not an "either/or" issue. OA blocks clipboard stuff & alerts the user. The user can then allow (for legitimate softwares) OR block. The decision is left to the user, as it should be, not to the programmer.
     
    Last edited: Apr 24, 2010
  16. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Hello Bellgamin,
    I agree with you, but then again if the user is like my wife, she wouln't know what decision to take anyway. Yes/no is the same thing for her.:p :D
     
  17. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    DW only informs you about clipboard logging but it's up to you if you want Terminate it (in case of unknown running software on you PC) or accept just clicking OK button and checked Remember my decision box.
    So DW doesn't block clipboard logging by default - it's only your decision to Terminate or Allow running process which does clipboard logging.
     
  18. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    DW informs you AFTER the clipboard logger already has captured the clipboard data. Ilya never disputed this fact. I quote from a DW user's post on DW's own forum which I previously linked...

    Rather than agreeing to fix this, Ilya replies...

    ~~~~~~~~~~~~~~~~~~~

    Yet another achilles heel of DW is what takes place when you want to install a new software. As an example I shall refer to a hypothetical download called "setup.exe" which IS a malware for purposes of this example.

    Under DW, setup.exe will arrive in untrusted status. As such, setup.exe has zero ability to do any real damage to your computer.

    HOWEVER, installing an untrusted software is a PITN. So you will (I hope) scan setup.exe for malware and, if it passes muster, you will then convert it to trusted status.

    So, in this example, a malware has slipped by your scanner (it happens sometimes).

    Once the malware is in trusted status, DW no longer offers protection. IF you are running as Admin user when you install that malware and execute it, then that malware will have freedom to do pretty much any & all damage that it wants to do, and DW won't interfere.

    Unlike DW, Online Armor (OA) gives you an EASY option for installing software safely EVEN IF you choose always to run as Admin user and EVEN IF that software turns out to be malware.

    Namely, OA allows you easily to click setup.exe into Run Safer mode, thereby eliminating 99.999999% of that software's ability, as a malware, to do any lasting damage to your computer.

    Further, even after you enter Run Safer mode, OA will alert you to the dangerous actions which are attempted by that malware, such as trying to modify or replace a system file. DW doesn't do that. OA does. That's because OA is a classic HIPS and DW isn't.

    ANY classic HIPS will give you those kinds of danger alerts. Often we find those alerts annoying and either turn them off (by entering install or learning mode) OR repeatedly click "Allow". SHAME on us for being so lazy! Even so, OA's Run Safer will give us a high degree of forgiveness for laziness.

    NOTE however that OA named it "Run Safer" and NOT "Run SAFE". No security application can fully protect me from my sometimes careless (even stupid) actions! Only one app can protect me then -- a good imaging software that I use regularly and faithfully.

    DW is one of the very best security apps, and would be cheap at twice its price, especially considering the superb tech support provided by Ilya. However, although installing software is less dangerous while using DW, it is STILL dangerous. In this particular respect, installing software under OA's Run Safer is significantly LESS dangerous than is the case with DW.

    Kees often advocates running most times as Limited user (LUA). He is right, of course. IF I am in LUA status, DW is 99.99999% bullet-proof, even when installing software. But I am a lazy hard-head & always run as Admin so, in my case, I really need Run Safer.

    Ummm... is anybody else running as Admin? SHAME on you (and shame on me)! ;) :cautious: :shifty:
     
    Last edited: Apr 24, 2010
  19. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    1. OA's "Run Safer" is, in fact, LUA. One standard Windows privilege escalation exploit - and that's it.

    2. Yes, classical HIPS systems are giving more security then any sandbox HIPS, but with one single note- their user must perfectly understand what should be allowed and what should be blocked. Other case, any sandbox HIPS gives much more protection than any classical HIPS because users can operate them properly.

    Ah, and yes- I'm running under Admin rights account. Shame on you and shame on me! :D
     
  20. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Has anyone had any serious problems (like BSODs) with DW v3?

    Are there any known incompatibilities with other software?
     
  21. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    Running fine here :thumb:
     
  22. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I run as Admin, however with Defensewall I feel that I am close to being equivalent to running as a Limited User.
     
  23. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Even during the Beta process, I didn't have any BSOD problems and the few incompatibilities that I had were quickly fixed by Ilya, more or less just minor adjustments, which is part of the reason for the Beta process in the first place.

    If I had a little more computer savvy under my belt, I wouldn't be scared to run with just Defensewall as my sole security app.
     
  24. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I haven't gotten any BSOD or any known to me incompatibilities but it's a system choker on my setup with Win 7. Middle clicking a forum link to open it in a new tab takes about 7 to 10 extra seconds for the page to start loading. Closing out an IE session leaves one or more IE processess resident for a considerable amount of time before they completely close out. Normally that's not a big deal but if I decide to re-open IE while one of the processes are still resident, then IE considers that the last session crashed. Each new IE tab or link in the same tab causes my laptop fans to rev up to high rpm's. The IE taskbar icon normally will show additional highlighting around it when more than one tab is opened. If you close all tabs but one, then you're left with just the one focused highlight around the taskbar icon but when DW is installed, the above becomes borked and doesn't work as intended. I can close out all tabs but one and the additional highlighting on the IE taskbar icon remains. Sites that use Flash will really choke the system down by opening and not closing the Flash10 process.
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    With DW running in real-time (by itself) you would be very well protected IF you image your system drive at least once/week as a fail-safe.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.