DefenseWall Single Product Reviews

[kareldjag]

Hi,

Just a few subjective comments.

"Even though a protection rate of 100% was achieved at this test, it should be clarified that in reality, there is no 100% protection with any product. "
Any serious test methodology should be elaborated to validate this affirmation:100% security is off course an Heresy.
Any tester should forget testing if he can not defeat/bypass/evade/elude/escape the product he wishes to test.

"What should be emphasized is that the soft-ware should be regarded as being a supplement to an Anti-Virus product and not as a replacement."
Fully subjective comment which can be discussed under technical perspective.
Fully subjective because AV-Comparatives (like most av test organizations) plays the game of the AV industry since its creation.
Fully subjective for interest conflict reasons: financial deals/partnerships between AV editors and the AV test organizations.
Technically, an antivirus is not necessary in combination with DefenseWall: it is not a question of product, but mainly a question of user (skills/experience/habits).
For a P2P user who often download cracked video games for instance, an av is more suited.
For a basic use of the computer, or for an experimented user, an av is not necessary, and DW is self-sufficient by itself (case of Ilya who-correct me if i'm wrong-does not use an antivirus).
I would personally recommend a rollback/instant recovery solution as plus to DefenseWall.
On the other hand this review is not intended for technicians and experts but mostly for the mass, and in this case AV Comparatives comments are totally legitimate.

"DefenseWall HIPS does not block e.g. buffer overflows (so far), phishing attacks, Internet connections/browser hijacks. "
It is of course not new.
DW does not protect against BO simply because Softsphere sells a specific product (Defense Plus) devoted for Buffer Overflow protection.
More over, most HIPS are designed, as suggested by the terminology, to protect the local host against intrusion by malwares.
And most HIPS, for desktop or corporate environment, are vulnerable to many client-server side attacks.

I might be wrong, but this review has been done with a little financial donation from Softsphere.
Now very jalous i am waiting for the 500 kg of Beluga, a set of Matrioshka made in gold and diamond, and 100 bottles of Diva vodka for my friends...
More seriously, with Ilya (as for many HIPS dev. like Ivo/AntiHook, Vassili/SSM or Mike/OA) i have not been confronted to the pathetic ego and the bad faith of some big av editors devs: once an issue is reported, he takes a look at it and come back a few hours later with a new fixed version..maybe because he knows that security soft development is a Sisyphus job...
It's highly difficult to design a very effective security soft (AV or HIPS or firewall) that will combine ease of use, freedom and limited user interaction.
DefenseWall is one of them (Sandboxie, Geswall, BZ and PrevX can also be mentioned).
No time to look seriously to DW in order to answer by ABC to Ilya one years old PM, but more isolation with virtualization and more browsers restrictions would not be too much for improving the security features.

Rgds

[Ilya Rabinovich]

Quote:

Originally Posted by kareldjag

I might be wrong, but this review has been done with a little financial donation from Softsphere.

Donation? It's not a secret, I suppose, that, nowadays, all the AV-Comparatives tests (at least, single-product test definitely) are paid. But I doubt Andreas hides problems of the products tested. The MS Installer issue, discovered by the tester, was here and displayed with the review.

As about samples testing- it's quite hard to find one can penetrate DefenseWall. And I do my best to keep the things this way.

[Franklin]

Quote:

Originally Posted by Ilya Rabinovich

As about samples testing- it's quite hard to find one can penetrate DefenseWall. And I do my best to keep the things this way.

Remember this Ilya from several years ago.

Quote:

As I was already mentioned, Sandboxie has very low protection level. You should use another sandbox protection (DefenseWall, BufferZone).

I will ask clearly and conciseley:

Is it possible to havest any malware droppers in complete safety if allowed to execute as trusted or untrusted?

[Ilya Rabinovich]

I don't understand the question. If you run anything as trusted, it will runs with no restrictons, If you run untrusted, it's up from the protection itself it it will be safe or not.