Defensewall whitelist questions

[Monkey_Feces]

I'm a lazy ass and don't want to use DW's expert mode since I am no expert. Are the whitelisted program lists proactively created after some sort of application analysis? What if I accidentally run an altered version of a default whitelisted app? Would DW catch it and make it run untrusted? Basically, how safe am I when I use default mode vs expert?

[Kees1958]

HI,

You only have to enter the untrusted aps. There are some defaults, but make sure all your e-mail, chat, skype, webbrowser, p2p, gamespeak, phone download softeware is added (via a standard add file windows dialogue).

[Monkey_Feces]

Are you saying I should manually run all apps I open with the right click menu as untrusted? Secondly, does defensewall offer any user aid or information via context menus/tooltips? I find that its interface and help file are lacking. How will I know if I'm infected with anything if everything is done manually with defensewall? If that's the case, I'm thinking of sticking exclusively with Prevx1. Out of every other HIPS, it wasn't too intrusive like SSM or a resource hog like CyberHawk.

[Ilya Rabinovich]

Quote:

Originally Posted by Monkey_Feces

Are you saying I should manually run all apps I open with the right click menu as untrusted?

There are four ways to run application as untrusted.

1. There is built-in list of known threatgate applications. It installs on demand or during installation process.
2. Add in into untrusted list manually.
3. With right-click menu.
4. Application have been created by untrusted process and already in untrusted list (default mode).

Quote:

Originally Posted by Monkey_Feces

Secondly, does defensewall offer any user aid or information via context menus/tooltips?

Yes, via Explorer's context menu.

Quote:

Originally Posted by Monkey_Feces

I find that its interface and help file are lacking.

Will be improved for v2.0.

Quote:

Originally Posted by Monkey_Feces

How will I know if I'm infected with anything if everything is done manually with defensewall?

1. If malware is within untrusted area- you will never been infected as malware won't be able install itself propertly into your system.

2. Definition of penetration is a not DW's job as it is not an expert HIPS. At least, current versions...

[ErikAlbert]

Quote:

Originally Posted by Ilya Rabinovich

1. If malware is within untrusted area- you will never been infected as malware won't be able install itself propertly into your system.

That's what I need in my frozen FDISR-snapshot, to protect me against infections in the period between TWO reboots.
Security softwares that prevent the installation and execution of malware have my full attention.
I have Anti-Executable and DefenseWall on my wish list already. Now I'm trying Sandboxie.
Even when these three softwares fail, I still have my frozen snapshot to remove the rest.

[Kees1958]

HI, Monkey face

Defensewall is real easy. The default programs marked by DW as untrusted my wife uses are:
- MS outlook express mail
- MS internet explorer
- MS media player

Some weak programs are added by DW to this list by default
- hh.exe
- winhlp.exe
- tftp.exe
- ftp.exe
- ntvdm.exe

I added:
- LimeWire as her P2P program
- Scriptdefender (it intercepts all scripts, now all scripts run untrusted)
- 7Zip (is my default unzip program, DW handles windows zip, but with
this 'trick' all archives unpacked files are untrusted)
- DVD/CD Rom, the 2 USB-stick drives and the floppy drive
- The shared directory of limewire and the incomplete download directory
- Her Nokia 73 download manager

So all is very limited and very transparent.

Erik Albert,
When you use an anti-excutable (AE of FD which would be your first choice due to its compatibility with frozen snapshots, on-line armour, primary response safe connect) with default white and black lists and DefenseWall
you problably have the safest and user friendliest defense on top of your R.I.P.S protection

[ErikAlbert]

Quote:

Originally Posted by Kees1958

Erik Albert,
When you use an anti-excutable (AE of FD which would be your first choice due to its compatibility with frozen snapshots, on-line armour, primary response safe connect) with default white and black lists and DefenseWall
you problably have the safest and user friendliest defense on top of your R.I.P.S protection

Finally somebody at Wilders, who fully understands me.

P.S. for all members :
R.I.P.S. doesn't exist, I heard about H.I.P.S. and C.I.P.S., but never R.I.P.S.
It's my sense of humor. LOL.

[Peter2150]

Quote:

Originally Posted by ErikAlbert

Finally somebody at Wilders, who fully understands me.

P.S. for all members :
R.I.P.S. doesn't exist, I heard about H.I.P.S. and C.I.P.S., but never R.I.P.S.
It's my sense of humor. LOL.

Aren't Rest In Peace Systems run by funeral directors

[ErikAlbert]

Quote:

Originally Posted by Peter2150

Aren't Rest In Peace Systems run by funeral directors

That is a part of the joke, my R.I.P.S. can also end up in a complete disaster.