GesWall + Avast ?

[cancelx]

hey all

ok, so I see my other topic got moved, so I hope this topic is in the right place (grin.)

Think I found my replacements for Zone Alarm + AVG.

I'm considering GesWall + Avast

I posted here but what really is GesWall?

Far as I can tell, it's part Firewall, Part Sandbox and part anti-"whatever"

Here's the thing.........................

Watching Youtube Vids, when something is Downloaded from the Net while Within GesWall, I don't see anything Scanning the download before it reaches the computer?

Yes, GesWall keeps it isolated ("G" symbol on the download) until you list it as Trusted. BUT that does not actually SCAN for virus.

So... Question... DOES GesWall scan the downloads, or do you need an antivirus to do that?

Also.... CAN you use an antivirus WITH GesWall, so when you download from within GesWall the AV automatically scans the download first?

If so, I think this is it.

I did not want to use a fullout Sandbox as I need to be able to have internet running near all day AND work on writing Word files and saving without rebooting, or constantly giving permissions etc...

Thanks
Jim

[acuariano]

byt geswall isolates,so how do we know when the file is ok?

[cancelx]

thats what i am saying...
i didnt see any scanning of what you can download from within geswall.

so, do you need an antivirus scanner, and will it run on a download from within Geswall, or must you scan after you download and remove it from isolation?

ALSO NEED TO ASK-------

Is GesWall enough of a Firewall that I CAN NOT use Online Armor Firewall?

[arjunned]

No GeSWall does not have a scanner. Basically everything u download from an isolated application ( eg. browser), does get downloaded to the real system. But if you try and run the downloaded application, it runs isolated from the rest of the system, and is not allowed to make changes to system. [I'm sure someone else can provide a more in-dept and simpler explanation.]

From their website:

Quote:

GeSWall isolates applications that may serve as entry points for malicious software and targeted intrusions. Isolation applies access restrictions that effectively prevent damage.

GeSWall Restrictions and Effect:
No access to kernel - prevents kernel mode rootkits and key loggers
Read only access to trusted files, registry, processes etc. - prevents user mode rootkits, keyloggers, malware infections.
No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI - prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
No scheduled re-start - prevents backdoors, zombie bots and worms.
No access to confidential files - prevents leaks of confidential information.
Addtionally, GeSWall's data-flow control policy locks malware or intruder within an isolation layer. For instance, whenever an isolated application creates a file, GeSWall tracks it down. If that file is:

executable - GeSWall classifies a process as posing threat and isolate it on execution;
driver or DLL - GeSWall prevents its loading into kernel and trusted processes;
VBS script - "Windows Script Host" gets isolated on script translation, and so forth.

It is, as far as i know, usually recommended to run an AV along-side GeSWall. Ther wont be any conflicts. All AV now-a-days, i think, check drive-by-downloads.

You should be good to go with avast! and GeSWall.

Cheers.

[kjdemuth]

Quote:

Originally Posted by cancelx

thats what i am saying...
i didnt see any scanning of what you can download from within geswall.

so, do you need an antivirus scanner, and will it run on a download from within Geswall, or must you scan after you download and remove it from isolation?

ALSO NEED TO ASK-------

Is GesWall enough of a Firewall that I CAN NOT use Online Armor Firewall?

Geswall isn't a firewall. Its an isolation program. You might want to add a firewall like OA, pctools or even outpost. You also need an AV to scan the files that are downloaded. A good set up would be avast free/avira free, pick a free firewall and geswall.

[cancelx]

@K

I asked this on my other post too.... the "nature" of the GesWall.

Isolation program (type of sandbox)... like on Linux, are these programs loaded into RAM, and as such nothing surfed enters the hard drive?

If not, I'm not understanding what makes these special, keeps the nasties from deploying on the hard drive if they are downloaded, or if you visit a bad site it doesn't harm you.

Apart from being run in Ram, I don't get how it's all wiped away in the next reboot. How is it any different than if virus etc.. got on the hard drive and you just tried to delete it?

Sorry if it's an obvious/stupid question.....

thanks

[dueceswild]

I was where you are now about a week ago, and did a lot of research. I did a trial of GesWall Pro, and Defensewall HIPS. I went with Defensewall, but for purposes of your question the 2 are similar. I'll try to answer it, but with a Defensewall slant because that's what I'm most familiar with.

Both programs classify your browser as untrusted. Anything you download from your untrusted browser is automatically untrusted. (Defensewall version 3 has whitelisting which is great, but OT here). You right click on whatever you download and choose to run the installer is trusted if you wish.

A hypothetical scenario is you want to download MBAM. With either GesWall or Defensewall, the browser is hopefully untrusted. You download the MBAM installer, it's untrusted (actually, DW whitelists it, but for explanations here we'll say it doesn't). You wanted it, downloaded it, scanned it, and trust it. So, right click and tell the program you trust it. Install and use as normal.

Now, say you get hit with a popup for TrojanInternetSecurity2010. Again you're using your untrusted browser. Hopefully. You say no you don't want to download, or just try to close the popup out. But, either thing you do actually installs the program. But, as you are in your untrusted browser, the program downloads and "installs" as untrusted. Basically, it sits in a bubble on your hard drive because it doesn't have privileges to touch anything. Either program then gives you the option to manually delete it, or remove it with your AV/MBAM. If neither have signatures yet, and you don't want to manually delete it, leave it until they do. It can't do anything until/unless you manually give it permission. BUT, with either program, if you give permission, IT WILL BE CUT LOOSE. Neither have scanners.

I am sure someone with more knowledge will post something more helpful, but maybe this can tide you over until then.

FWIW, Defensewall 3 has a firewall with it. It's still in Beta, but doesn't run like a beta version; more like a release.

With regard to the AV question, I think both programs play well with most AV's. NOD32 runs good with DW here. The only one's I've seen problems posted about are Avast (I think fixed), MSE, and Norton. There is a post in the Eset forum about a problem with NOD32 and GesWall, but I didn't experience one.

I also do not have problems writing/saving work documents, etc. A little more vigilant, yes. Problems, no. Just make sure all of that is trusted.

[cancelx]

I installed GesWall...

I have Firefox in Isolation

BUT

I want to run my Chat there too but can't.

I use aMSN, but in the user interface for GesWall, it doesn't list aMSN

Can someone help?