DefenseWall Restrictions

Discussion in 'other anti-malware software' started by Dregg Heda, Sep 6, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Can someone explain to me exactly what kind of restrictions DW places on untrusted programs? I know its supposed to be stronger than LUA. But exactly what kind of restrictions are these? Are there any kinds of malware which can run in spite of DW restrictions? I know the DW help file states that certain kinds of advanced keyloggers can run, but is there anything else?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,873
    Location:
    Canada
    malware is basicly criple withing defensewall,they have no rigths to do any harm,they sitting there without any power
     
  3. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Can they execute? Can they write to C:programs or C:Windows?
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,873
    Location:
    Canada
    can not modify nothing,your registry is safe too;) if run it as trusted good luck:)
    it is criple:):))
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So if I were to run SRP together with DW, the malware wouldnt even be able to run right?
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,873
    Location:
    Canada
    with DefenseWall the malware is in a cage that has no permition to harm you pc,you are quite safe,dont actually need the SRP and also DW is stronger than lua;)the only thing you need to do is get a firewall to protect the outbound connection and learn how to use the rollback feature to remove all the debris or left malware malware leave
     
  7. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    But surely SRP will add greater restrictions in addition to those imposed by DW?
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,873
    Location:
    Canada
    yes it will for sure;)
     
  9. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,129
    The best way to see what exactly defense wall protects is to install MD. then run the malware as trusted and from MD see what it does. Then run the malware as Untrusted and see what type of restrictions defense wall puts in place.
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Fantastic Idea Arran! :thumb:
     
  11. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    good idea but dont try it on your real system , better play around with malware on VM :D

    also SRP provide a strong protection since it local policy , which are very restricted .

    about DW , i think is up to ilya to give a total explantion what DW does to the malware it catches...sure it cripple it , make it in a some sort of cage :D
     
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,129
    Obviously

    yea ilya can give an explanation if he wants to, but no reason why you can't use MD to find out as well.
     
  13. wat0114

    wat0114 Guest

    I agree. MD will afford one the ability to "see" key inter-process activity occurring in real time.
     
  14. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall implies so many restrictions I just can't explain each one. In common, they are far beyond SRP can offer.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    10,851
    Location:
    Saudi Arabia/ Pakistan
    No, it,s not reliable at all IMO. When you run a programme inside a Sandbox, a classical HIPS might not be able to monitor all of its actions correctly. It,s just my observation.
     
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes of course , DW got many features far beyond just SRP , provide a solid protection against malware :)
     
  17. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, of course, but only for untrusted processes.
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,129
    it is reliable.

    Run the malware as trusted and then run it as untrusted. and with MD's logs compare the results.

    when you run it as untrusted and MD isn't picking up anything then defense wall is fully containing it.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    10,851
    Location:
    Saudi Arabia/ Pakistan
    Yes, i mean to say that.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Only to your own usability of the PC. I would run any malware as untrusted with DW, have not seen it go down yet.

    So the deny execute is in theory safer.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    In a virtual machine environment or with a image backup at hand I hope ;) Because running malware trusted = DW is not protecting
     
  22. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    460
    It seems like I'll have to uninstal DW due to insurmountable problems I face. I just can't make it work properly. :'(

    I must say that Ilya was really trying to help and kept answering to my questions with promptness, but I just can't come to a solution.

    It must be something with my system because I can't even boot into Safe Mode. :oops:
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    The problem with Safe Mode is on your side as DefenseWall do not load its driver this case. The issue may be caused by malware infection (past or present) or system's corruption.
     
  24. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    460
    Talking about DefenseWall restrictions, I am more than happy to announce that DW doesn't restrict me to use the right-click context menu any more! :D

    After uninstalling Daemon Tools (and goddamn sptd.sys) I reinstalled DefenseWall and everything seems to work just fine now. :)

    Ilya, I really appreciate effort and time you invested in trying to find the solution to problems I had. Good work! :thumb:
     
Thread Status:
Not open for further replies.