GeSWall 2.7.1 Release Candidate (Private Build)

How come? I have still 14 days left.

 

https://www.wilderssecurity.com/showthread.php?t=180489&highlight=GesWall

 

Thanks aigle. For me this is by far the best program of its type . Hope it continues to thrive and develop.

 

Let,s hope so!

 

Thanks aigle for this and also for the previous file you sent me,unfortunately i have had no time to experiment until now,but i will in a few days time.
I notice you run NeoavaGuard and EQSecure along with the new GeSWall,so i hope it will continue to be a very compatible companion to my ProSecurity 1.40, as version 2.6 still is.

 

I hope so. I have no on access AV. I sometime even turn off EQS or change its mode to a behavior blocker rather than a full blown HIPS. NG works as an outbound FW too.

 

Having both lisences of GeSWall Pro and DefenseWall, the only usage advante GW has over DW is that you can mark Directories as confidential. The only exception you want to make is that your e-mail is allowed to access you folders containg e-mail, but not th eother folders.

I have never been able to explain Ilya the benefits of this GW feature.

GW is a little faster than DW, overall DW is easier to use and does not has Digital Right Management problems when buying WMA copyrighted music. By the way the new build is looking good, hope Brian and CS are doing well. Any Idea when a Vista64 version will be available? (that is the advantage of using comparative technology on different machines, you can swap setups)

 

How does Safespace compare with Geswall? This is to those that have extensively used both.

 

I think zopzop can answer this.

 

Never asked Brian. Will try to ask him on next contact. Are u using Vista 64 bit?

 

In future versions of DW I'm planning to do a little bit more powerful separation feature- more secured, simpler in use.

 

I use Geswall (Pro version 2.7.1) and have also tested Safespace.

Some differences I noted are given below (only differences in features, not going into bugs):

Safespace allows folders to be vitualized for apps running in safespace (anything stored in for instance the windows directory will be virtualized and be cleared after a reboot). Geswall however does allow isolated apps to store files in any folder (unless explicitly denied by a resource or application rule). Only when an isolated app wants to (over)write or change a trusted file, this file will be virtualized. This virtualized file is removed as soon as the app ends.

Safespace is less configurable than Geswall (safespace does not support application specific rules).
For example, in Geswall you can run Outlook Express isolated and give it full access to your emails while denying all other isolated apps access to your emails (by creating appropriate resource/application rules). In Safespace, you can only create a rule which allows all apps (running in safespace) full access to you emails.

Configuring Safespace is more work (object exclusion requires shutdown of safespace and its services and the use of a separate app to define the object inclusion) than configuring Geswall.

Finding out why an app does not function when running in safespace is also a lot more work than with Geswall which has the very convenient Application Wizzard (Pro version only).

By default Geswall has a lot of applications preconfigured (Pro version) while safespace has only two apps preconfigured.

In Safespace untrusted files are tagged more permanently (when moving/copying untrusted files to any other partition/folder, the file remains untrusted). In Geswall moving/copying a file to another partition results in the (new) file being tagged trusted.

Safespace has a separate and good anti-keylogger function, although Geswall also prevents keylogging (I believe only screenshot #2 of ALKT 3 is not prevented by the latest (beta) version).

Geswall uses kernel mode only for ptotection, while Safespace has some user-mode virtualization (see http://forums.artificialdynamics.co.uk/messages.aspx?TopicID=5).

 

My son's gaming rig is Vista64. He always favoured GW above DW.
He is now using Haute Secure with IE7 (he even dropped FF, because he believes the combo IE7 + HS is safer and faster than FF).

My wife on the other asked me to remove GW from the PC. She had gotten the PC of my Son, I got her old one as a play PC. Turned out that GW did not handle Digital Rights Management well. When Brian posted a remedy, I could not test it. DW had to stay on her PC, simple and safe.

A lot of Virtualisation/sandboxes programs have issues with DRM. Sandboxie latest time I tried (was a few releases ago). SafeSPace are working on it (only WMA files gave an issue). Maybe because Ilya is a house fan and buys music (?), his application was the only who handled it out of the box.

Regards

 

Thanks henk, that was quite helpful for me. It seems Geswall is more to my liking judging from what you said.

Both Geswall and Safespace deny untrusted applications from reading/writing to trusted applications. But what about the other way around...trusted applications reading/writing to untrusted applications? How do both compare?

 

Gargoyle,

A. In GW as well as SS, a trusted app can delete an untrusted file, which is as it should be otherwise your AV or AS would not be able to disinfect your system once compromised.

B. In SS a trusted app, for instance word loaded with a trusted document, will not be able to overwrite an untrusted file i.e. word will not be able to save the trusted document to an existing untrusted document. GW, however, will allow this and the overwritten untrusted document will remain tagged as untrusted. As long as we don't talk about confidential (GW) / private (SS) information, I prefer the GW approach.

If the loaded trusted document is confidential/private my preference would be the SS approach (prevent confi/private info to be saved in untrusted files which can be read by any application, even when running isolated (GW) or in safespace (SS)). Both GW as well as SS are however not able to prevent this kind of leakage of confidential/private information totally. See also point D below, which I consider a bigger hole.

D. Both SS and GW allow an app (for instance word) loaded with confidential/private info (word document) to save it (using for instance Save As) in a non-confidential/non-private folder, where it can be read by any isolated (GW) / in safespace running (SS) application. So, a leakage of confidential/private info can easily occur if the user does not pay attention to this.

This possibility can be considered a user responsibility: do not save confi/private info outside your confi/private marked files/folders!

E. With GW, a trusted application as for instance word loaded with a confidential document can become isolated when it tries to access the internet or an untrusted document. For instance when you use Save As to store the document under another name or in another folder and during moving to the appropriate location (folder) an untrusted doc file is encountered. In this case the user may accidently save the confi doc which will then be marked as untrusted and hence is accessible (when not saved in an confidential file/folder) by isolated apps. I have reported the problem with Save As (similar holds for Open) to GW (Brian) which told me that this is considered a serious problem, which has to be adressed in one of the next major versions.

Note: I did not yet test SS that much as I did GW, so SS may also have additional problems not yet discovered. From my email exchanges from Brian (GW) I do know that GW wants to solve any problems in kernel mode instead of in user-mode (like SS does partially as I noted before). Solving problems in user-mode is more easier done, but also less secure (can be easily circumvented). This is why it may take GW some time to solve the problem.


Hope this helps,

Henk

 

Point D would not happen and Point E is unlikely for me as I would keep my confidential files in the same confidential folders and not mix them up.


Thanks once again Henk. As a newbie to Geswall, I need to understand this program more closely and your detailed explanations go a long way in bridging that gap.

 

Being a total newbie to Geswall, I want to do the following two things but am stuck even after reading the manual:

Make the files and programs I download from the internet to have no right to read/write to anything but the directories that would allow them to function normally. Everything else is confidential to them. For all they know, they are the only files and applications that exist on the computer.

Geswall allows untrusted applications to interact with one another. That is something I do not want at all. For example, I don't ever want an untrusted applications, such as a game I downloaded, be able to read and even modify my isolated web browser in any way.

 

Use VM I think!

 

Aigle is right.

I tried to achieve something similar years ago, when I used Tiny Firewall (from Tinysoftware, which included a classical HIPS). Let me tell you that this is not something you will achieve easily at all. For each untrusted application you need to find out exactly what resources are needed to run properly (files, registry entries, OLE/COM, pipes,etc.), which for each application will take days (but more likely weeks), involves many BSODs, with the nice effect that after updating the application you have to check everything all over again.

Basicly, you will spend all your free time configuring and have no time to enjoy the game you downloaded.
In fact you would be better off if you had not downloaded the game at all.

My advice: just forget it or use a VM to run your untrusted game in as Aigle suggested.

 

Here is the next RC.

www.XXXXXXXXXXXXXXXXXXXXX.rc2.msi

Just change rc1 to rc2 in the previous download link. I have yet to install it. They have claimed to fix some high CPU suage issues that i reported( issues arose only during some specic testing with GW, no CPU usage issues in ordinary day to day use on my system BTW).

Have fun! Final release should come in the ened of Jan!

 

I have installed RC 2 version. No issues yet.

I am very happy that they fixed an old annoying bug for me that was there since from version 2.6 or even before! Bug was as follows:

I tried it with RC 2 and it has been fixed. Very nice.

 

Hi all,

Many thanks aigle for the link and the information

Regards,

MaB

 

Thanks, aigle. Getting ready to try it now. .

 

Thanks all of u as well, for trying it and giving ur feedback!

 

Anyone using GW on Vista?
I wonder how well it runs on Vista. I remember that Brian was especially interestred for feedback from Vista users but I use only XP.