GeSWall Free

I tried CIS, but that's not what I am looking for. Too many problems with it; bugs wise and preference wise. I want a pure outbound filter. The security structure I am building up requires one, and I have decided for three types of protection to have: 1] detection - signature based anti-malware, 2] Data-theft - anti-logger and 3] Protection against expolitation of software bugs - a sandbox type application. I have 1, and 3 covered. Now I am searching for a stand-alone application for "2".

If GeSWall had had outbound filtering capabilities, it would alone have covered 2, and 3. Now I had to revert to Sandboxie.

So anything that can purely just provide outbound filtering or an anti-logger which is free and good.

 

SnooPFree is god at blocking screenshots and keyboard loggers in real time and it is free
snoopfree.com

 

GeSWall pro

set network confidential, meaning no untrusted source can go ooutbound unless explicitely told

Restricted for trusted, ditto for trusted:

My setup with simular goals you described
- GeSWall = outbound + sandbox
- Rising PC Doctor = software bugs (windows update) + autorun reference and IEframe buffer overflow
- AVG Free with linkscanner = blacklist plus browser exploit warning
- Old Hijack Retailitor = lock Home page + search fields
- Keylogger free for IE = anti keylogger

Extra tightened IE8 (for on-line banking plus shopping), locked default download dorectory and some crucial HKU IE security settings, contained Chrome to redirect (is virtualise like sandboxie) registry + hard disk, only allowed to download to D;\Downloads

Off line external harddisk plus Paragon (for image) and Syncback (for data) plus router with HW SPI firewall

 

Well, I have decided to forgo Windows firewall and use PC Tools Firewall. If it doesn't fit well me, I will try all the free firewalls. If none of those do it, then SnoopFree it'll be.

My setup will probably look like this - Avira Free + Sandboxie + [One of the aforementioned firewalls] or SnoopFree

By the way, isn't SnoopFree out of development since long?

Thanks for helping me.

 

Only pro? Is this particular rule inapplicable for the free version?

 

snoopfree still rocking and rolling i sent the developer couple of emails and he said he is tempeted to start playing with snoopfree again but dont know for sure

 

No. It,s applicable for free version too.

 

There is a bug in network control.

http://gentlesecurity.com/board/viewtopic.php?t=289

 

Nice find Good I extra contained Chrome and IE8, Rising's PC doctor also throws a warning when executing directly from IE, instead of downloading. glad I have focussed on network facing aps, choosing AVG free over Avira or Avast (both having higher AV comparatives dectection rates) with linkscanner Pro exploit shield included. So it is a bummer, but not dramatically for me

 

I'll set it aside as my last resort. Depending upon how safe an alternative firewalls prove to be, I'll take my pick. Regarding firewalls I have a few questions for you -
1] Is it possible for processes to establishing (outgoing) network connections behind firewalls, i.e., data going out without a firewall noticing it?

2] What do Matousec and other leaktests pertain to - outgoing or incoming?

3] If a rootkit-embedded keylogger attempts to connect to the network, would the firewall detect the activity and thus reveal the location of the keylogger? In other words, can process send/receive data to/from remote locations, while staying hidden?

Thanks

 

if you feel unsecure not having outbound protection you can also consider zone alarm free for outbound protection and yes data may leak out without your knowledge but remenber malware has to be already install in your system in order to do it's evil doing,(a trojan rootkit(hiden process is almost imposible to be detected or to notice anything is doing so better advise here is to get rootkit protection and hips are big winners when it comes to this type of malware) did yo consider trying malware defender it is hips plus firewall it scores very good at Matousec
http://www.torchsoft.com/

 

'

Yep, outbound protection will be an integral part of any security system I'd assemble. A HIPS-type software, though, will prove a comprehensive and all-around solution for complete PC security, does not comply with my own approach.

Instead situation-specific security softwares is the protection scheme I have decided upon. Don't ask me why, I have reached unto this conclusion after many immature trial-and-error experiments.

Bypassing a firewall to intrude a computer seems plausible, but sending data without being detected by a firewall looks like an almost-impossible task. Can such malwares trick top-tier firewalls - Comodo, OA, Outpost?

I have picked PC Tools' as the one to use. At least in concept, has PC Tools Firewall been bypassed from within a system?

You said HIPS would protect me better in these scenarios, does it imply that HIPS(s) monitor device-to-device data communications as well?

 

ofcourse hips with outprotection is more complete to treat malware and data leak,if you are looking for one solution i will recomend malware defender or if you want two seperate solution i will say kerio or pctools with defensewall,so you are covering or protecting your system and privacy at same time i never tried outpost but i used comodo in the pass and comodo it is not perfect but close to be the strongest firewall in the market free or paid(very hard to be bypass)you can also check in youtube there is alot of info about comodo
note:if you dont like comodo and want to try DefenseWall Hips,ilya will soon implement outbound protection in version 3

 

Yes. For example, I have seen malware using explorer.exe to leak data out.

 

No matter what I still use Sandbox technique like to see what drops out of programs. START.EXE this pest is one of the worst, and none of the firewalls I've tested ever seem to catch this stuff. PrevX can do anti-cloking of hidden treats, but ThreatFire does detect these threats and tries to stop them. It's getting to the point to just run these system VPC and just don't use any AV an etc.. Firewall good for In/out data.

As programmer myself it's going to be hard for these software security experts to keep on with new rookit threats as they can disable most of what's out there today. PrevX stuff need internet connection to call home and say here I got something this is what it does so what should I do with it?

I see everyone here has some sort of protection.. GESWALL looks like a good idea, but if you run a system in Sandbox going to do the samething.

 

U mean this malware can bypass any software FW? What,s its bame infact?

 

There is a review of GeSWall here: http://www.brighthub.com/computing/smb-security/reviews/32680.aspx

 

Two words come to mind, awesome program. It really is one of the best security apps out there. The only criticism I have is the yearly install that you have to do to upgrade. I have it running on three PC's with no problems, surfing on the dark side or safe side.

Ice

 

When I download some .exe file with firefox(which is under Geswall control) that file is rounded with red colour....and the question is: This .exe file will not install and work properly till I make it TRUSTED(true ? ) ,but most risky ,and problems with malware in this .exe file will start only when i go to install this .exe on my PC ? What can be done ?

 

You could install an AV like Avira or Avast, scan the file, or upload the file to http://www.virustotal.com or say http://online.us.drweb.com/

You could also install say sandboxie, free version, change the file status to trusted, then open it up in sandboxie, see what the file does. Then you can decide to keep or delete it.

 

Thanks ! I would do that ,scaning....
So,geswall do not has any control of registry modification(maybe from malware modification) for the applications that are not UNTRUSTED(sandboxed) ?

 

These programs like sandboxie, GesWall or DefenseWall are protecting you from browsing and downloading anything you don't want to install or cause damage to your system.

If you install something trusted, you should know what the file is. True, this is where these programs may come undone, but if you're running Avira for example, your changes of 'infection' from an installation every now and then are slim compared to someone just running an AV alone.

You might want to look at installing something like Shadow Defender (30 days trial - paid version is an unlimited licence) or the free version of Returnil if you want to test out installations you're unsure of.

Using Shadow Defender for example, you can turn the program on and 'shadow' your drives, run the file as 'trusted' with GesWall, test out the unknown program, leave your system running for a day or even longer, say a few days, decide whether you want to keep the program, if not, just reboot, and everything you installed while the drives were 'shadowed' is removed.

If you do want to keep the program, all you do is reboot, run the file as 'trusted', and install the program like you regularly would.

 

geswall free doesnt have malware termination option,so how can one terminat malware with the free version?reboot?anybody?thanks in advance

 

good question i would like to hear answer too,
also im thinking about using geswall free aswell, i watched the demonstrations and like the look of it etc, but do i need it?
ill tell you what ive got and if someone could tell me whether its overkill with some stuff.
avast home
comodo firewall pro
threatfire
spyware terminator
firefox with keyscrambler
sandboxie - only use for "dark side" of internet, not for browsing cus its slow
various on-demands like a2 sas mbam

thanks

 

thanks dell boy