What is Defensewall Considered?

1. Is it a sandbox, HIPS, what is it considered?

2. What similar programs other than GeSWall and Bufferzone are there?

3. Do any support 64-bit systems yet?

Speaking of supporting 64-bit systems, in case you didn't know, you can email GeSWall's technical support and ask to beta-test GeSWall 3.0.

Thank you

 

defensewall is not 64 bit ready yet,it is similar to bufferzone and geswall and it is a policy base hips with a sandbox firewall it's a complete solution

 

Ah, I thought they were called policy-based HIPS/sandbox. Whatever they're considered, they're great! Are there any others than the 3 previously mentioned?

 

From DW website: DefenseWall HIPS (Host-based Intrusion Prevention System) is based on a sandboxing approach that uses rights restrictions and partial virtualization. It now comes with an integrated firewall.

The other program not mentioned which does have 64-bit support is Sandboxie: -http://www.sandboxie.com/-

 

Yes, I did know about Sandboxie, but didn't consider it the same, since it isolates on a separate section of the hard drive, rather than isolate with policy. I don't know why but I don't use Sandboxie because I prefer the latter method of isolation.

 

Since when Defensewall has virtualization?
I've always thought it was a policy based HIPS.

 

Great news, finally a full scope x64 version.

PS GesWall uses internal OS mechanismes, so I have high hopes of getting Chrome like sandbox protection (only with options to control it through GW console).

Chrome sandbox.
By creating a restricted SID, adding a process through a job, limiting this job to restricted tokens and denying user handles plus switching to alternate desktop one can completely isolate a low rights process from the rest of the system. On x64 you do not have any limitations imposed by the kernel protection using the Chrome sandbox mechanism.

Vista is a great Admin's OS, Windows 7 second best

 

SBIE's 64-bit version makes compromises (because of PatchGuard). That is, 64-bit SBIE is not as protectively strong as is 32-bit SBIE.

So far, DW has been unwilling to weaken its protection to the degree that would be needed to attain compatibility with PatchGuard.

These are *my interpretations* of the situation. If I am off-the-mark, please correct me.

 

I hate to resurrect this, but do you think it would be accurate to call DefenseWall, GeSWall, BufferZone, and AppGuard "policy-based sandboxes"? They are like sandboxes in that they isolate programs from your computer, but they do it with policy rather than having a virtualized sandbox, hence the name.

I need to know because I have this informative website, albeit it's not online since that costs money. Basically I give it to friends and family that are interested, and I'm not sure exactly what to call those programs. Policy-based HIPS seems redundant, and policy-based sandbox/HIPS seems too complex, so I am calling them policy-based sandboxes for the reasons above, so is that accurate?

 

there are, of course, many opinions. i'm of the opinion that policy does not isolate actions/processes, it blocks them. if i'm running a process in a sandbox and that process tries to write to a file i expect the file to be written to in the sandbox, not prevented from being written to because it's against a policy.

i hear you, it's difficult to know the best label to use sometimes, and it doesn't help that there are entirely unhelpful labels like HIPS (all conventional security programs are meant to prevent host intrusions so host intrusion prevention system is too generic to truly be useful).

look at it this way: the tool examines behaviours. it blocks or allows them according to rules/policies. my preference is to use terms that actually describe the tool so i use the term behaviour blocker. perhaps a very advanced/configurable behaviour blocker, but if it blocks behaviours then behaviour blocker seems the appropriate term to me.

 

I made a poll and see what a majority of users would go with.

https://www.wilderssecurity.com/showthread.php?t=300891

 

Not any more. The latest round of SBIE betas 'overcomes' Patchguard' to provide 64bit protection almost as strong as 32bit:

http://www.sandboxie.com/phpbb/viewtopic.php?t=10201