Opinion on Defense Wall & Key Scrambler

Anyone care to give advice and opinion on
1. Defense Wall
2. Key Scrambler (from QFX)
3. GeSWall (Free version from Gentle Security)

Im running No 3, but Im looking for a really good HIPS and intend to use Key Scrambler in case

Ant.

 

Hello.Defense Wall is as secure as advertised.Defensewall will isolate /stop an atack on the Gateways/applications it isolates. Of course the concept has flaws (updates must run as trusted in order to install correctly ) ,but like you found out for yourself there is no 100% solution .

 

i go strongly on DEFENSEWALL , its light out of the box and include anti logger technique

Geswall is not as good as DW , also some time u got to mess with editing it which require skills , its support is lame and slow , unlike DW which u get fixes in hours! (ilya u are the best!)

u can read geswall forum find out your self how vulnerable it is especially for keylogger

if u ask me what is the best combo keep your pc secure , i go for sandboxie + CIS

cheers

 

I think Keyscrambler is a smart application, support is also good. They fixed a bug immediately after reporting. I had the free version running with GW Pro. Afteer a while GW forget to isolate IE. I thought it was Keyscrambler, but now I have the same with Chrome, so it was not Keyscrambler free. I have also run Keyscrambler with DefenseWall on my wife's laptop.

The concept of Keyscrambler is nice, even when you have a keylogger on board, it can not make anything out of it. This kind reduces the strain of near perfect outbound control and keylogger protection and makes you setup a lot easier (no need for CIS-like aps, although it is becoming easy to use, it stays a classical HIPS, no matter how many smart layers you build around it, you will get a pop-up once, which you have got to answer)

Best advice I can give you to prevent incompatibility:
a) Choose a policy sandbox like GesWall or DefenseWall or implement it through the OS
b) Use an Antivirus which only focusses on driver level. Avira is a good free AV. The free version only implements teh blacklist through a file filter driver, which is very efficient and enough when policy containing your internet aps with GW or DW.
c) Use Keycrambler (but install it before [a])

Cheers

 

Haven't tried DW or GSWall but I like keyscramber.
It fooled a key logger test for me.

I think a LUA may give you a lot of what DW and (esp) GSWall do , if you are ok with not installing app until your back in an Admin account.

My 2 cent

 

Well with GesWall/DefensWall you have to set it trusted, is only one click shorter than alternative priviledge log in. Benefit of GW/DW is that they have a stronger than LUA containment (also protect HKU registry keys for instance).

 

Hello ssj100,

Even though I am not the developer of DefenseWall(DW), I take personal offense to your claim that it is not secure. Please take a look at the following link below.

https://www.wilderssecurity.com/showpost.php?p=1438183&postcount=48

Unless you have read and completely understand DW's online help file which can be found at the link below,

http://www.softsphere.com/online-help/defensewall/

understand DW's strengths and limitations(will be addressed in the future with the addition of an outbound firewall for "untrusted" applications/processes), have used DW for at least 30-days, have been actively testing malware samples for a year or more to attempt to bypass DW or have been providing constructive input to Ilya on how to improve DW for a year or more, I am asking that you please refrain from making such false accusations.

Keep in mind that policy restriction sandboxes such as DW block potential threats "mostly" silently. Ultimately, what one chooses for security comes down to "different strokes for different folks". To that end, everyone is entitled to their own opinion.


Peace & Gratitude,

CogitoErgoSum

 

What exactly do you consider a large sum of money, I don't know what country you live in but DW is only £21 and yearly updates are only £7.75, for what you get I would have thought that most people would consider that a bargain, I certainly do.

 

+1

I think KeyScrambler is the easiest keylogger protection; no pop ups, no false positives, no daily updates

 

From your postings here at Wilders in many threads .. I get the opinion you still don't understand how HIPS like Defensewall can help a user in the real world so maybe this will help


DefenseWall Intro Review


http://www.youtube.com/watch?v=Kspwf0yPV0A&feature=channel_page

http://www.youtube.com/watch?v=2gUFwkS2BXo&feature=related

http://www.youtube.com/watch?v=71aNELHkung&NR=1

 

GeSwall is also a very good product and easy to use

GesWall Operation

http://www.youtube.com/watch?v=PBKNHBl-yos&feature=channel_page

KeyScrambler -----Anti-keylogger
http://www.youtube.com/watch?v=Cq8j2dqnhIE

 

If you ran this "program" untrusted would Defensewall then give you 100% protection ?

Blacking listing is an interesting approach, what percent protection would you give it ?

 

Then it stand to reason that if one would just spend %0.01 of their time investigate/testing that unknown/untrusted program and source, then they would not have to fall back on your standby method and approach to PC Security where you state "I personally don't have enough motivation and/or time to go through what you described. In other words, I'll take my chances with my own security setup right now, which I think is pretty amazing."

and

"But 99.99% of users won't go through all that trouble, myself included. Also a fair proportion of people don't have time for the above either. If I was running a business from my computer, then I'd think about going through all that, but worse come to worse, I have everything important backed up anyway if all hell breaks loose. Re-installation of Windows is good healthy practise anyway once in while haha.

But I do agree with having system snapshots, something that I am in the process of testing - I'm planning on trying out various rollback management programs and see which one I like."



I think you underestimate the average user..

 

Many thanks to you all for the advice!
It certainly got a little heated in the middle there!!
but all the same the issues raised were very valid! and appreciated

Ant

 

The Average user does not click/install everything that moves out there.
I think all your post try to redefine any HIPS in your own terms because once you move any program/application/download/update into trusted you are no longer even dealing with a HIPS since you gave it permission. Even the average user understands that. IPS systems have some advantages over intrusion detection systems (IDS). Then there is: Unified Threat Management (UTM), or sometimes called "Next Generation Firewalls" are also a different breed of products entirely. UTM products bring together multiple security capabilities on to a single platform.
You can not make HIPS do something it was not designed to do in the first place no matter how hard you try to tweak your personal Security methods/steps. You have a good argument for layered Security..a poor one for HIPS.



Short for host-based intrusion prevention system, HIPS is an IPS or intrusion prevention system designed for security over host-based systems where intrusions and infections are dealt with at the individual workstation level to provide a more effective level of security.


Host-based
A host-based IPS (HIPS) is one where the intrusion-prevention application is resident on that specific IP address, usually on a single computer. HIPS complements traditional finger-print-based and heuristic antivirus detection methods, since it does not need continuous updates to stay ahead of new malware. As ill-intended code needs to modify the system or other software residing on the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the resulting changes and prevent the action by default or notify the user for permission.

Extensive use of system resources can be a drawback of existing HIPS, which integrate firewall, system-level action control and sandboxing into a coordinated detection net, on top of a traditional AV product. This extensive protection scheme may be warranted for a laptop computer frequently operating in untrusted environments (e.g. on cafe or airport Wi-Fi networks), but the heavy defenses may take their toll on battery life and noticeably impair the generic responsiveness of the computer as the HIPS protective component and the traditional AV product check each file on a PC to see if it is malware against a huge blacklist. Alternatively if HIPS is combined with an AV product utilising whitelisting technology then there is far less use of system resources as many applications on the PC are trusted (whitelisted). HIPS as an application then becomes a real alternative to traditional antivirus products.
http://en.wikipedia.org/wiki/Intrusion-prevention_system

 

YO Primrose

the argue here is not WHAT HIPS IS , ssj100 just point u can get a superB protection for free , and no pay big $$$ for sec hand HIPS/PROTECTION and he totally right , CIS is free , getting better every week , in first place as FIREWALL first place as HIPS (D+) super o-day support, so why to pay for zonealarm, or oupost for example??

also cis av getting better day by day . almsot 3 million sample in its data base(time of this post)...

so the right expert go for the TOP protection , if its free? lol , what more can u ask?

cheers

 

yes man that the best approach , if ppl will lean on that 3 point u mention , malware be a thing of the past and also paid security software lol


cheers

 

guys try keep to the question, i cant account for defence wall or geswall but key scrambler i can. as a matter of fact i installed this morning and im impressed. as i am typing this out a little green bar at the top is encrypting into something similar to the 8ygrg80'[~#1!£dvr5tgBnvc|\:.viregMpr4 yah if you care much about your security you would download, it has no requires no maintaining and keeps your card details safer. only downside i can see is that the free one only works for IE firefox and flock, the premium/pro ones work for things like email and gaming and such none of which i use so all is good

 

Ok...I give up. Just how do you get scareware to infect your system if you are running it untrusted in a HIPS ? Even the new Conficker C is now running around with scareware.

Even in the GesWall Review..some scareware was found at one of the links..he clicked to install it but we all know its not going to run and infect..but you can see what it tried to do.

http://www.youtube.com/watch?v=PBKNHBl-yos&feature=channel_page

I guess what you are saying that the user gets so "scared" at what pops up when they are surfing they make a conscious effort to then circumvent their HIPS..click within it's GUI's to change whatever happens next to trusted and let it all happen ?? Because some random site just told them they are infected ??

Even my 9 yearold nephew would close the browser and move on.


Free is good. I have yet to install any commercial Security Product in 15 years. But I do monetarially support many Security Sites and Independent Developers.

 

You got ate with number 8 after you defeat your HIPS. Just one of your Security layers. If virustotal missed it so did you AV, so best to just disable it also If I follow your thinking. I can't see why you are still trying to pin the tail a HIPS for all your Security Woes unless you are trying to redefine how it actually functions. Or in your case when you bypassed it how you even think it is still an issue.

Maybe it is time for you to stop running scripts on your system..get a browser that stops popups and for sure keep your OS updated.

There is no doubt one can keep their OS safe without depriving themselves of a meal.

I also suggest that when you get to step 2..that you ask about it first in a Security Forum like Wilders even before you pass step 3. if you are so hot on installing it. Then you won't have to waste your time illustrating and linking your threads to even other security forums.

Make sure you invest the 100 bucks Bill Gates gave you..you never know when it will come in handy.

Defense Wall will run just fine with Key Scrambler.

 

A layered security is always good practise, but even when you have SBIE or CIS no software can compensate the Allow decision or moving something out of the sandbox by the user. So you are always right, no matter what software you test.

Testing software should be done on a linux box with a virtual machine kind of security application with a guest Windows OS, or better switch to linux permanently (you will loose security as a hobby though)

 

@ssj

Yes you can with SBIE, only linux + (f.i.) VMware is safer

First the malware should brake out of hardware virtualisation (which is simpler less complex, so less vulnarable than software virtualisation), second the malware should be designed to face the challenges of a different host OS