How to properly set up Geswall

Hi

Yes that's what I meant. Thanks!

 

Hi

Well it works differently. It virtualises your whole system partition (and optionally other partitions) instead of specific applications.

 

I see that in this response, and in others, you refer to GeSWall as a sandbox. Due to its method of protection that involves isolation, I can see where you want to make that reference. I want to point out, however, that the GeSWall FAQs say specifically, "GeSWall is not a sandbox." (See "Q: What is the difference between GesWall and sandbox products?" here.) I bring this up not to argue but to further add to this fine thread, through discussion and discovery and understanding.

 

I will not argue about the terminology. As long as we understand the meaning, it,s all OK. Many terms are used loosely for many overalpping applications.

 

Who would you be arguing with anyway? The developer. He's the one who said, "GeSWall is not a sandbox." I did not bring it up to argue. I even said, I bring this up not to argue but to further add to this fine thread, through discussion and discovery and understanding.

That's why I posted the developer's FAQs, so his meaning could be understood. He obviously does not call his own program a sandbox.

 

in all fairness, I am the one that made this reference earlier. So forgive me. But to a layman like me when it comes to this stuff, a sandbox, virtualization, reboot to restore all fall under the same catagory to me. "Not a AV catagory."

 

Excellent. you can look here.http://www.shadowdefender.com

 

Aigle, Trjam

Just to show I am not a one application only promoter on Policy Sandboxes are, I have re-installed GeSWall together with A2 Squared Rising AV/HIPS ThreatFire as only protection.

EDIT
Was forgotten that GW does not handle digital rights management software well. So you have two choices weakening lsass or setting WMP as always strusted. I opted for the last (only one hole) and adde d ThreatFire because it has strong media file protection (tested this). I hope TF and GW for vista 64 will be there soon (say 1/2 year), son doens not buy music so that is no problem.

Kees

 

you the man kees. I dont need malware sent to me for testing. I have 2 teenagers and after one month of Lord knows where they go, I downloaded Avira today on both computers, and both came up squeaky clean.

Geswall, has proven its ability to me now. The ultimate test.

 

Geswall (free) + AntiVir (free) + Threatfire (free) = Secure + Safe + Simple Computing.

Geswall requires no setup, unless you have a special printer program that needs access to api's in the windows\system32 directory.

Ice

 

stay tuned for kees geswall tweaking technicsIf time permited that is.

 

No doubt, If any one can destroy a security program it would be kids for sure.Happy to know Geswall stands strong.thanks

 

@Djohn,

With DW I have currently only two tweaks implemented.

Assuming that every downloaded executable is untrusted, with these two tweaks you can:

Limit untrusted outbound
Outbound protection for untrusted, see Aigle's already gave in this post, https://www.wilderssecurity.com/showpost.php?p=1279672&postcount=42

To find the network rule, open GeSWall console, set view to details, you will see the network in the second column (change to Security class = confidential, Resource tye = Network, select NAME, enter * in resource box),
Add a rule to all utrusted aps you would allow internet access (add rule: Resource name = *, resource type = Network, Access permission = allow)

Limit mail access
I used TweakOE to move the WebAdressBook (*.WAB) to a directory on my data partition (e.g MyMail), because I use seperate image software (MAxxblast free) for software partition and intelligent backup/restore (free Synchback) for datapartition. Next Open Outlook Express and go to Extra, Options, Click the tab Maintenance, click the button ArchiveMap (or Folder I have a Dutch version) and move your mail messages (*.dbx files) to the same directory (e.g. MyMail).
Next open the geSWall Console add this rule to the resources section Security class = confidential, Resource tye = File, select NAME, enter D:\MyMail in resource box. Next go to aoutlook Express and add the rule
Resource name = D:\MyMail, resource type = File, Access permission = allow

Sorry that is all

 

Even with GW u might find malware files on ur PC but they are isolated and can,t damage ur system. Mostly it will contain the infection such that it will fail to install but remnants might remain. So actull proof of GW success is that u will never find ur OS slowed down or amay by GW.

BTW don,t forget to add Deny network access rule in GW configuration as Kees posted above. It,s vital to stop some sesssion-resident downloaders and mass mailing worms to download malware from net or to send spam mails etc. Though even then ur system will remain intact.

 

This is a very imp tweak. Infact I suggested Brian to add it as a default rule in GW but he did not agree due to some future plans of a FW like features implementation in GW.

I will try to make a thread about it showing some tests with real malware.

 

Congrats, its your suggestion and I also think it is a good one

When you add cmd.exe to startup control of Rising AV, all leaktests (except dns recursive call) will fail and you do not need Comodo

By the way I have excluded Windows and Program Files from monitoring by the file protection of rising (so programs startup real fast, because the on excution scan is skipped). Opera starts faster with Rising Hips than Comodo's defense plus. You can add all the programs listed in GeSWall console in resources/system to be protected by Rising HIPS.

Makes sense: GeSWall mitigates untrusted resources, Rising's HIPS protects OS-critical/vulnarable parts.

 

Thats cool thanks.

 

I have the same rules for Outlook Express as the ones given by Kees1958.

These rules did however not allow me to send emails by other applications (for instance if I find a website at home which I would like to explore more at work or the other way around, I use the Send Link by email function in Internet Explorer).

To solve this, without allowing any emails in my inbox to be read by IE, I created the following rules for IE:

File Read Only for
- Folders.dbx
- Offline.dbx

File Allow for:
Outbox.dbx
Sent Items.dbx

You can also use the rules for other apps you want to be able to send emails only.

 

Thx Henk,

What is the setting for Web Address Book, which contains all e-mails addresses of friends etc?

 

Warning: when you have untrusted programs installed in a different directory than the predefined [rpgrams, they will not be sandboxed!

 

this is for the free version correct?

 

I made my Address Book confidential in Resources and only created a rule for msimn.exe which allows it full access to the Address Book.