A couple Geswall questions

Discussion in 'other anti-malware software' started by Drew99GT, Sep 7, 2007.

Thread Status:
Not open for further replies.
  1. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    OK, first off, I like this much more than Sandboxie. There's nothing to do except use your computer like you normally do!

    Questions:

    1) Say you have a malicious keylogger on your machine that somehow got in (ie you downloaded it or it got through a non-isolated program). How can Geswall stop it once it's there, or can it? Does it provide overall security of the machine other than simply preventing changes through an isolated application?

    2) When you right click isolate an application, does it provide the same policy restrictions as if you used the application wizard. ie Is right clicking to isolate an application in the free version the same as already having an application configured like in the pay version (for p2p/chat type applications which aren't pre configured in the free version)?

    3) Will using Geswall right out of the box, and simply right click isolating applications with no pre configuration (applications other than browsers) provide you with the same security as the paid version. ie, is it gonna protect me!!! I'm not a power user and don't like messing with technical stuff.

    4) Will you get attack notifications in the free version?

    Thanks :thumb:
     
    Last edited: Sep 7, 2007
  2. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    How do you make the entire my documents folder confidential? Do you simply add "C:\Documents and Settings\"user"\My Documents" to resources?

    The address for the "confidential" folder that Geswall creates looks very foreign to me!
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    1- The default policy is to isolate all applications which attempt to access the network. GW won't stop the keylogger (you've trusted it in the first place) but it may prevent the data leaking.
    2- GeSWall's Access Control Policy
    The default isolation policy provides strong security, but it might break certain things. Applications rules give permissions needed by some apps without compromising security.
    3- See point 2. The protection is the same, but things might break. The paid version has rules for a good number of apps which guarantee smooth operation.
    GeSWall docs
     
  4. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    "The default policy is to isolate all applications which attempt to access the network."

    How can that be, if an application is not in the list of applications? I can open say, Limewire or any other program (I have the free version - not paid) that needs network acess, and they work fine with no pop-ups. o_O
     
  5. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
  6. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Let me rephrase that, I tried it and it seemed to work, then I deleted it, and redownloaded it, and now it does not work. What the hello_O
     
  7. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Where's aigle and zopzop to set me straight on this! Maybe I'm missing how that DCS Keyhook test works or something. On Geswall's website, it says that Geswall will stop keylogging in other programs that are isolated from keyhook.exe? Is that correct, and it's normal to still see keys logged when you type just inside the little display or anywhere on the desktop with keyhook? o_O
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    You should download it from an isolated browser session, then run it. Did you do that?
     
  9. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Yup, I did that. But it still logs keystrokes.
     
  10. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    you mean you downloaded it, ran it isolated and geswall didn't stop it from logging keys. am i understanding you right?

    then you tried to download and run the file again and geswall failed to stop it from logging keys? is that what you mean?

    the thing with the keylogger from diamondCS is, if at any time you ran it UNISOLATED just to see what it does, it drops a keyhook.dll somewhere on your hard drive (in the directory you have the keyhook.exe saved in). if you delete the keyhook.exe but not the keyhook.dll (which is unisolated) and then try to run keyhook.exe ISOLATED, it will still log keys because its using the UNISOLATED keyhook.dll
     
  11. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    It drops the keyhook.dll even when you run it isolated, bit the .dll is untrusted.

    Bottom line is, if I run this keylogger isolated and then type something, it should not log keystrokes, correct?
     
  12. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Hmmmmmmm, there is also a keyhook.dll in the system folder for microsoft money. It's not the same size as the DCS one; could keyhook.exe be using that one?
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yes. You should not need to select "run isolated", as it is marked accordingly by GeSWall. I think these versions even tag it visually in the file's icon. You see that right?

    About keyhook.dll, i don't know, but the dll would have to perform the same functions, but it would be weird anyway if it were true (bottom line i don't know :D ).

    With this bump, perhaps Aigle or Zopzop will answer, as i don't even find it in me to google. My priorities have completely shifted
     
  14. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    well this is an odd little "keylogger". the only thing it seems capable of doing is logging it's own keystrokes. that's it. i tried opening up various programs and seeing if it would log my keystrokes, it doesn't. it just logs it's own keys. it seems pretty pointless. look here :
    i opened up notepad and began typing. it logged NOTHING.
    http://i227.photobucket.com/albums/dd84/zopzop/keyloggerdemo.jpg

    i also tried with IE, calculator, firefox, etc... nothing. it only logs its own keystrokes.
     
  15. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Yea, that's what it does for me too. Isolated or not, it only logs keystrokes typed within the little window of the program. Even unisolated, it will not log keystrokes typed in another program. But it will log keystrokes typed into it's program window when it's isolated; that's what was concerning me.

    Sorry to be so obsessive and pummel you Geswall guys with so many questions. Just want to make sure it's running correctly. I LOVE this program; no sandboxes to delete (no secure delete set-up or confidential folder set-up for us non-power users), no reboot needed. Just use your computer like it's meant to be used! Great program!
     
  16. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    it doesn't bother me at all :) assuming this was a real malevolent keylogger, what kind of possible damage could it do? the thing only logs keys when you click on it's program window. it doesn't even see anything you type in other programs. it's powerless to steal passwords and such.

    no need to be sorry :) testing these types of programs only makes them stronger. if it's still really bothering you, you could try emailing gentlesecurity's tech support or posting this on their forums. they are very quick to respond.
     
  17. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    So zopzop, when you run it isolated, it will still log keystrokes when you type inside it's little window?
     
  18. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    ^^^

    correct.
     
Loading...
Thread Status:
Not open for further replies.