Beta-testing of the DefenseWall Host Intrusion Prevention System.

Discussion in 'other anti-malware software' started by Ilya Rabinovich, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    A picture is worth a thousand words... are there any screenshots of this interesting sounding program? I would like to see some of it "in action" :)
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    There are 2 problems with the screenshots.

    1. The program's interface is not improved yet. It is coming soon...

    2. You will see only the icon turned red when in action. It is not a application firewall with hte butefull annoyeing windows "in action"....
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Ilya,
    WSFuser's question was :
    Your answer was :
    What happens if I close IE and I do NOT click the button "Close all untrusted applications" (suppose I forgot it) ?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,634
    Ilya already answered that (reread the quote). if u only close IE, the malware will stay.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    And that's what you call a good solution ?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,634
    i guess not but how do u make IE close its child processes when it exits?
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Certainly not with a button. Never depend on a manual action of the user, when something MUST happen like in this case. You just don't do that.
    I don't know the solution, but if a button is the only way to do this, then DW has a very weak point.
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You just close IE and that is all. Nothing more and nothing less. Anyway if you have malware inside the untrusted application zone it will be unable to stay in system after the reboot and harm you.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. If closing IE is enough, why do I need this button after all ?
     
  10. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Closing IE is enought only for IE closing :). If you close some application it doesn't mean that you close all the child processes. There are two ways to close untrusted application with no window:
    1. With the Task Manager application.
    2. With the "Close all untrusted applications" button.
    If you don't use DW, the only way to close application with no window is Task Manager. I give you the simple way to close malware process and you suppose, that it is a weak pojnt. Very strange logic.....
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Isn't there a technical way to find out if a parent application was closed by the user ? If that is possible you can do it all automatically.
     
  12. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, technically it is possible. But there are two problems.
    1. Untrusted processes are not separated from each other. They are executes into one untrusted applications zone.
    2. For example, you click on the e-mail link and your e-mail client automatically runs. The parent process is IE. After that IE closes. And your e-mail client closes with IE. But your letter is still doesn't written!
    So, if I start to close applications user don't wont to close- that is very bad idea. Would you like if I start to close applications you don't want to close?
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If it is designed this way, then it is indeed a problem. You can't blame me for trying. :)

    So I assume when a trusted application "Acrobat Reader", which is started from an untrusted application MSIE (to read a PDF-document), that "Acrobat Reader" will be treated temporary as an untrusted application.

    Nevertheless, the button "Close all untrusted applications" MUST be used for other applications, than browsers.
    Applications are normally closed by clicking on the "X" in top right corner of the window and this is a habit of users.
    So it's most likely that an user will forget to use this button, when he closes an untrusted application and he certainly has to remember that the application is untrusted.
    A red border on the untrusted application window would help to remind him that he is working with an untrusted application and to use this button for closing this application.
     
    Last edited: Oct 4, 2005
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    If some malware comes through IE, and you close IE, that malware will still remain untrusted.. so if you click the button to close all untrusted apps, that malware will close. DW isn't designed to automatically terminate malware, it's designed to keep it from infecting your system, which it will do. The malware may be able to run, but it won't be able to do much. If you discover it, you can close it all easy enough, but if not then it will be gone next reboot.

    DW is, by no means, a "cure-all".. but should you end up picking up some malware, it will act as 'damage control' and will not present a problem when removing. You won't get unwittingly rootkit'ed running DW, for example :) Overall I'm really liking DW, very unintrusive. In many ways it's what I've been looking for to extend DropMyRights.. if you were to run DW using a limited user account, you could have very strong protection, although it doesn't pretend to be a replacment for your AV, AS, & FW, which I also appreciate.
     
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The "Close all untrusted" button is really more of a panic button. You could use it after every session if you wanted to, but you really only need to if you think you've got an infection on your hands and you want it stopped NOW.

    Hehe, after all the apps we're used to here on Wilders, apps like DW do take a bit of getting used to. Honestly I'm doing a bit of the same, but if you've used DropMyRights, it's probably the best way to think of it.. it just handles more than reduced privileges do.
     
    Last edited: Oct 4, 2005
  16. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    The new beta is released.

    1. New cool icons

    2. Explorer right-click menu integration

    3. All the applications started directly from the archives are
    untrusted now. Build-in explorer zip/unzip, FAR and Total Commander are
    supported.

    4. The rules are work now with the .msi, .bat and .cmd script. So, you
    can place them as untrusted. Also they will be untrusted it you run
    them directly from the archive. The list of the supported unzip apps
    is the same as 3.
     
  17. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'm very sorry, I've found the error in the driver. The improved version is in the old place.
     
  18. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    I know all you guys are caught up in the glory:D , but some of us are also interested in background info about this company like richrf asked.

    Ilya can you respond?

    Thanks
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I assume you are talking about DefencePlus v2.10 and NOT about DefenseWall v1.0 :
    two different softwares in the same thread is very confusing IMHO.

    P.S. :
    I wonder what the difference is between "Defence" and "Defense".
    Defense doesn't exist in my dictionary, only defence.
    I guess both spellings are allowed.
     
  20. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    No, Defensewall has been updated :eek:
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If that is true why is the link in the very first post of this thread still referring to DefenseWall v1.0 and not DefencePlus v2.10.
    I prefer to wait until Ilya gives me an answer to clear this up.
     
  22. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    I see no mention of "Defenceplus" anywhere in this thread - forgive me if I'm wrong.
    You can wait for Ilya, but I'm telling you the program is updated :) (defensewall)
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's very true Toadbee and that update can be downloaded from the link in the very first post of this thread.
    In fact Ilya referred always to that link for updatings of DefenseWall.
    DefenseWall has even a new DW-icon in the system tray, so there must have been some updatings.
    BUT DefencePlus is IMHO not the same as DefenseWall. I could be wrong of course, but I want an answer from Ilya, because he knows everything.
     
  24. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    One`s English and the other`s US. ;)
     
  25. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,634
    i actually found both defence and defense on hyperdictionary, both are nouns. also about the two products, i think defenceplus is their current product (link) and defensewall is a beta product currently not listed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.