Beta-testing of the DefenseWall Host Intrusion Prevention System.

A picture is worth a thousand words... are there any screenshots of this interesting sounding program? I would like to see some of it "in action"

 

There are 2 problems with the screenshots.

1. The program's interface is not improved yet. It is coming soon...

2. You will see only the icon turned red when in action. It is not a application firewall with hte butefull annoyeing windows "in action"....

 

Ilya,
WSFuser's question was :

Your answer was :

What happens if I close IE and I do NOT click the button "Close all untrusted applications" (suppose I forgot it) ?

 

Ilya already answered that (reread the quote). if u only close IE, the malware will stay.

 

And that's what you call a good solution ?

 

i guess not but how do u make IE close its child processes when it exits?

 

Certainly not with a button. Never depend on a manual action of the user, when something MUST happen like in this case. You just don't do that.
I don't know the solution, but if a button is the only way to do this, then DW has a very weak point.

 

You just close IE and that is all. Nothing more and nothing less. Anyway if you have malware inside the untrusted application zone it will be unable to stay in system after the reboot and harm you.

 

OK. If closing IE is enough, why do I need this button after all ?

 

Closing IE is enought only for IE closing . If you close some application it doesn't mean that you close all the child processes. There are two ways to close untrusted application with no window:
1. With the Task Manager application.
2. With the "Close all untrusted applications" button.
If you don't use DW, the only way to close application with no window is Task Manager. I give you the simple way to close malware process and you suppose, that it is a weak pojnt. Very strange logic.....

 

Isn't there a technical way to find out if a parent application was closed by the user ? If that is possible you can do it all automatically.

 

Yes, technically it is possible. But there are two problems.
1. Untrusted processes are not separated from each other. They are executes into one untrusted applications zone.
2. For example, you click on the e-mail link and your e-mail client automatically runs. The parent process is IE. After that IE closes. And your e-mail client closes with IE. But your letter is still doesn't written!
So, if I start to close applications user don't wont to close- that is very bad idea. Would you like if I start to close applications you don't want to close?

 

If it is designed this way, then it is indeed a problem. You can't blame me for trying.

So I assume when a trusted application "Acrobat Reader", which is started from an untrusted application MSIE (to read a PDF-document), that "Acrobat Reader" will be treated temporary as an untrusted application.

Nevertheless, the button "Close all untrusted applications" MUST be used for other applications, than browsers.
Applications are normally closed by clicking on the "X" in top right corner of the window and this is a habit of users.
So it's most likely that an user will forget to use this button, when he closes an untrusted application and he certainly has to remember that the application is untrusted.
A red border on the untrusted application window would help to remind him that he is working with an untrusted application and to use this button for closing this application.

 

If some malware comes through IE, and you close IE, that malware will still remain untrusted.. so if you click the button to close all untrusted apps, that malware will close. DW isn't designed to automatically terminate malware, it's designed to keep it from infecting your system, which it will do. The malware may be able to run, but it won't be able to do much. If you discover it, you can close it all easy enough, but if not then it will be gone next reboot.

DW is, by no means, a "cure-all".. but should you end up picking up some malware, it will act as 'damage control' and will not present a problem when removing. You won't get unwittingly rootkit'ed running DW, for example Overall I'm really liking DW, very unintrusive. In many ways it's what I've been looking for to extend DropMyRights.. if you were to run DW using a limited user account, you could have very strong protection, although it doesn't pretend to be a replacment for your AV, AS, & FW, which I also appreciate.

 

The "Close all untrusted" button is really more of a panic button. You could use it after every session if you wanted to, but you really only need to if you think you've got an infection on your hands and you want it stopped NOW.

Hehe, after all the apps we're used to here on Wilders, apps like DW do take a bit of getting used to. Honestly I'm doing a bit of the same, but if you've used DropMyRights, it's probably the best way to think of it.. it just handles more than reduced privileges do.

 

The new beta is released.

1. New cool icons

2. Explorer right-click menu integration

3. All the applications started directly from the archives are
untrusted now. Build-in explorer zip/unzip, FAR and Total Commander are
supported.

4. The rules are work now with the .msi, .bat and .cmd script. So, you
can place them as untrusted. Also they will be untrusted it you run
them directly from the archive. The list of the supported unzip apps
is the same as 3.

 

I'm very sorry, I've found the error in the driver. The improved version is in the old place.

 

I know all you guys are caught up in the glory , but some of us are also interested in background info about this company like richrf asked.

Ilya can you respond?

Thanks

 

I assume you are talking about DefencePlus v2.10 and NOT about DefenseWall v1.0 :
two different softwares in the same thread is very confusing IMHO.

P.S. :
I wonder what the difference is between "Defence" and "Defense".
Defense doesn't exist in my dictionary, only defence.
I guess both spellings are allowed.

 

No, Defensewall has been updated

 

If that is true why is the link in the very first post of this thread still referring to DefenseWall v1.0 and not DefencePlus v2.10.
I prefer to wait until Ilya gives me an answer to clear this up.

 

I see no mention of "Defenceplus" anywhere in this thread - forgive me if I'm wrong.
You can wait for Ilya, but I'm telling you the program is updated (defensewall)

 

That's very true Toadbee and that update can be downloaded from the link in the very first post of this thread.
In fact Ilya referred always to that link for updatings of DefenseWall.
DefenseWall has even a new DW-icon in the system tray, so there must have been some updatings.
BUT DefencePlus is IMHO not the same as DefenseWall. I could be wrong of course, but I want an answer from Ilya, because he knows everything.

 

One`s English and the other`s US.

 

i actually found both defence and defense on hyperdictionary, both are nouns. also about the two products, i think defenceplus is their current product (link) and defensewall is a beta product currently not listed.