DefenseWall as a HIPS

i give it a total uninstalled.
i get BSOD every day, even i just fire the IE.
btw. i use the latest version w/ expert mode

 

Send me minidump files for those BSOD's via forum- my e-mails are still ain't working.

 

Thanks for the screenshots Ilya, I think the GUI will be just fine as long as you don´t forget the basic rules like: "Applications must remember its screensize + position, same goes for columns (+ remember column-sorting"). Btw, I now know what I forgot to ask: In Sandboxie, every change to the file system and registry will be made only in the virtual sandbox. So apps are not able to do any damage to the real system. But is this the same with DW? This is what´s bugging me a bit.

 

Correction- will be made within virtualization container. It is standard file system folder and registry key in case of SBIE.

No, it is not the same. DW has policy-based file system protection instead of virtualization. Also, registry protection is, mostly, policy-based also (but there is limited virtualization). The point is that if sandbox gives you 95-98% of automatical defense against unknown, 0-day malware. DefenseWall do this job and, in future, will be able to do it even better. As about defense rate- well, maybe, file system virtualization may give some little advantages, but the price for that is standard- simplicity in everyday use and learning curve. In fact, classical HIPS may give you ~99% of defense- but it will be impossible to use it due to huge number of popups. This balance- simplicity and defense rate- is highly important thing!

 

Ilya - re. the rollback feature, does this mean it's possible to view all changes made to the file system and registry by a process, with detailed info on what it used to be and what it has been changed to ?

 

Is there a free version of Defensewall?

 

No
There´s a 30-day trial.

 

Not all of them. "Time machine" from Apple requires second hard drive!

 

@ Ilya Rabinovich

But isn´t DefenseWall basicly almost the same as GESwall? So it´s restricting apps with policies so that malicous apps can´t damage a system? But apps can still access certain parts of the real file sytem and registry otherwise they wouldn´t be able to work, and that´s why you need the rollback feature, correct?

I don´t know why but I still can´t visualize it completely, sorry about that. But with Sandboxie I know that the file system and registry will not be touched, with that I mean they will be virtualized and changes are kept in the sandbox. I´m not saying that it´s better, but I´m just trying to figure things out.

 

Basically- yes, you are correct.

Not in the sandbox, but inside virtualization container. In case of SBIE is it a folder within "Documents and Settings" one.