DefenseWall Question

Discussion in 'other anti-malware software' started by LoneWolf, Jun 8, 2007.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    After the trial is over does DefenseWall stop working or is it reduced to a limited version?
     
  2. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Hello!

    If i remember correctly,when the splash screen comes up it ask you to buy a licence. It wont work after trial ends. It is long time ago when i boiught Defensewall, so i might be wrong. Defense wall doesnt have a limited version.

    Kristian
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, DefenseWall doesn't have limited version as:

    1. I don't believe in "limited defense". Defense need to be full- otherwise it is not a defense at all!

    2. Making limited GUI functionality is wrong too as this looks like "hey, I'm making troubles for you to get your money in future to remove them".

    So, both variants looks not really good, isn't it?
     
  4. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Beautiful, simple idea! I'm testing DW now. Was afraid to use HIPS beyond Cyberhawk and Arovax Shield until now. This one is looking good. Wondering if I need Cyberhawk at all?

    This is probably over kill, but at the moment I'm running my browser inside SandboxIE, inside DF. Probably no need to do this but it's working nicely and I just love SandboxIE and would hate to get rid of it.

    What a great program DF is turning out to be.
     
  5. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Prevx2 doesn't fit neither does PS, it's early days but DW seems like a real gem. It's love at first sight!
     
  6. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Wow! There are options in the context menu as well.

    This is a beaut.
     
  7. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    I considered buying DefenseWall at one point until I read that even after buying the program you would begin to get "nag" screens at every boot after the first year is up. http://gladiator-antivirus.com/forum/index.php?showtopic=43026

    Maybe it has changed since then but I wouldn't buy it for myself until it does.
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @ Riverrun
    LOL, Yeah it might be a bit :)
    I agree that Sandboxie is a gem.

    Am waiting for DW2 ;)

    You may know this already:

    here are some links and info re Hips and in particular DW and sandboxie:

    http://www.techsupportalert.com/security_HIPS.htm
    that test was criticised for including DW as it is also a functional sandbox.

    sandboxie here
    http://www.techsupportalert.com/security_virtualization.htm


    Go here: http://www.av-comparatives.org/index.html?http://www.av-comparatives.org/seiten/comparatives.html
    down to the bottom of the page and read the report " Comparative of various protection tools" to see how DW and Sandboxie went head to head, read the report.

    Heh: surfeit of riches eh, tricky decisions. :)
     
  9. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    well I'm happily using DW too, although I did have some problems initially, but Ilya is working hard to solve them :)

    Longboard, you should try DW2 RC1, its pretty stable and much improved over v1.74

    What I don't get is, why do people call DW a sandbox? I don't understand whats wrong with including it in a HIPS test like techsupportalert - it does the same thing as any other HIPS, that is block dangerous actions. I would call SandBoxie a sandbox because it creates a virtual copy of settings like FF profiles and stuff, but I don't see DW as anything remotely similar - it just blocks actions like behaviour blockers, but without the gazillion prompts. It does a fine job at that too.
     
  10. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I aint no expert:
    Ilya can answer better than me: I think the classification revolves around the actions:
    and so to the "Rollback" tool....

    From the neat net reviewers:
    From 'kareldjag':
    Whichever way you look at it it is combo: HIPS and Sandbox options
    See the home page: http://www.softsphere.com/
    for some of the test results ( heh; Ilya needs to add the AV-Comp tests)
    Worth noting that every test basically passed with flying colours.

    Have to stop now or I'll be accused of spamming ( Ilya send money lol)
    :)
     
    Last edited: Jun 13, 2007
  11. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    hmm thanks Longboard. I didn't know about the whole virtualisation thing. Having said that, I think DW is still a HIPS at heart imo, more so than a sandbox.
     
  12. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is already not this way. Nag- only once per month (just to remind).

    As about tests and base ideas- well, it is, definitely, sandbox, as its main idea is threat-gates isolation from the all the sensitive system's places. As about TechSupport tests- sorry, I can't answer as I wasn't involved any way (notifications, questions, money, ... ) in it. That is Ian's decision, I have nothing to comment...

    Well, I would do that, but it is forbidden to do direct document links by IBK and I don't want to violate it.
     
    Last edited: Jun 13, 2007
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi all,

    I think I have finally found a user friendly and sound security set up

    Hardware firewall
    Antivir free
    A2 Malware paid (V3.0)
    DefenseWall paid

    A2 and DW are so user friendly they can bring behavior blocking/IDS (A2) and HIPS (DW) to the larger PC audience.

    regards Kees
     
  14. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Thank you for the links, Longboard. Still testing DefenseWall. It's getting along well with SandboxIE, so far. DF looks like a keeper.
     
  15. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    DW2 RC1? I'd like to try it. Not that I'm unhappy with 1.74, far from it, but if there's a better version available I'd like to try that. Can you post a link?
     
  16. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
  17. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I wonder is it wise to run SandboxIE and DF together? At present, I'm running SandboxIE as a trusted program. When I want to surf, I sandbox my browser which is protected by DF and so I'm getting the benefit of both applications or so it seems to me. It seems to be working nicely. The only thing is that sometimes Sandboxie will not terminate but that's only a minor irritant and not a major issue as far as I can see.


    Right?
     
  18. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
  19. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I've tried DW twice now and both times i came to the same conclusion. Just how does it work? I mean it runs Internet Explorer as untrusted so anything coming through it is also untrusted. But i've read that it allows registry changes and such and that if you feel that something is up to no good you can 'rollback' and remove all those changes. But what if those changes have already hosed your pc? There will be no chance to 'rollback'. Also while i was using it i was on e-bay listing something and e-bay wanted to install an activex module. I installed the activex and never once did DW ask me. In the end i was utterly confused and couldn't tell how it protected me and whether it actually was protecting me so i ended up uninstalling it after the second time. I'm sure it's great and it certainly runs sweet on my pc but without knowing how it works i had no choice than to uninstall it.

    If you want to know what activex was installed then it was this.

    ActiveX CLSID: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
    Name: Picture Manager, Wells and Layout
    Publisher: eBay, Inc.
    Signed: Yes
    Program ID: EPUWalControl.EPUImageControl.1
    File: C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
    File Version: 1, 0, 3, 48 [1, 0, 4, 0]
    File Size: 1 132 192 Bytes
    File CRC32: 679C2B95
    File MD5: 6c378170cbec45e5dbbe6b5a17bb3c90
    File Creation Date: 15.06.06


    muf
     
  20. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: DW is an excellent app, no doubt about it. But I have been confused by these trusted/untrusted things," what ,why and then "issues just never go away. That is why I settle with something that would put entire volume(drive) or partition as untrusted zone. Anything occurred within it will be/ought to be removed upon reboot. From then on, I never got confused. Easy and simple.
     
  21. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88

    muf,

    If IE is running untrusted the activeX install won't work, and ebay will keep asking you. i.e. if you restart IE as untrusted and go to EBay it'll ask for activeX again. DW protects against changes to IE settings too. Same goes with firefox extensions, automatic updates and firefox preferences. DW has something called a "Event log" -> it'll show DW preventing the activeX control from being installed.

    Maybe DW doesn't quite make it clear, but it is targeted at computer newbies and people at wilders who don't like constant pop-ups. To understand DW better -> it is a zero-popup program. It is meant to be easy to use, unlike normal HIPS.

    As for the registry changes, it allows harmless changes through - DW doesn't want to shutdown your computer! But if a program is running as untrusted it has no access to registry sections for autoruns, services, IE settings, and all sorts of other settings that you'd expect a HIPS to protect.

    I've asked Ilya (the developer) if he could implement an optional "notification" sort of thing when an untrusted application tries to "violate" the areas that are untouchable - and he's considering it. The good thing about DW is that the developer listens, and that its very strong protection, so I was sold. I was like you at first too, didn't have a clue, but after an hour of mucking around and figuring out what it does, I understand what it does and love the concept. Anyhow, Ilya is working hard to make a good help file for v2, to explain things better.
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is a variant of sandbox HIPS with file system, registry and applications rules predefined.

    Yes, current rollback implementation is not all-mighty. Mostly, it is for manual removing of malware modules. Later on, I'll improve rollback to make it more powerful, but this will cause more disk space usage (it will be optional, you will be able switch it on and off).

    I see no reasons to block ActiveX installation as:
    1. I fund it really intrusive.
    2. DW doesn't show popup windows with questions.
    3. ActiveX executive modules will be marked as "created by untrusted process". In case you load such the modules within trusted process, DW will turn it to untrusted state, it is "plugin injection protection".
    4. Their reg. keys and modules will be placed to rollbacks.
    5. Those ActiveX components are loads only on demand (ie, you need place its GUID into HTML page to call it).
    6. Under "Go Banking/Shopping" mode, those ActiveX won't loads (hm, this could be a problem this case, need to check out if it I need allow ActiveX components load if they are created under this mode).
     
  23. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thank you Ilya for this and also for the very detail informations in your post:)
    I am testing DW right now and so far I must say that I really like it.

    I already test it last year but at that time I must honestly say that I didn't really understand the concept and could not appreciate it's fantastic value.:)

    I will probably buy it at the end of free trial.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Ilya, I don,t think it,s a good way to go. Why do u want to remind someone every month if he doesn,t want to renew? Or atleast there should be a way to turn it off. It,s not a good feeling for me.
     
  25. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    721
    Location:
    Cumbria, England
    At least it is a not so intrusive reminder that your subscription needs renewing should you want to, afterall, a lot of people do forget such as myself and it is much better than a nag screen every time you use the program.

    But i guess it is one of those things that is difficult to fullfill as some wont mind the reminder whilst others will.
     
Thread Status:
Not open for further replies.