Defensewall question

Discussion in 'other anti-malware software' started by dueceswild, Mar 28, 2010.

Thread Status:
Not open for further replies.
  1. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Sorry to post this here, but I can't post at Gladiatior yet. Regarding the new beta: Ilya had suggested version 3 would allow whitelisted "safe" programs to install as trusted even when downloaded from an untrusted browser. I am trialling the beta, and downloaded MBAM as a test. It appeared to run trusted with no input from me. Can someone confirm this?

    Again, sorry to post here. I am trying to decide between this and Geswall Pro. Frankly, I liked the useability of Geswall as compared to 2.56, but version 3 caused me to hold on the purchase. I still don't know enough about them to fairly judge version 3's enhancements against Geswall Pro. Thoughts or suggestions on that welcome as well.
     
  2. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello dueceswild,

    I can confirm your findings. Before attempting to install MBAM, it is "untrusted" according to DW's "file properties" and appears in the "untrusted" list. Upon execution, MBAM installs as "trusted" without user input and disappears from the "untrusted" list. I have no idea if this is due to whitelisting or not. I also have no idea if this is normal or not. In any case, until Ilya chimes in, I have my doubts about this default action as it could introduce a security hole.


    Peace & Gratitude,

    CogitoErgoSum
     
  3. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Thank you for the reply. I have read quite a few posts about Defensewall at Gladiator; honestly it's all starting to run together. It seems I read somewhere Ilya said he was going to do this; I can't remember where. One thread is 60+ pages.

    Then again, I haven't been able to find other implementations (such as password protection for behavior such as this, and a timer for suspending protection).

    I have reverted to the 2.56 version since though. I thought version 3 was good; just no need for the firewall or the big red X in the system tray. I have OA; and I can't seem to get past the block about 2 firewalls. Sure they're safe as Ilya suggested, but I had enough trouble setting one up. Sure don't need two.
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Password protection can be set under the "Advanced" tab. It is global though. I don't believe you can set password protection for certain actions only. If you right click any of the tabs to disable protection for HIPS, Outbound, inbound protection time options from 10 to 60 minutes, upon reboot and permanent. I would recommend you stay with version 3 as it is more secure than 2.56. There is a registry tweak to convert ver. 3 to HIPS only. I recall Ilya posted it but I can't find it at the moment. Maybe someone else has the registry change.
     
  5. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    I recall the registry tweak; the link to it is actually in a Wilders thread. Honestly, I didn't know how to implement it, and had/have a feeling we will be seeing version 3 with and without a firewall released soon.

    You do bring up an interesting point. You say version 3 is more secure. Makes sense. Especially as I had mentioned earlier I was checking out GesWall Pro as well. Can GW be considered as safe as DW taking into account the number of updates DW receives as compared to GW?
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Sorry never used GesWall so can't compare. I have been happy with DW and great support form Ilya.
     
  7. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Found the link. Actually from you. Sorry. As I said, everything runs together. And as for Ilya, he does seem to be very responsive and covers at least 2 forums.

    Create "force_hips" REG_SZ value into the "HKEY_LOCAL_MACHINE\SOFTWARE\SoftSphere Technologies\DefenseWall" registry key.

    As for the password protection, you are correct. My reference was to a post Ilya made about how to implement the running of a trusted installer (for example MBAM) downloaded from an untrusted browser without manipulating the file prior to execution. The substance of that discussion was that most participating suggested he configure the program to allow the user to double click the installer, then allow the program to run trusted by use of the password. He also mentioned building a whitelist of trusted installer programs that would run as if downloaded outside DW.

    I'll put the footnote that as usual, I may be misinterpreting.
     
    Last edited: Mar 29, 2010
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, it's "whilelisting". DefenseWall checks executable file's vendors from their digital signature and, if it's listed as "known as good", runs it as trusted automatically.
     
  9. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Thank you for the reply Ilya. Is this a new feature in V3, or just an expanded "whitelist"?

    And if you don't mind, could you highlight some of the improvements that V3 will have (other than the obvious availability of the firewall) over the previous version?

    Thank you for your patience and responses. I am really new to products such as yours.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    firewall of defense wall is quite good. my 2 cents: dwv3 + prevx+ av is enough
     
  11. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    I am quite certain it is. I guess I don't understand the product enough to be comfortable with it. How does this FW work with regard to "traditional" firewalls. I mean does it cover all programs, untrusted, do I need to set ports, etc.

    And Kees1958, if you don't mind, I see that you have used Geswall and Defensewall. Could you point out some fundamental differences?

    Btw, I hope you are doing well in recovery.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thx doctors will advise on op soon. hospital me moved to a room with a touch screen and on screen keyboard, because the brace made it difficult to look at screen and keyboard.

    They are basically simular aps. DW has a very user friendly default mode. GW console has a little higher granularity for super users than DW resource protection. On the other hand DW resource protection seperates untrusted from untrusted, which GW does not offer. DW has tutal untrusted file controle which GW does not has. This means that a downloaded file moved to another drive becomes trusted with GW but stays untrusted by DW. GW has one release every year and lttle forum support. DW has an active release calender and an active support. Because GW Pro has an application wizard, the low support is really not a big issue to power users of GW pro. For reference a power user of DW is comparable with an average user of GW.

    While resource protection is a very powerfull instrument, few DW users have their own rules. Ilya is very smart because he incorporates some of the personal rules of his power users into the default set (eg cognitoergosum, creer, ako). Since version 2.48 Ilya has implemented my additional resource protection rules in the default also.
     
  13. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Thanks again Kees1958. I think I have about decided to go with DW- maybe even the firewall version with ESET and Prevx.
    I do have one last question; more for general knowledge. Ilya is always updating, very responsive and in-touch with his product and users. He releases updates frequently to stay on top of new threats; I take this to mean new threats emerge that can compromise certain portions of Defensewall.

    How does GesWall stay as safe as DW when it only produces yearly updates? Or does it just operate differently where updates aren't required as much?
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    yes that is partly the reason
    GW uses windows internals. That is why it used to be the fastest. The example of losing the untrusted marker is a limitation of NTFS file system when on another parttition.

    They also tend to ignore some intrusions because the practical value is zero for malware writers. DW and SBIE want to be best in class. That is why they react so fast to new threats. To be honest, that is a little bit of marketing and good reputation / brand management of them.
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have just started to look (by request) at this firewall implementation. It is too early for me to give correct/full opinion.

    There is very little to set and (as I see) only untrusted applications are allowed internet access (which makes sense).

    Some will not like it as it does not "Stealth". But for me I prefer the reactions made, as I prefer to make a reset (against) to a scan, if all firewalls did that, then it would actually DOS those scanning, instead with all the vendors blocking such outbound resets, it allows those scanning to scan more easily.

    - Stem
     
  16. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Thanks to the replies of Stem and Kees1958. As I said before, I am really new to this.
    Stem, I REALLY like that you are reviewing the FW portion; I am certain you will be making very helpful posts about it in the near future. Until then though, would it be safe to say your initial impressions are favorable?
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes.

    - Stem
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, it's new feature of V3.

    Improved protection, whitelisting, easy zone control for installation files, screen access and system restart granular control, bi-directional Internet connections control (PF edition). I could forget something with the list.
     
  19. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall V3 is the world-first sandbox personal firewall. It gives almost zero popups, no technical knowledge is needed, rules are very straightforward, there is no need to setup ports.
     
  20. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    From my side, it's not about marketing, but about professional's proud.
     
  21. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    Okay, just to update. Based on the responses of all who replied (most especially Kees1958, Stem, and Ilya) I purchased Defensewall. And I installed the beta for the firewall portion. Thank you ALL very much.

    Although still a little uncomfortable, I uninstalled OA (maybe just temporarily, but I did it) but still have ESET. I must say, Defensewall version 3 is very very light. Right at 19k as I type this, less offline. Chrome browser. Also, browsing really fast. First time starting Chrome and FF was a little slow, but after that almost instantaneously opening.

    NO configuration, everything seems to be working fine, internet access, printer access, etc.

    I would like to comment on the new whitelisting. I am very impressed. I have updated CCleaner and MBAM after download. Didn't have to use Defensewall to change status- just downloaded and installed. Some may not like this, but I certainly do. Makes everything easier for my wife, which makes everything easier for me.:)

    All that said, this is what makes me feel the best about this purchase:

     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    this is not an advertisement but i can tell you for my own experience that DefenseWall is one of the most powerfull sandbox with a firewall(very unique)very strong and trouble free;) you wont regret it to buy it i got 3 licences my self and i will for sure renew my licence again;)
     
  23. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    More than enough, here AV is already a bit overkill. :D
    I have DW, Prevx, Winpatrol Plus :)
    Light and watertight! :thumb:
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Light on RAM -- no big deal. After all, RAM is so cheap.

    The more important questions (IMO):
    1-How is DW3 on cpu?
    2-How is DW3 on I/O?
     
  25. dueceswild

    dueceswild Registered Member

    Joined:
    Sep 3, 2008
    Posts:
    184
    I'm not looking at my home computer now so I can't be exact, but I can tell you that the CPU usage was low; I specifically looked for spikes reported in the early beta. Didn't see any there.
     
Thread Status:
Not open for further replies.