Defensewall test review(youtube)

Discussion in 'other anti-malware software' started by jmonge, Nov 15, 2008.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  2. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    I paused at "haven't really heard of them." :doubt: :argh: :rolleyes: :eek:
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is 3 parts,which one did you watch?
    get some popcorn and watch the movie man:D
     
  4. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    It was in the beginning of the first part. He hasn't even heard of hips before they contacted him which is suprising for someone who seems be very involved with malware removal. At least I would expect him to know prevention. Then he mentions prevx and threatfire along with defensewall like they are similar. I'm not complaining but it seems like he doesn't know much. It's up to viewers to determine how much to consider the tests.
     
  5. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    A lot of IT professionals are mainly aware of only AV products and firewalls, which are the two key components in the workplace environment, so no need to find it unusual that people don't know about HIPS. :)

    In the workplace environment for example, giving average users more advanced programs may lead to serious instability or disaster. You're making the user perform a choice their brain isn't capable of making (at this point of time). ;)

    Regarding defensewall, when you click on untrusted applications tab, I also was slightly confused by the options. Had to get the following from the help file:

    There is:
    Add - adds process/applications/folders to the untrusted list
    Remove - removes process/applications/folders from the untrusted list
    Run as trusted - starts the application immediately as trusted
    Enable/disable - allows you to temporarily make a program trusted, then revert it back to untrusted
    Move item - moves item up and down the list
    Excludes - adds file/folder to the exclude list making it run as trusted.

    Just a question, is the last option 'excludes', actually the same as 'remove'?
     

    Attached Files:

  6. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    The part that made me scratch my head was when he had the malware running and he said it wasn't doing anything....my understanding, which could be wrong, is that it is indeed running until you hit the stop button.
     
  7. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Although you can remove all file and registry tracks (and the reviewer should have just removed all items, and not just a handful, as I think it's safe and easy to do), DefenseWall will keep all items for 30 days and then automatically discard them. So as Ilya doesn't recommend discarding all items after each session, and that DefenseWall will remove these items after a short period of time anyway, I think the malware processes would be contained/restricted.

    Maybe I'm wrong too though. Haven't loaded DefenseWall up in a short while.
     
  8. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I never got to use it that much. Too many problems with active skin. Wish I hadda tested it more before I bought it.
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    I think the program is very impressive indeed, although it is more of a sandbox than a HIPS. Some knowledge is required about what is malicious or benign: The reviewer was uncertain as what to keep and what to delete which means that an AV is necessary to check at least what is already known as malicious.
     
  10. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    1. Most of the people never heard about HIPS products ever, even (especially?) if they represents AV/AS companies. I just met this on one of the industry forums- people there never heard about sandboxing at all, I had to teach them from scretch.

    2. "Excludes" item within "Untrusted applications" section means "Exclude following items from the untrusted applications list". You may add a folder into the list, but exclude separate files from running untrusted with it.

    3. Problems with current skin engine will be solved by switching to another one. Please, have a patience a bit, all the problems will be solved, I promise.

    4. Running malware is harmless if it can't infect your system, hijack your passords and sensitive data and so on.
     
  11. O.Alexander

    O.Alexander Guest

    There is another video if you type "defensewall" in youtube.
    Testing against 'Adobe Clipboard Hijack'.
    However, I don't understand. I'm not sure if it passes.
    Can anyone confirm?
    Thanks!
     
    Last edited by a moderator: Nov 17, 2008
  12. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    "Adove Clipboard Hijack" is about Adobe Flash security model problem. No HIPS can protect against it. Ever. The latest Flash player is fixed the issue.
     
  13. iphone

    iphone Registered Member

    Joined:
    May 6, 2008
    Posts:
    17
    Good review.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Great news. After a long debate with myself, I took the plunge and added it to my arsenal and am very impressed. Have to say it is a cut above Geswall and works well with Edge.
     
  15. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    You just couldn't run with just one could you. Ha! :p
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I cant run with anything for very long. But this combo of 2 is very interesting.
     
  17. Minimax2000

    Minimax2000 Registered Member

    Joined:
    Jun 11, 2006
    Posts:
    204
    Location:
    Switzerland
    Good work by Defensewall. The test makes it hopefully known to a broader audience. :thumb:
     
  18. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Is there security app. you heard of but never tried?
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I tried at a time I was new to the concept of HIPS. Sandboxie was about the most advanced I had gotte. A past hard cored AV guy. So basically yes.

    I like products where you see consistent development and active support. Ilya has showned that just as the Prevx gang is doing.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    I do not believe what I am reading :D :thumb:
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Short attention span.
    He'll change soon.
    Hugger
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Ahh, what were we talking about.:rolleyes:
     
  23. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I gave DW another try... I must confess i never quite liked DW in the past. I even deleted my GAOTD version some time ago... It's neither a classical HIPS nor a sandbox, so i found it confusing at first. I had to run Comodo's leak test, just to be sure that it was actually doing something! The weird was that i got no pop ups during that test. Just logged events. Although i had checked an option about notifications in tray i think.

    I read some posts in this forum again and tried it again. I understood the concept better (of policy restriction), but i must say, for something that is supposed to be as simple as "trusted vs untrusted", i still didn't understand some things. I suppose more reading is required. The various exlusion lists, resources, etc butttons. Also Opera was creating some untrusted temp entries that were in black, while the rest was in blue. I guess the colour means something too.

    I also read about the active skin crash bug, although it didn't happen to me for the hours i used it.

    What turned me completely off was the CPU usage. I had p2p on, but i think it was browsing causing it. Opening new page, was giving temporarily up to 9-11% usage on my dual core. Too much for my taste.

    I really like the concept and read it will include outbound protection in the future. Version 2.46 will be something to check again.

    I surely must read more about it, cause it doesn't work like Sandoboxie or classical hips that i am familiar with... If it drops CPU usage, it would be great.

    One thing i didn't figure out at all was... Suppose you have downloaded and run a malware and DW crashes. Does this makes the malware turn active?

    If something is excluded from the untrusted, it means it is trusted? If yes, why not just call it trusted?
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I am sure as a shame to others, mine is basically straight out of the box settings and works fine against my exstensive malware test bed.:rolleyes: All 3 of them.;)
     
  25. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    Yeah, DefenseWall out of the box will provide you with great protection.
     
Loading...
Thread Status:
Not open for further replies.