Does Windows 7 (32 bit) compromise Geswall's security?

Discussion in 'other anti-malware software' started by HIPSter, Mar 31, 2014.

Thread Status:
Not open for further replies.
  1. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    I've read some users having to disable UAC to get Geswall to run. That would obviously make the system less secure. What I'd like to know is if anyone's had success running Geswall and UAC together and whether or not it's absolutely necessary to disable it.

    Also, how does Appguard compare to Geswall in terms of features? Is there a particular feature a Geswall user would miss by making the switch?
     
  2. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    No, you can install GesWall with UAC off, then switch UAC on again

    To get rid of the geswall protection of downloaded files, just copy it to another partition

    Regards Kees
     
  3. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    Thanks for the info, Kees.

    So you've tested it with no security/usability issues other than the "Label as Trusted" bug? My concern wasn't just the random complaints I've read -- it's that aigle (of EQSecure profile fame) apparently distanced himself from Geswall due to UAC/other issues. I respect his opinion, but I couldn't find anything in depth as to whether it was a 64-bit issue or whether or not his concerns were alleviated with Geswall's last release, 2.9.2.
     
  4. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Yes, I also forgot to tell you, directly open geswall mmc to open up the geswall console (in stead of using the ICON). All geswall UI actions will fail with UAC on, so you have to choose your options (block, silent, etc) first before enabling UAC.
     
  5. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    So if I want to make Geswall work, I can, but at the expense of user friendliness.

    It sounds like it may be time to look into AppGuard. It's still supported and seems similar to Geswall from what I've discovered so far.
     
  6. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    Oops...

    Sorry Alcyon. I confused you with aigle. :eek:
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    As a first time user of GeSWall, I have to admit that AppGuard is a nice combo of anti-executable (user land) and policy HIPS for guarded apps and actively developed, so good choice
     
  8. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    The one thing I don't like about AppGuard is that it's more of a "one size fits all" solution. I prefer GesWall for it's ability to create unique application profiles.

    Since I'm moving from XP to Win7, I'm having to leave my trusty old setup of EQSecure/GesWall for something new. I've been considering replacing EQSecure with Malware Defender and GesWall with AppGuard.

    One consideration I've been thinking about is keeping GesWall and pairing it up with AppGuard. GesWall has it's issues in Win7, but it and AppGuard together would offer some per-application control combined with some basic HIPS protection. While this combo won't offer the same level of control as a classic HIPS, it would secure the desktop nearly as well and with fewer nags.

    It's just a matter of whether or not they can co-exist without issues.
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    If you don't mind, I would kindly suggest you forget Geswall. No proper UAC compatibility, no 64-bit support and product development seems almost dead.

    Instead, go for Sandboxie. Uses Windows internal mechanisms and redirection as its basis for sandbox. You can also pair it up with AppGuard if you wish to. Acouple members here do. Look up posts by "pegr".
     
  10. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    Thanks for the advice.

    Sandboxie's no longer a legitimate option for me since it was bought out. Another factor is they no longer sell lifetime licenses, but that may not even matter since the new company could eventually phase out Sandboxie in favor of whatever bloatware they'd be offering in it's place. Too much uncertaintly combined with a long history of bad endings for security software that have been bought out.

    As far as GesWall's UAC compatibility, how exactly does this hurt it's security? Kees apparently has been able to run GesWall with UAC enabled, but with GUI issues. Are you aware of other issues or are you just concerned over the possibility that the GUI issues may be part of a larger issue that could also be effecting the security layer?
     
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    I can understand your principles on software licensing. You can always use Sandboxie free version.

    As for Geswall, I have a simple policy regarding security software. If it needs me to disable UAC or apply workarounds, it is not worth my time. If the developer(s) do not code properly the software to be UAC-aware, I have no interest in using it. If I remembered correctly, it was also not ASLR-enabled...you might want to check that.

    Just to be clear, I'm not against Geswall. I just figured that if you're moving on from outdated OS and HIPS, it would be a waste of effort using security software that has not shown much progress.
     
  12. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,696
    Location:
    Zagreb, Croatia
    Not almost....it is dead.
    The company has been sold.
    It's like asking TallEmu when new OA will be released.... ;)
     
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Agree, valid reasoning, not ASLR enabled.

    No security issues

    As mentioned by others: AppGuard (using IE or Chrome as browser for normal browsing) with Sandboxie free (for dodgy browsing) is a good alternative
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    I know that BeyondTrust acquired GentleSecurity for its DLP product. As for Geswall, it is claimed to still be under GS itself...at least that was what aigle posted.

    https://www.wilderssecurity.com/report.php?p=1923829
     
  15. HIPSter

    HIPSter Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    28
    I've installed Malware Defender 2.8 and it seems like a solid replacement for EQSecure. I wanted something with granular registry/file/folder policies and it fits the bill. I'm assuming most here wouldn't install MD since it's no longer being updated, but does that really matter if I pair it up with the always up-to-date AppGuard? Whatever malware MD misses should likely be blocked by AppGuard. Where it shines is in it's versatility, which AppGuard lacks.
     
Loading...
Thread Status:
Not open for further replies.