GeSWall Free

This is mainly directed at Kees1958 (but anyone else using the Pro version of GeSWall please feel free to comment).

Is GeSWall Free sufficient and safe enough to use, compared to the Pro version? I haven't tried GeSWall yet, but I am interested in what people who are using it have to say.

The original web site gives a breakdown of Free vs Pro here:
http://www.gentlesecurity.com/professional.html

So the following aren't in the Free version:

1. Malware termination options (this sounds rather important?)
2. Automatic update for Safe Applications (again, this sounds very useful)
3. Custom Safe Applications (sounds like could get away with this one)
4. Safe Applications Wizard (again, probably can get away with this)
5. Pre-configured safe applications (this sounds important, especially if you are not sure how to configure applications)

So my question is, for the average user, presumably the Free version would be dangerous if not configured properly? It sounds like there is much more manual configuration involved in the Free version, and thus would not suit the novice user at all.

Are the above observations accurate?

 

The only main limitation is its data base of preconfigured safe applications (free only webbrowsers), the application wizzard (only when you use unknown internet facing programs).

I have set notifications off, auto terminate attacks and security to high (which makes GeSwall absolutely quiet), guess the free settings are the default ones (notify and interactive termnination), so I doubt you woud miss it.

Regards Kees
Regards Kees

 

The auto-termination is nice. I have the alerts disabled so I never hear (or see) anything happening from GW. I have also noticed zero slowdown on browsing too. I haven't used the application wizard very much but when I did it wasn't that useful to me, but you may be different. The customization of rules is pretty sweet too. Pro has alot more (60+/-) applications preconfigured than the Free version.

 

Yep, very little slowdown with GW.

My current security combo (GeSWall and Drive Sentry) loads Chromium cold in less than a second on a E5200 at 3,06 Ghz (a low cost, entry range dual core). I have GW also containing network traffic.

Successive Chrome starts in the blink of an eye. Taking into consideration that you can configure GW to act as an virtualisation sandbox (using redirect option), I feel pitty for all the hardcore Sandboxie and FireFox users complaining about initial load times of more than 10 secs (usability lab testing uses a 3 sec respond as a workable maximum reference).

Cheers

 

Hi Kees 1958

How do you configure Geswall as a Sandbox using ReDirect.

Could you walk me through the essential set up please?

Thanks

Terry

 

Not to get off-topic for a bit but I have FF 3.1 beta #3 with SBIE and CIS 3.9(Safe MOde/Clean PC/Stateful) and my startup is 3secs from a cold start. I'm running it on Vista Home (sp1) with a dual core 3.0G and 4G of ddr2 ram. Once I'm in the sandbox browsing speeds are lightning fast.

Back on topic, I really like Geswall free also and felt it was quicker on my laptop. My laptop runs WinXP pro (sp3) using IE8 and CIS 3.9 with a dual core 1.7G and 1G ddr ram. My cold startup would be about 3seconds. When I put SBIE in replace of Geswall Free, the startup went to 7secs.

Ice

 

Hi Terry,

When you are willing to use Chromium (go to http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/, download last build of previous day and install in C:\chrome, this would be the geswall settings

%HKCU%\Software\Google% File Allow
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache% File Allow
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies% File Allow
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History% File Allow
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData%\Google\Chromium\ File Allow
%USERPROFILE%\Local Settings\Application Data\Chromium File Allow
* Network Allow
\Device\NamedPipe\chrome File Allow
\Device\NamedPipe\lsass File Redirect
C:\ File Read Only
D:\ File Read Only
D:\Downloads File Allow
D:\TEMP File Allow
HKEY_CURRENT_USER Registry Redirect
HKEY_LOCAL_MACHINE Registry Read Only


When you want to try geswall free PM me, I have some other tips

 

Hi Kees

Thanks

Terry

 

im not familiar with geswall or how to work it but on youtube theres a reviewer guy who shows you how to use it as a sandbox and tests it on some nasty sites and shows how it protects.
here
watch some of his reviews hes actually quite good

 

Unfortunately, the link that you quote is unavailable Being eagerly to see the attractive videos
I am using Geswall with Firefox. I am wondering what configurations do I need to make it clear all the caches automatically after shutdown just like what sbie does(virtualization).
I add two rules as followings, but it seems doesn't work :
D:\Documents and Settings\Local Settings\Application Data\Mozilla\Firefox\Profiles\lce4hvjt.default\Cache Files Redirect
D:\Documents and Settings\Local Settings\Application Data\Mozilla\Firefox\Profiles\lce4hvjt.default\OfflineCache Files Redirect

(Those two folders above are where my caches are saved.)

BTW: the private message system is unavailable too... I am really learn the precious tips from Kees )


And I compared the rules that Kees gave and the ones Geswall pro has and found :
By default,FF(isolated) can read only the trusted resource "\Device\NamedPipe\lsass"(file),but in the Kees's rules, the access rights are "redirect", does it make any differences?

 

It's fine here

 

In the Tools>Options>Privacy tab in FF there are options to clear browsing data upon exit of FF. It doesn't have to be done through GW. All of the files in your cache are untrusted anyway so they can't infect your system files.

 

Yeah, that's a simple and good method but I am still confused why my rules didn't take effect

 

You might need to have %USERPROFILE% before the rules. Also, that rule will only apply to new files being added to the cache and won't delete the files that were in there before the rule was created. Kees and Aigle seem to know the most about GW though.

 

Better, Try the GesWall forum. Henk is a real configuration expert (I am more into usability). I do not use FF, so have no idea how to. Easiest way to achieve that is by using Chromium or Iron. The way FF is designed (a monolith) with plug ins etc not clearly seperated et cetera. They (FF) could have taken a lesson in clear design by looking at Opera in the past, today [I think] Chromium is the one with advantage through software architecture, Opera has the advantage of a well settled past, not ruining the good initial software architecture is also a credit to the Opera developers. But when I criticise FF I will problably asked to POQ soon.

 

Did you delete the default Allow rule for FF profile( including the cache)?

 

That's probably the point
There exists one default rules as follows:

And I add new rules under that one. So here comes another question, what is the priority of the rules? From the top to the bottom or some else?

 

I don,t know. Try deleting the default rule and then add ur rules to see if they work.

 

Does GeSWall provide outbound filtering? If not, then, is there a software which does? Basically, I am looking for protection against data thieving malware - keyloggers, screen loggers, etc.

 

yes it does

 

Hmmm. Yes it does but it,s not a piece of cake. You need to configure it.

 

Brilliant. System wide?

 

that will depend how you configure it and that is not easy, have to dig in the app alitle

 

From "system wide", I meant, a complete substitute for a software firewall. Like the XP firewall, except outbound, in place of outbound monitoring.

 

oh no,if you want to have a complete solution for your system "Comodo" is for you and free cause geswall is only a sandbox type protection and has outbound protection for applications that are sandbox