GeSWall Personal Edition 2.3.0 - GUI Review

Discussion in 'other anti-malware software' started by AJohn, Aug 18, 2006.

Thread Status:
Not open for further replies.
  1. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  2. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Nice one AJohn. I hope kareljag or someone similarly qualified will carry out some security tests on GesWall soon.
     
  3. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Yes, nice review, something you enjoy to see before to install it ;) .

    I must say I've tried GeSWall yesterday, but it was very unstable on my computer. Had to get rid of it after only few hours.

    BTW q1aqza, GeSWall is on Kareldjag's test list http://kareldjag.over-blog.com/article-1925750.html, hopefully a review should be posted in the next months.


    nicM
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks AJohn. Nice tutorial. I have had Geswall on my gaming snapshot for a while. I have not put any effort to learn the advanced stuff on this yet. Mainly use it as a browser (and internet stuff) isolation, as such it runs flawlesly and does its job as it should without me having to put any effort to configure it. Great software, and I guess it will be even better when I [take the time to] learn how to use all the features.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What type of unstability u noticed?
    I tried it on two laptops( XP Home and Pro) woth KIS and it immediately freezed my PC. no way except to reset power button, tried many times and same results. I think it has some severe conflict with KIS.
    On my main laptop I am using it with multiple appliances( see my signature) and it is working nice except for occassional short few second freezing of my Opera and very occassional susyem lockup but generally working well.
    I will write to their support about this issue( though I can,t say 100% that these issues are related to GesWall but from its sever conflict with KIS I can guess that it can have at least minor conflicts with other security appliances as well).
     
  6. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Unfortunately it does clash with KAV/KIS 6 and is a known problem. I noticed the same on one of my PCs. Brian from GesWall told me it is being addressed. Perhaps give it another try when they realease a fix/new version.

    It does work fine with KAV 5, NOD32 and AntiVir as I have personally tried them.
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Exactly what I've experienced ! In fact it was running AOL AVS in this snapshot, which is using KAV engine, so there's something with the file-scanner in KAV.

    It's running fine in another snapshot since, with Antivir.

    I've not fully understood everything about GeSWall yet, the GUI is not very user friendly, and IMO a shell-extension is missing (although I'm sure this is by design) : There's no way to launch a file isolated if this file didn't come from an isolated program first, for example; or to review files tags. And I didn't find where to look at the sandbox-content; I think such a feature is really missing :doubt: . Windows's own zip utility is not supported too : It's breaking the "isolated chain".

    But the logging is very good. I did test it with a spyware coming with user-mode rootkit : It works as expected, however the files created are not erased when spawned-isolated processes are closed o_O . Isn't it supposed to do ?

    Btw, nice avatar ;)

    nicM
     
  8. A1SteakSauce

    A1SteakSauce Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    88
    Yep, thatswhat I run it with... although I have no idea about what it does. :D EDIT: now i do. thanks WSFuser
     
    Last edited: Aug 20, 2006
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think it clears only registry, files are there but might be harmless but I am not so sure.
     
  10. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    That's my understanding also. New or changed registry entries are diverted to temporary ones and are (or should) clear when the process terminates. But files are left behind so I guess similarly to Defensewall it would be down to your anti-virus or anti-malware product to get rid of any infected files.

    Apparently a context menu option is being worked on. Likewise I'm very keen to have it so hopefully it will come in the next release

    Still, it's not a bad product for free though is it :)
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    When Spyberus comes out of beta cleaning up after anything from installations of legit software to the worst malware our there (that doesn't bypass GeSWall) will be a breeze :D
     
  12. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Ajohn,
    Thanks for the info about Spyberus. I went to their website and read a little about the program. Some people did have issues with it and it is still a beta at this point.
     
  13. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    It does look an interesting program. I look forward to trying the clean beta.
     
  14. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Well, I've done another "informal" test with it, so far it was efficient, but at least one malware was able to "escape" the isolation : SpywareQuake 2, dropped by Intcodec (among other desktop-hijackers), although being isolated in GeSWall, was able to restart, and not isolated !

    Before reboot :

    http://img180.imageshack.us/img180/4996/beforerebootzu7.png


    After reboot : http://img66.imageshack.us/img66/3/afterreboottz2.png


    I don't know what happened, but I'll redo this test in a more "formal" way, when I've time, to check if I didn't make mistakes :blink: .


    Btw, I've found a workaround to run test files isolated : To access the files locally within IE. Weird, but it works.

    nicM
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I will be curious to know the results.
    BTW, in the past memeber zopzop did some testing with it and posted his results, it passed those tests( though not a formal testing).

    Ya, I have been doing like this. Interestingly if u select a file in Opera/ firefox it is copied as a download and this copy is already isolated and will run isolated as it came from an untrusted source( browser). If u do same in IE, file is not copied, rather it is excuted as isolated. This is the difference I noted in these browsers.
     
  16. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have just tried to install GeWall and it won't install. I am running Win 2k and it says it needs sp4 which I have. The next window says it cannot install and closes.

    Can this be run with an existing firewall? I am running Kerio 2.1.5 and PG full, Avast.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I posted ur results to Brian and here is his answer( posting after his permission),

     
  18. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks for taking care about it aigle, but as I said, I'll check it when I have time.

    What I can say - for now - is that 1. SpywareQuake was able to autostart after a reboot, and 2. it was not isolated anymore when it happened (cf the pic). Two points that shouldn't have happened, despite the fact that GeSWall doesn't prevent files creation.

    nicM
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ImageShake is not accessed from my ISP. If u have time, can u upload images locally or send to me, aiglehawk[at]hotmail.com.
    Thanks.
     
  20. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Really? Oh, anyway, the pics are just SpywareQuake running isolated (with green bar) and not isolated, nothing sentational ;) , it was just illustrating what I was saying.

    nicM
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ok, I will wait if u repeat ur testing with it.
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi nicM, I tested Intcode and spyQuake was infact successfully isolated. It was not able to restart on reboot and on manual restart GesWall gave the pop up option to isolate it as being from untrusted source.
     
  23. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi aigle,

    Thanks for doing this test. I'm not surprised by your result, this is what is supposed to happen; and that's why I was especially careful to say something must have gone wrong during my test :blink: (although it did actually happen, SpywareQuake was isolated prior to reboot). Having deleted all (or almost) my snapshots lately, I don't have GesWall installed anymore, but will try to redo this test when I can ;) .


    nicM
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ok, take ur time.
     
  25. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Just sended:

    Request a new application

    Next Firefox version is coming soon and looks like that it uses different registry locations than old one.

    New locations:

    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0

    no folder in HKEY_CURRENT_USER

    %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData%\Mozilla\ and %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData%\Talkback\MozillaOrg\ are same


    EDIT: I just realized that I have to add manual most of my applications. Maybe I delete all default applications rules and make my owns. Can someone tell me what are these applications in system folder?! Should I run those in GeSWall?
     
Loading...
Thread Status:
Not open for further replies.