GeSWall Personal Edition 2.3.0 - GUI Review

GeSWall Personal Edition 2.3.0 - GUI Review ( http://sscnetwork.net/showthread.php?t=367 )

 

Nice one AJohn. I hope kareljag or someone similarly qualified will carry out some security tests on GesWall soon.

 

Yes, nice review, something you enjoy to see before to install it .

I must say I've tried GeSWall yesterday, but it was very unstable on my computer. Had to get rid of it after only few hours.

BTW q1aqza, GeSWall is on Kareldjag's test list http://kareldjag.over-blog.com/article-1925750.html, hopefully a review should be posted in the next months.


nicM

 

Thanks AJohn. Nice tutorial. I have had Geswall on my gaming snapshot for a while. I have not put any effort to learn the advanced stuff on this yet. Mainly use it as a browser (and internet stuff) isolation, as such it runs flawlesly and does its job as it should without me having to put any effort to configure it. Great software, and I guess it will be even better when I [take the time to] learn how to use all the features.

 

What type of unstability u noticed?
I tried it on two laptops( XP Home and Pro) woth KIS and it immediately freezed my PC. no way except to reset power button, tried many times and same results. I think it has some severe conflict with KIS.
On my main laptop I am using it with multiple appliances( see my signature) and it is working nice except for occassional short few second freezing of my Opera and very occassional susyem lockup but generally working well.
I will write to their support about this issue( though I can,t say 100% that these issues are related to GesWall but from its sever conflict with KIS I can guess that it can have at least minor conflicts with other security appliances as well).

 

Unfortunately it does clash with KAV/KIS 6 and is a known problem. I noticed the same on one of my PCs. Brian from GesWall told me it is being addressed. Perhaps give it another try when they realease a fix/new version.

It does work fine with KAV 5, NOD32 and AntiVir as I have personally tried them.

 

Exactly what I've experienced ! In fact it was running AOL AVS in this snapshot, which is using KAV engine, so there's something with the file-scanner in KAV.

It's running fine in another snapshot since, with Antivir.

I've not fully understood everything about GeSWall yet, the GUI is not very user friendly, and IMO a shell-extension is missing (although I'm sure this is by design) : There's no way to launch a file isolated if this file didn't come from an isolated program first, for example; or to review files tags. And I didn't find where to look at the sandbox-content; I think such a feature is really missing . Windows's own zip utility is not supported too : It's breaking the "isolated chain".

But the logging is very good. I did test it with a spyware coming with user-mode rootkit : It works as expected, however the files created are not erased when spawned-isolated processes are closed . Isn't it supposed to do ?

Btw, nice avatar

nicM

 

Yep, thatswhat I run it with... although I have no idea about what it does. EDIT: now i do. thanks WSFuser

 

I think it clears only registry, files are there but might be harmless but I am not so sure.

 

That's my understanding also. New or changed registry entries are diverted to temporary ones and are (or should) clear when the process terminates. But files are left behind so I guess similarly to Defensewall it would be down to your anti-virus or anti-malware product to get rid of any infected files.

Apparently a context menu option is being worked on. Likewise I'm very keen to have it so hopefully it will come in the next release

Still, it's not a bad product for free though is it

 

When Spyberus comes out of beta cleaning up after anything from installations of legit software to the worst malware our there (that doesn't bypass GeSWall) will be a breeze

 

Ajohn,
Thanks for the info about Spyberus. I went to their website and read a little about the program. Some people did have issues with it and it is still a beta at this point.

 

It does look an interesting program. I look forward to trying the clean beta.

 

Well, I've done another "informal" test with it, so far it was efficient, but at least one malware was able to "escape" the isolation : SpywareQuake 2, dropped by Intcodec (among other desktop-hijackers), although being isolated in GeSWall, was able to restart, and not isolated !

Before reboot :

http://img180.imageshack.us/img180/4996/beforerebootzu7.png


After reboot : http://img66.imageshack.us/img66/3/afterreboottz2.png


I don't know what happened, but I'll redo this test in a more "formal" way, when I've time, to check if I didn't make mistakes .


Btw, I've found a workaround to run test files isolated : To access the files locally within IE. Weird, but it works.

nicM

 

I will be curious to know the results.
BTW, in the past memeber zopzop did some testing with it and posted his results, it passed those tests( though not a formal testing).

Ya, I have been doing like this. Interestingly if u select a file in Opera/ firefox it is copied as a download and this copy is already isolated and will run isolated as it came from an untrusted source( browser). If u do same in IE, file is not copied, rather it is excuted as isolated. This is the difference I noted in these browsers.

 

I have just tried to install GeWall and it won't install. I am running Win 2k and it says it needs sp4 which I have. The next window says it cannot install and closes.

Can this be run with an existing firewall? I am running Kerio 2.1.5 and PG full, Avast.

 

I posted ur results to Brian and here is his answer( posting after his permission),

 

Thanks for taking care about it aigle, but as I said, I'll check it when I have time.

What I can say - for now - is that 1. SpywareQuake was able to autostart after a reboot, and 2. it was not isolated anymore when it happened (cf the pic). Two points that shouldn't have happened, despite the fact that GeSWall doesn't prevent files creation.

nicM

 

ImageShake is not accessed from my ISP. If u have time, can u upload images locally or send to me, aiglehawk[at]hotmail.com.
Thanks.

 

Really? Oh, anyway, the pics are just SpywareQuake running isolated (with green bar) and not isolated, nothing sentational , it was just illustrating what I was saying.

nicM

 

ok, I will wait if u repeat ur testing with it.

 

Hi nicM, I tested Intcode and spyQuake was infact successfully isolated. It was not able to restart on reboot and on manual restart GesWall gave the pop up option to isolate it as being from untrusted source.

 

Hi aigle,

Thanks for doing this test. I'm not surprised by your result, this is what is supposed to happen; and that's why I was especially careful to say something must have gone wrong during my test (although it did actually happen, SpywareQuake was isolated prior to reboot). Having deleted all (or almost) my snapshots lately, I don't have GesWall installed anymore, but will try to redo this test when I can .


nicM

 

Ok, take ur time.

 

Just sended:

Request a new application

Next Firefox version is coming soon and looks like that it uses different registry locations than old one.

New locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0

no folder in HKEY_CURRENT_USER

%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData%\Mozilla\ and %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData%\Talkback\MozillaOrg\ are same


EDIT: I just realized that I have to add manual most of my applications. Maybe I delete all default applications rules and make my owns. Can someone tell me what are these applications in system folder?! Should I run those in GeSWall?