My only concerns with DefenseWall Firewall is in its sandboxing of all internet apps or untrusted apps. So if my parents try to add a contact to Skype or add bookmarks to Firefox, I assume those operations are then lost once the app is closed. While protecting the user, this would be confusing to them as to why these operations do not stay. And adding the 2 applications as trusted defeats the purpose of the product. If only Comodo's Threatcast feature was more valuable. This way when the popup alerts appear, then based on location of file/program and the community vote of "to allow" or "not allow" this would be helpful to more inexperienced users. Kind of like a "phone a friend or expert" feature. I think this approach might be better then the just sandboxing all untrusted.
I'm not sure, but I do believe that you can allow Skype or any other application to access certain contents you wish, provided you know what to add. Someone using it may tell you if it is correct. There's been a long time since I first took a look at DefenseWall HIPS. I do know that Sandboxie allows just that. I run my browser sandboxed and I allowed direct access to favourites and other stuff that I don't want to do allover again. Maybe Sandboxie would be the right choice if DefenseWall won't allow what you wish. Either one would be a great choice.
Oh come on, I'm not a bottom feeder. Not mentioning Matousec on this thread would be a true sin. Matousec has the best test approach out there for this kind of software, and they make everything on a clear and easy to understand way. Unfortunately, the ProActive Security layer as implemented by current security solutions is full of imperfections and weaknesses - as proved by Matousec again and again. This alone has the potential to make such thing not suitable for my needs. About HIPS: they are simply unneeded for everyone unlike the idea about them that some are promoting nowadays. HIPS are useful on controlled environments like malware labs, where all little changes a malware can make are noted... ...but what's the real benefit of running HIPS on an end-user machine? HIPS on end-user machines bring with them more confusion than real security, as noted by many other security researchers. Shouldn't we leave the essential task of flagging a malware to Anti-malware software designed for this... ...rather than having a guard alerting and asking about the real intent of near every little change made to a system? And as proved by the Matousec's ProActive Security Challenge, this guard is usually weak because it can't know about a change made by some technique still not covered by its implementation, leave alone act on it.
Your assumption is totally wrong. DefenseWall is a policy-based sandbox HIPS, it allow saving information by design.
You say policy-based sandbox HIPS allows saving. Can you elaborate more. Does the user need to configure anything to allow this or out of the box would saving Skype contacts and Adding Firefox favorites be allowed without alerts? Do you have more details on your product website about how policy-based sandbox HIPS work?
There is no need to configure anything. Simple- by allowing or denying certain activity of the processes into the "sanitized" zone according pre-defined rules. Registry and file system isolation are based on pre-defined rules too.
I like Policy based HIPS and Behavior Blocker. For Policy based HIPS (+sandbox), DefenseWall is the best. It is very easy to use and understand. Support is one of the best you will ever receive. I cannot imagine my system without it anymore. For Behavior Blocker, KIS 2011 include system watcher component, which constantly monitor and report malicious behavior. I also use WinPatrol, which is kind of classic HIPS, but it is very specific and lightweight. Bills calls it Real-time Infiltration Detection (RID)
I use both HIPS + Behaviour Blocker, both in KIS 2011. The HIPS is more important for me though. What I like in KIS is that it's HIPS in Interactive mode is quite strong while the application whitelist is large (so few popups).
There was an option for HIPS + BB, but I would have choose HIPS + AE. It was not an option in this poll.
LOL, it's not a lot less pop ups than MD or Comodo, but only at the first few days, after that, it gets really quite SSSHHHH
Policy based. i happen to use Geswall Pro but Defensewall is just as good. i tried classical hips but it wasn't for me. i don't want to be bothered with configuring a hips or answering Allow/Deny questions.
I'm fine with both HIPS and Behavior Blockers. Given the choice, here's my picks: Classical HIPS: Comodo Defense+ Policy-based HIPS: DefenseWall Behavior blocker: Mamutu
