Discussion in 'other anti-malware software' started by Dregg Heda, Dec 31, 2008.
What are the differences between GesWall, DefenseWall and a traditional HIPS?
The difference between policy-based sandboxes and traditional (classical) HIPS systems is simple- you don't need to answer technical questions. Usually, sandboxes are using pre-defined ruleset in order to separate untrusted processes group from the trusted one.
The main differencebetween DefenseWall and GesWall is that GesWall is using more virtualization and Windows protection mechanisms. DefenseWall relyes only on its own protection rules and, practically, do not use virtualization.
So what are the major advantages/disadvantages between GesWall and DefenseWall?
Well, it's up to you to make up your mind. I only may tell you about program's differences.
Benefits of DefenseWall over GeSWall
a) GW does not has total untrusted file control, meaning when you move an untrusted file to another partition it will become trusted, or when you open a file with a trusted program it might change file status of untrusted to trusted (DW has total untrused file control, because it uses policy control tokens of its own, not Microsoft internals)
b) GW does not recognise the program in its data base when you have them installed in a different place (DW always recognises untrusted programs, no matter where you install them).
c) DW works with Digital Rights Management properly out of the box (so you do not loose lisences of paid music and movies)
d) DW runs flawlessly as Limited User (some functions of GW are not accessible when running LUA)
Benefits of GesWall over DefenseWall
a) GW has an application wizzard in which you can add new unknow programs by yourself. Down side is when you allow critical resources to be accessed by this new untrusted program, you create holes in your security, see upside below
b) GW has virtualisation as an intermediate option, while DW only allows or denies. Upside of GW was when I added a new program which accessed critical resourced, I always was able to change it from "allow" to "redirect" (=virtualise) and the new program worked flawlessly while still being protected fully.
c) GW has a life time lisence
d) GW has an undocumented feature which allows you to run the freeware version with the paid application data base (so you only miss some context menu functionality of the paid version).
More or less even features
GW is fully configurable by adding commands to the console, DW is also fully configurable with resource management, but offers more guidance with the user interface. DW comes with a set of pre defiend resource protection rules (which makes it for instance impossible to access your Outlook E-mail by a malware running in your web browser). I think GW has a little more configuration options for die hard power user, while DW comes with a default extra resource protection set out of the box.
GW and DW both will offer outbound protection first quarter next year
GW uses Windows mechanisme, which makes it a tat faster than DW, DW has a more active release program and more responsive customer support.
Both are great programs
Whats the significance of this?
I added explanation, relevance is you won't loose licenses you paid for obtained via the web or any untrusted media player.
Thanks for all the info Kees Ithink I have a pretty good idea about both these products now. Im gonna try each product out before making my final decision.
One other difference is price Geswall Pro is $ 53.71 USD for 1 yr license but currently have a limited time 15 % discount which is still over $45.00 USD,However free version is offered.
Defensewall is currently $ 29.95 USD at Full price and considering the support behind it and How effective its protection is,It is a better bargain as far as paid goes.
I though GW was life time lisence, DefenseWall is 29,95 plus 9,95 each year renewal.
I tihnk we need to get past looking at where these 2 great programs,"Are", and start looking and getting excited, about where they both are about to "Be."
The 2 of them may put a whooping on a good many AV products ass this coming year. They may accelerate the understanding and migration to programs like this. It will be interesting none the less.
According to there site its 1 yr safe application update.
I did not know. I got a lifetime Pro lisence, for sending some bug reports a few years ago when they started.
Ilya sure makes a strong showing when it comes to customer support. No one who knows him and his software can disagree.
Wow thats great.
No argument here.
More questions about Defensewall:
If I were to wrongly trust an application with malware would Defensewall be able to provide any protection?
Which is more secure sandboxing via protection rules or virtualisation? What does Sandboxie use?
DefenseWall comes with a build in list, so this decision is made at installation time automatically. All applications and files evoked/created with an untrusted application are contained also in the untrsted environment.
MAin difference of Sandboxie with DefenseWall is:
- With SBIE you can flush the toilet by deleting the sandbox contents
- With SBIE when you move a file out of the sandbox contents, you are unprotected.
Do not get me wrong: I think Sandboxie is a great program, it might even provide same or better protection as long as you keep everything in the sandbox. It is the Achilles tendon of SBIE when you move something out of the sandbox. I just do not understand why people adore this so much, see https://www.wilderssecurity.com/showthread.php?t=229492
geswall works only with system drives of the NTFS file system type , it does NOT work with fat32 file system , so it does not match those who still prefere the fat32 file system
while defensewall works perfect with either
i think this minor deference can be added to the advantages of defensewall over geswall
So basically the untrusted application is created in the untrusted environment. I assume untrusted applications are monitored as they are installed. Are they monitored as they run? Is there any point at which an untrusted application becomes trusted?
Simplicity...., in concept and use.
There is no difference between run and software installation from the driver's level.
There are at least four ways to make an application runs as trusted.
Separate names with a comma.