HIPs Questions

Discussion in 'other anti-malware software' started by Dregg Heda, Dec 31, 2008.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    What are the differences between GesWall, DefenseWall and a traditional HIPS?
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    The difference between policy-based sandboxes and traditional (classical) HIPS systems is simple- you don't need to answer technical questions. Usually, sandboxes are using pre-defined ruleset in order to separate untrusted processes group from the trusted one.

    The main differencebetween DefenseWall and GesWall is that GesWall is using more virtualization and Windows protection mechanisms. DefenseWall relyes only on its own protection rules and, practically, do not use virtualization.
     
  3. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So what are the major advantages/disadvantages between GesWall and DefenseWall?
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Well, it's up to you to make up your mind. I only may tell you about program's differences.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Benefits of DefenseWall over GeSWall
    a) GW does not has total untrusted file control, meaning when you move an untrusted file to another partition it will become trusted, or when you open a file with a trusted program it might change file status of untrusted to trusted (DW has total untrused file control, because it uses policy control tokens of its own, not Microsoft internals)
    b) GW does not recognise the program in its data base when you have them installed in a different place (DW always recognises untrusted programs, no matter where you install them).
    c) DW works with Digital Rights Management properly out of the box (so you do not loose lisences of paid music and movies)
    d) DW runs flawlessly as Limited User (some functions of GW are not accessible when running LUA)


    Benefits of GesWall over DefenseWall
    a) GW has an application wizzard in which you can add new unknow programs by yourself. Down side is when you allow critical resources to be accessed by this new untrusted program, you create holes in your security, see upside below
    b) GW has virtualisation as an intermediate option, while DW only allows or denies. Upside of GW was when I added a new program which accessed critical resourced, I always was able to change it from "allow" to "redirect" (=virtualise) and the new program worked flawlessly while still being protected fully.
    c) GW has a life time lisence
    d) GW has an undocumented feature which allows you to run the freeware version with the paid application data base (so you only miss some context menu functionality of the paid version).

    More or less even features
    GW is fully configurable by adding commands to the console, DW is also fully configurable with resource management, but offers more guidance with the user interface. DW comes with a set of pre defiend resource protection rules (which makes it for instance impossible to access your Outlook E-mail by a malware running in your web browser). I think GW has a little more configuration options for die hard power user, while DW comes with a default extra resource protection set out of the box.

    GW and DW both will offer outbound protection first quarter next year

    GW uses Windows mechanisme, which makes it a tat faster than DW, DW has a more active release program and more responsive customer support.

    Both are great programs



    Cheers
     
    Last edited: Dec 31, 2008
  6. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Whats the significance of this?
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I added explanation, relevance is you won't loose licenses you paid for obtained via the web or any untrusted media player.
     
  8. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for all the info Kees Ithink I have a pretty good idea about both these products now. Im gonna try each product out before making my final decision.
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    One other difference is price Geswall Pro is $ 53.71 USD for 1 yr license but currently have a limited time 15 % discount which is still over $45.00 USD,However free version is offered.


    Defensewall is currently $ 29.95 USD at Full price and considering the support behind it and How effective its protection is,It is a better bargain as far as paid goes.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Djohn, true

    I though GW was life time lisence, DefenseWall is 29,95 plus 9,95 each year renewal.

    Cheers
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I tihnk we need to get past looking at where these 2 great programs,"Are", and start looking and getting excited, about where they both are about to "Be."

    The 2 of them may put a whooping on a good many AV products ass this coming year. They may accelerate the understanding and migration to programs like this. It will be interesting none the less.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    According to there site its 1 yr safe application update.
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry,

    I did not know. I got a lifetime Pro lisence, for sending some bug reports a few years ago when they started.

    Regards
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Ilya sure makes a strong showing when it comes to customer support. No one who knows him and his software can disagree.
     
    Last edited: Jan 1, 2009
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Wow thats great.
     
  16. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No argument here.
     
  17. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    More questions about Defensewall:

    If I were to wrongly trust an application with malware would Defensewall be able to provide any protection?

    Which is more secure sandboxing via protection rules or virtualisation? What does Sandboxie use?
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    DefenseWall comes with a build in list, so this decision is made at installation time automatically. All applications and files evoked/created with an untrusted application are contained also in the untrsted environment.

    MAin difference of Sandboxie with DefenseWall is:
    - With SBIE you can flush the toilet by deleting the sandbox contents
    - With SBIE when you move a file out of the sandbox contents, you are unprotected.

    Do not get me wrong: I think Sandboxie is a great program, it might even provide same or better protection as long as you keep everything in the sandbox. It is the Achilles tendon of SBIE when you move something out of the sandbox. I just do not understand why people adore this so much, see https://www.wilderssecurity.com/showthread.php?t=229492
     
  19. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    geswall works only with system drives of the NTFS file system type , it does NOT work with fat32 file system , so it does not match those who still prefere the fat32 file system
    while defensewall works perfect with either
    i think this minor deference can be added to the advantages of defensewall over geswall
     
  20. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So basically the untrusted application is created in the untrusted environment. I assume untrusted applications are monitored as they are installed. Are they monitored as they run? Is there any point at which an untrusted application becomes trusted?
     
  21. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    There is no difference between run and software installation from the driver's level.

    There are at least four ways to make an application runs as trusted.
     
Loading...
Thread Status:
Not open for further replies.