Is GesWall a sandox or not?

Discussion in 'other anti-malware software' started by Trespasser, Apr 16, 2008.

Thread Status:
Not open for further replies.
  1. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    *If this has been discussed before then sorry about that*

    Andrew over at Gentle Security Forum in FAQ stated that GesWall is not a sandbox but I also read statements by Aigle, someone whom I respect a great deal, saying that it was. So, which is it? Anyone want to chime in and explain this?
     
  2. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    The reason for the confusion is because the definition of this type of HIPS isn´t quite determined yet. However, I agree with Aigle in this case since it isolates/restricts the "sandboxed" application and its outcome (parent-child processes). Andrew seems to compare and distinguish these types of applications (GW, DW etc.) with "real" VM's as been true sandboxes. I prefer to distinguish them as application-level and system-level "sandboxes" instead.

    /C.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    GesWall is sure a policy based sandbox with limited registry visualization. Infact the definitions- Sandbox, HIPS etc- are used so loosely for a range of applications and products that I don,t care anymore for the exact terminology and nomenclature. All I care is that I understand what an application( GesWall) does and how effectively it performs its job.

    The Sandbox in FAQ,s refers to total virtualization like VM etc as Cerxes explained.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Although not 100% accurate, This is what I use to explain

    1. Policy sandboxing (or soft sandboxes)
    Restricts the rights of applications to access critical OS data, registry hives and quarantaines processes from potential malicious behavior. What running LUA does (user with restricted rights) does for a user, do DefenseWall and GesWall for all/selected threat gate application or internet/external facing applications (like your browser, e-mail, chat, P2P, etc). Vista UAC for instance restricts access to registry hives and critical OS directories and runs IE in 'protected' mode. Nicething about applications like DW and GW is that downloaded files of threat gate applications inherit the rights restriction. So you normally do not have think about its status (trusted or untrusted).

    2. Shadow Sandboxes (or 'virtualisation' sandboxes)
    Virtualise (keep them seperate) the file system for all sandboxed applications (Sandboxie, SafeSpace) or a partition/complete drive (Returnil, PoweShadow, MS SteadyState). Some (like SafeSpace) offer both. When using this it is important to know in which mode you downloaded files, etc. Otherwise when you purge a sandbox everything in it is reset. Point is those applications trick the virtualised applications to use a copy (shadow) of the protected files/partition.

    3. Virtual Machine Sandboxes
    They create a complete different environment (virtualise Hardware), requiring an additional OS in the virtualised area. Examples VM, Virtual PC
     
    Last edited: Apr 17, 2008
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    BTW the term soft might misguide here as I don,t find them soft in their porotection in any way.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Agree,

    I did not invent the term. Soft for software, because it sandboxes the internet facing software amongst things.

    Both DW and GW suffer from marketing gizzmo, they are in fact policy enforcement HIPS, enabling a the average PC user to apply a pre-set policy restrictions rules while running as admin. HIPS have the association of being complex, Sandboxes of non-transparency, so invent a new name for this category which honours the ease of use and protection strength.
     
  7. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Nicely explained, gentlemen. And thanks, Kees, for the in-depth analysis.

    BTW, Cerxes, I like that avatar. I've tried Solaris Express, 10, and even Nexenta but had too much trouble with hardware compatibility. Still prefer Linux, though.

    Again, thanks.
     
    Last edited: Apr 17, 2008
Loading...
Thread Status:
Not open for further replies.