Question about GeSWall

Discussion in 'other firewalls' started by zopzop, May 18, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks again.
    About the tests I am sorry to say I am not so expert to mention some real good tests.
    However if u run more tests in future, pls share with us.
    I will like to see if any other user can try it against RollbackRx, ShadowUser and FDISR.
    Thanks.
     
    Last edited: May 25, 2006
  2. crazy4stef

    crazy4stef Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    14
    Hi,zopzop.

    I test this virus under GeSWall,I failed to block it with default rules ,Did you add additional rules?

    RollBackRx is excellent to pass this test, after restoring to a snapshot the system recovered!
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    That,s nice as I use RollbackRx!
     
  4. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    nope. the only thing i did was make sure that the program was isolated. the thing is with geswall you have to make sure the program you are using is treated as "safe" (hence isolated). this is what i did:

    1) i downloaded (selected "run") the virus using maxthon (safe application)

    2) maxthon (safe application) called izarc (not safe but since it was called by a safe application it was isolated).

    3) i ran the virus within izarc (safe cause it was called by maxthon) and geswall stopped it dead in it's tracks.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi zopzop,
    I am still unable to download from the link you PMed me (have used 4 different browsers), and have still not received your e-mail with attachment (I will leave the mailbox open for another 24hrs)
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Thanks, file now received,....
    I have just come across a slight problem,... I have installed "Prisma" firewall, due to another thread, and cannot connect while "Prisma" is active and Firefox is "Isolated" by GeSWall.
     
  7. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi zopzop,
    It is already looking like GeSWall will stop any attack on the system via "redirect",..once the application is successfully isolated, my main problem at the moment with GeSwall is compatablity,.. as I mentioned in my earlier posts, I have been unable to set my CD rom as a "threat gateway", also not able to set files as "isolated", now the apparent incompatiblily with "Prisma firewall" (well there must be some problem, as I mentioned in my last post, Prisma firewall active + firefox isolated by GeSWall = no internet connection (well,... not on this system.)
    I do not deny the, what seems, great protection for the O.S./system by GeSWall when an application is isolated,.. but if there are incompatabilities that are not so apparent, then I would need to look for these before jumping into a "test" that may corrupt the system (even with full backups at hand)
     
  9. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    ^^i totally understand stem. i wish gentlesecurity had a forum on their webpage (and that geswall was more popular) so it could have more testers and tech support.

    if anyone cares here are my results from my geswall log after running the threat simulator:
    things to note:

    1) after i ran the test, the "spware simulator" ran but it was isolated

    2) 5 of the fake virii were actually installed on my system (i ran antivir after the test to see if anything was installed on my computer):
    i'm hoping someone more knowledgeable than me can figure out what these results mean. i also emailed brian and hopefully we'll hear from him soon.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    These (found at "documents/settings") without relevant registry entries/run commands are of no danger (reg access/changes would need to be checked). The abilty from an GeSWall isolated program to write here would need to be looked at.

    I will take time to look at the other log,.....
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I installed GeSWall, just second day of use now.
    Currently I have two problems.
    1- Whenever I open firefox, I get the pop up shown in first snapshot. I don,t know what is the reason, The confidential folder is empty by the way. What does it mean then and how I can egt rid of it?
    2- In opera when I go to Wilders or some other forum and click User CP, I get the pop up shown below the first one. Same popup comes again and again when I opened Notes in the sidebar of Opera and tried to write something here. How to disable it?

    Any help will be appreciated.
    Thanks.
     

    Attached Files:

    • ges1.JPG
      ges1.JPG
      File size:
      35.5 KB
      Views:
      528
  12. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    wow, this is odd. i have firefox and maxthon installed on both my computers and i use geswall, anvtivir, and jetico (comodo on my desktop) and i never encountered a problem. like stem said, there must be hidden conflicts somewhere. hopefully a gentlesecurity rep will help solve these problems.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi aigle,
    For some reason it looks like you may have your confidential folder set where firefox as its cache, open GeSWall and remove any entry in the "resources" that end in "confidential",.... as you have no confidential folders (and you have not set any) this will not cause problems.
    Your 2nd alert, I`m not sure, maybe write permissions on the folder? I will load opera to see.

    Hi zopzop,..
    I have re-installed, to continue to play, it is worth the effort,... looks like a good possiblity, barring possible conflicts.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks Stem!
    My confidential folder is in my documents that is created automatically by GeSWall during install. Ofcourse Firefox also keeps its application data in in same main folder where my documents are located but both are separate and the confidential folder is empty as I checked. So its, strange alert. Anyway to get rid of this message I will try to remove the confidential folder from resources. Just wondering it might be due to some extension installed on my FireFox!
    This second alert is more bothering for me as Opear is my main browser now a days.
    With IE I don,t get any type of alerts while surfing same sites. So 3 browsers behave differently with GeSWall.
     
    Last edited: May 25, 2006
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi, it resolved the issue but still don,t know why I was getting the alert exactly.
    Also what can be disadvantage of loosing this folder. Are u able to reproduce the same issue?

    And pls let me know if u find the reason about pop up from Opera.
    Thanks.
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Maybe just a bad string in the line/location entry for your "confidential folder"?
    You can replace this, just create a folder (any name/location) then add this location into the "resource" as "confidential" (see image)


    I have just installed, I think you will just need to add a rule to allow access to the file/location, I will post once I know what is needed.
     

    Attached Files:

    • 01.gif
      01.gif
      File size:
      56.7 KB
      Views:
      498
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks Stem.
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi aigle,
    From the alert you posted (for Opera), it appears you have not installed Opera to the default location, so GeSWall is blocking Opera from updating the hotlist (bookmark) file.
    In GeSWall, simply add this file/location into the Opera profile (see image)
     

    Attached Files:

    • 01.gif
      01.gif
      File size:
      52.8 KB
      Views:
      139
  19. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    hey stem, did you get geswall working on your pc? i've been busy searching the web for more tests :)

    so far i've tried spycar.org, the bufferzone tests, the dfk threat simulator, and a 'real life' virus "kill disk". it seems that geswall has passed all these tests.

    i'm dying to try geswall vs real life 'drive-by' spyware installs like spyware quake and coolwebsearch.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi Stem. U are right. I am able to fix it now. Nice helpful snapshots by u. Thanks
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    May be u can get links to spyware infected downloads from here.

    http://www.stopbadware.org/home/reports
    http://www.stopbadware.org/reports/reportdisplay?reportname=winfixer
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi, I was too early to post. The issue is still there. I think I need to enter the registry path to the file, not the location of file but I don,t know how to find this registry path.
     

    Attached Files:

  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I put the whole folder Profile and it resolved some other issues with opera but not this one. Strange for me as all settings etc for opera are in this folder.
     

    Attached Files:

  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi aigle,
    First, add the filename to the entry in GeSWall. Then check that the file is not set to read-only.
    (I have only managed to bring up this opera alert if I set the file to read-only)
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes and,.. no. I have set a my cdrom to a "Threat gate", and any .exe file run from there is now being isolated,... but any autorun installer is not.
    I am still playing,....... but a bit short on time.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.