Set Up Geswall To act Like A SandBox

Discussion in 'other anti-malware software' started by TerryWood, Aug 16, 2009.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi All

    I understand that Geswall can be set up to protect relevant programs such as browsers in a manner that Geswall acts like a Sandbox. I believe its called redirect. Could someone explain how to do this with Firefox 3.5.2?

    Thanks

    Terry
     
  2. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    its already like that :S
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Be sure to save your FF settings within the Console (export).

    Change all Allows to Redirect for teh FF application settings in the console

    Add File Access for My Documents to Read Only
    Add the download folder you use within FF (File Access - Redirect). When you want to save the files make it ALLOW or create a special directory called SAVED_DOWNLOADS and make this directory confidential (in resources).
    You have to move a file after download with Explorer from the download directory to the Saved_Downloads directory

    Add The HKEY_LOCAL_MACHINE registry hive with Read Only, same for HKEY_CURRENT_USER

    I do not use FF, so please make sure you try it out and make sure you can go back

    Cheesr
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Can someone explain to me how exactly GesWall will behave like sbie with these changes?
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Redirect = virtualise

    DW = pure policy management HIPS
    GW = policy management with some application virtualisation capabilities
    SBIE = application virtualisation
    SafeSpace = Application and partition/disk virtualisation
    Returnil = disk/partition virtualisation
    VM - hardware virtualisation

    Capiche?
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    nice explanation kees. :thumb:
     
  7. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So by configuring geswall and FF as you have, geswall has virtualised ff in the same way sbie would? So after surfing you can delete everything ala sbie? Can ff virtualised by GesWall mimic the effects of run/internet access restrictions when these are applied to a sandbox to only allow the browser to run and access the internet?
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, my advice will be to use GesWall as it is and if u like SBIE, go for it. I doubt that GW will behave exactly like SBIE. Besides u will have to make an effort to make rules n then to test them. Of course with these custom settings of GW, u will not be less secure but functionality of applications ( like FF)might be compromized.

    U need to try it n see how it goes.
     
  9. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    Thanks to Aigle, and everyone for their contribution. I am away to play with Geswall along the lines suggested

    Thanks

    Terry
     
Loading...
Thread Status:
Not open for further replies.