What is Defensewall Considered?

Discussion in 'other anti-malware software' started by Brandonn2010, Jan 27, 2011.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    1. Is it a sandbox, HIPS, what is it considered?

    2. What similar programs other than GeSWall and Bufferzone are there?

    3. Do any support 64-bit systems yet?

    Speaking of supporting 64-bit systems, in case you didn't know, you can email GeSWall's technical support and ask to beta-test GeSWall 3.0.

    Thank you
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    defensewall is not 64 bit ready yet,it is similar to bufferzone and geswall:thumb: and it is a policy base hips with a sandbox firewall;) it's a complete solution:thumb:
     
  3. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Ah, I thought they were called policy-based HIPS/sandbox. Whatever they're considered, they're great! Are there any others than the 3 previously mentioned?
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    From DW website: DefenseWall HIPS (Host-based Intrusion Prevention System) is based on a sandboxing approach that uses rights restrictions and partial virtualization. It now comes with an integrated firewall.

    The other program not mentioned which does have 64-bit support is Sandboxie: -http://www.sandboxie.com/-
     
  5. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Yes, I did know about Sandboxie, but didn't consider it the same, since it isolates on a separate section of the hard drive, rather than isolate with policy. I don't know why but I don't use Sandboxie because I prefer the latter method of isolation.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Since when Defensewall has virtualization? :eek:
    I've always thought it was a policy based HIPS. :cautious:
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Great news, finally a full scope x64 version.

    PS GesWall uses internal OS mechanismes, so I have high hopes of getting Chrome like sandbox protection (only with options to control it through GW console).

    Chrome sandbox.
    By creating a restricted SID, adding a process through a job, limiting this job to restricted tokens and denying user handles plus switching to alternate desktop one can completely isolate a low rights process from the rest of the system. On x64 you do not have any limitations imposed by the kernel protection using the Chrome sandbox mechanism.

    Vista is a great Admin's OS, Windows 7 second best :)
     

    Attached Files:

    Last edited: Jan 28, 2011
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    SBIE's 64-bit version makes compromises (because of PatchGuard). That is, 64-bit SBIE is not as protectively strong as is 32-bit SBIE.

    So far, DW has been unwilling to weaken its protection to the degree that would be needed to attain compatibility with PatchGuard.

    These are *my interpretations* of the situation. If I am off-the-mark, please correct me.
     
  9. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I hate to resurrect this, but do you think it would be accurate to call DefenseWall, GeSWall, BufferZone, and AppGuard "policy-based sandboxes"? They are like sandboxes in that they isolate programs from your computer, but they do it with policy rather than having a virtualized sandbox, hence the name.

    I need to know because I have this informative website, albeit it's not online since that costs money. Basically I give it to friends and family that are interested, and I'm not sure exactly what to call those programs. Policy-based HIPS seems redundant, and policy-based sandbox/HIPS seems too complex, so I am calling them policy-based sandboxes for the reasons above, so is that accurate?
     
  10. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    there are, of course, many opinions. i'm of the opinion that policy does not isolate actions/processes, it blocks them. if i'm running a process in a sandbox and that process tries to write to a file i expect the file to be written to in the sandbox, not prevented from being written to because it's against a policy.

    i hear you, it's difficult to know the best label to use sometimes, and it doesn't help that there are entirely unhelpful labels like HIPS (all conventional security programs are meant to prevent host intrusions so host intrusion prevention system is too generic to truly be useful).

    look at it this way: the tool examines behaviours. it blocks or allows them according to rules/policies. my preference is to use terms that actually describe the tool so i use the term behaviour blocker. perhaps a very advanced/configurable behaviour blocker, but if it blocks behaviours then behaviour blocker seems the appropriate term to me.
     
  11. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Last edited: Jun 9, 2011
  12. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Not any more. The latest round of SBIE betas 'overcomes' Patchguard' to provide 64bit protection almost as strong as 32bit:

    http://www.sandboxie.com/phpbb/viewtopic.php?t=10201
     
Loading...
Thread Status:
Not open for further replies.