GentleSecurityWall

  • Thread starter Thread starter Aaron
  • Start date Start date
A

Aaron

With GeSWall (GentleSecurityWall), you can safely surf the web,
open e-mail attachments, chat, exchange files etc, regardless of the
security threats posed by the internet. GeSWall protects you from
intrusions and malicious software by isolating vulnerable applications.
Isolation applies an access restriction policy that effectively
prevents all kinds of attacks, known and unknown.


Key Features

* Prevents key loggers, rootkits, backdoors.
* Prevents confidential file disclosure.
* Prevents intrusions.
* Prevents malicious software spreading.
* Independent of attack techniques.
* Easy to use - fully non-intrusive, no configuration required.

Looks pretty solid when i tried it. Each application has certain
definable policies that restrict what folder it can read/write, which
registry keys it can change etc. You download rulesets for popular
browsers firefox, IE, email clients etc which are customised to each
app.

You can add new policies for each app if you want.

It is comparable to http://force.coresecurity.com/ (also freeware) but
a lot less complicated (and comprehensive)

Once installed, GeSWall dynamically isolates web browsers,
e-mail, chat, P2P, IRC clients and other applications that may serve as
entry points for malicious software or intrusions. Viruses, trojans,
spyware and exploits cannot pass through an isolated application and so
cannot cause any damage.

An access restriction policy prevents leaks of confidential documents
and unauthorized modification of files, registry, etc., coming through
an isolated application. At the same time, these restrictions are
unintrusive and do not disable important application functionality.

The technology used allows any application to be automatically isolated
without configuration by a user. To make it even smoother and
transparent, GeSWall applies specific access rules for most popular
internet applications. Those specific rules come in an open Application
Database. GentleSecurity staff regularly adds new applications to the
database so you can get smooth support for more applications from the
automatic update service.

With the GeSWall Console, advanced users may choose an appropriate
security mode and create rules for applications which are not currently
in the application database.

I tested it against WMF exploits, no problems. Very light resource
wise.

Note: According to a reply from the rep, it is supposed to be freeware
forever, but there's a possibility they *may* charge for updates to the
application rulesets after one year.. Of course, there is no reason why
people can't make their own policies and share....

http://www.gentlesecurity.com/overview.html
 
With GeSWall (GentleSecurityWall), you can safely surf the web,
open e-mail attachments, chat, exchange files etc, regardless of the
security threats posed by the internet. GeSWall protects you from
intrusions and malicious software by isolating vulnerable applications.
Isolation applies an access restriction policy that effectively
prevents all kinds of attacks, known and unknown.
Key Features
* Prevents key loggers, rootkits, backdoors.

Interesting find. How do you suppose the program could foil a
keylogger? Or a rootkit?
 
Interesting find. How do you suppose the program could foil a
keylogger? Or a rootkit?

Anti-vir detected a keylogger I installed on my PC. I cannot see why
somehting else couldn't.

Rootkit Revealer finds root kits, so it is possible this would as well.

All in all, "Swiss Army Knife" proggies are usually not the best you can
use, but work in a pinch. I hope to see some reviews on this.

--
++++++++++++++++++++++++++++++++++++++++++++++
El Gee // www.mistergeek.com <><
Know Christ, Know Peace - No Christ, No Peace
Remove .yourhat to reply
++++++++++++++++++++++++++++++++++++++++++++++
 
Anti-vir detected a keylogger I installed on my PC. I cannot see why
somehting else couldn't.

For a well known, unmodified program it is possible to write a
detection I guess. But for unknown or modified programs it would be
difficult to detect.
Rootkit Revealer finds root kits, so it is possible this would as well.

Doesn't this require a boot from a boot disk? Sorry, I don't recall
the specifics of RR.


I'll be checking out the program though!
 
Well there's no reason why you should stop using Antivir or rootkit
revealer.

I think of Geswall, Bufferzone, Prevx1r,proccessguard free, as
supplementary to these scanners. They take over when your antivirus
fails to recognise the file.

They don't recognise bad guys per se, but bad actions, and they can
isolate damage,

Bufferzone is particularly good, it tracks changes made to the file and
registry system of programs running in the buffer zone, so if you don't
like what is happening, you can just wipe it out.

http://www.trustware.com/forum/

Programs running in the bufferzone have limited previlages, so most
keyloggers will fail, rootkits using drivers won't install etc. You can
also set folders so that they can't be read by programs in the
bufferzone. Normally you would put your browser in the bufferzone. But
you could work any dangerous application that you don't trust, or could
be compromised.

The bufferzone is also good for installing test shareware,freeware
programs. All changes are wiped out, much better than total uninstall
and the like, which cannot remove changes made after the install.
Particularly good for sneaky shareware authors who like to sneak in
registry keys sometime in the middle of your use (for fear of uninstall
and reuse, this method defeats total uninstall). With bufferzone every
change is tracked and can be wiped.

The cons is, bufferzone is quite resource heavy. Currently beta.

The other one i'm trailing is prevx1r. This one tracks actions done by
programs, and informs you if something potentially dangerous occurs.
Example includes setting a startup, installing a driver, so on.

These types of program can get potentially very irriating to use with
all the prompts, but prevx1r has a clever mode where it checks with a
central server and recognises known files and these programs generally
will not cause any alerts whatever it does.

The license for prevx1r is worth reading slowly, it's not the same as
for prevx Home.

http://free.prevx.com/
 
Interesting find. How do you suppose the program could foil a
keylogger? Or a rootkit?

It could. depending on the restrictions set and the nature of the
keylogger,rootkit.. And again, it depends on the user , if you give
permission to this strange program to install drivers or services, or
write to your system folders, dont complain if it turns out to be a
rootkit.

Unlike antiviruses, such security programs like GSEwall dont really
have any 'intelligence', they just flag actions that might be
dangerous, and the decision to go ahead or not depends on you.
 
With GeSWall (GentleSecurityWall), you can safely surf the web,
open e-mail attachments, chat, exchange files etc, regardless of the
security threats posed by the internet. GeSWall protects you from
intrusions and malicious software by isolating vulnerable applications.
Isolation applies an access restriction policy that effectively
prevents all kinds of attacks, known and unknown.


Key Features

* Prevents key loggers, rootkits, backdoors.
* Prevents confidential file disclosure.
* Prevents intrusions.
* Prevents malicious software spreading.
* Independent of attack techniques.
* Easy to use - fully non-intrusive, no configuration required.

Looks pretty solid when i tried it. Each application has certain
definable policies that restrict what folder it can read/write, which
registry keys it can change etc. You download rulesets for popular
browsers firefox, IE, email clients etc which are customised to each
app.

You can add new policies for each app if you want.

It is comparable to http://force.coresecurity.com/ (also freeware) but
a lot less complicated (and comprehensive)

Once installed, GeSWall dynamically isolates web browsers,
e-mail, chat, P2P, IRC clients and other applications that may serve as
entry points for malicious software or intrusions. Viruses, trojans,
spyware and exploits cannot pass through an isolated application and so
cannot cause any damage.

An access restriction policy prevents leaks of confidential documents
and unauthorized modification of files, registry, etc., coming through
an isolated application. At the same time, these restrictions are
unintrusive and do not disable important application functionality.

The technology used allows any application to be automatically isolated
without configuration by a user. To make it even smoother and
transparent, GeSWall applies specific access rules for most popular
internet applications. Those specific rules come in an open Application
Database. GentleSecurity staff regularly adds new applications to the
database so you can get smooth support for more applications from the
automatic update service.

With the GeSWall Console, advanced users may choose an appropriate
security mode and create rules for applications which are not currently
in the application database.

I tested it against WMF exploits, no problems. Very light resource
wise.

Note: According to a reply from the rep, it is supposed to be freeware
forever, but there's a possibility they *may* charge for updates to the
application rulesets after one year.. Of course, there is no reason why
people can't make their own policies and share....

http://www.gentlesecurity.com/overview.html

Very interesting! Unfortunately, it's only for XP, huh?

Anne
 
For a well known, unmodified program it is possible to write a
detection I guess. But for unknown or modified programs it would be
difficult to detect.

WHatever, all I know is I installed cheap freeware keylogger (a pretty
bad one at that) and Anti-Vir found it and made me think, "OK, I can
remove this." It even found the compressed, uninstalled version on my
archive drive.
Doesn't this require a boot from a boot disk? Sorry, I don't recall
the specifics of RR.
No, Rootkit revealer does not need a boot floppy. I looks for things
not reported to the registry.
I'll be checking out the program though!



--
++++++++++++++++++++++++++++++++++++++++++++++
El Gee // www.mistergeek.com <><
Know Christ, Know Peace - No Christ, No Peace
Remove .yourhat to reply
++++++++++++++++++++++++++++++++++++++++++++++
 
Back
Top