|
|
advice re geswall
I wonder what the experts think of intrusion defenders like Geswall
(GentleSecurity). Is it useful or overkill? To be used in addition to other protections (AV, firewall, etc.) or instead of? Jeff |
advice re geswall
Microsoft Security At Home
http://www.microsoft.com/protect/ Find reviews of individual applications on the web. --- Leonard Grey Errare humanum est wrote: I wonder what the experts think of intrusion defenders like Geswall (GentleSecurity). Is it useful or overkill? To be used in addition to other protections (AV, firewall, etc.) or instead of? Jeff |
advice re geswall
Has anybody here used Geswall and have personal experiences with it?
Jeff "Leonard Grey" wrote in message ... Microsoft Security At Home http://www.microsoft.com/protect/ Find reviews of individual applications on the web. --- Leonard Grey Errare humanum est wrote: I wonder what the experts think of intrusion defenders like Geswall (GentleSecurity). Is it useful or overkill? To be used in addition to other protections (AV, firewall, etc.) or instead of? Jeff |
advice re geswall
wrote:
I wonder what the experts think of intrusion defenders like Geswall (GentleSecurity). Is it useful or overkill? To be used in addition to other protections (AV, firewall, etc.) or instead of? Jeff I used GeSWall on and off. I like its premise but its implementation needs work. Too often if would get in my way. For example, when you download a file from a site through your browser, it appears you cannot create a new folder (to save the downloaded file). You try to use New Folder to create a new folder but it doesn't appear (and there is no error message). The workaround is to backup a folder level to select a different folder, select the parent folder (under which you created the new folder), and that refreshes the list so you can now see and select the new folder you created. I do like that it has a means of conveniently letting you start a non-protected instance of the web browser (like when you visit Windows Updates or any site where you want to actually install some software from there) but it doesn't remember where you were. It starts a new instance without remembering your current navigation path. That means, in the new unprotected instance, you have to navigate all the way to where you were before for when you decided you needed an unprotected instance. This is a security measure to prevent any buffer overruns or other malware from affected the new unprotected instance but it is a hassle. If you visit their forums (http://www.gentlesecurity.com/board/) and search on my moniker, you'll find other posts that I've made there regarding deficiencies in their program. Actually their search doesn't seem to find but one of my posts. Here is a link list of them: http://gentlesecurity.com/board/viewtopic.php?t=333 http://gentlesecurity.com/board/viewtopic.php?t=327 (fixed, I think) http://gentlesecurity.com/board/viewtopic.php?t=326 http://gentlesecurity.com/board/viewtopic.php?t=325 http://gentlesecurity.com/board/viewtopic.php?t=324 http://gentlesecurity.com/board/viewtopic.php?t=323 http://gentlesecurity.com/board/viewtopic.php?t=301 (fixed) http://gentlesecurity.com/board/viewtopic.php?t=318 http://gentlesecurity.com/board/viewtopic.php?t=304 http://gentlesecurity.com/board/viewtopic.php?t=298 http://gentlesecurity.com/board/viewtopic.php?t=297 http://gentlesecurity.com/board/viewtopic.php?t=293 http://gentlesecurity.com/board/viewtopic.php?t=295 http://gentlesecurity.com/board/viewtopic.php?t=294 http://gentlesecurity.com/board/viewtopic.php?t=296 http://gentlesecurity.com/board/viewtopic.php?t=292 I wait until they get a new version, trial it again, hit another wall, and then discard it again. My needs may be more robust or unbounded than yours. I would suggest using an uninstaller utility, like Zsoft Uninstaller, to record the GeSWall installation so you can do a clean uninstall of it (first use the Add/Remove Programs entry and then use Zsoft for more cleanup). The free version of GeSWall only protects (enforces additional policies and virtualizes some folders) a few applications, like your web browser. I don't know if it covers all web browsers yet, like Safari, Chrome, or Opera. I only recall IE and FF being covered. I found GeSWall just got in my way too much. To protect my web browser, e-mail client, or any Internet-facing application, I instead switched to TallEmu's OnlineArmor which is a firewall with HIPS (host intrusion protection system). It has a Run Safer option you can enable on a rule that you have defined for an application. The Run Safer forces the process (no matter who started it which means it covers when, for example, the web browser is started as a child process by another application) to run under a Limited User Access (LUA) token. This means the process runs under the same limited privileges as if you had logged in under a limited user account. Almost all security experts will tell you that the best way to be safe when doing anything Internet is to be under a LUA account. I used to use SysInternals psexec.exe because it had a command-line parameter to run the program that it loaded to run it under a LUA token; however, that only works to make the program you started with it to run that way. If that program was started as a child process, like some application starting an instance of your web browser, the web browser would not be limited. The Run Safer option in OnlineArmor regulates at the process level, not at the command-line level, so no matter what app started the process, that process got limited. The Run Safer option is available in the free version of OnlineArmor (but I squeaked in on a day they had a giveaway and now have the full version). I can use the Run Safer option on any process that is defined as an app rule in OnlineArmor, not just on the web browser (as would be only covered by free GeSWall). That includes my e-mail clients or anything else that makes an network connection. You do run into problems when you visit a site where you want to install software, like the Windows Updates site; however, it is easy enough to right-click on the OnlineArmor tray icon and disable it and load a new instance of the web browser to that site. Both GeSWall and Run Safer are safety features that are in *addition* to using a firewall, not to replace a firewall. Neither do they obviate the need for anti-virus/malware software. |
advice re geswall
Thank you VanguardLH. Very helpful and informative.
Jeff "VanguardLH" wrote in message ... wrote: I wonder what the experts think of intrusion defenders like Geswall (GentleSecurity). Is it useful or overkill? To be used in addition to other protections (AV, firewall, etc.) or instead of? Jeff I used GeSWall on and off. I like its premise but its implementation needs work. Too often if would get in my way. For example, when you download a file from a site through your browser, it appears you cannot create a new folder (to save the downloaded file). You try to use New Folder to create a new folder but it doesn't appear (and there is no error message). The workaround is to backup a folder level to select a different folder, select the parent folder (under which you created the new folder), and that refreshes the list so you can now see and select the new folder you created. I do like that it has a means of conveniently letting you start a non-protected instance of the web browser (like when you visit Windows Updates or any site where you want to actually install some software from there) but it doesn't remember where you were. It starts a new instance without remembering your current navigation path. That means, in the new unprotected instance, you have to navigate all the way to where you were before for when you decided you needed an unprotected instance. This is a security measure to prevent any buffer overruns or other malware from affected the new unprotected instance but it is a hassle. If you visit their forums (http://www.gentlesecurity.com/board/) and search on my moniker, you'll find other posts that I've made there regarding deficiencies in their program. Actually their search doesn't seem to find but one of my posts. Here is a link list of them: http://gentlesecurity.com/board/viewtopic.php?t=333 http://gentlesecurity.com/board/viewtopic.php?t=327 (fixed, I think) http://gentlesecurity.com/board/viewtopic.php?t=326 http://gentlesecurity.com/board/viewtopic.php?t=325 http://gentlesecurity.com/board/viewtopic.php?t=324 http://gentlesecurity.com/board/viewtopic.php?t=323 http://gentlesecurity.com/board/viewtopic.php?t=301 (fixed) http://gentlesecurity.com/board/viewtopic.php?t=318 http://gentlesecurity.com/board/viewtopic.php?t=304 http://gentlesecurity.com/board/viewtopic.php?t=298 http://gentlesecurity.com/board/viewtopic.php?t=297 http://gentlesecurity.com/board/viewtopic.php?t=293 http://gentlesecurity.com/board/viewtopic.php?t=295 http://gentlesecurity.com/board/viewtopic.php?t=294 http://gentlesecurity.com/board/viewtopic.php?t=296 http://gentlesecurity.com/board/viewtopic.php?t=292 I wait until they get a new version, trial it again, hit another wall, and then discard it again. My needs may be more robust or unbounded than yours. I would suggest using an uninstaller utility, like Zsoft Uninstaller, to record the GeSWall installation so you can do a clean uninstall of it (first use the Add/Remove Programs entry and then use Zsoft for more cleanup). The free version of GeSWall only protects (enforces additional policies and virtualizes some folders) a few applications, like your web browser. I don't know if it covers all web browsers yet, like Safari, Chrome, or Opera. I only recall IE and FF being covered. I found GeSWall just got in my way too much. To protect my web browser, e-mail client, or any Internet-facing application, I instead switched to TallEmu's OnlineArmor which is a firewall with HIPS (host intrusion protection system). It has a Run Safer option you can enable on a rule that you have defined for an application. The Run Safer forces the process (no matter who started it which means it covers when, for example, the web browser is started as a child process by another application) to run under a Limited User Access (LUA) token. This means the process runs under the same limited privileges as if you had logged in under a limited user account. Almost all security experts will tell you that the best way to be safe when doing anything Internet is to be under a LUA account. I used to use SysInternals psexec.exe because it had a command-line parameter to run the program that it loaded to run it under a LUA token; however, that only works to make the program you started with it to run that way. If that program was started as a child process, like some application starting an instance of your web browser, the web browser would not be limited. The Run Safer option in OnlineArmor regulates at the process level, not at the command-line level, so no matter what app started the process, that process got limited. The Run Safer option is available in the free version of OnlineArmor (but I squeaked in on a day they had a giveaway and now have the full version). I can use the Run Safer option on any process that is defined as an app rule in OnlineArmor, not just on the web browser (as would be only covered by free GeSWall). That includes my e-mail clients or anything else that makes an network connection. You do run into problems when you visit a site where you want to install software, like the Windows Updates site; however, it is easy enough to right-click on the OnlineArmor tray icon and disable it and load a new instance of the web browser to that site. Both GeSWall and Run Safer are safety features that are in *addition* to using a firewall, not to replace a firewall. Neither do they obviate the need for anti-virus/malware software. |
| All times are GMT +1. The time now is 07:02 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters