GeSWall is intrusion prevention system that is non-intrusive and easy to use. It doesn't restrict network connections and does not use attack signatures or heuristic. Instead of blocking particular attack techniques, GeSWall focuses on attack objectives such as taking control of a PC, stealing data, breaking system integrity etc. By this approach, GeSWall prevents all attacks that involve damage, e.g. malicious software (viruses, trojans, spyware), software vulnerabilities (buffer overflow, privilege escalation, etc.), mis-configuration and unknown attacks based on "zero-days" vectors, e.g. GeSWall has been stopping Windows Metafile exploits.
GeSWall is designed to be as non-intrusive as possible. You can keep browsing, mailing, chatting, sharing and so forth in the same way as without GeSWall. Web browsers, mail clients, chat messengers, file sharing clients, office, multimedia and other internet applications become safe to use with GeSWall policy. At the same time, you can create files, start processes, access internet resources without restrictions. The files you created and worked with remain and are not erased, as is the case with virtualization solutions. Additionally, GeSWall does not require configuration or learning mode.
GeSWall is intended for regular operations with "trusted" or "safe" internet applications. It means you can do your regular stuff non-intrusively: browsing, reading mail, chating, etc. and GeSWall Personal Edition will prevent the attacks coming via these applications. Note that term "Trusted" means that you trust at least the installation of this program.
There are a lot of good things to be said about Geswall.I used it myself for a while,before I slimmed down my security setup.It certainly offers a high degree of protection against a wide array of malware and runs fairly light.
I have one queston about GW⌠GW and D+ are the HIPS softwares, so i need use both? Do you recommend switch the D+ to disabled level (i use safe mode now) with GesWall or leave D+ to safe mode?
Yeah they both work together fine I have geswall because itâs a strong second layer incase I stuff up with defense+. Geswall doesnât need anyuser interaction,
Never had any incompatibility issues, itâs light on system resources. I donât see why not to use it
I have CIS (Proactive security) FW=Safe Mode, D+=Safe Mode, AV active with Geswall (free). I run this setup on 3 PCs, Win XP Home, Win XP Pro and Vista Home. I believe it is one of the best free security combos on the market. Great security. Just my .02 cents.
I would like to understand better the advantage of adding GeSWall to a PC using Firefox browser, Thunderbird email, OpenOffice.org and CIS (Proactive Security, Defense+ in Clean PC Mode, firewall in Custom Policy Mode). When you want to download some new freeware, do you install it isolated with GeSWall to see if it is safe? Does GeSWall effectively eliminate the need to test new freeware with VirusTotal.com and CIMA? Do you use GeSWall on internet-facing apps instead of normally using a limited-user account (LUA)?
Yes I use GeSWall on all internet facing apps(Even gamesâŚthats probably a bit fussy though ) cause thats the point
GeSWall isnât a sandbox⌠Itâs not something you âemptyâ out once youâve had your time playing around. Itâs a policy restriction software, So it restircts what A program can and cannot do⌠For one example, Anything that comes through one of your threat gates will be labled as untrusted - untrusted files cannot modify trusted files.
Normally⌠You wouldnât isolate trusted installers.
You could always try it, If it doesnât work then you could just get rid of it.
I use my admin account only for installing software and the LUA for normal usage. On my admin account, I run internet-facing apps with limited-user privileges. Since GeSWall and Defense+ both protect certain files and registry keys, what is the advantage of GeSWall over customizing the Defense+ rules and using the above strategy for internet-facing apps?
Be advised that some programs just donât work isolated. Adobe Acrobat is one program that doesnât work isolated, which is a bummer because what if the PDF document happened to be booby-trapped? Thatâs why D+ is the only way to really prevent unknown malware.
I am days away from upgrading from CFP 3.0 to CIS 3.9, and I would like to figure out what strategy to take. My situation may be different than most Comodo forum users because I share my PC with an inexperienced user, for whom I need to suppress pop-ups with default deny.
Kyle, I am not promoting Defense+ over GeSWall. I am sincerely interested in your experiences and thoughts. As a person who stood against the forum crowd in the past, arguing logically that web and email shields provide no extra security over an AVS on-access scanner, I have respect for your ability to think independently.
Do you use a LUA and why?
Do you still use SandBoxie and why?
GeSWall is easier to use than Defense+, and both are vulnerable to the admin declaring malware as safe. Why not use GeSWall and CIS but disable Defense+ (except for buffer overflow protection)?
I have GeSWall and CIS (in âParent Modeâ) installed on a PC that inexperienced people use. Iâm not sure that I need both, but I have them just in case. Yes, some programs canât run isolated, Windows Live Mail seems to be one. But I think GeSWall will alert you if any malware from WLM tries to access important files.
If you have CIS with the âParent Modeâ on you probably donât need GeSWall.
Actually⌠Iâve never been a big fan of LUA. I find that it restricts my everyday tasks and itâs a frustration.
I donât use sandboxie because I find GeSWall easier to use⌠Because most apps are already in predfinedrules, so in most cases you just install and continue your normal Computing life.
As for that turtorial, All that does is surpress alerts and anything that is not already in the âMy computer security policyâ will be blockedâŚ
GeSWall does have itâs limitations too though⌠One thing that annoys me, If i download a .ZIP from the internet and then extract it, All those files that were extracted from the zip will be then have their lables
changed from untrusted to trusted. All you have to do to fix this is right click\lable as untrusted. or right click run isolated. However this might be a big downside you will have to consider using with an inexperienced userâŚ
I think the best idea is if you try the app and see what your opinion of it is. If you have any problems with it you can PM me or have a discussion over msn and get through it.
I have geswall because itâs a strong second layer incase I stuff up with defense+. Geswall doesnât need anyuser interaction,
) cause thats the point 