Publié le par nicM



                                          TESTS DEFENSEWALL








          DefenseWall is an HIPS program, working on the « white-list » principle : It reduces the rights of the programs and executable files running outside of the trusted zone. The idea is to set the programs which are vectors of infections (browsers, e-mail, P2P, Instant messengers and IRC clients, script engines, etc) as “untrusted”, meaning that everything getting through the computer from theses programs will be enclosed inside the untrusted zone.




        The protection works in a “no popups” mode. In other words, the protection is automated, because the ‘untrusted attribute is set for everything which is coming through ‘untrusted programs, on the parent process mode : processes, scripts, and registry activity. And the ‘untrusted attribute is “contagious” : when an ‘untrusted process launches another process already present on the system (ie. cmd.exe) , this process is made ‘untrusted too. Then very little user input is needed to run the program.




        The main window shows the number of ‘untrusted processes running, and a big red button is here to kill all theses ‘untrusted processes if an infection occurs :


        All the settings can be accessed from this main window, and the user can view the ‘untrusted processes activity with the Event viewer, and/or the Rollback panel.


        All the user needs to do it to add the programs he wants to run in ‘untrusted mode to the default list. Whenever some malware is downloaded through a browser, for instance, the malware is subjected to the ‘untrusted zone policy : The ‘untrusted processes won’t be able to autostart, to load drivers/services, to alter system files, to change some security settings on the system, to terminate/kill other trusted processes, etc.  



       An additional protection is offered by the “Secured files” feature : the user can add any files/folders he doesn’t want to ever be accessed/read by ‘untrusted processes. The purpose is to protect personal files from being infected and/or hijacked by some malware, for instance.



      The ‘untrusted zone can be manually set not only per program, but per folders/directories too : The user can add a folder into the untrusted zone, by using the right-click menu.





      For the modifications that DefenseWall doesn’t prevent directly (as blocking it), a rollback function is taking over : That’s a concrete illustration of the separation between the normal “trusted” zone, and the ‘untrusted one. All ‘untrusted files, folders and registry entries created by 'untrusted processes can be viewed, and erased by DefenseWall, here.


DefenseWall presentation by its author (Ilya Rabinovitch):

DefenseWall has a powerfull logging mechanism which allows you to see all the blocked dangerous actions. It may allow you to detect the presence of malware on your system.

DefenseWall's interface is really simple and intuitive. You don't need to read the help file to start using DefenseWall in a 100% effective manner.

The only thing you need to do is to put all the potentially dangerous applications (browsers, e-mail, P2P and IRC clients) into the untrusted applications list (also, there is build-in untrusted applications list which will be growing). If your computer is attacked with your browser via a browser vulnerability (or run as an attachment with your e-mail client), the malware won't be able to install propertly into your system, nor can it steal your sensitive information or harm your computer. It will be within the "untrusted processes" area, and can be terminated with one "big red" button push! Or, you may close malware processes separately.

DefenseWall has a registry and file system tracking mechanism which allows you to cleanup all the malware modules and malware-created registry keys under your full control. You have no chance of erasing anything important! ATTENTION! This feature is for the advanced user only! Others may need to use antivirus scan engines to remove malware modules from their system.

I hope you'll like and enjoy DefenseWall as much as many users!



                                           TESTS CONFIGURATION



* For theses tests, Version 1.40 was used (several improvements were added in the meantime on further versions).

* Tests were made with other monitoring programs enabled first, to watch closely the events before the actual test (Process Guard and RegDefend), and then with DefenseWall only. Most of the tests were made several times, with different setups.

* Antivirus was disabled for the tests, except for few tests where the AV was likely to be killed by the test file, to take note of the killing or not (test file was then excluded from scan).

* Most of the tests were launched from a CD, to meet the methodology criteria (files must be “unknown” for the program), then the CD drive was added to the ‘untrusted zone. But few tests had to be launched from the hard-drive - when there were not working from a removable device. Some other tests files were downloaded through the browser, and then automatically ‘untrusted.


 For kareldjag: test files are launched as untrusted from the CDRom, or on the hard-drive for some of them.

Antivirus always disabled, and the firewall is only enabled if the test file needs an outbound connection.

A protocol analyzer was used for backdoors tests.

Tests done with only one HIPS (DefenseWall) installed.


All tests done on Windows XP2, and results submitted to Softsphere team before the publication.






* Part 1 : Behaviour

*  Part 2 : In the wild with real malwares

* Part 2 Suite : "

* Part 3 : Client/server side and other attacks

* Part 3 Suite

* Overall and Assessment





















Publié dans HIPS TESTS

Pour être informé des derniers articles, inscrivez vous :
Commenter cet article

dissertation help 27/11/2010 11:58

Hello I am so delighted I found your blog, I really found you by mistake, while I was looking on Yahoo for something else, Anyways I am here now and would just like to say thanks for a tremendous
post and a all round entertaining blog. Please do keep up the great work

send flowers to Germany 31/05/2010 09:07

The arrival of a new born baby into this world is truly a blessing. Babies are beautiful and their innocence makes everyone want to love them even more. Though they may annoy you at times and
you up from your sleep for a bottle or to change their diaper, just one smile from them makes you forget all kinds of worries and tension of the world.
Mothers begin preparing for this arrival as soon as they know that they are expecting this child. After all, there are an unlimited amount of needs each baby has. In addition, each mother wants
pamper their baby as much as possible and will always want the very best for her children.
Every day responsibilities and jobs do not allow us to be present on all arrivals of new born babies, but by sending small and special gifts you can help make your presence felt amongst your
ones. What could make a better gift than a bunch of flowers? You can easily send flowers to Germany through online delivery services. Once, your flower delivery Germany arrives to your loved
it is sure to bring great joy and a big smile across their face.
Online services allow you to easily send flowers to Germany within the same day and offer a variety of options and arrangements for you to choose from. If it is a baby girl you can choose to go
a bouquet of pink roses and white for a baby boy. In addition, online services also give you other options along with flower delivery to Germany like baskets saying ‘It’s a boy’ or ‘It’s a
Though you are far away and cannot be present with your loved ones, allow these flowers to say it all. You have options of sending them in an elegant vase, simple basket or wrapped beautifully
amongst papers and ribbons.
Flowers are a gift that nobody will ever get tired of receiving and can be sent to anyone on any occasion. Different types of flowers have different symbols and meanings. Some flowers stand for
love, some stand for happiness and others stand for sympathy. Florists can help you out in choosing the best option depending on your occasion. For a baby you can go for any type of flower, but
just pick out the appropriate color.
Everyone has their own birth flower depending on which month they are born in. Each flower has its own meaning and is said to represent your personality. Take a look at each months flower:
January- Carnation or Snowdrop
February- Violet or Primrose
March-Daffodil or Jonquil
April- Daisy or Sweet Pea
May-Lily of the Valley or Hawthorn
June- Rose or Honeysuckle
July- Larkspur or Water Lily
August-Gladiolas or Poppy
September- Aster or Morning Glory
October- Calendula or Cosmos
December- Narcissus or Holly

dissertation topics 29/01/2010 13:38

I have been visiting various blogs for my dissertation research. I have found your blog to be quite useful. Keep updating your blog with valuable information... Regards

small business logo design 15/01/2010 05:59

Your blog is pretty good and impressed me a lot. This article along with the images is quite in-depth and gives a good overview of the topic.

Flowers 09/01/2010 19:07

Flowers are one of the most beautiful signs of nature on this earth. Most of the people type flowers uk , send flower uk or sending flowers uk to get the flowers delivered to their friends… People
searching for online flowers uk , flowers delivery uk , florist uk, flowers by post uk and flower shop uk are all the same….On any occassion whether happiness or grief it is used to dislay either
peace incase of happiness or the hope for peace in the future incase of grief :) Now in this modern era, thank to internet which has made it possible for us to deliver flowers internationally to
our colleagues, family and friends anywhere from the world all from the one click on the mouse :) Thanks for the nice post anyway...