Defensewall By Itself ? Options

[Zamboni]

Hello all,

Is anyone using Defensewall as their only active security app? I know a layered approach is
best but I am getting tired of running multiple apps when one may provide adequate protection.
I have trialed Defensewall and like the way it operates. I am thinking about purchasing it but
only if it can replace all or part of my current setup. I am a very safe surfer and do not visit the
dark side of the web.

Currently I run:

Avira Premium
Threatfire
Linkscanner Pro



Thanks in advance

[Ilya Rabinovich]

1. Yes, I use only DW itself.
2. Don't worry- there is no need to visit dark side, it will visit to you.

[CogitoErgoSum]

Hello Zamboni,

Please take a look at the following link below especially, post #7.

http://gladiator-antivirus.com/forum/index...533;entry202586

If you take a look at my signature below, you will notice that I do not use a resident antivirus scanner. On the other hand, I use Primary Response SafeConnect(ThreatFire alternative) which is an anti-malware application that employs intelligent behavioral heuristics alongside DefenseWall as a secondary layer to protect against malicious programs that I unknowingly run or execute outside of the sandbox(shoot-in-the-foot) or escapes the sandbox. Fortunately, in my experience, this has yet to happen. You might consider just running DefenseWall alongside ThreatFire and the default Windows firewall. Hope this helps.


Peace & Gratitude,

CogitoErgoSum

This post has been edited by CogitoErgoSum: Apr 19 2008, 08:49 PM

[motherroad]

I may try this myself. Any special settings to use for DefenseWall?

[CogitoErgoSum]

Hello motherroad,

My DefenseWall(DW) settings can be found in the link below. While these settings are optional, I believe that they enhance the level of protection and privacy that DW offers by default. Hope this helps.

http://www.wilderssecurity.com/showpost.ph...amp;postcount=9


Peace & Gratitude,

CogitoErgoSum

[motherroad]

I read the article. I wonder about the rollback option as it is stated for advanced users. Thanks for the help. I am still learning.

[CogitoErgoSum]

Hello motherroad,

The chances are between slim and none that your "actual" system will get infected by any malware of consequence while DefenseWall(DW) is standing guard. Keep in mind that DW by design(policy restriction sandbox with no file/folder virtualization and limited registry virtualization) will leave behind malware related file/folder/registry key traces on your hard drive and appear in the "Rollback" list when malware is intercepted and sandboxed. These malware related file and registry tracks are harmless as long as they are confined to the sandbox. In the meantime, if you are not comfortable using the "rollback" or "delete" functionality to remove malware related file/folders/registry keys, you can always rely upon the many free blacklist scanners that are available to do this job. A good list of them can be found at the following link below. For those who do not know any better, a third option may be to leave these malware traces alone as they are impotent as I have already explained. Hope this helps.

http://gladiator-antivirus.com/forum/index...showtopic=73840


Peace & Gratitude,

CogitoErgoSum

This post has been edited by CogitoErgoSum: Jun 10 2008, 07:15 PM

[Zamboni]

Thank you for the responses and the very informative links. I guess it is time to dust
off the credit card and convince the wife that we need "just one more" app.


Thanks again.

[Ilya Rabinovich]

convince the wife that we need "just one more" app.

That is the hardest part of the plan

[CogitoErgoSum]

For those of you who are seriously considering running DefenseWall(DW) with the default Windows firewall or DW alongside a behavioral anti-malware such as ThreatFire or Norton AntiBot/Primary Response SafeConnect with the default Windows firewall, I highly recommend some basic system hardening.

1.) The use of Windows Worms Door Cleaner(compatible with Vista) which is a free utility that does not require installation, allows one to close the most common ports exploited by worms. (*Note: On WinXP SP3, disabling "NetBios" may disconnect your internet connection. If this is the case, leave it enabled. Otherwise, if this does not apply to you, one should disable all five options. In my case, under Vista SP1, I was able to safely disable all five options without breaking anything. In contrast, under WinXP SP3, I was able to disable all except NetBios.)
http://www.firewallleaktester.com/wwdc.htm

2.) Enabling the "software" or "hardware" data execution prevention(DEP) feature in Windows for all programs and services.(*Note: In my case, with either WinXP SP3 or Vista 32 SP1, I was able to safely enable hardware DEP for all programs and services(OptOut - Policy #3) without breaking anything. The "AlwaysOn - policy#1" setting is the most secure, but, unfortunately, I have found that it breaks some programs.)
http://support.microsoft.com/kb/875352 (A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003)
http://www.microsoft.com/technet/security/...p/depcnfxp.mspx (How to Configure Memory Protection in Windows XP SP2)
http://windowssecrets.com/2007/05/03/01-Ho...protect-your-PC (How DEP can protect your PC)
http://windowssecrets.com/2007/05/10/02-Re...tware-discounts (Readers' revelations on DEP)
http://support.microsoft.com/kb/912923 (How to determine that hardware DEP is available and configured on your computer)
http://www.vistax64.com/tutorials/120778-d...le-disable.html (How to Enable or Disable DEP in Vista)
(*Note: For those of us who have Vista and have the "Windows classic" start menu enabled, here are step-by-step instructions on how one can get to the "Data Execution Prevention" tab so that settings can be changed. Right-click the "computer" desktop icon and select "Properties". Under "Tasks" which is located in the top left-most section of the screen, you will find "Advanced system setings". Select "Advanced system settings". The next step is to press the Performance "Settings" button which is located toward the top. Select the "Data Execution Prevention" tab which is the located furthest to the right. Keep in mind that this just one way to make changes to DEP settings.)

3.) Manually close the most vulnerable and commonly exploited Windows services.
http://www.sans.org/top20/#s2 (*Note: Section S2.5 "How to Protect against Windows Services Vulnerabilities" has a table that lists the services that should be closed.);(*Note: In my case, under Vista 32 SP1, I was able to safely disable all the specified services with the exception of "task scheduler" without breaking anything. In contrast, under WinXP SP3, I was able to disable all specified services.)
http://technet.microsoft.com/en-us/library...(EXCHG.65).aspx (*Note:How to Disable a Service in Windows. Even though this how-to is for Exchange Server 2003, these instructions apply to all Windows versions that employ services.);(An alternate and quicker way to access Windows services would be to hold down the "Windows" key which is located in the lower left hand corner of the keyboard and press the "R" key. This shortcut will open the "Run" dialog screen. In the space provided, you will need to type "services.msc" without the quotes and then press the "Enter" key.)

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

This post has been edited by CogitoErgoSum: Jun 21 2008, 12:03 PM

[cbella]

Hi Zamboni thanks for starting this thread you received some really great responses,
and thanks CogitoErgoSum for the links !

Far as purchasing DefenseWall I had opposite problem trying to convince my husband
but I did such a good job now we both use DefenseWall but really I think it comes down
to just how great this program really is, and I recommend it to family, friends and coworkers.



cbella

[Ilya Rabinovich]

and I recommend it to family, friends and coworkers.

Thanks for this high appreciation of my work!

[CogitoErgoSum]

Hello Zamboni, motherroad and cbella,

Thanks for the kind words. Just doing my modest part to ensure that fellow DefenseWall users are well protected.

*(Update: For those of you who do not know how to disable a service in Windows or get to the Data Execution Prevention tab in Vista, but would like step-by-step instructions on how to do so, I have provided a new link and some new tips in post #10 up above.)


Peace & Gratitude,

CogitoErgoSum

This post has been edited by CogitoErgoSum: Apr 20 2008, 09:53 PM

[cbella]

Hi Ilya,

You are welcome, I have always understood the need for having Anti Virus and Firewall on a computer especially with teenagers in the house,
than a few years ago I read a article about sandboxes, googled, and found your program, downloaded the trial and what I liked best about it
was how simple it was to install and use, first security software I actually understood, and the concept behind it is brilliant, and I also very
much appreciate how quick you are to respond to questions, and which is why I recommend your program to everyone.

Hi CogitoErgoSum,

I also appreciate the time you took to provide the links and how to's many thanks.

Now I have one question, I had never heard of this Windows Worm Door Cleaner before but I downloaded it and received a error installing
it says was unable to write to registry is this normal ? I have a Vista computer, on the XP computer it installed fine.

cbella

[CogitoErgoSum]

Hello cbella,

Keep in mind that Windows Worms Door Cleaner(WWDC) does not require installation. Do you have user account control(UAC) enabled? If so, did you allow WWDC to open when prompted by UAC? FYI, I am using Vista 32 SP1 and have disabled both UAC and Windows Defender. Did you run WWDC as "trusted all" or remove it from the "untrusted" list? Presuming that you have disabled UAC and have either run WWDC as "trusted all" or removed it from the "untrusted" list, it is normal to get the following error message when opening WWDC under Vista.

"Value in registry can't be opened.
(SYSTEM\CurrentControlSet\Services\Messenger\)"

Upon seeing the above error message, all that is required to proceed is to press the "OK" button. The reason for this error is because Windows Messenger by default is not installed in Vista. In fact, based upon personal experience, the above error message will appear in all versions of Windows in which Messenger is not installed or has been uninstalled. Double check to see that WWDC is not running as "untrusted" and remove it from the "untrusted" list if it is present. Hope this helps.


Peace & Gratitude,

CogitoErgoSum

This post has been edited by CogitoErgoSum: Apr 20 2008, 11:11 PM