Hello
I have some very basic questions, so please forgive my ignorance. I'm usually a very savvy user, but I'm having difficulty understanding how Defensewall works:
1. Am I correct in understanding that "Untrusted" applications cannot make any system changes?
2. If true, how do I retain the system changes made by an "untrusted" application?
3. How does Defensewall distinguish between "good" system changes and "bad" system changes?
4. How much memory does Defensewall typically use on an WinXP sp2 system?
Thank you!
Full Version: Trying to Understand How Defensewall Works...
QUOTE (capatt @ Nov 16 2006, 10:16 PM) 
Hello
I have some very basic questions, so please forgive my ignorance. I'm usually a very savvy user, but I'm having difficulty understanding how Defensewall works:
1. Am I correct in understanding that "Untrusted" applications cannot make any system changes?
2. If true, how do I retain the system changes made by an "untrusted" application?
I have some very basic questions, so please forgive my ignorance. I'm usually a very savvy user, but I'm having difficulty understanding how Defensewall works:
1. Am I correct in understanding that "Untrusted" applications cannot make any system changes?
2. If true, how do I retain the system changes made by an "untrusted" application?
What do you mean under "system changes". DefenseWall doesn't have file level virtualization, so modilifaction access is restricted only for important types of files (.exe, .js, .doc, .txt, ....). For more information, read DefenseWall's tutorial placed here, at this forum http://gladiator-antivirus.com/forum/index...showtopic=34858.
QUOTE (capatt @ Nov 16 2006, 10:16 PM)
3. How does Defensewall distinguish between "good" system changes and "bad" system changes?
There is built-in rulset for that. Frobidden changes will be rejected or virtualized.
QUOTE (capatt @ Nov 16 2006, 10:16 PM)
4. How much memory does Defensewall typically use on an WinXP sp2 system?
Driver or GUI? Not very much, it is written in pure C, I use it on my P2-450 386Mb without visible slowdowns.
Thanks for the quick reply. I have read the documentation and tutorial but it still seems unclear to me. What are "forbidden changes"? Could you give me an example?
If my browser is classified as "Untrusted", will cookies, boomarks, & downloads be saved? Will email will be normally saved?
What about when I want to install a new program? Do I have to shutdown Defensewall?
If changes are "virtualized", are we given a choice to keep them or not?
And, by memory usage, I mean both driver and GUI.
Thank you very much!
If my browser is classified as "Untrusted", will cookies, boomarks, & downloads be saved? Will email will be normally saved?
What about when I want to install a new program? Do I have to shutdown Defensewall?
If changes are "virtualized", are we given a choice to keep them or not?
And, by memory usage, I mean both driver and GUI.
Thank you very much!
1. About "forbidden actions". There is built-in rulset for untrusted processes. It is forbedden, for instance, to modify already existing .exe file, but it is possible to create new one or modify .ini file. It is forbidden to create new key within autorun registry section, but it is possible to create new key in non-autorun section. And so on. Some actions are forbidden for untrusted to be executed.
2. About your browser's information. Definitively yes! Everythig will be saled, e-mail will be sent&received.
3. It is possible to install new software as untrusted if you not sure about it, but there could be compatibility issues because of sandbox restrictions. If you need run and install new software in normal (trusted) mode, run it as trusted with shortcut's context menu, button within "Add/Remove Untrusted" sheet or remove application from untrusted list. There is no so special need to disable DW. But you may do it.
4. Memory usage is low in both cases.
2. About your browser's information. Definitively yes! Everythig will be saled, e-mail will be sent&received.
3. It is possible to install new software as untrusted if you not sure about it, but there could be compatibility issues because of sandbox restrictions. If you need run and install new software in normal (trusted) mode, run it as trusted with shortcut's context menu, button within "Add/Remove Untrusted" sheet or remove application from untrusted list. There is no so special need to disable DW. But you may do it.
4. Memory usage is low in both cases.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.