Okay, here are my wishes


1. An installer recognition with warning

2. An option to allow a specific application to the secured files, for instance
a) WindowsMediaPlayer is an untrusted program, but I would allow it to access the folder "Paid music downloads"
b) Outlook express is an untrusted program, but I would allow it to access the folder 'My mail" and the file "Addressbook" with all my e-mail contacts

3. The text Go banking/shopping, also in the main window (below the close all trusted processes)

4. An untrusted files search/list (sort of file manager)

5. A trusted sofware vendors list, adding software by scanning a signed process or a reading a executable in a specific directory

99999. A build in WMP just to let you know one of the strongest HIPS is on air, (because it is so quiet on pop-ups)

Hi all,

I second Kees for this 2 wishes and especially the first (i already had msiexec flagged as untrusted when i launched an installer that i forget it was flagged as untrusted

Regards,

MaB

I second Kees first suggestion and would like to see not only a warning but also the possibility to switch off untrusted mode inside that message dialog for the file being installed.

Frank

I second this suggestion

Ilya,

Is it an idea use this tread as a sticky?


Members, thanks for the endorsement

I have not enough rights to do that. Admins, what do you think?

Some of my family members are not that sophisticated when it concerns PC security. To lower the threshold, I would like a quick access link with the DefenseWall Go shopping/go banking. So may be DW should accept a commend line (go shopping + preferred browser) or even usier friendlier, DefenseWall could also generate a link and ask where to store this (or put on the desktop). I would fancy a IE, FF, Opera Icon with the okay circle of DW on it.

I'd like to see some sort of visual indication on a file's icon (e.g. the icons on the desktop) as to which are untrusted, along with a right-click menu option to "Add to trusted", rather than just having the "Run as Trusted" option

I'm not sure this is warranted. If an application is listed as untrusted then quite obviously it is untrusted. If it not listed as untrusted then it is trusted; there is no trust list, only an untrust list. Is that your suggestion, that there should be a trusted list?

I would very much like for DW to treat applications and/or folders that are on the 'secured' list to be secured from not only processes that are marked as untrusted but those that are not as well. This would prevent process termination even if the terminating process was not caught by DW. Of course I'm thinking more a long the lines of putting your AB and firewall here.

No, that's not what I'm saying. If you download a bunch of .exe's to your desktop, some of them you might trust (e.g. Adobe) and others you may not. All of them will be downloaded with the status of untrusted, however the only way to trust something is to run it as trusted. You cannot mark it as trusted (or rather, not untrusted) and have a visual indication on the applications icon as to its status. GesWall has this feature and it is rather useful. Before you launch anything e.g. a PDF, you can see whether it is trusted or untrusted.

A simple request this which could be implemented before V3....on the Alarm Notifications it would be useful to provide a recommended action, particularly for keylogger behaviour that is detected. e.g. "......reads keystrokes via RegisterRawInputDevices. This behaviour is highly suspicious and may be due to malware. Terminate is recommended." Whilst the existing alarm text would enable many DW users to assess the threat (or otherwise), more novice users are likely to click "OK" and allow the potentially dangerous activity to continue.

I think that maybe can be interesting to add the possibility of monitoring an application installation without restricting it, in order to be able to run it later as untrusted and being able to add all its resources automatically to the “Resource Protection” section.

Yep I endorse that.

I often try out a few programs, thnm roll back to me pre-test image. Would be nice to have it, allthough many main stream users would not use it.

+
An option to include certain files in the UNTRUSTED application area eg. "Setup.exe" in general or *.exe or *.rar

There is an option to include all the folder into untrusted. Why more?

Ok, let's say I share my computer/user (sometimes unwillingly ;-) and others like installing things they got from friends etc.
Also some P2P stuff.
Of course you can set CDROM's untrusted (mostly they copy everything to my harddrive first)
and also set all folders on my harddrive untrusted but another easier way, in my opinion, is to say *.exe and *.msi are untrusted.
It's just an suggestion, there are lot ways leading to Rome but this was mine.

This is something that would help the "less knowledgeable" user. [like me ]. I would also like to see the pop-up notifications colour coded to indicate the possible severity of the detection, ie: as in Threatfire.

Ian

Any type of application/outbound control planned for the future?

Yes, for the 2.50 version. But right now I keep my hands on fixing current problems and issues- don't like the idea to have it behind unfixed.

Looking forward to the new feature.



And that's what I like, fix what needs to be fixed before adding new features.

Just another question Ilya...........
Is there any plans or thoughts about in the future of adding something to help protect aginst scripts? XSS in particular ?
I know I can use Firefox w/no script but I prefer Opera browser.

Script-based attacks protection is the browsers job. No HIPS can solve it as requires deep HTML and script engines integration.

internet explorer beta 8 solve this problem,cause they built a xss filter

Thank you.

Be nice if Opera had this sort of protection.
Maybe in the future.

yes lonewolf.

noscript has it,firefox browser.

Hi Ilya,

From time to time I find myself wondering when some file listed in the untrusted applications list was added to that list.
So, I have this wish to have that information also. By the way, you already have dates (and exact times - this is important) in other lists, so it is just one more.
One possible use is when I started some installation as untrusted by mistake and I am able to cancel it. Then I would like to remove from the unstrusted list what had just been added there for this installation trial. Or maybe some of my children has unsuccessfully tried to install something and I might want to clean the untrusted list. But then I need to know exactly which files were created by the installation process, so the information about date and time can be quite useful here.

Coming to think about it, a warning message saying that some installation is about to be done in untrusted mode (asking if one really wants to proceed this way) would also be welcome.

Best regards,
acaetano.

A NEW "REPAIR" OPTION
-SELF DEFENSE (SRRY I ALREADY SAID IT)
-MORE STABILITY (SRRY I ALREADY SAID IT)->(in crappy vista. i got 2 comps using vista and 1 comp xp =( )

-MORE DETAILED HELP ARTICLE WILL BE NICE


thanks.



keep up the good work!

Application execute permission control.

the ability to change from trusted to not trusted while in browser session would be handy. Perhaps a drop down in the title bar?

@ilya

maybe it possible to change the remark "defansewall status= untrusted" to icon ? (maybe red one)
that because some title are long or in some situation the window holding the warning is small and u cant see immediately the status

cheers

In such cases i always look if there is a star * at the begining.

star? hehe welp i want to be sure and see its clearly i am in "untrusted" mode not looking for "*"

Yeah but i think it is the same rule as in Sandboxie where you have hash #, in DW we have a star * :)

Hi

new to DefenseWall and appreciating it so far :)

I'd like to see the possibility to change the title bar indication to something less intrusive (if you parden the pun...). The star is enough, IMO.

Anyway, thanks for a great product and from what I've heard and what I read on these forums: Thanks for great support!

cool ideas:)

+ 1...

A very cool DefenseWall desktop image and screensaver.

I would like to see a couple of new features...

1. A search option for the untrusted list so that a an item could be searched for in the list instead of having to scroll down through it item by item.

2. Perhaps the same feature for the trusted list.

3. A filter feature for the untrusted list so that I can optionally NOT show old items, uninstalled items, only new items, or only built-in items, etc..

4. Perhaps a similar feature for the other lists that might get lengthy.

5. A filter for the pop up messages so that only critical would show. This would keep harmless "Xprogram reads keystrokes" messages from popping up on harmless items.

6. A feature for the tray icon so that it could be set to only turn red for items in the untrusted list that are not filtered, or that are able to connect to either the internet, or a program that can.

Just press "F3" or Crtl-F.


Such the list is not exists.


How to determine if an item is "old"?


You can already filter them.


It turnes red for the messages are not filtered already.

>Just press "F3" or Crtl-F.

>How to determine if an item is "old"?


Well I learned a few things here. Thanks Ilya.

No not if an item is "old". My untrusted list is several pages long, even maximized. It seems that everything I install or download goes in there. It's like a junkyard of old, perhaps not even installed anymore. Any pruning of the list has to be done manually an entry at a time. It would be nice if the untrusted list were a little more savvy about what is put there, or for how long.

If DW were told to monitor the install/uninstall files of a program, and I uninstalled it, DW would then drop it from its lists.

If the only things in the untrusted list were the built in list, and those programs that can connect, then everything else could be filtered so that it would not show in the list, unless a user wanted it to.

Thanks Ilya!

With upcoming whitelisting (yes, limited by the digital signatures and "known as good" list of software vendors, but, anyway...) the list may decrease automatically by removing "known as safe" apps from it.

It would be helpful if DW had a reminder feature to it...

Sometimes running an installation routine in "Run as trusted" mode doesn't work, due to the fact that the installation scheme is in more than one routine. The end result is a failed installation.

So I disable DW long enough to take care of the installation. The trouble is, I sometimes forget to re-enable DW's protection. I have gone online at such times before and did not notice my mistake.

If there was a message popup that said, "DW's protection is disabled. Do you still wish to launch the program?" This could apply to just the programs which connect to the web, or just browser and email, or even all untrusted.

Very helpful feature.

With the V3, there are three additional features are involved to simplify software installation. The first one is whitelisting, allow you to move untrusted files to trusted automatically and on its launch from within "Download Areas" folder. The second one is dynamic mode selection on the "Download Areas" file launch. And the third is "disable protection" with timer. I assume, more then enough to feel safe about "oops, I forgot to switch defense on!".

Sounds like a great lineup of features. Looking forward to it. Thanks!

In fact, alpha version is just finished.

I thought I'd posted this already but can't find the post...so here goes again. On notifications for possible keyloggers & clipboard monitoring I'd like some clearer notifications for inexperienced users that makes clear that there is possible dangerous keylogging behaviour happening and that if you click "OK" it actually means "Allow" rather than "OK, I'll stop it". So perphaps change the "OK" to "Allow" with warning that you should only click "Allow" if you trust the application?

OK does not mean allow in this instance.
DW blocks/stops keylogging by default.
Someone correct me if i'm wrong on this.
Checking your logs should confirm.

No, DW alerts with the popup window, but only stops the keylogging if you terminate. If you click ok, the keylogging is allowed to continue. If you just ignore the popup and let it sit there the keylogging also continues. Whilst I understand this and know how to respond I also use DW on my wife's PC and she would probably just click "OK". So I just think the popup message could be a bit clearer to explain that keylogging is taking place and ask what action would you like to take...with a strong hint to "Terminate" unless you are 100% sure that the behaviour is legitimate.