[Contest] DefenseWall Personal Firewall [Forum Exclusive]

DefenseWall Personal Firewall [DWPF] presents a shift in the protection paradigm, successfully replacing traditional defence mechanisms, such as signatures, heuristics and behavioural analysis, with partial virtualization, sandboxing and HIPS.

DefenseWall simplifies the approach with setting restrictions on untrusted applications/processes. Any untrusted files, treated as potential attack vectors, will be running in a virtual area and not affect the real system. System files and folders, and vital registry keys are protected from the rest of the isolated processes.

Treating any Internet-facing applications as potential threat gateway, DWPF includes a bi-directional firewall, working as connections monitor, with the inbound being cleverly related to opening ports to untrusted applications, so that any possible exploits are contained with untrusted zone restrictions and through the Sandboxing mechanism.

Product Version

DefenseWall 3.20 is the current stable version and was released in November 2012, with improvements such as enhanced automatic cleanup for internal lists, extended Whitelist, added hotkey for displaying trusted and untrusted processes currently running, and also solved an issue with Firefox unable to play Flash-based content.

Installation

2 separate installation packages are available – for DefenseWall HIPS and DefenseWall Personal Firewall, either one can be used since the version-specific functionality will be dependent on the license. You can choose from 18 available translations.

Installation process is quick and easy, and consists of 4 steps, starting with a brief description of DefenseWall’s operating principles and recommending installation on clean system, as well as completion of any P2P downloads running currently, since P2P clients would be placed in the untrusted group.

1

This is followed by EULA, setup location, and before you realize it the installer is already prompting for a system restart with DWPF set to start automatically with Windows.

Stop attack TAB

This is the main screen of Defense Wall, and along with the concise description of its functionality, it contains buttons for easy access to File and Registry Rollback, the list of untrusted processes currently running on your system, Go Banking/Shopping launcher and  Stop Attack, which can be used to terminate all untrusted  currently running.

2

Go Banking/Shopping

This will launch the browser selected for online banking, it could be either one of the installed browsers, or DefenseWall’s own browser. Launching Go Banking will terminate all currently active untrusted processes, if browser other than the default DefenseWall built-in is used.

3

Setup – Advanced TAB

The default configuration is already optimized for ease-of-use. A scan of installed applications is referenced against the internal database, and the untrusted applications list is populated. It is extensive enough to cover most well-known software. To enhance protection or improve usability, the settings can be edited from this tab.

4

 

Options

Set untrusted sources [USB and optical drives, LAN drives], startup options, whitelisting, alarm notifications, and more. Here you can also select a Go Banking/Shopping default browser and specify whether to launch it as trusted [not advisable] or not.

5

File and Registry Excludes
Sets the items you would want to allow to be modified by untrusted processes.
Secured Files
Use this option to protect confidentiality and privacy. Any files and/or folders added to the list will be protected from being accessed by any untrusted processes.

Download Areas
Additional download locations can be added to this list. DWPF will automatically populate the default download locations. The seamless integration of Whitelisting improves the usability since there is no need to change the status of a download to Trusted in order to run it properly.

Resource Protection
This feature, enabled by default, allows you to edit the default [built-in] list of various resources to be protected, by way of isolation from untrusted processes. Editing the list, just like any with any other editable option in DWPF, is very easy and quick process.

6

 

System Restart Control
To protect the integrity of critical resources [drivers, etc.], explicit approval is required if any Untrusted resource attempts to restart your PC. If a request is raised by an untrusted process, DWPF will ask for user permission to proceed with restarting. Once again, usability can be improved by manually editing a list of exceptions, such as set allow or deny flags to specific files and/or folders.

Screen Recording Exceptions
By default, untrusted applications are not allowed to take screen captures. In this list you can specify untrusted application exceptions.

Firewall TAB

The Firewall works as connections monitor, without any complicated setup requirements, such as port selections, protocols and other technically challenging details. According to the developer, DWPF can substitute other firewalls, providing similar levels of protection without a cascade of pop-ups. It provides both inbound and outbound protection, with the inbound being related to opening ports to untrusted applications, and containing any possible exploits with the Sandboxing functionality.

7

The outbound connections can be automatically allowed for built-in and processes manually added to the untrusted list. For any other untrusted application attempting to initiate Internet connection, DWPF will display a prompt requiring an explicit approval.

8

Operation

During the testing and review period DWPF remained light on resources, silently reassuring and dependable, with unassuming and easy-to-use interface hiding the intrinsic strength of the provided protection.

For the purpose of this review, I installed DWPF on 2 separate machines – a Windows XP SP2 [Online Armor Free and Emsisoft Anti-Malware] and Windows 7 Ultimate [ESET Smart Security 6], followed by using a  Webroot SecureAnywhere and Privatefirewall combo [to replace ESET]. The browsers used were Chrome, Firefox, IE and Opera.

I had the other HIPS components switched on, to compare system responsiveness, instability and conflicts. Subjectively, I haven’t experienced noticeable impact on the general responsiveness on the test machines, and there haven’t been a single conflict.

The RAM usage was around 7 MB at idle, occasionally reaching around 30 MB. The CPU utilization was between 2 – 15%.

9
Conclusion

DWPF is an example of how a dedicated individual with vision and technical excellence can develop a simple to use security application, which delivers uncompromising protection. And to also define an elusive technological path for the established names in the PC security industry to follow.

DWPF is a lightweight solution, which, even in standard configuration, provides a blend of strong proactive protection and sensible usability on default settings. Even if other software [e.g. a browser] is using some form of sandboxing, it may be relying on internal Windows security mechanisms and as such could still be susceptible to exploitation of privilege escalation vulnerability.

Well deserved kudos!
Silent day-to-day operation – you will hardly ever see a DWPF prompt, it’s so unobtrusive. There are only a few exceptions to the “invisible” protective wall – about disabled protection, advanced keylogging attempts and when Resource Protection event is invoked.

No Anti-Malware Definitions and program updates, saving overheads in time, bandwidth and the possibility of false positives or compromised updates that would cause software instability and functional issues.

Excellent protection. What the diminutive application achieves with such an enviable simplicity is an exceptional level of proactive defence – various MRG flash and banking malware tests show the impenetrable security it provides and the benefit of having DWPF included in a layered security setup.

Compatibility with other security software.

Room for improvement?
Cleaning potentially malicious traces may not be an instant process compared to similar solutions. Some may find the fact that the File and Registry Rollback functionality will only be deleting everything older than 30 days [in its default setting] a reason for concern.

Beware the risks associated with manual deletion or rollback of File and Registry Rollback list items.

Some lag experienced in GUI interaction, generally when lists are populated.

64-bit version to be developed and released.+

Product page: http://www.softsphere.com/

Reviewer: NathanF1

Click here to join this giveaway!


Filed Under: Contests wonGiveaways and contestsInternet

Tags: