GeSWall (GentleSecurityWall) is a cross between an isolator, like Sandboxie, and a Host Intrusion Prevention System (HIPS). It sits quietly in the background until an application exhibits suspicious behaviour (such as accessing predefined Trusted, System, or Confidental resources) at which point it jumps into action and delivers a simple pop-up asking if you want to isolate the application from the rest of the system. If you answer yes, it isolates the program and limits its actions.
GeSWall's Features Explained page explains isolated program restrictions:
- No access to kernel - prevents kernel mode rootkits and key loggers
- Read only access to trusted files, registry, processes etc. - prevents user mode rootkits, keyloggers, malware infections.
- No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI - prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
- No scheduled re-start - prevents backdoors, zombie bots and worms.
- No access to confidential files - prevents leaks of confidential information.
Whenever an isolated program creates a file, that file is made untrusted by GeSWall. That means that if the file is an executable (.exe), it will start isolated and be unable to cause any damage to your computer. Additionally, an isolated program can have total access to untrusted resources.
Since GeSWall doesn't use a real-time scanner, it is compatible with most antivirus or antimalware programs.
GeSWall's installation is really simple. With only four screens, it's a breeze to install. Note too that, unlike some other products, GeSWall does not come bundled with third-party toolbars or add-ons such as the Ask Toolbar. Instead, the installer is completely lean and clean.
After it is finshed installing, you have to reboot your computer.
After booting up, GeSWall sits quietly in the system tray until needed.
GeSWall is a snap to use. It requires minimal configuation and even the most inexperienced users will find it easy to use.
How is this possible? Well, since GeSWall only gives one simple and easy-to-answer pop-up if a program is exhibiting suspicious behaviour, there will not be much annoyance on the user's side. Additionally, most safe programs that are isolated can still run. This is very useful when, for example, isolating a browser. A lot of infections originate from the browser (downloading malware, exploits, and so on) but if it is isolated, nearly all the potential threats are blocked. You are still able to download files to your computer, and GeSWall will usually warn you if it is an installer (it says that when installers are run isolated, they rarely finsh the install without errors).
Note, however, that GeSWall does enable users to create their own rules, and so this (optionally) puts control of the program squarely in the hands of the user.
One tiny downside is that the GUI is a bit bare, considering that it is run in the Microsoft Management Console. But, as they say, less is more and the GUI certainly provides you with access to what you need. It may not be glitzy, but it's certainly functional.
