What is GeSWall?
GeSWall (GentleSecurityWall) is a cross between an isolator, like Sandboxie, and a Host Intrusion Prevention System (HIPS). For Windows 2000, XP, 2003, Vista, and Windows 7, it sits quietly in the background until an application exhibits suspicious behaviour (such as accessing predefined Trusted, System, or Confidental resources) at which point it jumps into action and delivers a simple pop-up asking if you want to isolate the application from the rest of the system. If you answer yes, it isolates the program and limits its actions.
GeSWall’s Features Explained page explains isolated program restrictions:
- No access to kernel - prevents kernel mode rootkits and key loggers
- Read only access to trusted files, registry, processes etc. - prevents user mode rootkits, keyloggers, malware infections.
- No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI - prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
- No scheduled re-start - prevents backdoors, zombie bots and worms.
- No access to confidential files - prevents leaks of confidential information.
Whenever an isolated program creates a file, that file is made untrusted by GeSWall. That means that if the file is an executable (.exe), it will start isolated and be unable to cause any damage to your computer. Additionally, an isolated program can have total access to untrusted resources.
Since GeSWall doesn’t use a real-time scanner, it is compatible with most antivirus or antimalware programs.
Installation (5 out of 5)
GeSWall’s installation is really simple. With only four screens, it’s a breeze to install. Note too that, unlike some other products, GeSWall does not come bundled with third-party toolbars or add-ons such as the Ask Toolbar. Instead, the installer is completely lean and clean.
After it is finished installing, you have to reboot your computer.
After booting up, GeSWall sits quietly in the system tray until needed.
User Friendliness (5 out of 5)
GeSWall is a snap to use. It requires minimal configuration and even the most inexperienced users will find it easy to use.
How is this possible? Well, since GeSWall only gives one simple and easy-to-answer pop-up if a program is exhibiting suspicious behaviour, there will not be much annoyance on the user’s side. Additionally, most safe programs that are isolated can still run. This is very useful when, for example, isolating a browser. A lot of infections originate from the browser (downloading malware, exploits, and so on) but if it is isolated, nearly all the potential threats are blocked. You are still able to download files to your computer, and GeSWall will usually warn you if it is an installer (it says that when installers are run isolated, they rarely finish the install without errors).
Note, however, that GeSWall does enable users to create their own rules, and so this (optionally) puts control of the program squarely in the hands of the user.
One tiny downside is that the GUI is a bit bare, considering that it is run in the Microsoft Management Console. But, as they say, less is more and the GUI certainly provides you with access to what you need. It may not be glitzy, but it’s certainly functional.
Features (4 out of 5)
GeSWall doesn’t include much in the way of fluff, but it does have a number of useful features.
The first is the colored bar you see on the top of a isolated program.
The bar’s settings can be customized.
Small notifications in the lower right corner indicate blocked actions.
GeSWall also has a screen that provides a summary of actions taken.
Its log gives a detailed list of GeSWall activities that day.
The Application Wizard is an option that appears in the right-click context menu (that is, the menu that comes up when you right-click a file). It can automatically make “allow” rules that files need in order to be able to execute.
GeSWall Professional version also includes some extra features, but they aren’t totally necessary and the Free version will probably meet most people’s needs.
I gave GeSWall a “Good” rating because I like must of the current features, except the console which is somewhat bare.
Price to Value (4 out of 5)
There are two versions of GeSWall: Pro and Free. (Comparisons here.) The Free version, of course, has excellent Price-to-Value rating!
The Pro version currently costs $49.69 USD, and includes one year of preconfigured rule updates. That is basically all the Pro version includes, besides the malware termination options (see the bottom of the page). Given that it doesn’t offer many more features than the Free version, it does seem a bit expensive - especially in these hard economic times.
Despite not being particularly well-known, GeSWall is nonetheless an excellent addition to your security setup. As mentioned, it can run happily alongside most antivirus applications without problem or conflict.
Because it does not rely on a blacklist, GeSWall can be more secure and easier to use than traditional antivirus and HIPS applications (since most HIPS bombard users with - often confusing - alerts which interfere with day-to-day computer use).
I highly recommend GeSWall for Windows users of all skill levels, from novice to expert. It’s a great addition to any security setup and may block the things that your antivirus product could miss.
Please note that with GeSWall 2.9, the latest version, some users have reported more problems. Furthermore, updates are few and far between. While this does not mean you will get the bugs too, just be warned (if you recently installed your operating system, or have not loaded it with programs, there is less chance for difficulties).
To find out how GeSWall can be combined with other security products to boost your security, be sure to read our article Combine Security Programs to Get the Best Protection.