If you go to the official DefenseWall’s website which is at SoftSphere Technologies, you will find DefenseWall HIPS v2.56 but not the Personal Firewall v3 version. That’s because the v2.56 is about to be dropped and replaced with the new DefenseWall Personal Firewall v3. I’ve long heard of DefenseWall but has never given it a try but since I’ve been contacted by people from SoftSphere to do a review on v3, I’ve decided to test it out. DefenseWall claims to protect yourself from malicious software (spyware, botnets, adware, keyloggers, rootkits, etc.) and identification theft, that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet.
I’ve been testing a lot on antivirus and this is actually my first time testing a HIPS software. This is nothing like the normal antivirus that you use. Well virus normally comes in to your computer from either the web browser, email, USB drives or network. If you disable all of them, it’s impossible that your computer will be infected by virus but who can live without an internet connection nowadays? So what DefenseWall does is it labels all those applications that comes from location where virus can come in as “Untrusted” and run them in limited rights in a virtual zone that is specially allocated for them.
Here is an example. Lets say you downloaded a file using BitTorrent. Scanned it with your antivirus and it didn’t warn you that it is a threat. Then you run it thinking that its safe and the virus started to modify the system settings such as disabling Windows Task Manager, regedit, adding autostartup to the virus and etc. Well thanks to DefenseWall, you got nothing to be afraid of because all the damages done by the virus only affects the virtual zone and not your real Windows system. With only a reboot, your system is back to normal and the damages done by the virus will be restored. Now this is very different from system snapshot software because a snapshot reverts everything back to a specific date. As for DefenseWall, everything is still intact except for the damages that the virus seems to have done. That is how a HIPS software supposed to work according to the description and manual. I’ve put DefenseWall to the test and it managed to block the threat in some way or another.
Test 1: Install Rootkit based Keylogger
There is a keylogger that goes by the name of All In One Keylogger for Windows by RelyTec. It uses rootkit method to hide itself so that it is harder to detect. When I downloaded it using Firefox, the keylogger installer file automatically being labeled as Untrusted file. Installed it and after a few seconds DefenseWall tells me that it found a process reading keystrokes via GetKeyState method.
I clicked the Terminate button and the keylogger process immediately got terminated. I rebooted the computer and the keylogger is no longer running but the files are still in the computer. As long as the keylogger doesn’t auto load when Windows is booted up, then you’re safe.
Test 2: Install Keylogger that bypasses antivirus and firewall
Probably the most expensive and popular keylogger in the world WebWatcher that cost $169.95 per year claims to bypass antivirus and firewall. There’s no trial for it and I had to pay the full price in order to test this. With DefenseWall running, I couldn’t get WebWatcher keylogger installed until I turn off the HIPS protection. So I turn off the HIPS protection, installed WebWatcher and DefenseWall didn’t detect any process reading keystrokes. I wouldn’t say DefenseWall failed this test because it managed to block WebWatcher from sending the keylogs and screenshot data to WebWatcher’s servers, making the keylogger useless.
Test 3: Install a crypted Bifrost trojan
I wanted to simulate a real scenario where a normal user unknowingly downloads a trojan from a website and then gets infected. I uploaded the Bifrost trojan crypted with Incognito to a website and then download it to my test computer using Firefox which is flagged as Untrusted by DefenseWall. I ran the trojan and DefenseWall managed to block it. I rebooted the computer and no sign of the trojan running in background.
Test 4: Run 20 different type of virus from network share
This is the last hardcore test which I did. I dropped 20 different virus on another computer and shared the folder. Then on my test computer with DefenseWall installed, I access the shared folder that contains 20 different type of virus and ran ALL of them! It created so much havoc on the test computer that it made Windows blue screen and auto reboot. To my surprise, when Windows is booted up, everything is back to normal like nothing ever happened. By default DefenseWall categorize network shared folders as Untrusted.
As long as you run ANY malicious files as Untrusted, your computer will be fine. However when you want to install legitimate software like Kaspersky Anti-Virus, you must remember to run it as “trusted” or else the installation will fail. So if you’re unsure, always run it as Untrusted and see what happens. The feature that I liked most in DefenseWall is the Events Log. I am able to see what the untrusted file is trying to open or do to my computer.
There are some other useful small features which is file and registry rollback which you can easily use to manually cleanup the debris left behind on your hard drive by malware after an infection attempt. The “Go Banking/Shopping” button is a special browser mode that allows safe access to online banking. While in this mode, your information is protected from untrusted computer processes by terminating all untrusted process.
Please be informed that this is NOT meant to be a replacement software for an antivirus but you can run it together. DefenseWall does not protect from file drops as many programs need to drop a file in order to run successfully (such as FireFox) and there is no security risk when a file is dropped (only when it is loaded into memory). Therefore, if the program is prevented from running in the memory, we can classify this as protected. Your antivirus will be useful in detecting these malicious files that has been dropped into your computer. DefenseWall is very light on your computer as it takes up only 14.6MB of memory and its peak is only 17.1MB.
SoftSphere Technologies, the maker of DefenseWall is very generous and kind to offer 75 one year license worth over $2000 to Raymond.CC readers. If you would like to win a license, write a comment at the end of this article and I will pick the 75 winners 24 hours later. Your email will be sent to SoftSphere and they will be contacting you.
[ Visit SoftSphere Technologies ]
Update: 75 lucky winners has been randomly selected. Your email contact has been sent to SoftSphere and they will be contacting you.
