GentleSecurity's Blog

The main purpose of GeSWall access control policy is isolation of most vulnerable applications, those that connected to the internet. Blocking network would render them unusable. Instead, GeSWall uses different approach - it isolates the applications. An isolated application cannot cause damage even if it communicates over the network. It cannot steal confidential information, cannot infect the system, install a backdoor, keylogger or rootkit.

However, blocking of network access is useful for certain applications and advanced configuration. GeSWall is capable to block networking for all and individual isolated applications.

To block network access for all isolated applications open a GeSWall Console instance, select Resources folder and change "Security Class" for resource definition with Network type.

Set Security Class to Confidential.

Then you could grant network access to individual applications by application specific rule.

Additionally, you could deny network access for individual applications. For that resource definition for Network must remain untouched and you just need create an application rule

.

In the next version of GeSWall network blocking rules would be extended by supporting specification of host’s DNS names, ip-addresses and ranges.

GeSWall 2.7.1. Freeware and Professional editions are released and available for download.

What is new:

• Untrusted files browser
• Isolated applications browser
• Windows Explorer built-in zip support
• Installers recognition
• Updated application security levels
• Keyloggers prevention fixes
• Windows Vista compatibility fixes
• Updated Application Database

The license for GeSWall Freeware 2.6 expires on December 12, 2007. The installation packages with expanded license are available for download. Please upgrade.

Alternatively, you may download the updated license files and replace them in the GeSWall installation folder and reboot. The same files could be used for GeSWall 2.7 beta.

The expanded licenses also come with GeSWall 2.7 release, which is scheduled for January 2008.

We are pleased to announce of GeSWall 2.7 Beta1 release. Among main features: Untrusted Files and Isolated Applications browsing.

1. Untrusted Files folder in the GeSWall Console allows to scan for untrusted files. Additionally, it provides information on application that created or modified a particular untrusted file.

The feature is useful for composing application rules and analyzing suspicious application's behavior.

2. Isolated Applications folder displays the list of running isolated applications and provides an option to terminate them.

In summary, these features provide a better control over isolated applications for advanced users.

GeSWall 2.6 is out! You can download GeSWall Freeware and Professional Edition from here »

What is new

1) Application Wizard. A flawless execution of isolated application may require specific access rules. The rules describe important resources (files, registry, etc.) application must have unrestricted access to. GeSWall has pre-configured rules for most popular internet applications: web browsers, e-mail clients, messengers, file sharing clients, office applications. etc. However, in some cases it is required to customize pre-configured rules or add support for new application. Application Wizard aims to automate and simplify the task.

2) One-click termination option for the applications with malicious activity detected. That is extension of GeSWall’s attack’s notification policy.

3) Smooth support for Adobe Acrobat, Microsoft Word and Excel. Now each untrusted document is opened in a separate processes. This feature essentially improve experience with untrusted documents you download from the Internet or receive by e-mail.

4) Improved attack detection

5) Windows Explorer context menu to set trusted/untrusted file labels

6) More pre-configured safe applications

7) Windows Vista 32 bit is supported now and 64-bit is on the way. As you probably know, it became a problem to find new machine without Windows Vista pre-installed.