|
Written by Eric
|
|
Friday, 03 February 2006 13:51 |
In my search for a better form of intrusion prevention for Windows I came across several products. Very few free which was a huge downside, and more importantly very few that I obtained allowed the computer to even come close to operating normally. One stood out as an interesting idea, GeSWall . GeSWall doesn't prevent process spawning, or even file creation by default although it can. What it does do is limit a processes capabilities to write to the registry, install services, or do anything, including writing to the startup folder, that would allow a malicious program to remain resident after a reboot. I gave it a test run with the recent IE window() vulnerability PoC over at ComputerTerrorism and while calc.exe spawned, it did so in the isolated environment of IE. I'm sure there are ways around the software but it seems like it might be a nice addition to a set of defensive programs. Best of all it is very small drain on system resources unlike most of the HIPS out there.
|
