2 Free Applications That Make Malware A Trivial Joke

#updated on 10.9.2012#

Would you like to laugh in the face of any malware and do it for free?  If so, then have I got the power combo for you!  This combo  uses traditional signature based antivirus  and a  HIPS (host based intrusion prevention system).  With this combo you can achieve maximum protection without suffering a major performance penalty.

Here’s the 2 applications you’ll need and where to get them.  Also, below you’ll find an easy to understand explanation on how this combo works.

Free Signature Based Antivirus with Heuristics – Avira AntiVir Free

Download Here

youtube Watch The Avira 9 Review

Free HIPS – GesWall Free

Download Here

youtube Watch The GesWall Review

Here’s basically how these 2 applications protect you from all forms of malware.

The backbone of this combo is GesWall.  GesWall isolates applications that are used as gateways to the internet or external media, such as:

  • Web Browsers.
  • Email.
  • P2P.
  • CD’s (requires you to make an additional rule, see example)
  • USB Devices. (requires you to make an additional rule, see example)
  • Memory Cards. (requires you to make an additional rule, see example)
  • Basically anything that can connect to the internet.

When an application is isolated via GesWall it prevents the following:

  • No access to kernel – prevents kernel mode rootkits and key loggers
  • Read only access to trusted files, registry, processes etc. – prevents user mode rootkits, keyloggers, malware infections.
  • No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI – prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
  • No scheduled re-start – prevents backdoors, zombie bots and worms.
  • No access to confidential files – prevents leaks of confidential information.

Isolation basically means that ANYTHING from the a fore mentioned items cannot make changes to your PC .  Here’s step by step example of how this works:

  1. GesWall Free is installed on your PC.
  2. You open firefox (or whatever browser you use).
  3. GesWall will ask you if you wan to isolate FireFox.
  4. You say YES.
  5. You visit myspace.com and look at a few pages for a few hours…
  6. You click a link that redirects you to a domain hosting AV 2009 Rogue AntiVirus.
  7. You accidentally (try to) install AV 2009.
  8. GesWall prevents AV 2009 from modifying ANYTHING on your system.
  9. AV 2009’s fake UI might be running in RAM.
  10. You open GesWall, Click on Isolated Applications and then Terminate the AV 2009 application.

That is just one example of how GesWall  can protect your PC.

For our second line of defense we’ll be using Avira AntiVir 9 just in case your GesWall is not working (like you disabled it and forgot to turn it back on) or you make a download trusted and it’s actually infected.  Avira Antivir 9 provides some great protection such as:

  • AntiVirus
  • AntiSpyware
  • AntiAdware
  • AntiTrojan
  • AntiRootkit
  • Heuristics and Daily signature updates.

I’ve used this combo on over 200 malicious downloads and URL’s and it’s 100% effective so far (221 and counting).

If this article has help you or your family please ReTweet it.

, , , , ,

32 Responses to 2 Free Applications That Make Malware A Trivial Joke

  1. ComputerHelpGuy1 April 21, 2009 at 3:00 pm #

    Well I already got AntiVir but I hate GesWall… any other apps?

    • malwarekilla April 21, 2009 at 3:16 pm #

      Hmmm…you could go with DriveSentry or DefenseWall (DW costs a few $)

  2. ryan April 21, 2009 at 6:15 pm #

    i have avira and superantispyware and geswall they work very well and iv been spyware/virus free for some time now. im glad i got rid of mcafee that software is a nightmare in my opinion they should stop selling it it messed up one of my windows system files win32 generic host files for win32 services not only did it happen 1 time but 3 times when i installed it. uggg worst nightmare and for some reason it kept messing with my contrast lol. that software dose weird things dose anyone agree?

  3. John April 21, 2009 at 10:21 pm #

    Is DriveSentry as good as Geswall and DW???

  4. Maria April 21, 2009 at 10:33 pm #

    I love defense wall .I will give a try gentlesecurity soft .Thanks matt

  5. RescueNerds April 21, 2009 at 10:58 pm #

    Hmmm – are you putting this combo on client's computers after clean up? Even for little old ladies? We'll put GesWall on a client's computer only if they are a little savvy, because we've found the neophytes can't wrap their heads around the sand boxing concept. Avira is a nice little app but that splash screen asking for upgrades is a little annoying so we stopped using it. We now use Comodo / Malwarebytes Pro combo, and then alter Comodo Defense + to basically protect the windows folder only. Client's tend to understand the concept of protecting the Windows Folder and since they only have to deal with it during installs and upgrades, we haven't had any issues. But we'd love to switch to GesWall. What's been your experience with this combo and the neophyte customers?

  6. f April 22, 2009 at 12:33 am #

    geswall actually causes alot of probalems

    it makes google chrome not work, firefox addons are very hard to install, caused adobe reader to crash

    freezed firefox

    messus up many apps

    like viruses, but pretty much any app will be sqwed

    avira is good

    geswall is ok if you want to have to solve alot of problems of firefox wont lauch, it freezing, not working, addons never save settings, reader crashes in 20 seconds

    so fi you want that, install it

    it prably only works if your old and use ie and dont do anything

    because you shouldnt meet any problems

    but

    if your advanced user, dont use it

    as it kills apps

    and now my firefox doesnt work right

    i prabably need to unstall geswall and reastall all of my firefox adds and stuff

  7. Marcos N Pesic April 22, 2009 at 12:59 am #

    I agree with everything but:

    The computer should be "clean" before you use Avira + Geswall.

    Because there are many rootkits that AVira will never find if you don´t use a bootable CD. (And Geswall will not find/isolate then if they are "already in ".)

    So, I would recomend:

    First know if your PC is clear ! (Matt has a awesome video about making and using a bootable CD).

    You can use programs (in your bootable CD) like AVIRA/ Dr. WEB / Super Anti Spyware / Malwarebytes antimalware.

    Then go for a AVIRA and GESWALL !

  8. shifflav April 22, 2009 at 1:56 am #

    I've had no trouble with Geswall at all. It works perfect with IE, Chrome and Firefox. It works with all my Firefox add-ons as well…and I have many.

    The fix for Adobe Reader is to restart the browser as non-isolated, try to open a PDF file, accept the agreement and you're all set. Close and re-open the browser and you can open PDFs with no problem. It's a very simple solution and takes only a second.

    I've installed it on client computers and they barely even know it's running. I disable notifications to save them stress. If they get hosed by a virus, it's easy to kill. Just rebooting the PC will clear Geswall and the viruses. They don't even need to open Geswall for anything.

  9. Lisa April 22, 2009 at 2:22 am #

    Thnx Matt. But i dont like Geswall.

    What do u think about Avira + Sanboxie?

    Is this good combination for you?

  10. ssj100 April 22, 2009 at 8:29 am #

    Matt, even though GesWall may be a good application, I don't think it's very easily configurable for everyday use, which includes regular program updates etc. And certainly the free version is quite stripped down when compared with the paid version.

    Have you reviewed Sandboxie Matt? I've just been using it for the last couple of days and it's an amazing piece of software. In fact, it's the most amazing piece of software I've ever used. I have found the golden bullet with Comodo Internet Security Suite and Sandboxie.

  11. ssj100 April 22, 2009 at 8:33 am #

    In addition, Sandboxie can be used free (stripped down version) or you can pay a one-off sum to use the full product for life, including updates for life. This is unlike Defensewall etc.

    And of course we all know Comodo Internet Security Suite is completely free.

  12. Victor April 22, 2009 at 12:59 pm #

    Matt,

    I've heard about a new HIPPS software called "SafeSpace". Have you ever heard about it? It's free and you can access their homepage here:
    http://www.artificialdynamics.com/

    It would be great to compare SafeSpace with GesWall and DefenseWall to try to know what gives best protection and is lighter on computer resources, what do you think?

    Thanks in advance, Victor

  13. malwarekilla April 22, 2009 at 1:37 pm #

    @John – DriveSentry could be a good substitute for GesWall.

  14. malwarekilla April 22, 2009 at 1:40 pm #

    @Rescuenerds – I'm not using this on my clients. This was just an experiment for a somewhat experienced user.

    Currently I'm using Avira 9 (I inform them about the nag screen, 99% of them are fine with it) + Sandboxie free (this takes about 15 min of training).

  15. malwarekilla April 22, 2009 at 1:41 pm #

    @f – yes, you need to shutdown GesWall to perform application updates. Once the update has been applied turn GesWall back on.

  16. malwarekilla April 22, 2009 at 1:46 pm #

    @Marcos N Pesic – correct. I would only use this on a clean PC. It's just for prevention.

  17. malwarekilla April 22, 2009 at 1:57 pm #

    @Lisa – Yup, that's a great combo (Avira + Sandboxie)!

  18. malwarekilla April 22, 2009 at 1:59 pm #

    @ssj100 – Yeah, I did do a Sandboxie review. Sandboxie is an amazing little free application. Like I said in an earlier response, I give my clients Avira + Sandboxie.

  19. malwarekilla April 22, 2009 at 2:00 pm #

    @Victor – No, I haven't heard of it, but thanks for the link! I'll check it out.

  20. Dujour April 22, 2009 at 2:46 pm #

    HELP! I am so tired of my computer being infected. Looking for the right combo for good price for home computer. Would Spyware Dr. w/Antivirus and Geswall be a good combo or would you suggest Avira or sandboxie? Thanks, I need expert advice.

  21. Bish April 23, 2009 at 12:29 am #

    I run avira free edition antivirus + sandboxie on windowsXp. For me, this is the perfect combo.

    I haven't tried geswall, so I cant comment on it. I did try defencewall and it messed one of my drivers up in "Realplayer."

    I had to uninstall realplayer, then reinstall it. I immediately unsinstalled defencewall.

    With avira free antivirus + sandboxie. I go anywhere I want on the web. Some of the nastiest places one could imagine. Nothing has infected my system yet.

  22. shah000 April 25, 2009 at 6:53 am #

    seems like matt has shifted loyalties (from DW to GW) – jus kiddin :p

  23. Jaki April 30, 2009 at 1:50 pm #

    Hi Matt

    I tried DW and I do not like it. The reason is DW prevents legitimate software from being installed. My preferred combo is Comodo Internet Security and Avira, yes two AV without any conflict. CIS has a feature where you could isolate your browser(s) or any other program, just like DW. The difference is CIS does not mess up your software installation.

    Peace.

  24. f May 1, 2009 at 12:57 am #

    jaki

    what do you mean by isolate

    i currenctly still have geswall, but is there anyway to make a custom rule that goes like this

    firefox itself is not restricted, but any other application lauched from ff, or downloaded is untrusted, but ff is not isolated

    i know that exploits would still work, but this is kinda like if i accedently download a exe, and run it, it would give me warning popusp to do something fast

  25. Kralle May 4, 2009 at 7:57 am #

    "Currently I’m using Avira 9 (I inform them about the nag screen, 99% of them are fine with it)"

    You know its very easy to get rid of Aviras nag screen, dont you?

    http://www.elitekiller.com/files/disable_antivir_

  26. meg May 25, 2009 at 5:08 pm #

    I already have HIPS application – Outpost Firewall Pro 2009 + AntiVir. I use Sandboxie for browsers i p2p. Is Ges Wall the same as Sandboxie?

  27. jlh July 13, 2009 at 1:57 am #

    Sanboxie and Avira9 work great for me.

    If the Avira nag screen really bothers, kill it with Clickoff.
    http://www.johanneshuebner.com/en/clickoff.shtml

  28. Victor July 13, 2009 at 11:07 pm #

    I'm using Sandboxie, Avira 9 and Prevx 3.

    Perfect and light combination.

    I recommend!

  29. Charles August 20, 2009 at 9:03 pm #

    I was trying out the GES and Antivir combo.
    GES would not catch
    TR/Dldr.FraudLo.sxm – Trojan

    located at
    pc-antispyware20-10 .com

    Any ideas how it could get through?

    Your recommendation for a combo was spot on GES is not ready to go it alone yet.

  30. PTLdom October 29, 2009 at 1:16 pm #

    🙁 geswall freezes all my portable browsers, deny access to the bookmarks and don’t allow them to download anything 🙁

  31. PTLdom October 29, 2009 at 1:20 pm #

    🙁 …. and I wonder if there is a portable geswall 🙁

Leave a Reply