Neat Net Tricks Software Reviews

DEFENSE WALL HIPS
Reviewed July 2006

What’s it do?

DefenseWall HIPS (Host Intrusion Prevention System) is intended to protect from malicious software (spyware, adware, keyloggers, rootkits, etc.) when you surf the Internet.

Does it do what it promises?

Reviewer 1: While this program generally seems to do what is promised, the claims on the Web site of ease-of-use seem exaggerated. Although this program runs transparently, it requires configuration to run properly based on a user knowledge base which is far beyond the novice level.

Reviewer 2: Absolutely! This is one of the few products, developers, and Web sites that offer no marketing hype. In fact, the Web site simply states that DefenseWall HIPS will help you achieve maximum security. It does not claim to be the be the end all in protecting your computer from malware, only that it needs to be an instrumental part of that protection and that it does so by sandboxing or virtualization-think creating a virtual bubble-where it places those parts of your computer that are most exposed to infection.

Reviewer 3: This is a program that has left me baffled. Although the installation was not difficult, I ran immediately into problems with one of the programs that I always have on my computer. At first, I suspected that that this issue was caused to my rather overloaded "work" computer. So I installed it on a computer that had just been reformatted with a new Windows install and a minimum number of programs that might interfere with DefenseWall HIPS. I also installed my troublesome program, as I do use it daily. It took almost two weeks, with a large number of email messages back and forth with the support staffs of both DefenseWall HIPS and the "problem program" before the issue was resolved. The next program that I tried to install also ran into difficulties, so another round of messages ensued. Once I got past those issues, I could not figure out the reason that DefenseWall HIPS would classify one program as "untrusted" but leave others alone. I installed and ran quite a few other programs; I wandered all over the Internet with both Explorer and Firefox; I tried to move programs in and out of the "trusted" and "untrusted" categories. I regret to say that I couldn't really determine what DefenseWall HIPS was doing, and what kind of protection it was or was not providing. Eventually, I found a good explanation of the concepts of the DefenseWall HIPS approach, and how it works on the users forum. But I still ran into various bugs and difficulties - for example, the famous "Sorry but DefenseWall has encountered a fatal flaw" (send error report to Microsoft ), which simply shut it down. So I cannot honestly answer whether it does what it promises.

Reviewer 4: Beats me! I've been running successive releases (1.20, 1.40, 1.55, 1.60, and 1.61) of this program in Expert Mode over the past 4 months without any indication from it that it had detected or defended my machine from any attack. Admittedly, most of this time my machine was behind a LinkSys Router which provides a de facto firewall -- but then why would I or anyone running a similar configuration need DefenseWall?

Was it easy to install?

Reviewer 1: Installation was simple and fast. Registration was different than most other programs in that it required access of a downloaded registration file instead of filling in a registration code.

Reviewer 2: Yes. It was a small download (1.01MB), especially considering the advanced technology and sophistication of this program. There is little or no need for configuration or of any long learning curve. It is very much an install, set it, and forget program.

Reviewer 3: Yes, it was straightforward, allowing me to place it where I wanted. The registration process was a bit less obvious, but once you knew what to do, it was also very easy.

Reviewer 4: Yes, very straightforward, requiring only consent to the End User License Agreement (EULA), and entry of the Registration Code. However, its EULA statement: "There is one type of licenses issued for "DefenseWall" - A multiple computer usage license. The user purchases one license for use of each compute." is unclear, with the two EULA sentences quoted being mutually contradictory.

Good points

Reviewer 1: Although it is unrefined, this program seems to be on the right track to providing strong protection against malware. It is designed to run almost transparently in the background while limiting the privileges of software that may serve as the entry point for malware. It also records the actions of user-designated programs and gives you the opportunity to "roll back" their actions on files and the registry. They do disclaim on their site that dedicated viral removal software may be required to remove some infections. Defense Wall HPS can run in "expert mode" or "normal mode". The main difference seems to be that in "normal mode" the program automatically designates any program started from an "untrusted" program is also designated as "untrusted", while in "expert mode". You need to set the category for each program manually. It seems that normal mode would be the preferred mode for most users under most circumstances. You have the option to designate a program as "trusted" or "untrusted". An easy way to do this is to right-click on a program icon on your Desktop or Start Menu. Defense Wall HPS adds itself to the functions found in the right click menu. You also have the option to designate files or directories as unalterable by untrusted programs.

Reviewer 2: Ilya Rabinovich is a former nuclear scientist turned programmer and the person responsible for DefenseWall HIPS (Host Intrusion Protection System). I could simply stop here as this individual alone may be enough to "sell" this program. Have you ever wished that you could give a software developer a call anytime you wanted to ask questions or make suggestions rather that needing to fill out support tickets or write emails for help? A quick trip to the DefenseWall HIPS support forum at Gladiator Forums or even a visit to Wilder's Security Forum and you will find that this is almost as good as having the developer on your speed dial. The developer, Ilya Rabinovich, seems to monitor these forums 24/7 as most often he personally replies to nearly every post. I saw instances where an end user had posted that they had found a flaw-a "bug"-in the program, and a new version or "fix" was ready to download within an hour or two. In other instances, users had questions that could not easily be explained in a simple post, so Ilya had the users download their event log so that he could personally examine it to see where any problem might exist. Now, whether Ilya is simply a fanatic (which he apparently is in the positive sense of that word) or has been cloned into several copies of the original, he seems somehow able to give every customer not only personal technical support, but personal attention! Although available, I found no reason for any technical support whatsoever. This program installs with a default configuration set (there is an expert configuration as well) and at this configuration it is truly a set-it-and-forget-it program. It automatically places those parts of your computer or programs installed on your computer such as email programs, browsers, p2p file sharing applications that are at risk to infection into what is often referred to as a "sandbox." This "sandbox" is like a virtual bubble so that if any malware such as viruses, trojans, highjackers, etc, try to infect your computer by entering through a program or application you are running, they become trapped in the "virtual bubble" and cannot infect your computer. Downloads will also be placed in this DefenseWall "bubble" so any spyware that might be present in your download will also be trapped and stopped from infecting your computer! In addition, you have the option of placing processes, folders, files, etc. into this same DefenseWall "bubble" for further protection. You can temporarily suspend items placed in the bubble, remove them, and edit them and so on. You retain total control of this function. In fact, you will need at times to remove or temporarily suspend items from the DefenseWall "bubble" if, for example, you want to make changes or change settings to your toolbar or browser as this would be prevented by DefenseWall HIPS. And you can do all of this through right clicking because DefenseWall HIPS installs its features/options as a context menu in Windows Explorer. DefenseWall HIPS does not consume a lot of resources to offer all of this protection; in fact, on my computer it consumed less than 7MB of RAM and made no noticeable change in my CPU usage. This is simply an excellent program which continues to consistently improve. It has one of the most straightforward EULA's (End User License Agreement) I have seen as there is absolutely no legalese, and at $29.00 it is a steal. If you have tried other HIPS programs such as Sandboxie or Greenborder and didn't like them because of their steep learning curve, constant popups and continual need to interact, you will find none of these negatives or nuisances with DefenseWall HIPS. If you are still unsure, there is a free 30day trial period for you to find out for yourself. This program gets my full recommendation.

Reviewer 3: I cannot speak highly enough of the assistance and help given by the support people, particularly by Ilya Rabinovic, who is the developer of DefenseWall HIPS. The Help file statement that the support people will respond even on weekends is true. My questions were answered quickly and courteously, and any issues that I had were treated very seriously. On one occasion when I didn't let them know if their messages to me had solved any problems, they also took care to follow up on their own, to find out if their suggestions or proposed solutions were helpful or successful. It is due to their commitment to the program and to their clients that I did not just give up on the program in frustration. Let me say that we pursued the issues that I was having until a solution was found. In one case, I was sent a special driver to help sort out the difficulty I was having. I also recommend the Users Forum, which is on their Web site. There, people send in their comments and questions, and have them answered by the developers themselves. Apart from that, DefenseWall HIPS is a good concept. All those applications which you use to connect to the Internet, your email etc. are to be "untrusted", and thus, somewhat insulated from the rest of your computer. So anything that they may bring in which could harm your computer can be easily eliminated. A particularly good idea is the "Secured Files" area. Files and folders put there cannot be modified or changed by your "untrusted" programs.

Reviewer 4: Product support is crisply stated and definitely a feather in DefenseWall's cap: "For registered users: We guarantee full technical support by e-mail within three business day's response time.", something infrequently seen in PC applications and distinctly to their credit. Even better, the 'Help' file says "Our support team will reply in one or two days, even during the weekend." While its User Interface was distinctly idiosyncratic, I found it cleanly designed and relatively user-friendly in its operation. 'Help' and 'About' functions normally found in a pull-down menu bar at the top of an application's panel were not there, but rather part of a pop-up menu from DefenseWall's tray icon, less desirable in my opinion.

Weak points

Reviewer 1: The documentation for this program is weak and the interface needs improvement to make its functions more obvious and user-friendly. When my computer was restarted after installation and registration, the only way to know that this program was working was to look in the icon list in the system tray. There were no prompts to configure the program settings. From reading their Web site, I knew that I should designate my Web browser, email program, IM and P2P clients as "untrusted" to prevent them from downloading and installing malicious code. So I double-clicked on the new Defense Wall HIPS icon in the system tray. I browsed through the small tabbed screens and found that Internet Explorer and McAfee Site Advisor had been categorized as Untrusted by default; but Eudora, my email client, was left as Trusted. There was no help file to be found here; I finally found it by right-clicking on the abovementioned icon in the system tray. When I displayed the list of Trusted and Untrusted programs, I expected that transferring Eudora to the Untrusted zone would be as easy as dragging-and-dropping the program, or right-clicking on the program. Instead I found that I had to click on the "Add/Remove Untrusted" button and manually browse through my directory structure to find Eudora.exe. For the novice user, knowing which programs to "untrust" and knowing where to find them could be a steep obstacle to using this software effectively. As the developer acknowledges in the forum, the documentation is sparse and the English language structure could be improved. There was talk about addressing this issue after the then-current upgrade was completed. After installing this program and then running my email program and multiple instances of my Web browser, I found that my system would slow to a crawl. The system was so busy that it would not respond quickly or at all to the Ctrl-Alt-Del command. I was forced to shut the system down with the power button - generally not a recommended procedure in the Windows environment. Shutting down Defense Wall HIPS on restart and running even more open browser windows and my e-mail client resulted in no similar slow down. I experienced the fatal slow-down multiple times while running Defense Wall HIPS.

Softsphere, producers of Defense Wall HIPS, responded: (edited) It is possible to drag and drop files into the "Add/Remove Untrusted" list, but yes, documentation is very poor. In the next big version, it will be completely rewritten as soon as I find a good technical writer. Also, I cannot agree that the program requires a high technical level of its user. Some of DefenseWall's users are amateurs and they have no problem with it. I clearly understand that the program interface should be improved and this will be done in the next big release. In fact, it is very hard to understand what kind of interface should be implemented, but it will be improved according to users' feedback. I always keep working on performance issues; Version 1.62 is coming very soon with new fixes and improvements.

Reviewer 2: For once, I am a bit at a loss for things to criticize with a piece of software! What little I find fault with is more in the category of a "wish list" than a criticism. I suppose my biggest criticism is one of semantics. It takes a few minutes (hours?) to wrap your mind around the fact that with DefenseWall HIPS "trusted" means "unsafe," while "untrusted" means "safe." In other words, an application such as your browser needs to be placed in the DefenseWall "bubble" as an untrusted application so that it can be made "safe." This terminology is counterintuitive and I think might be revised for clarity. Other than this, I find the licensing agreement of allowing the use of the program on only one computer overly restrictive in this day and age when so many users have at least a desktop PC and a laptop.

Reviewer 3: At first, the Help File seems pretty clear and utilitarian. However, when I wanted to use if for reference, I found that it simply explains the obvious. For example, I find the "Add/Remove Untrusted" somewhat confusing. Are the programs listed there trusted or untrusted? And If I remove them, what am I removing them from? What effect does removing them have? Actually, even when I removed them, they still functioned. The Help file here should actually explain those things, not just give a recipe for a series of buttons to push. On the other hand, I found that when I used the One-Click "Close all Untrusted processes" they certainly closed. Even to the point that one of the programs didn't start up again after reboot, and had lost its registration information as well. Eventually, I found that there is a well-explained description of the DefenseWall HIPS approach in the User Forum titled: DefenseWall HIPS User Guide/Tutorial. I strongly recommend that this tutorial be put in the Help file, or that an active link to that article in the Forum be included and highlighted. I am sure that this would help a lot of people, particularly new users, to understand what DefenseWall is and how it works.

Reviewer 4: DefenseWall HIPS claims to be '...next generation of proactive defense software! Based on the sandbox/virtualization principle provides the strongest possible protection that is both simple and easy to use.' Yet nowhere does it define what the 'sandbox/virtualization principle' is, nor how it benefits the user. It also says "The main ideology of this new protection is reducing the rights of the untrusted processes", but nowhere does it describe nor define the rights restrained nor those permitted. It says " Malicious software will be unable to cause any harm under the untrusted restrictions", but nowhere articulates what those restrictions are. During our evaluation period, we saw five different versions of DefenseWall released, far too many for any normal user to need or be willing to keep up with. I think it well over the head of PC users -- certainly 'novice' and most experienced users, as well -- to know even what function a specific module, say 'tftp.exe' or 'ntvdm.exe' performs, much less whether it can be 'Trusted' or not.

Other comments

Reviewer 1: Technical Support is available via email; they guarantee a response to registered users within three business days. There is also an online forum you can browse or post to. The program's author posts answers to technical questions frequently, and the replies usually come within hours, not days.

Reviewer 2: I have not been a big fan of HIPS programs in the past. I find them intrusive, difficult if not impossible to learn, continually providing alerts which are difficult to recognize, annoying with their continual popups, constantly in need of updating, plagued with false-positives, and so on. DefenseWall HIPS, however, is guilty of none of these shortcomings. I am also tiring of the seeming necessity (and sometimes cost) to install and run multiple antispyware applications to be reasonably assured of protecting my computer. Now, with DefenseWall HIPS this becomes unnecessary. With DefenseWall HIPS, a solid antivirus program, and a trusted firewall you can protect your computer reasonably as well or better than you did with your many other programs. Two things I am starting to believe: First, it seems to be almost impossible to defend your PC from a modern malware program that is allowed to run on your PC and second, it appears that virtualization techniques such as those used by DefenseWall HIPS offer the best protection against malware and possibly the only way to be assured of keeping them off of your computer.

Reviewer 3: I have the impression that this is a program is still working through some growing pains. But given the dedication of the development team, I am sure that DefenseWall HIPS will be one of the standard tools we will use to protect ourselves from much of the malware that is causing computer users so much grief.

Reviewer 4: I cannot understand what background and experience would be useful to operate this program. I found little or no benefit in using Defense Wall in Expert mode and I seriously doubt that an inexperienced user would have the patience or knowledge to use it effectively. Also, I have serious reservations about how completely 'contained' or 'fenced' an intrusion can be, and for how long. There was no discussion or design detail that would let me reach any considered conclusion. Its FAQ says that DefenseWall HIPS has a default Untrusted Applications List, but nowhere is that visible to the user and this would be very useful. There is an 'Apply' button at the bottom right corner, the purpose of which I never understood?

Softsphere responded: (edited) If you haven't been attacked, it doesn't mean it won't happen in the near future. Those million computer users who had the same opinion I suppose have already changed it after they got malware within MySpace.com via old WMF vulnerability. My 13-year-old computer has never had a virus, but I wrote DefenseWall to be surer of my own safety. Brains and common sense are good, but it is very important to have a tool to help them.

Will you continue to use it?

Reviewer 1: No. This is one to watch. If the interface, performance, and documentation are improved, it could prove to be a valuable tool in the protection of your computer.

Reviewer 2: Yes.

Reviewer 3: I would like to, and will continue to do so on my "test" computer. But I expect that it will not be long before I reinstall it on my main "Work" computer. Then I will buy copies to put on the other computers in the household.

Reviewer 4: No, I can see no intrinsic value it would provide my operating environment.

OPERATING SYSTEMS USED IN THIS REVIEW
Windows XP Pro, XP Home

Back