Defense Wall HIPS
Reviewed March 2008

What’s It Do?

DefenseWall HIPS (Host Intrusion Prevention System) claims to be the simplest and easiest way to protect yourself from malicious software (spyware, adware, keyloggers, rootkits, etc.), that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet. This program was reviewed by the NNT Software Review Panel in July 2006 and this evaluation is based on a major revision.


Does it do what it promises?

Reviewer 1: Since my computer apparently was never attacked by malware during the time that I used DefenseWall, I had no opportunity to see whether it would protect me. I can say that it seemed to me neither simple nor easy to use.

Reviewer 2: It is hard to tell; it is running in the background and is impacting the way my browsers, etc. work. It is one of several programs that handle spyware, malware and viruses that I have running but it is difficult to tell which one is actually doing something. By disabling all the other protective measures and substituting only this new one, I could better determine if DefenseWall actually works, but I am hesitant to do that in a testing environment. DefenseWall uses the “sandbox” or virtualization technique to isolate any incoming threat and prevent it from causing damage. While this works, it has its own drawbacks. It often leads to double work, additional reinstalls of updates (after turning the protection off) and just flat refusal of programs to actually work. When something doesn’t work as expected when it normally would, digging out the issue is often difficult and time consuming.

Reviewer 3: DefenseWall HIPS did not perform to my satisfaction on my system. The malware protection appeared to work fine, but the current version interfered with the functioning of a spam-filtering accessory program. This was resolved after a week’s interaction with, and a custom build provided by technical support.

Reviewer 4: Yes. Defense Wall has been running on my computer, on and off, for over a year. During that time, I have also installed and used several anti-virus and anti-spyware programs. When Defense Wall has been running concurrently with those other programs, they have reported very few issues, mostly having to do with cookies or other relatively harmless annoyances; in other words, no serious threats.

Reviewer 5: Absolutely! This is one of the few products, developers, and Web sites that offer no marketing hype. In fact, the Web site simply states that DefenseWall HIPS will help you achieve maximum security. It does not claim to be the be all and end all in protecting one's computer from malware, only that it needs to be an instrumental part of that protection and that it does so by sandboxing or virtualization—think creating a virtual bubble—where it places those parts of a computer that are most exposed to infection.


Was it easy to install?

Reviewer 1: Yes, for the most part. During this trial, I installed three different versions of DefenseWall, often multiple times. Usually, installation went smoothly, although at least once the installation instructions were too large for the fixed-size box provided and thus part of the instructions were cut off in mid-sentence. Sometimes the installation did not place a DefenseWall icon in the system tray, as it is supposed to do. Neither of these problems occurred with the most recent version.

Reviewer 2: Yes, no problem.

Reviewer 3: Installation was fast and smooth. The only quirk is that in order to activate the license it is necessary to find and select a specific activation file. The license agreement is very simple. This program is distributed as shareware with a 30 day free, fully functional trial. After that, a transferable license must be purchased for each computer it is used on.

Reviewer 4: Yes. It was a standard Windows install that allowed me to put the program where I wanted to. It adds two items to the startup menu, as it needs to be running all the time, particularly when using the "untrusted" programs (browser, email, chat, etc.) It warns to be sure that it is being installing on a "clean" computer, and that any activities on the Internet need to be finished before the installation. I did virus and spyware sweeps of my computer, cleaned up the Registry and then installed the program, rebooting computer when the installation finished.

Reviewer 5: Yes. It was a relatively small download (3.26MB), especially considering the advanced technology and sophistication of this program. There is little or no need for configuration or of any long learning curve. It is very much an install it, set it, and forget it program.


Good Points

Reviewer 1: Although I was unable to test DefenseWall’s success in dealing with malware, the program does block changes to most programs and to the Registry. According to the Help file, DefenseWall will also either block or warn about any program that captures keystrokes (such as passwords, credit card info, etc.). It seems to me that it would therefore be very difficult for malware to do damage if the computer is protected by DefenseWall. One of DefenseWall’s greatest strengths is the dedication and responsiveness of its developer, Ilya Rabinovich. I wrote several times requesting help, and each time Ilya responded in just a few hours or less. DefenseWall also has a user’s forum. Often, such forums are a way to lighten the volume of questions sent to the developer. However, Ilya is very responsive to questions asked on the forum as well. Another sign of the developer’s dedication is the fact that in the few months that I tested DefenseWall, two new versions were issued. Each version improved upon the earlier ones.

Reviewer 2: The support is exceptional. The Forum (http://gladiator-antivirus.com/forum/index.php) is monitored by the developer and he often answers questions directly and very quickly. The Forum allows for notification of replies by email when someone comments or answers. Of course, you must register on the Forum for this to work.

Reviewer 3: One of the key features of DefenseWall HIPS is that it classifies programs such as one’s e-mail client, web browser, and audio/video player programs as “untrusted” and isolates them in a virtual space or “sandbox”. DefenseWall HIPS appears to have correctly identified my at-risk programs and placed them into the “untrusted” category. Technical support by email was rapid to reply and responsive to my issues. They did finally resolve my problem, and I have to give them credit for an extraordinary amount of time and effort. To give this program a more rigorous test beyond normal daily use, I took a side trip to the wild side of the Web after having disabled my other computer security programs. (I did have a huge number on known malicious sites blocked via my HOSTS file, however.) DefenseWall HIPS only popped up a warning of a potentially dangerous program when I began to allow a “suggested” program to install and I opted not to continue down this path. I reinstalled/reactivated my other security programs after this detour and scanned my system, and found no trace of malware having gotten into my system.

Reviewer 4: The support that Ilya Rabinovich, the developer of DefenseWall is so outstanding that I want to put it at the top of the program's Good Points. Over the long time that I have used DefenseWall, he has always been very quick to respond to any issues that I have raised. My most recent request was answered in less than 15 minutes. Additionally, he will continue working on a problem until it is resolved. This applies both to items that are sent by email, or ones that are posted on the Forum. Such dedication and passion for a software program is rare indeed. One of the unique features that I first noticed about this version of DefenseWall is the special module for doing online banking or shopping. When this is called up from the right-click menu in the System Tray, DefenseWall will first shut down all "untrusted" processes. This includes any files that may be open on the desktop that are being used by an "Untrusted" program: (please see the comment about pdf files in Weak Points below.) This ensures that the browser will open only in the online session, in the "cocoon" of DefenseWall, so that no other intruder can get inside the session to steal or otherwise harvest personal information that could be used illegally or harmfully. As this is a very secure way to be working online, I also go into this mode when I am dealing with online communication I have with my clients. I am very pleased with this new feature in DefenseWall.
Another item that is very interesting is the "Secured Files." In this module of DefenseWall, you files can be selected that will be beyond the reach of programs that are Untrusted. The files do not have to be moved to any specific location and can be simply dragged and dropped into the list in DefenseWall; so, wherever they are on the computer, Untrusted programs will not be able to access them. For example, I have some files I have chosen to be Secured. If I try to add them as attachments to an outgoing email, I will receive warnings that pop up from the System tray:

Any message sent with the attached "Secured Files" will arrive in the recipient's email, but the attachment will not. To send that file, it must be removed from the Secured list. Once the attachment has been emailed, it can again be made secured.

Reviewer 5: When I first reviewed this program (v 1.61) almost two years ago, I began by asking Who is Ilya Rabinovich? Ilya Rabinovich is a former nuclear scientist turned programmer and the person responsible for DefenseWall HIPS (Host Intrusion Protection System). I could simply stop here as this individual alone may be enough to “sell” this program. Have you ever wished that you could give a software developer a call anytime you wanted to ask questions or make suggestions rather that needing to fill out support tickets or write emails for help? A quick trip to the DefenseWall HIPS support forum at Gladiator Forums or even a visit to Wilder’s Security Forum and you will find that this is almost as good as having the developer on your speed dial. The developer, Ilya Rabinovich, seems to monitor these forums 24/7 as most often he personally replies to nearly every post. I saw instances where a user had posted that he had found a flaw—a “bug”—in the program, and a new version or “fix” was ready to download within an hour or two. In other instances, users had questions which could not easily be explained in a simple post, so Ilya had the users download their event log so that he could personally examine it to see where any problem might exist. Now, whether Ilya is simply a fanatic (which he apparently is in the positive sense of that word) or has been cloned into several copies of the original, he seems somehow able to give every customer not only technical support but personal attention! So what can I say now that I didn’t say then? Nothing really other than if it is possible, Ilya has seemed to have spread himself even further as it is a rare forum in which DefenseWall HIPS is being discussed that you will not find Ilya there trying to help or asking for ideas for improving the program. Even more amazing is that Ilya gives this product all of this attention not because the program has so many flaws but simply because it seems he is constantly listening to users as to how the program might be further improved. And, somehow, he has managed to improve what I thought was near perfect two years ago! This program installs with a default configuration set (there is an expert configuration as well) and at this configuration it is truly a set it and forget it program. What this program essentially does is automatically places those parts of one’s computer or programs installed the computer, such as email programs, browsers, p2p file sharing applications that are at risk to infection, into what is often referred to as a “sandbox.” This “sandbox” is like a virtual bubble so that if any malware such as viruses, trojans, highjackers, etc, tries to infect the computer by entering through a running program or application they become trapped in the “virtual bubble” and cannot infect the computer. Downloads will also be placed in this DefenseWall “bubble” so any spyware that might be present in the download will also be trapped and stopped from infecting the computer! In addition, there is an option of placing processes, folders, files, etc. into this same DefenseWall “bubble” for further protection; or, temporarily suspend items placed in the bubble, remove them, edit them, and so on. The user retains total control of this function. It is necessary at times to remove or temporarily suspend items from the DefenseWall “bubble”, for example, to make changes or change toolbar or browser settings as this would be prevented by DefenseWall HIPS. This can be done with a right-click because DefenseWall HIPS installs its features/options as a right click context menu in Windows Explorer. Now in addition to all of that, there has been added an even easier to use interface;

an Explorer add-on; a new "Untrusted application excludes" feature as well as a new ability to remove files with "Defense Excludes," and also now the ability to schedule automatic program updates; a roll-back feature which offers the capability to not only clear all changes made by untrusted processes, but also allows one to do so to a specific point in time be able to; a unique “Go Banking/Shopping feature that launches a Web browser into a an isolated place, separate from even the other trusted or untrusted applications and thus avoiding any other application from invading to engage in password-sniffing, etc. Of course, the real test is whether it actually works at protecting one’s computer, so I purposely threw several viruses, Trojans, and keyloggers at it, and, not surprisingly, it did do its job preventing my computer to be infected. So, does this newest version of DefenseWall HIPS consume a lot of resources now that it to offers even more features? Absolutely not! In fact, on my computer it consumed approximately 4MB of RAM, has only two processes running, and made no noticeable change in my CPU usage or browsing speed whatsoever (which by the way is unique among its competitors, all of which use far more resources). This is simply an excellent program that continues to consistently improve. It has one of the most straightforward EULA’s (End User License Agreement) I have seen as there is absolutely no legalese, and at $29.00 it is a steal, compared with the shareware versions of other antispyware or antivirus programs, and firewalls. If you have tried other HIPS programs such as Sandboxie or Greenborder and didn’t like them because of their steep learning curve, constant popups and continual need to interact, you will find none of these negatives or nuisances with DefenseWall HIPS. Best of all, there are none of those constant updates as DefenseWall HIPS does not need to rely in definition files to stop infection. The program works on Windows 2000 through Vista and there is a free 30-ay trial period. This program gets my full recommendation without any reservation. In fact, I am using it in place of—not in addition to—any antivirus or antispyware program! This is the one program you must have.

Ilya Rabinovich replied: I’m a real man, not cloned in several copies. And, definitely, I don’t monitor everything 24 hours, I sleep half of this time :-). The key is to reduce support events by simplifying the product and fixing every single problem, plus a good help file. About user relationships, it is simple: they are who pay my bills. I work for them.


Weak Points?

Reviewer 1: DefenseWall continually interfered with my normal computer use. Every time I tried to change or upgrade a program, DefenseWall would prevent me from doing so until I changed its settings so that the operation would be permitted. It wasn’t just upgrades that were affected; DefenseWall prevented saving new bookmarks in my Powermarks bookmark manager. I wrote to tech support for help and was told to put Powermarks in “Defense Excludes.” I finally wound up putting the entire folder there. Similarly, DefenseWall blocked using the a-squared anti-malware program until I put that entire folder as well in “Defense Excludes.” DefenseWall wouldn’t even let me print a crossword puzzle to a pdf file, and in this case I couldn’t find the right files to add to “Defense Excludes.” After a while, all this hassle became so bothersome that I no longer permitted DefenseWall to start when I booted up my computer. I assumed that if I didn’t start DefenseWall, it would no longer interfere with my computer use. I was mistaken. I spent several days trying to figure out why I was having problems upgrading Firefox and why my Registry seemed to be all fouled up. It turned out that DefenseWall was still blocking changes even though it was no longer set to start automatically at startup and I didn’t start it manually. I then uninstalled DefenseWall and all the problems ceased. Although DefenseWall’s continual interference with my normal computer use was its most annoying feature, I found other weaknesses as well. The DefenseWall Web site claims the program produces “no popup windows, no false positives,” but I frequently encountered popup windows with the disconcerting heading “Alarm Notification!” Usually, these alarms told me that “Process ‘C:\Program Files\Mozilla Firefox\firefox.exe’ receives all the clipboard data.” I wrote to the DefenseWall forum to ask about this and was told that it was “no problem.” At times, the alarm notification advised that my email program was receiving all the clipboard data, and someone else on the forum reported a similar popup alarm about Adobe Acrobat. If indeed there is no problem, I don’t understand why DefenseWall provides these popups that carry the ominous-sounding heading “Alarm Notification!” I also found it difficult to understand why programs were or were not considered “untrusted.” For example, I’m not sure why the DefenseWall Help files are considered untrusted, nor why a pdf file I downloaded was added to “untrusted applications” but an mp3 file I downloaded from the same site was not. I was even more puzzled by DefenseWall’s failure to include a number of obvious programs on its “untrusted” list. My FTP program, WS_FTP, was not included, nor was the telnet client TeraTerm, nor the well-known web development program Dreamweaver (which uses its own FTP agent). All these programs interact with the Internet. I also was puzzled about why DefenseWall listed Opera but not Firefox in its Download areas, since Firefox is my default browser. I have set a specific folder to receive all downloads made with Firefox, but DefenseWall did not list this.

Ilya Rabinovich replied: It looks like you have set up the program the wrong way and that is why we had so many interaction problems. What is your untrusted setup? I believe you just do not understand what software should be untrusted and what shouldn’t; thus, you have made mistakes with the manual untrusted setup. “Untrusted” are applications which contact potentially dangerous Internet contents (browsers, email, IM, IRC, P2P, and multimedia clients. You should also set up your removable devices as untrusted since malware spreads this way) and, maybe, CD/DRD-ROM as well. Regarding the problem with Powermarks, just add “pm35.htm” into the “Defense Excludes” list as an easy and simple fix. Regarding the problem with your pdf and mp3 files, there is an untrusted ruleset for that. Your multimedia client should always be untrusted and your PDF reader should be turned to untrusted only if you launch an untrusted pdf file with it. Specific download folders should be added manually; it is simply impossible to cover all of them with all the browsers in the world. Perhaps I’ll change the “Alarm notification” title to “Warning notification”. But I have to discuss it in my support forum first. About the built-in untrusted list, it is impossible to list all the potential threat-gates applications there. Dreamweaver is not such a program. Its FTP client is made purposely to work with your own site, and the same applies to WS_FTP. Do you use it to download software via the FTP protocol?

Reviewer 2: I actually found the program to be intrusive in that it drastically impacts the performance of my Firefox use. Because of its monitoring activities, Firefox took a very long time to actually load or it failed to load at all. Fifty to 60% resource consumption was not unusual. If there is an update to a plug-in, DefenseWall would not allow it to be installed without shutting down the monitoring before launching Firefox. If I am going to use a program, it needs to just work and not need to be turned off and on manually all the time.

Ilya Rabinovich replied: If you had such a huge Firefox impact, why didn’t you contact support to solve the problem? CPU usage of 60% is not normal and needs to be fixed. Contact me. About plugins, sorry, you just need to run Firefox as trusted to do this job due to security reasons.

Reviewer 3: There is no link to “Help” from within the running program. While there is a separate help function accessible from the Start menu and the Web site does have a rather extensive help section, it would be nice to have a link to it directly from the program. My email client, Eudora, with its accompanying spam-filtering program, Spamnix, did not fare well with DefenseWall HIPS 2.20 installed. Within only a few seconds of starting Eudora, a message appeared informing me that Spamnix had not started within 15 seconds, and did I want to wait?. Clicking on the “Yes” button” resulted in the same 15 second warning coming up about a second later. Clicking “No” resulted in Spamnix reporting that it “had encountered an unexpected condition and has disabled itself”. Eudora would continue to run, but without the Spam blocking function of Spamnix. I emailed tech support and reported this issue. They requested a copy of the Defense Wall HIPS log file. After examining it they sent me a link to a custom build of their program. We repeated this process multiple times and they finally were able to correct the issue within a week’s time frame. After their final custom build, Clear Tweak, my laptop font program, no longer booted properly at startup and they were still working on a resolution for this issue. When DefenseWall HIPS was uninstalled, both Spamnix and Clear Tweak returned to their normal behavior.

Ilya Rabinovich replied: Did you try to right-click on DefenseWall’s tray icon? There is a popup menu with “Help” and Online support” items there.

Reviewer 4: It took me some time to become comfortable with the concept of "Trusted" and "Untrusted" applications. Essentially, anything that opens the computer to the Internet is going to be defined as "Untrusted". Applications that come into play while using an "Untrusted" program will also be defined as Untrusted as well. For example, I use Foxit as my default reader for .pdf files. So, as soon as I read a pdf file while I am using Firefox on a Web site, Foxit and all its ilk (ie pdf files) will also become Untrusted. So, every week or so I find myself looking at the list of Untrusted Applications, and removing dozens of pdf files that I have been using from its Untrusted list.

DefenseWall has a very suspicious attitude towards all activities, and will err on the side of "untrusting". When I have downloaded a program such as one that we may be testing for the Neat Net Tricks Software Review, I need to remember that it must be allowed to behave as it would on any other computer. So when I run the installation, I must go to that installation file through the Defense all item in the right-click menu: "Run as Trusted." Otherwise, DefenseWall will regard that program and its activities with suspicion and begin to mark some of its activities as Untrusted."

Ilya Rabinovich replied: Yes, there is a problem with running trusted software installers as untrusted by mistake. It is into the pinned “Wishlist V3” theme at my forum, and the future versions of DefenseWall, I’ll do something with it, but not very soon. There are more important functionality needs to be implemented first.

Reviewer 5: There really are none. I could nitpick and mention a tiny spike in CPU use when starting untrusted applications but this I really something only a power user might even notice, and even then it has no effect on your computer’s performance. I could play developer and suggest that I thought the rollback feature could be a bit easier to find. It is also a bit difficult to identify applications that will launch as untrusted but this may be more of a subjective opinion than a criticism. I suppose nothing is perfect and probably not even DefenseWall HIPS but this is as close as it comes or as close as I have seen in over twenty five years of testing software!


Other Comments

Reviewer 1: None.

Reviewer 2: Malware producers are very industrious and prolific. They are constantly trying, often successfully, to stay one step ahead of the “anti” crowd. DefenseWall HIPS attempts to subvert this by using a different system that does not require constant updating of signatures etc. I have used other forms of “sandbox” or virtualization before and found many of the same problems with their use. They are a great tool for testing purposes but, in my opinion, not for everyday use.

Reviewer 3: When playing an online game, I received the alarm notification that firefox.exe was reading my keystrokes via “GetKeyState”. The option boxes “OK” and “Terminate” were displayed, but there was no help available to differentiate whether “GetKeyState” was malicious or a normal process. An online search outside of DefenseWall HIPS indicated that “GetKeyState” is most likely a normal programming function in this setting. Other processes from normally functioning, long-standing programs were also flagged as potentially dangerous. When I received a warning message about a truly dangerous program, there was also no help beyond a limited description of the possible problem. This lack of guidance while giving the user the option to continue or to block the process could potentially confuse a new or intermediate user, allowing them to either block a normal process or to allow a harmful one to run.

Reviewer 4: DefenseWall does not attempt to replace one’s anti-virus or anti-spyware programs. In fact, if the user is not comfortable with editing the Registry and suspects that malware has penetrated, it is recommended that he/she use an anti-malware program. DefenseWall can be seen as a supplement to whatever protection set up around one’s computer.

Reviewer 5: As I stated in my previous review of an earlier version of this software, I have not been a big fan of HIPS programs in the past. I find them intrusive, difficult if not impossible to learn, continually providing alerts which are difficult to recognize, annoying with their continual popups, constantly in need of updating, plagued with false-positives, and so on. DefenseWall HIPS, however, is guilty of none of this. I also grew tired over the past two years of the seeming necessity (and sometimes cost) to install and run multiple antispyware applications as well as an antivirus program to be reasonably assured of protecting your computer. So, almost two years ago I stopped running any spyware applications as well as an antivirus program—and have done so will no ill effects. I have kept two or three antispyware applications installed for manual scanning. Now I am convinced that with DefenseWall HIPS even this becomes unnecessary. With DefenseWall HIPS and a trusted firewall any computer can be protected as well or better than with many other programs. Viruses are written specifically to beat one’s antivirus application and, as such, it is virtually impossible for an antivirus program—no matter how good—to stop all viruses or Trojans from infecting. DefenseWall HIPS can stop these infections by creating a virtual protective bubble in which it places all of applications so that a virus or Trojan simply cannot infect those applications.


Will you continue to use it?

Reviewer 1: No. It’s possible that someone whose computer is frequently attacked by malware that gets past the computer’s firewall, anti-virus, and anti-malware programs would need and appreciate the added protection offered by DefenseWall HIPS. For me, however, DefenseWall’s inconvenience far outweighs its benefits.

Reviewer 2: No, it duplicates the function of several applications that I already have installed. It badly impacts the performance of my system and creates too much extra work. A computer is a tool for producing work. The tool should not get in the way or produce more work just to use it.

Reviewer 3: No. With any security program, the average user will have to take on faith that the program will protect them from malware or security breaches, and that it will not interfere with the normal functioning of their system. The latter is easier and quicker to detect, and on my system, DefenseWall HIPS interfered with a program that I have used seamlessly for years. This puts my faith in the reliability of the rest of this program’s functions in sufficient doubt that I do not feel comfortable relying upon it.

Reviewer 4: Yes. This is a program that has become one of my primary defenses against malware.

Reviewer 5: Absolutely. Not only will I continue to use it but it will be my only recommendation to anyone who wants to protect their computer.

OPERATING SYSTEMS USED IN THIS REVIEW
Windows XP Pro, XP Home

Back