Demo - GeSWall in Action

In order to see a power of GeSWall you can try the demo. The demo is a simulation of intrusion attacks, virus and mal-ware activity, including:

• Information Disclosure attacks, copying confidential files
• Infecting executables
• Deleting documents
• Code injection
• Sending control keystrokes to windows (shatter attacks)
• Process termination through implicit context of WMI service
• Installing a backdoor attacks

How to Use

1. Make sure you have Windows XP with SP2 (SP2 is required for demo only)
2. Install GeSWall Personal Edition if not yet
3. Start your favorite web browser in isolated mode
4. Go to http://gentlesecurity.com/demo.html
5. Download the demo VBS script gswdemo.vbs
6. Start it by "cscript.exe gswdemo.vbs" command or by clicking on the gswdemo.vbs file

At that point, you will get a pop-up dialog:

GeSWall has tracked down gswdemo.vbs as a file created by isolated application (web browser running in isolated mode) and considers this file as untrusted source. Therefore, whenever VBS engine tries to read and execute the script GeSWall notifies about and let you run the script in isolated mode. (Note that with "Auto-isolation, no pop-up dialogs" Security Level no pop-up dialogs will appear and script will automatically run isolated.)

First, click on "No" button. As result, script command prompt will run unisolated, so GeSWall will not block any attack. From this stage, you just watch the script output. Please note you should not press keys, move mouse, switch to other applications or interrupt script execution as it may result in incorrect script behavior.

A corresponding output message precedes each attack probe as well as final probe status at completion, e.g.:
- Delete(rename) files in "My Documents"
o Rename 3 files .. Success

During code injection attack probe demo crashes and terminate Windows Explorer. Whenever you get a pop-up message like this:

Just click on "Don't Send" button and Windows Explorer will automatically restart. Please note attacks are simulation of actions identical mal-ware ones. No any info is really leaked or file deleted from your system. After every attack probe, script performs cleanup by deleting created files and registry keys.

Once script completed command prompt kept open, so you can review whole output or re-start the script again.

Now start the script in isolated mode, by clicking on "Yes" button of GeSWall pop-up dialog described above. You will see script running in windows with marked caption.

During Information Disclosure Attacks probe, you will get following pop-up dialog:

This means GeSWall has detected that isolated untrusted application is trying to copy confidential documents. A dialog describes an untrusted application behavior and let you prevent that action. (Note that with "Auto-isolation, no pop-up dialogs" Security Level no pop-up dialogs will appear and access to confidential files will be blocked automatically.)

The script output shows the status of each attack probe, so you will see 'Failed' status string if an attack blocked by GeSWall.