The protection offered by DefenseWall and SandBoxIE looks very similar to me but I noticed that with SandBoxIE system file and registry changes made during a session are intercepted and never touch the real system and can be cleaned in one go by emptying the sandbox.

But with DefenseWall I think the changes are not isolated from the system in the same way and you must use a rollback feature or a separate malware cleaner if you want to remove traces from the system.

Can anyone confirm if that is true?

regards
Kaupp

-{ Quote: "The protection offered by DefenseWall and SandBoxIE looks very similar to me but I noticed that with SandBoxIE system file and registry changes made during a session are intercepted and never touch the real system and can be cleaned in one go by emptying the sandbox.

But with DefenseWall I think the changes are not isolated from the system in the same way and you must use a rollback feature or a separate malware cleaner if you want to remove traces from the system.

Can anyone confirm if that is true?

regards
Kaupp" }-

Yes, mostly, it is true.

I wish I knew that before I bought the license to your proggie, Ilya... I think that SandBox is better in protecting when i read that you agree on the firt post. Why not make DW as good as the other?

-{ Quote: "I wish I knew that before I bought the license to your proggie, Ilya... I think that SandBox is better in protecting when i read that you agree on the firt post. Why not make DW as good as the other?" }-

But why do you think that total virtualization sceme is something good? I can name you a lot of disadvantages of this technologie.

1. I may install proxy/extension with your browser and control all your traffic. It is very silent thing, you won't know. DefenseWall blocks it.

2. When you empty virtualization container, all your data and settings will be lost. DefenseWall allow you to clean up malware tracks manually under your full control. Your data and settings won't be lost.

3. File system virtualization generates a lot of problems if you use 3-rd part file managers (I use FAR, for instance).

4. I don't think file system virtualization have a good learning curve for non-technical users (but, maybe, I'm wrong).

5. It is possible to achive good protection level even without virtualization and it is possible to have a bad protection with using of it, because defense itself is, mostly, based on sandbox's strength.

Yes, I understand that othere vendors show you only advantages of virtualization technologie and they are, in fact, exists, but I mostly believe in disadvantages as I positionate DefenseWall for avarage users use. In fact, there is some registry virtualization inside, but highly limited.

Ok, sounds ok to me. I hope others will shed some light on this too. Just out of my curiosity I want to learn things I don't know yet :)

I have not use DefeseWall but I have used GesWall( that is similar to DefenseWall) and Sndboxie. I am just an average use but I think though Sandboxie gives more protection because of total virtualiztion but it is on the expense of decresed performance. I have got serious issues with Opera, yahoo messenger etc while running in Sandboxie( they will just stuck) but not such issues so far with GesWall. So I think u have to choose in between the two and for average user esp as I do safe surfing I will prefer more performance rather than more security(n what is the yse of a security application if it becomes a hassle).
BTW, i think both GesWall and DefenseWall use virtualization for registry. Am I right Ilya?

-{ Quote: "

1. I may install proxy/extension with your browser and control all your traffic. It is very silent thing, you won't know. DefenseWall blocks it.

" }-

U mean to say that it is the disadvantage of virtualization itself? Can u explain it more pls.

-{ Quote: "1. I may install proxy/extension with your browser and control all your traffic. It is very silent thing, you won't know. DefenseWall blocks it." }-

Yes more info on this please.

-{ Quote: "
But with DefenseWall I think the changes are not isolated from the system in the same way and you must use a rollback feature or a separate malware cleaner if you want to remove traces from the system." }-

This doesn´t sound good to me. Does this mean that malware will actually be able to reach the real system? And I still don´t exactly understand the difference between tools like DefenseWall and BufferZone and GreenBorder.

-{ Quote: "
When you empty virtualization container, all your data and settings will be lost. DefenseWall allow you to clean up malware tracks manually under your full control. Your data and settings won't be lost." }-

Isn´t there some kind of workaround? Data (favorites, browser settings, saved files) must not be lost if you clean/reset the sandbox. I´m not sure how this works in BufferZone and GreenBorder, maybe someone else can answer this.

OT:

@ Ilya

When are you going to fix DefenseWall´s GUI? It´s simply horrible. :-X

-{ Quote: "U mean to say that it is the disadvantage of virtualization itself? Can u explain it more pls." }-

It means that, if I install extension with your browser, it will be working with it untill you won't clean up virtualization container. But cleaning it up means that you have to dig into it to rescue your legitimely downloaded files. Same with the hidden proxy installation.

-{ Quote: "BTW, i think both GesWall and DefenseWall use virtualization for registry. Am I right Ilya?" }-

Yup.

-{ Quote: "Does this mean that malware will actually be able to reach the real system? " }-

Not quite. Even if you use virtualization, malware will be contained within your real file system. Only in another place. There are rules within DefenseWall what files types are possible to modify by untrusted and what are not.


-{ Quote: "
And I still don´t exactly understand the difference between tools like DefenseWall and BufferZone and GreenBorder." }-

It is, mostly, in using of virtualization technique. They believe in advantages of this technique, I, mostly, believe in disadvantages- I'm just very careful with it. In fact, virtualization is just a tool, but any tool have pros and cons. The main aim of the developer is to use all the technologie's advantages and minimize disadvantages.

-{ Quote: "
When are you going to fix DefenseWall´s GUI? It´s simply horrible." }-

I'm just in progress. If you have any suggestions about- PM me.

-{ Quote: "It means that, if I install extension with your browser, it will be working with it untill you won't clean up virtualization container. But cleaning it up means that you have to dig into it to rescue your legitimely downloaded files. Same with the hidden proxy installation.

" }-

Thanks for the replies. I think a good firewall or other HIPS sure will catch it. So how DefenseWall protects against it? By protecting registry of browser I think? Is it just like some spywares add a browser toolbar?

Thanks for the feedback, it´s still a bit confusing but I guess I will have to test these tools myself in order to get to understand them better. I think sandboxing can be a very effective protection against malware but they also seem to have drawbacks, for example, if you clean/reset a session all your data will be erased. However, for example Sandboxie gives you an option to recover certain files before cleaning the sandbox, perhaps DW can also offer this?

-{ Quote: "perhaps DW can also offer this?" }-

The function is already there. The "clean up center". Essentially a list of files and registry settings DW has let an Untrusted application save to your hard drive. You can either remove items from the list (allow items to remain cahnged on your computer), erase items (removes from Harddrive), or "Rollback" to a certain point in time ie. " I know I got wacked by something around noon so I'll rollback to this morning to be sure i remove everthing bad" etc.

-{ Quote: "Thanks for the replies. I think a good firewall or other HIPS sure will catch it. So how DefenseWall protects against it? By protecting registry of browser I think? " }-

Yes, but not only registry! Mozilla/Firefox and Opera store this information into it's files.

-{ Quote: "Is it just like some spywares add a browser toolbar?" }-

Yup!

-{ Quote: "However, for example Sandboxie gives you an option to recover certain files before cleaning the sandbox, perhaps DW can also offer this?" }-

Yes, it is. But, in fact, this option is for the advanced users who clearly understand what are they doing. I always recommend use AV engine to clean up malware modules in other case- inactive malware is not dangerous, it could be cleaned up later, when it's signature will be added into AV database. And, I suspect, most of the users will choose AV to clean up malware.

-{ Quote: "Yes, but not only registry! Mozilla/Firefox and Opera store this information into it's files.
" }-

A bit OT but I think Opera does not allow any attachments to itself, but not sure, may be some plug in like thing?

-{ Quote: "The function is already there. The "clean up center". Essentially a list of files and registry settings DW has let an Untrusted application save to your hard drive. You can either remove items from the list (allow items to remain cahnged on your computer), erase items (removes from Harddrive), or "Rollback" to a certain point in time ie. " I know I got wacked by something around noon so I'll rollback to this morning to be sure i remove everthing bad" etc." }-

BTW, i did an experiment few days back. I scanned my system with SupaerAntispywrae, installed some spywares by running exe files as untrusted in DefenseWall, scanned again with SAS, obviously it found many files and registries. Then I rolledback and removed all files and reg enteries by DW. Re-scanned with SAS and still found few files and many reg enteries. So Rollback or cleaning by DW seems incomplete at least by this experimentation.

-{ Quote: "BTW, i did an experiment few days back. I scanned my system with SupaerAntispywrae, installed some spywares by running exe files as untrusted in DefenseWall, scanned again with SAS, obviously it found many files and registries. Then I rolledback and removed all files and reg enteries by DW. Re-scanned with SAS and still found few files and many reg enteries. So Rollback or cleaning by DW seems incomplete at least by this experimentation." }-

There were *perhaps* dangerous files not seen by DW, even if this sounds unlikely (it did work fine with important files, during my tests), but be careful before jumping to conclusions here : SAS does include all files created by spywares, including stuffs like .ico, .ini, and .pf files, etc.

These extensions are not logged by DW, but that doesn't mean that DW did let some nasty files creep in ! (most of the time, these extensions are harmless).

And make sure to check for folders, in DW's Rollback panel : I've noticed that sometimes, files are listed here individually, aside from the folder they're located in (listed too). When you rollback these folders, all files inside are removed.

Anyway I'm sure Ilya will make a more detailed reply about this matter ;) .

nicM

So what about registry enteries?

Well, it is possible that some entries could not to be logged within 'Rollback'. This functionality is quite new and I'm still working on it's improvement.

@ Ilya

Btw, now that I think of it, can´t you give some more info (in detail) about DefenseWall on your site? For example, you say that untrusted processes are not allowed to do certain stuff. Perhaps you can tell us which things can´t be modified by untrusted processes? I mean it´s all a bit vague. I also do not understand the part about needing anti malware tools to clean up your system from malware traces.

-{ Quote: "Perhaps you can tell us which things can´t be modified by untrusted processes?" }-
Maybe, but I'm not sure avarage user will understand it. Too technical information.

-{ Quote: "I also do not understand the part about needing anti malware tools to clean up your system from malware traces." }-

You see, most of the users are afraid to do something wrong with their computers. That is why they prefer not to use rollback (they afraid to erase something important), but use their AV already installed (OEM-based one, for instance).

Ilya, you don´t have to go into complete technical details but a bit more info would be nice. Look at SBIE´s or GreenBorder´s site for example, they give a lot more info. Why not try to describe how DefenseWall is able to prevent malware from infecting your computer, and you can perhaps also give more info about the "rollback" feature. ;)