Hi guys, I have an issue I can't quite figure out. Here's a rundown of the security I have:

1.Router

2. Firefox with AdBlockPlus and NoScript extensions

3. Avast Home AV

4. Online Armor trial firewall

5. DefenseWall trial

6. SuperAntiSpyware Free

7. SpywareBlaster

Now that you know my setup, here is my problem. I'm aware that Online Armor and DefenseWall have web-checking abilities, meaning they check webpages and filter out bad things. I THINK Avast does this partly too as the Avast globe spins when loading a page. My issue is when using Internet Explorer, Online Armor warns me of ActiveX on MSNs' homepage.

I choose to block it, and then the page loads VERY slowly and then goes black except for the title bar at the top. It completely freezes the browser and I have to force it closed. I have no such issues with Firefox. Do I just have 1 too many filters trying to act at once and freezing things up? Also, Online Armor seems to have an AV within it because it wanted me to scan for viruses upon setup.

I downloaded the firewall trial only though. Is this going to interfere with Avast? I may possibly go back to using the free version of Avira as since I installed Avast things have slowed down a bit. Not saying the program is bad at all, maybe it just not right on my setup. Anyway, thanks for reading this and I look forward to your replies.

EDIT: I have since tried shutting down On-Access scanner/Providers in Avast and loading the page. The page loads very quickly now, but then immediately freezes solid. So maybe a conflict between OA and DefenseWall?

I'm running Avast!'s webshield and standard shields only. I also have OA2 without the AV+. The scanner you mentioned is a basic scanner that shouldn't interfere with anything. I also have spyware blaster, and SAS free. I was able to get to msn in both ie and firefox. Firefox loads it fast and perfect. I did have to refresh 2-3 times in IE7 to get it to load up though. It was hanging on me. I tried disabling both programs web shields alternating them and it didn't make a difference here. The page loads with an error almost every time. OA didn't mention the ActiveX control when I tried. My settings may be different too. Also, my settings may be different in IE as I don't use it.

Avast has many shields that can be disabled if your not using them. That may speed things up. OA2's Web shield and Avast's Web shield seem to be working fine together on my machine. Not sure if this feature is available in your version of OA, but click My Web Sites and look at the msn site and you can change it to trusted. Mine is currently set as unknown and I don't get the ActiveX prompts. I also tried setting it to untrusted and that didn't change anything.

I'm not familiar with DW, so I can't help with that. I am running Sandboxie though with FF and that makes no difference. I think there may be a problem with the website because of the errors. Maybe someone else can give it a try in IE. Also, for reference what version of IE and what version of Windows are you using? I'm using IE7 and Windows XP home SP2.

Something I didn't do that you may try is clearing your browsers cache and then try again.

Hi Innerpeace, thanks for replying. I'm actually having no trouble at all when I access MSNs' homepage in Firefox. The ActiveX control there seems to be used in a part of the webpage where various news items flash on and off. Other than that 1 ActiveX warning the page loads fine in IE. But once it's loaded completely it just freezes solid, I can't even type another URL in the address bar.

So, I'm beginning to think it's that particular page itself, but I don't truly know. I'll report back after a couple of different things I'm going to try.

Good luck and let us know how it goes. If you want me to try something, give me a yell. Cheers

Well, that was a lot quicker than I thought it would be. This time I went in SuperAntiSpyware and changed IE7's homepage to Google.com. Unfortunately it had the exact same effect, it froze like ice. I'm using IE7 on Windows SP2 by the way. I really wouldn't care if it weren't for the fact that there are a handful of websites I have to use that only work properly in IE.

I'm trying to look here and there but since before today I've not used DefenseWall or Avast and Online Armor, I'm not real sure what settings I need to be looking at. I pretty much left all 3 on default settings.

EDIT: Innerpeace, just to try one other thing I clicked on Windows Update in the Start menu, was taken to the update page with no problems and was able to surf a few other pages trouble-free. But if I simply click on IE and get taken to the homepage, the issue comes right back.

Hey, I just thought of something. Does DW have policies that run programs with limited user accounts? OA2 does this too with certain programs. It's called 'run safer'. Double click OA2 icon, click programs, find IE7 (mine shows 2 IE entries) this one will have Advanced options when you right click the correct one. Then see if the 'Run safer' box is checked or unchecked. This could be part of the problem. Again, I'm not sure what features are available in DW.

I just ran ccleaner, paused Avasts webshield, stopped OA2s web shield and then loaded IE7 with google as my homepage. I then loaded msn with no problem, but there was this error which I clicked to view. I then ran ccleaner again, then enabled the web shields and tried again and the page loaded slowly, but it loaded with no errors.

There is also an extension that can load IE within firefox, it's call ietab. https://addons.mozilla.org/en-US/firefox/addon/1419 I'm not sure if that would help in your situation or not.

Hey Innerpeace, yep, the IE entry in OA did have Run Safer checkmarked. I'm half afraid to disable that as I don't want to lessen my protection. Interestingly, I realized that by opening up CCleaner and asking it to check for updates, it would open IE and go to their homepage. Sure enough it did and I surfed trouble-free from their website.

It only starts giving me issues if I open IE the normal way. I have noticed I have 2 IE and Outlook Express icons in my Start Menu now. I'm not sure if one is unprotected and the other is or what.

I think DefenseWall isolates your risky programs, so your safe. OA2 does a similar thing with it's run safer, so there could be a conflict. Do you have process explorer? It's like a 'souped up' task manager and there is a way to check for sure if your running as admin or not. What other security software do you have? Even your on demands. Some of them have the option to protect your home page and could be conflicting. I usually stick to one and then when I install new security programs and updates, I search around to make sure they don't duplicate the protection. Try disabling the SAS home page protection and see if that helps. I don't see any setting in OA2 that would protect the homepage, so I think your safe there.

I wish somebody that had DW would stop by and say hello to help with the settings.

-{ Quote: "Hey Innerpeace, yep, the IE entry in OA did have Run Safer checkmarked. I'm half afraid to disable that as I don't want to lessen my protection. Interestingly, I realized that by opening up CCleaner and asking it to check for updates, it would open IE and go to their homepage. Sure enough it did and I surfed trouble-free from their website.

It only starts giving me issues if I open IE the normal way. I have noticed I have 2 IE and Outlook Express icons in my Start Menu now. I'm not sure if one is unprotected and the other is or what." }-

If your running DW, try this. Right click OA2 icon and then select 'deactivate hips feature'. run ccleaner and try IE7 again. If it works, then it's probably a conflict with OA2 and DW duplicating protections. When your finished, you can re-enable protection if you wish.

Edit: looking at the OA website, the program is suppose to protect your home pages. I'm not sure if it possible to disable this or not, but you only want one program doing this.

I THINK we've found the issue. I shut HIPS off in OA, rebooted, and now opening IE normally and surfing causes no issue whatsoever. But now I'm a little worried about leaving HIPS off in OA. I liked it warning me about applets and ActiveX and such trying to load, but I also like how DW protects me too. I wonder, does DW let such things run and then gets rid of them when you close out a browser session such as Sandboxie does?

If that is the case, I would guess it would be safe to leave HIPS disabled in OA as anything I do withing the Untrusted browser in DW would be undone once the browser is closed. I'm pretty new to this whole HIPS and Sandbox stuff, so I don't really know what to look out for as far as conflicts and what is better than what.

Were you planning on buying OA2 after the trial, or just let it go the the free firewall with limited features? If so you might ask at the forum if disabling the HIPS is the same thing as the free limited version. I could ask if you want. I can't answer the part about DW vs. OA2. One thing I am worried about is what part of the HIPS is disabled. Many firewalls needs HIPS to be completely effective to prevent leaks. I'm very new to sandboxes and HIPS too.

Edit: http://www.wilderssecurity.com/showthread.php?t=177094 This is a recent discussion that may help some of your DW questions.

That's a GREAT question, I could be putting myself at a real bad risk not having HIPS on in OA. I was thinking of buying both OA and DefenseWall as they are highly touted programs on this board. I tend to come here for reviews of software I want to try instead of looking at most of the computer magazine sites. I've noticed they tend to test on old machines and I worry that maybe their virus/malware samples they use in testing are new enough to really give a good idea of how such security software works.

As far as the issue at hand, I seem to be looking at either getting rid of OA and keeping DW with a firewall like Comodo (which I believe also uses HIPS and may cause issues), or keeping OA and going with SandBoxie, which also seems to be well-liked here.

I'm using OA2 and Sandboxie with no problems. If DW and OA2 don't get along, you could find out how to tweak the individual settings that are conflicting. Comodo does have basic HIPS, and it's new version 3 is suppose to have a lot of HIPS capabilities. It will probably be comparable to OA2.

I would post at tallemu.com forums and ask them about compatibility and or how to tweak them to get along. They are very helpful there, but it is a slow forum.

Off topic: can you do me a favor and open OA2 and when you do, does your Avast icon keep spinning? Also, can you right-click the Avast icon and click Avast log viewer and then look under the 'Error' and 'Warning' boxes to see if you have a lot of tallemu/onlinearmor entries. I found a work around, but I just wondered if I was alone with this issue. Thanks, innerpeace

Hey Innerpeace, I opened up OA and the Avast Icon didn't even move. I checked the Avast log and have absolutely no emergency/critical logs. I guess I have a lot of reading ahead of me to do, I hate to get rid of either program. I'll head over to the forum you suggested and see what I come up with.

Ok, you could also post at the DW forums too as I hear their very helpful also. The developer posts here at Wilders alot. Thanks for checking out the Avast things for me.

Cheers, innerpeace

-{ Quote: "I liked it warning me about applets and ActiveX and such trying to load, but I also like how DW protects me too. I wonder, does DW let such things run and then gets rid of them when you close out a browser session such as Sandboxie does?" }-


DW doesn't block ActiveX's. Not sure about applets. And no it doesn't get rid of stuff when you close it like Sandboxie. I'm no expert on DW but i've constantly been told it runs vulnerable apps as 'untrusted'. Which means that if you run IE untrusted then anything running through it is also untrusted. Therefore anything untrusted doesn't get access to critical system location's where harm could be done. Think i got that right, but i'm sure someone will correct me if i'm wrong.

muf

-{ Quote: "DW doesn't block ActiveX's. Not sure about applets. And no it doesn't get rid of stuff when you close it like Sandboxie. I'm no expert on DW but i've constantly been told it runs vulnerable apps as 'untrusted'. Which means that if you run IE untrusted then anything running through it is also untrusted. Therefore anything untrusted doesn't get access to critical system location's where harm could be done. Think i got that right, but i'm sure someone will correct me if i'm wrong.

muf" }-

Yep,that's right

I don't think DW duplicates web browser settings, cache etc. like SandBoxie does, it just denies the web browser access to critical files. Which means any activeX control you install has no access to critical system files, and folders you specify in the "secured areas".

As for conflicting with OA2, I don't know, but I'd say both being HIPS theres a good chance for conflict. I don't think its necessary to have both - one or the other provides good protection. I personally use DW + Comodo FW mainly because its less popups than OA2, and I prefer sandbox HIPS over behaviour based ones, and also because its cheaper. But OA2 is also excellent - can't go wrong with either solution. But I wouldn't use both together.

Hi guys, thanks for all the replies here, you've been a lot of help. I was unable to post at the OA and DW forums as my lovely ISP decided the email servers were going to go down. I've decided, at least for the time being, that I would just keep using the trial of Defensewall and switch back to Comodos firewall. ( I agree with Tamdam, a whole lot of popups with OA. Not that it's a bad thing, but if I can keep good security and keep things easy on the other people in the household, then all the better).

Hi dw426,

Did you tried to uninstall Avast's Network Shield ?

MaB

Hello dw426,

Regarding DefenseWall, please take a look at post #5 that I made in the following thread.

http://gladiator-antivirus.com/forum/index.php?showtopic=56101&st=0&p=174401&#entry174401

FYI, I have experienced conflicts when using both DefenseWall and OA v1+ in the past. I have no experience with OA2.


Peace & Love,

CogitoErgoSum

Glad you got you're problem is sorted. I'm testing DW as well at the moment. Last night, I had the first real hassle with it. I was upgrading to Media Player 11 and DW kept blocking the downlad. I tried everything I could think off, removing MP from untrusted, running it as trusted, disabling protection and in the finish, I had to uninstall DW in order to upgrade. It was a pain, I can tell you. It's back on now because of the protection it affords but it's not as simple to use as it seems on the surface and I for one am on a learning curve with this program.

Well Riverrun, I haven't tried downloading and trying to install any programs through DW yet, but yes, you're right, for a newb like me, it's not a very easy to understand program. I'm still attempting to try different things based on posts I read here in the forums. My next line of thinking was to get rid of Avast, OA2 and DW and just replace it all with Avira free, Comodo and Sandboxie.


I understand from reading here however, there is an issue with Comodo and LinkscannerPro, which is a piece of software I really have interest in trying out. If LinkscannerPro along with Firefox, Sandboxie, Avira and Comodo keeps me reasonably safe, I'd save money and a lot of these conflict issues. I guess I would still need some sort of HIPS software, though SSM and Cyberhawk type stuff I just can't get my head around.

*sigh* If Linux would have just worked out a little better for me, I might not even be having to worry about all this. But I'll play the cards I got dealt and do what I can :)

-{ Quote: "Well Riverrun, I haven't tried downloading and trying to install any programs through DW yet, but yes, you're right, for a newb like me, it's not a very easy to understand program. I'm still attempting to try different things based on posts I read here in the forums. My next line of thinking was to get rid of Avast, OA2 and DW and just replace it all with Avira free, Comodo and Sandboxie.


I understand from reading here however, there is an issue with Comodo and LinkscannerPro, which is a piece of software I really have interest in trying out. If LinkscannerPro along with Firefox, Sandboxie, Avira and Comodo keeps me reasonably safe, I'd save money and a lot of these conflict issues. I guess I would still need some sort of HIPS software, though SSM and Cyberhawk type stuff I just can't get my head around.

*sigh* If Linux would have just worked out a little better for me, I might not even be having to worry about all this. But I'll play the cards I got dealt and do what I can :)" }-

I'm a newbie as well but I love the solid protection DW provides. Don't give up on it just yet but try to learn more about it. Every HIPS is difficult and DW seems the easiest of the lot. DW is worth the effort, I think.

I'll keep trying yes, I don't want to give in too quick. I am however going to either have to pick it over OA2 or OA2 over it as they certainly don't like each other, at least on my system.. I have all the installation files so I can always reinstall once I've tested and figured out exactly what works best for me.

By the way dw426, I'm running SandboxIE (trusted) and DW together and no conflicts. SandboxIE woulden't terminate in the untrusted mode but since I changed it's status, things are back to normal and I have the benefit of these two great programs.

I run my browser in SandboxIE and since the browser is untrusted, DW is active as well and provides extra protection.

Well, I've had a little more time to play around with different things, and the confusion just keeps trucking along :) My current test setup is :

OA2 (the firewall is really really nice, I'd like to give it more time)

LinkscannerPro trial

SandBoxie (DefenseWall for some reason never shuts down properly and I have to use task manager to kill it, so it's sidelined for now)

SAS Free (Is this program taking a LOT longer to load than previous versions or am I nuts?)

SpywareBlaster

Avira Free

Router

Does anyone else notice that if you run say Firefox in Sandboxie that sometimes LinkScannerPro gives a wrong scan result unless you manually scan it again? If I run Firefox unsandboxed, I get accurate results the first time from LinkScannerPro.

Other than that weird little thing, I feel that I've got a reasonably secure setup and my computer is finally booting up without taking a month and now responds pretty quickly while surfing. Of course me being the newb, I'm open to any suggestions to changes/alternatives/settings. If anyone has an idea about that Sandboxie/Linkscanner issue I'm all ears :)

-{ Quote: "Glad you got you're problem is sorted. I'm testing DW as well at the moment. Last night, I had the first real hassle with it. I was upgrading to Media Player 11 and DW kept blocking the downlad. I tried everything I could think off, removing MP from untrusted, running it as trusted, disabling protection and in the finish, I had to uninstall DW in order to upgrade. It was a pain, I can tell you. It's back on now because of the protection it affords but it's not as simple to use as it seems on the surface and I for one am on a learning curve with this program." }-


that's really interesting, you should report it to Ilya so he can find out whats wrong. For the record I installed windows media player 11 through windows update and it worked fine, so I'm not sure whats going on there.

edit: also, dw426 and riverrun I personally think sandbox HIPS offer the strongest protection, which DW is one of them, the other one I can think of is geswall. I prefer DW because its cheaper and a bit lighter mainly, and it works for me, but if it doesn't work out for you both maybe geswall might suit you better.

Hey guys, I'm going to stick Solved in the subject line. For now, unless there is a big reason not to, I'm just running KIS6 and Sandboxie. KIS6 seems to have a lot of nice features and it looks to be highly regarded here. DW is just a wee bit too confusing to grasp at the moment (I'm trying to learn though), and Sandboxie is a nice "run it and empty it" alternative.

While I certainly want to be as protected as I can, I'd also would rather just find 1 thing that covers the majority of my bases and run with it. I'll be keeping up with the forums here for all the latest. I'm just starting to get into the heavier side of security,but like actually using my computer for more than tests :)

So, for now, here is where I stand:

Router


KIS 6


SandboxIE


SAS Free (the loading time for this program at boot-up is seriously getting on my nerve)

SpywareBlaster

Firefox with AdBlockPlus and NoScript

I'm hoping that unless I go out actively looking for trojans and such that I'm decently protected. Again, all advice is listened to and taken seriously, but I think for the time being my experiments are done :)

Hi again dw426! That setup looks good. Every once and awhile, you might run an online scanner for a 2nd opinion. Most of them only work with IE. Here is a good list of them. http://wiki.castlecops.com/Online_antivirus_scans

Hey Innerpeace, glad you think my setup is decent enough. Maybe now I can relax and surf :) I do usually run an online AV as a just in case. TrendMicros Housecall actually. I'm hearing a lot of excited folks here singing the praise of KIS 7, hopefully it will be released before/just after my 15 day trial is up on KIS 6. I haven't had it long, but it's playing very nicely with my system and I think it might be a keeper. I believe I'll bring back my old friend PeerGuardian too, I like my P2P sometimes plus it has quite a few IPs that are best kept out.

I used Peer Guardian for a while and it is useful. If I had to buy a security suite, it would be KIS from the recommendations here. I actually have licenses to 2 suites, but my setup is working well and after the nightmare that Norton Internet Security 2006 gave me when uninstalling, I steer away from suites. I hear Norton is better now, but the service I received was below my expectations. I also understand Kasperskys' support is good, so that is a plus for you.

You can also run other programs in Sandboxie other than your browsers. Your p2p app may be good to run sandboxed if you know how to extract the files you want to save. I run WinAmp sandboxed when streaming music. It's probably not necessary, but it doesn't hurt either.

If I knew for sure that you still get PowerShadow for free, I would recommend you try it. Returnil (not free) is also similar and both programs allow you virtualize your system until a reboot and then everything is back to normal. Very useful when visiting risky sites or trying new software installs that don't require a reboot or letting others mess with your computer. If I'm visiting the 'dark side' of the net, I will start PS then run my browser and media players in Sandboxie and when done, I reboot and everything is back to normal. It's probably best to try what your using and make sure you like it and it's stable before trying more. Lol

It's easy to get caught up in all the new and the 'best' software game, but in the end it has to work well with your setup and cover all bases. KIS is a good start and Sandboxie is great for random browsing. I'm still trying to figure out how to keep a bookmark and updated extensions so I can run sandboxed all the time. You have probably also heard of the K.I.S.S philosophy when it comes to security. K.I.S.S. means 'Keep It Simple Stupid '(no offense). I'm trying real hard to keep my setup that way and it is good advice to anyone getting caught up in the latest and greatest.

Cheers, innerpeace

You bring up a great point about Sandboxie and bookmarking. The only tried and true way I have ever found is to visit the site you want to bookmark, do it, then high-tail it out of there and come back sandboxed. Otherwise it does not want to let me keep the bookmark whether I retrieve it from the box or not. Not 100% safe, but probably not terribly dangerous, so I live with it :)

You might be interested in trying out online social bookmarking such as delicious, it is free and should solve your problem about saving bookmarks within sandboxie.

http://del.icio.us/