I know that GesWall and Sandboxie are two different programs that do different things.

Background: I use Vista SP1 and I operate mainly in a LUA.

Which of these two is more secure, and why? My thought is Sandboxie containes stuff in the sandbox but programs can do anything they want inside the sandbox. GesWall is like a sandbox in that it isolates the programs but it also palces heavy restrictions on what the isolated programs can do. I'm thinking the GesWall might be better because I have the sandbox, the restrictions of the LUA and the additional restrictions in GesWall, what does everyone think?

Both offer outstanding protection. I myself use SBIE, becuase I understand it better and that is very important for me.

I have SBIE configured in a very strict way, but GesWall is also very customizable.
Just try out both and see wich one you like most. You will be (almost) invincible with both.

I never used GesWall, but Sandboxie does a good job.
Right now I use DefenseWall, but I have a license of Sandboxie as well and when I'm back in the mood, I will try to use SB and DW at the same time again, my first attempt was a disaster. Geswall didn't really impress me, but it was more a feeling than scientific. Sometimes my intuition tells me not to use a software. :)

Both programs are excellent! It comes down to how you (and others) use your computer and personal preference.

Sandboxie can be setup so that the sandboxed program is the only program that can run and/or use the internet. This only applies to the program inside the sandbox. Sandboxie also has other settings worth looking into. Also, once you move a downloaded program from the sandbox, it will not be restricted at all. On the other hand, GesWall can tag the downloads and restrict what it can do unless you give it permission. Others can give more info on GesWall as I've only tried Sandboxie so far.

Hi,

It is about personal preferences. With SBIE (Sandboxie) you easily purge the sandboxed files and applications. With GW (GeSWall) all downloaded files of untrusted applications are kept in the limited user environment. In this way all malicious code in those files are caged in this limited user environment.

When you are using this PC with others at home, the combo UAC (in quiet mode, see TweakUAC) and GW will provide the user friendliest protection.

Advantage of SBIE free VS GW free is that SBIE free allows you to sandbox all internet facing applications.

Regards Kees

Hi

If I were you I would get Sandboxie, because with LUA and Geswall I think the protection would be slightly duplicated.

-{ Quote: "
Advantage of SBIE free VS GW free is that SBIE free allows you to sandbox all internet facing applications.
" }-
Isn,t it the reverse?

Aigle,

I thought DW free only allowed one application to be contained in the restriced policy environment, SBIE free only display a nag-screen, but is fully functioning.

As said dropped SBIE in favour of GW three-four years ago, dropped GW in favour of DW nearly two years ago, so apologies when I was wrong

Regards Kees

After weighing both of my options carefully, I decided to go with Sandboxie. There are a couple of reasons for this.

1. I understand sandboxie's options better. To me they are easier to understand and more straight forward. It is hard for me to get a handle on GesWall policy settings. Although I understand that GesWall's predefined settings are great out of the box - somehow I feel more vulnerable/less secure because I don't understand all the options as well.

2. I like how Sandboxie can allow only your browser to access the internet.

3. Samdbpxoe cam delete the sandbox contents, which is great in getting rid of browsing history and malware (if any exists).

4. But yet with Sandboxie you can still save your bookmarks and they won't get erased at a sandbox erase.

5. Sandboxie seems to be updated on a more consistent basis.

6. I must admit the tagging of files downloaded through GesWall drives me nuts and you have to use the Pro version to list them as safe. The idea to move the files to another partition/disk to get rid of the label in my opinion is absurd - although I understand the reasoning behind trying to get users to buy the pro version.

-{ Quote: "Aigle,

I thought DW free only allowed one application to be contained in the restriced policy environment, SBIE free only display a nag-screen, but is fully functioning.

As said dropped SBIE in favour of GW three-four years ago, dropped GW in favour of DW nearly two years ago, so apologies when I was wrong

Regards Kees" }-
1- There is no DW free.
2- GW free adds ur bowsers n some other applications as untrusted by default. You can addd more if u want by creating rules.
3- SBIE free does not automatically isolate any application but u can isolate them via right click or special desktop shortcuts.

-{ Quote: "1- There is no DW free.
2- GW free adds ur bowsers n some other applications as untrusted by default. You can addd more if u want by creating rules.
3- SBIE free does not automatically isolate any application but u can isolate them via right click or special desktop shortcuts." }-


AD 1 Correct, I meant GeSWall FREE

Ad 2 So when you trail the PRO version, export all your rules and then switch over the FREE version you have protection for free? No wonder their business is slow, please tell Brian to change their freeware policy because it is suicidal. Remember people looking for freeware are not the first ones to put their money on the table.

I discussed that with him already and he was not so worried as he said people can even crack the pro version, u can,t stop it 100% in any way. I think if no free version, may be no one will even use GesWall as still the market is not in favour of sandboxes. Sometimes I even wish some one to buy it for further development.

Aigle Off Topic.sorry


Djames of TF told me they would add some default outbound protection and (possibly webbrowser spawning) as extra rules of TF, or make them available in a .dat file in one of the coming release. I am already without CFP (DW + TF are so strong with extra outbound rule), with the extra spawn custom rule CFP will be redundant together with GeSWall (when after a router).

Also keep an ey on the nest OA release, might also be a sunstitute for CFP+TF, because unknown programs can run in LUA by default (when you do not want to be warned).

Regards Kees

Thanks but I hope my set up will not change for long time now. I can play with alkl othet software though in different snapshots of Eaz-Fix.

And next OS will be a Mac OS, by Allah,s will. ;D