Hi,

Last few days I have been trying some Policy Sandox + HIPS/AV combi's on our XP box SP3 (Athlon 3900), this gave some surprising results

ThreatFire + DefenseWall = good 3 secs with Opera startup col
ThreatFire + GeSWall = just 3 secs (which is understandabe because GW is overall a tat faster than DW)

Rising AV/HIPS + FW + DefenseWall = just 2 secs
Rising AV/HIPS + FW + GeSWall = good 3 secs (?)

Security considerations

TF with GW:
- with TF custom outbound rule and GW confidential network outbound rule gives full outbound protection
- GW is able to protect against RegHide, GW covers more HKCU keys (than DW)

Rising with GW
- FW gives outbound protection, DW provides tampering protection with Resource Protection (meaning a policy wall between untrusted aps), so basically you have got outbound control covered, alyhough TF + GW is a bit more transparanet on explicit user setting)
- DW has total untrusted file control, which is completely build in and monkey proof (unlike GW)

Conclusion

ThreatFire free + GW Pro (paid) is a good option and Rising AV/HIPS/FW free + DW (paid) is a good option

Regards Kees

RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys.

-{ Quote: "RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys." }-
so the rollback bottom will cover that,find the regkeys and delete it if you need to.

-{ Quote: "so the rollback bottom will cover that,find the reg and delete it if you wich." }-
Yes, DW's rollback can delete such the "hidden" keys.

-{ Quote: "Yes, DW's rollback can delete such the "hidden" keys." }-
so we still have the protection to roll back the reg and delete which is good.

-{ Quote: "RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys." }-

Ilya I am just being objective. I can live with it as long as you develop the new feature you discussed in the "rollback quarantaine post" on DefenseWall forum (maybe you could consider the suggestion of a 'positive critical' user of your application ;D ).

Regards Kees

Kees, have you checked pre-2.45 version?

I did now, compliments

Resource protection
You implemented the web mail custom rule. Did you also implement it for Vista mail? (Guess I know the answer :-X ). DW found that I had moved my mail directory, this is very user friendly added protection. :thumb:

Context menu
At second thought I would think "allow to be modified by trusted only" is better than "allow to be accessed by trusted only". Access might confuse users with secured files, sorry my mistake. :-[

What about using the same terminology as GeSWall (confidential) for secured files/folders. You guys are in the same class, so might as well establish same terminology where applicable. :P

Rollback
Put somewhere on the title header (right mouse click for options). Change column Time to date/Time. We are nearly there, just a few minor remarks:
- Query Google = only export program/file name (only copy string after last \ to Google search)
- Save details = okay
- Please provide an extra option like Anvir Task Manager does (provide extra option for executables: Check at VirusTotal)


Thanks

Vista Windows Mail is supported by resource protection rules since 2.40 version.

As about other remarks- I'll think about them.

Opera users tip

Change the temporary download directory to a place outside opera's program directory, this will cause lesser respurce protection pop-ups when opening txt, word files etc.