HI

first lets face the facts

1.if any malware caught its will show in dw"rollback section"
2.in order to get ride of this malware u need to use DW "rollback" feature
3. DW "rollback" increase its size when longer uses DW.
4. from DW on line help regard to rollback "This tool is for Advanced Users only. It removes files and registry keys from your hard drive! "
5. from DW on line help "Regular users: Use a standard anti-virus or anti-malware scanner to get rid of any left-over malware modules. Inactive malware is harmless, so the time of reaction of anti-virus vendors and new signature updates is not really important in this case"

ok... now here is the big problem , after couple of week i uses DW my "roolback" get big like more than 100 lines.... if i today get infected , how can i be 100% sure i "rollback" ONLY the malware infection not my important data by mistake?

what most bother me is line "5" , so if no cure yet from my av vendor... the malware stays in my pc?? i feel so uncomfortable to know there is malware in my pc when i working on my important data....

just to mention , if such thing append with sandboxie , i can just "clean container " and get rid of the malware for good, it doesnt depend on 3rd software in order to destroy any kind of malware activity :D

If you have a number of lines, 100 or more, should take a few minutes to go through the list and allow photos and documents etc. After you allow the important items, delete the rest in file and registry tracks. I posted some screenshots awhile ago, I can try and find them.

But regarding malware, and if it exists on your system, if it is causing no damage to your system, and can't cause damage even if you launch the file by chance 50 times, then DW has done its job.

Edit - ssj100 said what I was wanting to say. :thumb:

-{ Quote: "If you have a number of lines, 100 or more, should take a few minutes to go through the list and allow photos and documents etc. After you allow the important items, delete the rest in file and registry tracks. I posted some screenshots awhile ago, I can try and find them.

But regarding malware, and if it exists on your system, if it is causing no damage to your system, and can't cause damage even if you launch the file by chance 50 times, then DW has done its job.

Edit - ssj100 said what I was wanting to say. :thumb" }-

i said more than 100 , i didn't count them ...but how can i be 100% sure i don't del important system files along side with the malware when uses "rollback"? can u guarantee that? and what about novice users ?should they gamble their way threw? or just stay with the malware hope their avs catch it some day?
and that not correct , the malware can run even under DW but restricted , so if it dropper and u recognize it d/l from the net stuff , how can u say its "done its job"
if its a malware that provide any kind of visibility how can u accept it?

u can also see matt review on it , his infected pc remain infected until he manually dell the malware from DW dialogs "rollback", but remember it was clean DW install and for immediate malware infection test :D

cheers

I tested DW not long ago but for the same reason, revert back to Sandboxie. IMHO, I feel more secure knowing all baddies are "flushed" the moment I close my browser.

I see your point. But if you rollback continually, on a daily basis, the same with sandboxie when a session ends, then you won't have a problem.

Difference I see for novice users, they can open up pdfs, images, and continue to use documents downloaded with DefenseWall. With sandboxie, they can either recover and hope it is a document, or if sandboxie is setup to automatically clear contents, they'll complain they lost all their downloads.

Each to their own. For novice users, I'd still go with DefenseWall.

-{ Quote: "I see your point. But if you rollback continually, on a daily basis, the same with sandboxie when a session ends, then you won't have a problem.

Difference I see for novice users, they can open up pdfs, images, and continue to use documents downloaded with DefenseWall. With sandboxie, they can either recover and hope it is a document, or if sandboxie is setup to automatically clear contents, they'll complain they lost all their downloads.

Each to their own. For novice users, I'd still go with DefenseWall." }-

i 100% agree with u on "For novice users, I'd still go with DefenseWall";)
other part is unpractical and can be very annoying when do on daily basis (rollback continually, on a daily basis):blink:

cheers

-{ Quote: "I tested DW not long ago but for the same reason, revert back to Sandboxie. IMHO, I feel more secure knowing all baddies are "flushed" the moment I close my browser." }-

yep , i agree with you , its more convenient to know when u flash 100% of maybe potential malware gone for ever ;D

I think, you just misunderstand the aim of the DefenseWall project. It's intended for novice users first head. For them, partial virtualization is quite difficult thing to use properly. DW's "rollback" function too, BTW. That's why this function is limited and not advertised- "my" user can't use it properly.

That's why the main aim of my protection is to stop malware cold as anti-virus scanner have an "infection window" for this sample. Detection pace is not important anymore, it doesn't matter if its signature will be added one day or one month as, being untrusted, malware is harmless.

As for advanced users- they can use both DW's "rollback" and virtualization container "trash out" functions properly, but most of them are Wilders visitors...

I strongly believe each piece of software have its own user, so, saying "I don't feel a concrete function is suitable for me" is right, but not really correct as it's intended for other type of users and other use cases.

Ilya, interesting point about the detection window. Gives the AV the chance to catch up with new samples. Never thought of it that way. :)

-{ Quote: "I see your point. But if you rollback continually, on a daily basis, the same with sandboxie when a session ends, then you won't have a problem.

Difference I see for novice users, they can open up pdfs, images, and continue to use documents downloaded with DefenseWall. With sandboxie, they can either recover and hope it is a document, or if sandboxie is setup to automatically clear contents, they'll complain they lost all their downloads.

Each to their own. For novice users, I'd still go with DefenseWall." }-
You can always configure sbie to recover everything from the sandbox in another sandboxed folder and then set it to force sandbox anything that is opened from that. Also you can further force sandbox your word processor, pdf reader etc with appropriate run/internet restrictions. Sbie can be easily configured to provide as much protection as DW if not more imo.

-{ Quote: "I don't think it's fair to compare Sandboxie with DefenseWall. As Ilya has implied, (Sandboxie is completely different to DefenseWall), and partial virtualisation can be too complicated for novice users.

You'll always get a very clean and secure feeling from Sandboxie, knowing that nothing on your real system is being touched. The worse case scenario is if something in your virtualised environment gets infected - of course, this is easily dealt with by flushing out the sandbox. And the thing is that this worse case scenario can't even happen (or is incredibly unlikely to happen) with well configured virtualised environments with start/run/internet access restrictions etc." }-
His SSJ,

I see what you're saying and agree with you. However I was just pointing out that sbie too can be configured to protect against the particular threats Saraceno mentioned.

Who cares, those malware files are dead when running DW. And only if you were intentionally downloading something they are likely to be in such places that you can intentionally execute them. In case of SB you would take them out of the box (being in danger). For DW they are and will remain still "untrusted" (eg. exploit pdf:s), unless you have to install something and run them intentionally "trusted".

-{ Quote: "No, with Sandboxie, you don't need to take files out of the sandbox to run them (I think Peter2150 operates like this - he opens up stuff within the same sandbox). Also, as Dregg has said (and this is what I do), you can simply recover files from your eg. sandboxed internet facing application into a forced sandboxed folder. Then you can run anything untrusted from that folder, and it will all stay sandboxed." }-

I have the pro version of SB, and have studied it a little. You can tune up it in many ways. This all requires some effort, so not suitable for the average guy.

Moreover, what if you need to install something, you always install programs inside the sandbox? I think it impedes practical work unnecessarily.

I also prefer to be able to handle and move files without strict dicipline. I'm lazy. ;D

-{ Quote: "Who cares, those malware files are dead when running DW. And only if you were intentionally downloading something they are likely to be in such places that you can intentionally execute them. In case of SB you would take them out of the box (being in danger). For DW they are and will remain still "untrusted" (eg. exploit pdf:s), unless you have to install something and run them intentionally "trusted"." }-

man , i think u don't understand the different between SB and DW concept...DW uses REAL system while SB hold all on VIRTUAL place ...so who care about malware stays on his real pc?? i think only idiot wont care lol

-{ Quote: "man , i think u don't understand the different between SB and DW concept...DW uses REAL system while SB hold all on VIRTUAL place ...so who care about malware stays on his real pc?? i think only idiot wont care lol" }-

Well, I think I know the exact nature of both concepts pretty well. So, once again: so what?

P.S. SB processes and files are not living in a virtual place.

one thing i can say criple malware is like a regular file,it is dead can not do any harm you can even remove manually,is not a big deal:)

-{ Quote: "Not sure if the "novice user" would know how to remove it manually mate." }-i am a novice;D

-{ Quote: "Of course SB processes and files are not in the virtual place mate - they are your friends, and you want to keep them on the real system! But it's the fact that eg. your entire browsing environment is virtualised etc. Anything bad that happens is easily flushed away, and you're completely clean. No uneasy feelings at all." }-wait a minute if you know how to use the roll back feature built in DefenSeWall you can also flash any toilet,flooded or not :):):) very easy;) peace of cake leaving you pc like nothing happen,i personally tested this my self;)

-{ Quote: "If you're a novice, what does that make my great-grandma? Haha." }-lol;) you made my day:) by the way i need some coffee;D

What is a probability, that the average guy will by accident execute eg. following files

* ME2[n].HTM
* USBEWT.SYS
* LJUBOMORE[n].EXE
* MCDRIVE32.EXE
* NPCOMMON.DLL
* VMCOINST_VC0323.DLL
* VNC-4_1_2-X86_WIN32.EXE
* W3B388E.DLL
* WOQRTDYQ.DLL
* WPV681228549885.CPX
* WPV681237410850.EXE


staying dead at

C:\WINDOWS, C:\WINDOWS\system32, C:\Documents and Settings\admin\Local Settings\Temp\, etc?

-{ Quote: "Yes, but demoneye's point was that he only looked at the rollback feature in DefenseWall after several weeks/months. He complains that there are hundreds of lines of "stuff", and he's unsure what's safe to rollback and what's not safe. The difference with Sandboxie is that everything is safe to delete in the sandbox, because it's not even real haha (so there's no chance of harming your real system by deleting critical system files)." }-i see and that is why there is a program called ccleaner to clean registry and debris, i dont use ccleaner i clean my registry manually:) by the way i got demoye's point :):)

-{ Quote: "Not sure what point you're trying to make there. Wouldn't those malware execute as untrusted anyway, and thus never cause any real harm to your real system?" }-
Yes, of course. But even if one would later uninstall DW those files would not be a big threat.

just did a scan with avira in a pc with DefenseWall and for more than a year and found o cero viruses,meaning defensewall is doing it's job,thanks Ilya;)

I use Defensewall mainly for the reason that Ilya stated. If something does get by my other malware programs due to them not having a signature that detects it, I know that Defensewall will let me shut it down if it does manage to run and that it won't start up again. Then someday down the road I might be doing a full scan with an av and lo and behold it detects and cleans these dead files that Defensewall killed. In the mean time. I safely use my computer without any harm done by the undetected malware.

-{ Quote: "DW uses REAL system while SB hold all on VIRTUAL place ...so who care about malware stays on his real pc??" }-
This "virtual" place is just a folder at your c: drive. So, it's not that "virtual" as you thin about it.

-{ Quote: "Yes, of course. But even if one would later uninstall DW those files would not be a big threat." }-

Can you explain how malware would remain frozen even if DW was uninstalled? And what if protection was temporarily disabled for whatever reason? How would that affect the frozen malware? Thanks.

There are pros to each program, no need to say which is better, more along the lines of, which do you prefer.

I still maintain the most attractive part with DefenseWall is that you (more specifically, the average novice user) can use your downloads in anyway you please without them affecting your system. You can open PDFs, music files, and so on. Keep them on your desktop or wherever, for as long as you like, and use them for as long as you like. You see the files, the downloads in front of you.

Yes with sandboxie a more experienced user can download/recover files into another folder which will always run sandboxed, but there is a degree of risk the file is dragged out of the sandboxed folder, say copy and pasted to the desktop, and then run, which could cause system damage. (Yes, same could be said with a novice user running a file as trusted in DefenseWall, but I think it'd more likely a novice would recover say a dangerous file from a sandboxie prompt than right-clicking on a dangerous file and running it as trusted from DW - just my opinion).

All depends on the user and which one they understand better. For those with many downloads, downloading all sorts of files and with 'limited security knowledge', I'd still lean towards DefenseWall. But that's just my preference.

Just slightly off-topic, and this could be a new topic, those playing online games, has sandboxie, DefenseWall proved to have less problems?

The option always exists to use returnil or shadow defender. Just wondering if either SB or DW work well with online games or not.

Thanks ssj100. :thumb: Might try good ol counter strike source either sandboxed, with DW, and then with Shadow Defender, see how each go.

-{ Quote: "This "virtual" place is just a folder at your c: drive. So, it's not that "virtual" as you thin about it." }-

yes your right ilya its just a "place" or a folder , like all virtual software does (vmware ,virtual box) but its still isolated you from your real os :)

-{ Quote: "

Yes with sandboxie a more experienced user can download/recover files into another folder which will always run sandboxed, but there is a degree of risk the file is dragged out of the sandboxed folder, say copy and pasted to the desktop, and then run, which could cause system damage. (Yes, same could be said with a novice user running a file as trusted in DefenseWall, but I think it'd more likely a novice would recover say a dangerous file from a sandboxie prompt than right-clicking on a dangerous file and running it as trusted from DW - just my opinion).

All depends on the user and which one they understand better. For those with many downloads, downloading all sorts of files and with 'limited security knowledge', I'd still lean towards DefenseWall. But that's just my preference." }-

i think u just point the main problem , SB is so easy to use, i can configure high restricted environment in less than 20 sec ;D (so am i an undetected genius or what ? NO I AM NOT :D )

if ppl are damn lazy to understand and learn something it`s theirs own problem.
and this thread is not sandboxie VS defenswall , i open this thread about how its so dangerous and unclear to remove what DW catches :D

-{ Quote: "I use Defensewall mainly for the reason that Ilya stated. If something does get by my other malware programs due to them not having a signature that detects it, I know that Defensewall will let me shut it down if it does manage to run and that it won't start up again. Then someday down the road I might be doing a full scan with an av and lo and behold it detects and cleans these dead files that Defensewall killed. In the mean time. I safely use my computer without any harm done by the undetected malware." }-

this is also a bad attitude , also mentioned in DW manual (Regular users: Use a standard anti-virus or anti-malware scanner to get rid of any left-over malware modules. Inactive malware is harmless, so the time of reaction of anti-virus vendors and new signature updates is not really important in this case.),using 3rd party software to accomplish its mission . do u trust the avs clean 100% your infected pc?? man u must be naive if u think so :D , anti virus leave (in good situation) lots of un deleted reg record of the "removed" malware , in the worse situation it say "clean" but it doesn ! and malware back to work ;)

-{ Quote: "one thing i can say criple malware is like a regular file,it is dead can not do any harm you can even remove manually,is not a big deal:)" }-

its not a "big deal " if all run smooth , but what apped if u want to uninstall DW from certain reason ? (its not working , or u want to change your secuirty setup)

what than gona append?! i thing the answer is obvious , DW go , and malware start to party HEHE:argh:

-{ Quote: "its not a "big deal " if all run smooth , but what apped if u want to uninstall DW from certain reason ? (its not working , or u want to change your secuirty setup)

what than gona append?! i thing the answer is obvious , DW go , and malware start to party HEHE:argh:" }-i imagine a criple malware dancing;D :argh: :thumb:
couple of worms doing the macarena dance :):):)

-{ Quote: "i imagine a criple malware dancing;D :argh: :thumb:
couple worms doing the macarena dance :):):)" }-

that was good

:argh: :argh: :argh: :argh: :argh: :argh: :argh: :argh:

-{ Quote: "that was good

:argh: :argh: :argh: :argh: :argh: :argh: :argh: :argh:" }-
man i am laughing laud here,i dont know where it came from;D the idea of the dancing worms maybe in my mind:argh: :argh: :argh:

-{ Quote: "i imagine a criple malware dancing;D :argh: :thumb:
couple of worms doing the macarena dance :):):)" }-

That white stuff you stirred into your Colombian coffee was sugar wasn't it 8) ;D

-{ Quote: "That white stuff you stirred into your Colombian coffee was sugar wasn't it 8) ;D" }-my eyes are crossed;)
it is coffee cream buddy;D :argh: :)

-{ Quote: "If I wanted to install a program (and it came from an untrusted/unknown source), I would install it in a sandboxed VM." }-I think herein lies the problem. We try to teach people NOT to install programs from untrusted sources. It's fine if you want to test such things or are researching malware in a controlled environment, but if we're talking about computer safety and security for the masses and not just for some Wilders users, education begins with not downloading from unknown/untrusted sources. It's not easy and some users will carry on regardless with or without protection.

I think this is one of the reasons why some people here say they don't ever or very rarely get infected with computer viruses because they use this mantra as one of their ways of protecting themselves. Having various technologies to help against malware is all well and good, but being protected does begin with what you do online.

Agree Tony.

The majority of people I know who have installed a decent media player (VLC player for example), an image viewer (faststone image viewer), browser (firefox), and some software for burning (ImgBurn and DVD Shrink), will rarely have problems.

When you go in search for that new unknown program, or that pirated download (portable Adobe LightRoom comes to mind) you increase the risk of infection dramatically. I've been stung a few times by trialling a new program I didn't even need, just that my curiosity got the better of me.