DefenseWall question, I need your opinions...

[CoolWebSearch]

I hope ssj100 will enter this thread because the following post is actually his. I just want to mention that the only thing I want is to hear more than one opinion, I hope that's not forbidden.
My question is next:
is using DefenseWall really that risky:
"Don't get me wrong, DefenseWall is very strong at preventing active malware infestation of your system. However, it is rather unsettling that malware debris may be left on your REAL system - for example, it is possible that this debris could contain enough code to remotely execute via a specific buffer over-flow exploit, and thus log your keys, screen, clipboard etc, and send out this information via the application you have allowed internet access (eg. your web browser). In contrast, with Sandboxie, this is easily solved by the methods I described above. And very clearly, Sandboxie makes it much easier to empty out EVERYTHING (all the debris) your untrusted applications have created.

With Sandboxie + LUA + SRP + DEP, the security approach as well as the actual security products you're using is what provides "100%" protection. I just cannot see any other way to achieve even close to this level of protection."

My only question is: My question is is this possible?
Does DW wipe out all the malware in the rollback section or not?
If any part of malware is left, what happens than?
I can't speak for others, but for myself I can speak: I use SBIE on one computer, DW on the other (for downloads of other softwares from the internet and removable drives). I always delete everything in rollback section and so far nothing vital from my computer was erased.
I check manually ever 7 days with MBAM, Hitman Pro, Kaspersky, F-Secure and Panda, just to see if any malware sample is left-nothing was ever found.
So, in my experience DW did not fail, not once.
Can you share your experience with mine?
Big thank you to everyone!!!

One more thing: Does DW now fully protect against TOCTTOU?
http://en.wikipedia.org/wiki/Time-of...to-time-of-use

[chris1341]

Quote:

Originally Posted by CoolWebSearch

I hope ssj100 will enter this thread because the following post is actually his.

ssj100 is not a member here anymore. He has his own forum though if you feel the need to talk to him direct - -http://ssj100.fullsubject.com/- .The DW developer Ilya Rabinovic does come here regularly though so maybe the mods will move this thread to a more appropriate forum to get best responses for you.

Quote:

Originally Posted by CoolWebSearch

My only question is: My question is is this possible?]

It might be possible but it seems highly improbable. How is this buffer over-flow implemented with DW running? Anyway Ilya himself says roll-back is for expert users and most users should use AV scanners should to clean infectiions DW prevents.

Quote:

Originally Posted by CoolWebSearch

One more thing: Does DW now fully protect against TOCTTOU?
http://en.wikipedia.org/wiki/Time-of...to-time-of-use

3.16 fixed the TOCTTOU issues I believe. 'fully protect' is a big statement though.

Cheers