HIPs and Sandboxes

[starfish_001]

Not a strong area for me So I was wondering as a Process Guard / SNS user what the likes of DefenceWall and BufferZone actually give me. I liked Defencewall when I ran the Beta but ... Given I have these PG/SNS already and could run processes untrusted by launching like below:

http://msdn.microsoft.com/library/de...re11152004.asp

Michael Howard outlined how you can programmatically spawn a process that runs with reduced privilege, even if you are logged on as an administrator. The aim was to run processes performing Internet functions (applications most subject to attack), such as Web browsers and e-mail clients, in reduced privilege to decrease the damage potential of any malware using these agents as attack vectors.


What am I missing?

[Notok]

Running things as a non-admin is always a good idea, even if it is only with something like DropMyRights. DefenseWall will give you stronger protection that's a little easier to manage, but DropMyRights with ProcessGuard makes for some very strong protection as well. The one advantage you would have with something like DefenseWall is that once something is inside the sandbox area, it can't even see anything outside of the sandbox, which is not true for DropMyRights.

Either way you go is going to give you very strong protection, so I think it's mainly up to you. My own preference is to use DefenseWall.

[starfish_001]

Notok

Thanks - I came to that conclusion - defencewall does make the admin very nice - I'd forgotten about being able to see out of the sandbox area

[Notok]

You can actually run DW and DRM together, for that extra paranoid(tm) protection! (I did for a while, and actually didn't have any problems at all.)