Sandboxie and DefenseWall

[AaLF]

Much praise has been heaped on two quality products, DefenseWall and Sandboxie. Both are considered sandbox type HIPS.

Perhaps those who have dabbled with both might like to chip in with a few words as to whether these are 'birds of a feather' or do each of them have a unique strength?

[Ilya Rabinovich]

Yep, I can confirm that each has a unique strength behind: Ilya Rabinovich and Ronen Tzur

[hammerman]

I have been using Sandboxie for some time to sandbox my browser Firefox. I like the control you have with extracting information out of the sandbox if you need to keep it. Most of the time I do not need to keep anything so I just empty the sandbox after each session.

I am trying out Defensewall because I would like to cover my other applications such as Outlook Express, Media players, messaging etc. I feel the method of extracting data out of the sandbox is not suited for these app's. I prefer the Defensewall method of saving files in the normal locations but marked as untrusted.

My problem is running Sandboxie and Defencewall together. I have had to set Firefox as a trusted application in Defencewall and run it seperately under Sandboxie. If I set Firefox as untrusted, each time I start it sandboxed Defencewall loses track of the number of untrusted processes that are running.

When I start Firefox sandboxed, Defencewall counts up to 5 untrusted processes. When I stop Firefox, Defencewall counts down to 2 untrusted processes- not 0. I believe this is a known problem and I have tried adding the Sandoxie process Start.exe in the Untrusted list. This didn't make any difference. I would appreciate any advice on how to get round this.

[ErikAlbert]

Can I combine Sandboxie and DefenseWall on the same computer or is this a stupid idea ?

[hammerman]

Quote:

Originally Posted by ErikAlbert

Can I combine Sandboxie and DefenseWall on the same computer or is this a stupid idea ?

I don't think it's a stupid idea at all. I'm using Sandboxie for my browser and Defensewall for all other app's.

The only issue I have is that Defensewall loses count of the number of processes started by Firefox/Sandboxie. I therefore have to remove Firefox from the Defensewall untrusted application list. It is still protected by Sandboxie so no problem.

[Ilya Rabinovich]

Quote:

Originally Posted by hammerman

My problem is running Sandboxie and Defencewall together.

It is a known issue and already solved. The fix be published with the next, 2.10 version.

[Perman]

Hi,

I am happy using DefeseWall, but never try Sandboxie.

Would running both together be an overkill(overlap) ? are they not possessing very similar family name ?

If there is a need for running them together, then that would reveal the weakness for both, because they, each, can not handle the situation single-handed.

Double-layered insulation does sound very sound, but, may clip the performance and the sensitivity--poor job is the end result ?

[ErikAlbert]

Quote:

Originally Posted by hammerman

I don't think it's a stupid idea at all. I'm using Sandboxie for my browser and Defensewall for all other app's.

The only issue I have is that Defensewall loses count of the number of processes started by Firefox/Sandboxie. I therefore have to remove Firefox from the Defensewall untrusted application list. It is still protected by Sandboxie so no problem.

That's good, because I like to torture malware on my computer.

1. First I isolate them in a sandy environment.
2. Then I lock my data partition to make them hungry and thirsty.
3. Then I limit their actions to the very bone.
4. Once they are crazy, I obliterate them.

[hammerman]

Quote:

Originally Posted by Ilya Rabinovich

It is a known issue and already solved. The fix be published with the next, 2.10 version.

Thanks Ilya,

I may well invest my xmas money on Defensewall (sad ain't it).
Any other clues as to what might be in the next version?

Hello Perman,

I've used Sandboxie for a long time with Firefox. The thing I like about it is that with a couple of clicks my sandbox is emptied along with any nasties picked up while browsing. I don't think you can do that with Defensewall. In any case, I just feel comfortable with Sandboxie.

I would now like extra protection for my other internet-facing applications (mail, messaging etc) and I don't think Sandboxie would be the best application for this. I don't want to have to keep extracting data from the sandbox. I thought Defensewall would fill that role quite nicely.

Having run this setup for a while, I feel I'm gettng the best of both worlds.

Hello ErikAlbert,

I like your style. A trifle aggressive perhaps.

[Acadia]

Erik, you're cruel!

Acadia

[AaLF]

Questions:

I know I can download a file/program from the net with DefenseWall and it is easy just like DefenseWall isn't there. What about Sandboxie? Can I just click & download with Sandboxie or are there special rules to d/load a zip file?

I have read that Sandboxie is good for testing a new program as its contained within the Sandbox. Many programs call for a reboot to initialize. Any problems?

On DefenseWall one can install either trusted or untrusted. After installation and I'm happy can I change the program's catogory from untrusted to trusted or do I have to uninstall & reinstall as trusted? And what about Sandboxie here?

[Peter2150]

Quote:

Originally Posted by tisatashar

Questions:

I know I can download a file/program from the net with DefenseWall and it is easy just like DefenseWall isn't there. What about Sandboxie? Can I just click & download with Sandboxie or are there special rules to d/load a zip file?

I have read that Sandboxie is good for testing a new program as its contained within the Sandbox. Many programs call for a reboot to initialize. Any problems?

On DefenseWall one can install either trusted or untrusted. After installation and I'm happy can I change the program's catogory from untrusted to trusted or do I have to uninstall & reinstall as trusted? And what about Sandboxie here?

Downloading is transparent with Sandboxie. But what you do have to do is recover what you downloaded from the Sandbox. It is good for testing up to a point. Rebooting in and of itself doesn't delete anything from the sandbox. However chances are if an installation calls for a reboot it will fail in the sandbox, as the sandbox by defaults, blocks installing new services and drivers.

You can disable that feature, but if you do why bother installing in the sandbox to begin.

Pete

[Ilya Rabinovich]

Quote:

Originally Posted by hammerman

Any other clues as to what might be in the next version?

Yes, I have some ideas

[Antarctica]

Quote:

Originally Posted by Ilya Rabinovich

Yes, I have some ideas

I guess it's too early for a overview...

[AaLF]

do SB & DW offer defense against 'keyloggers'?

[LoneWolf]

Quote:

Originally Posted by tisatashar

do SB & DW offer defense against 'keyloggers'?

DefenseWall does.
With SandBoxie emptying the sandbox would get rid of the keylogger but if i'm not mistaken the keylogger can log keystrokes while in the sandbox.

[Peter2150]

With Sandboxie it depends on the keylogger. If it has to install a driver, or services, then it can't do that in a Sandboxie sandbox. So in that sense yes you are protected.

Pete

[LoneWolf]

Quote:

Originally Posted by Peter2150

With Sandboxie it depends on the keylogger. If it has to install a driver, or services, then it can't do that in a Sandboxie sandbox. So in that sense yes you are protected.

Pete

I did'nt know that...... Thanks for the info

[smith2006]

Quote:

Originally Posted by LoneWolf

DefenseWall does.
With SandBoxie emptying the sandbox would get rid of the keylogger but if i'm not mistaken the keylogger can log keystrokes while in the sandbox.

I run Sandboxie with KeyScrambler Pro.

[AaLF]

If i install a program in the sandbox and decide to keep it can I drag it out of the sandbox or do i have to re-install in 'normal mode'?

[lucas1985]

You need to run the installer outside the sandbox.

[ErikAlbert]

I have now Sandbox and DefenseWall on board in my frozen on-line snapshot.

Poor keyloggers : isolated, frozen and chained.
They can now write their recorded keystrokes in the sand with trembling fingers,
while AE is beating them to death, because they are not whitelisted.
One reboot and they are history.

That's what keyloggers get when they install themselves on my computer.
Thank you Ilya and Tzuk to make that possible.

[MaB69]

Quote:

Originally Posted by ErikAlbert

I have now Sandbox and DefenseWall on board in my frozen on-line snapshot.

Poor keyloggers : isolated, frozen and chained.
They can now write their recorded keystrokes in the sand with trembling fingers,
while AE is beating them to death, because they are not whitelisted.
One reboot and they are history.

That's what keyloggers get when they install themselves on my computer.
Thank you Ilya and Tzuk to make that possible.

Hi ErikAlbert,

Now you have a layered setup
Ultimate? may be . Easy to use ? sure not

Regards,

MaB

[ErikAlbert]

Quote:

Originally Posted by MaB69

Hi ErikAlbert,

Now you have a layered setup
Ultimate? may be . Easy to use ? sure not

Regards,

MaB

Nothing is perfect, that wasn't my goal although some members think it was.
My goal was to save TIME and to keep my computer CLEAN without doing anything, than reboot and I got what I want.
And of course, I'm forced to use what is available in the software world, because I can't write a program myself. I'm just waiting for better softwares ...

[AaLF]

I understand that with Sandboxie you can install a program etc to 'check it out' & then kill the sandbox & its gone - totally, no fuss.

Question:

Apart from the above feature what is the main benefit that I'm going to add to my setup if I include SandBoxie to run alongside my DefenseWall?