PrevX Edge or Defensewall

[ingem64]

I have a laptop with Vista Premium 32, antivirus NOD32, windows firewall.

What is the best choice?
PrevX Edge or Defensewall?
Both are HIPS? Sure?

[maymoons]

prevx and defensewall have different concept

defensewall is sandbox style hips
prevx is intelligent hips and it has malware database

i choose defensewall

[firzen771]

my vote goes to DW

[chris2busy]

one more for dw from me

[Ed_H]

And another for DefenseWall.

[Miyasashi]

I'd go for Malware Defender

Comodo Leaktest 280/320 I might have some settings wrong but still nice result. =)

Defensewall was 120/320 just installed DW and tested.

[The Hammer]

One for PrevX Edge.

[Minimax2000]

This Comodo leak test is not reliable.

On my system I got 220/340 with Defensewall v2.45 on Windows XP.
Used version: COMODO Leaktests v.1.1.0.3.

[Ed_H]

Quote:

Originally Posted by Miyasashi

I'd go for Malware Defender

Comodo Leaktest 280/320 I might have some settings wrong but still nice result. =)

Defensewall was 120/320 just installed DW and tested.

When you tested Defensewall, did you run Leaktest as untrusted?

Last time I tried this with DefenseWall the score was 280/320. But as others have pointed out, the test gives inconsistent results.

[denniz]

Using Prevx here.

[vijayind]

Since you already have NOD32 a good AM scanner, my vote would be for DW.

[Miyasashi]

Quote:

Originally Posted by ffreedom01

When you tested Defensewall, did you run Leaktest as untrusted?

Last time I tried this with DefenseWall the score was 280/320. But as others have pointed out, the test gives inconsistent results.

With Defensewall everything should start as Untrusted unless marked as trusted right? But it was started as trusted ... don't know why it did... any reason it would run as trusted?

and while testing the first time DW crashed on me O_o


What should I use to test my HIPS?

[Ed_H]

Quote:

Originally Posted by Miyasashi

With Defensewall everything should start as Untrusted unless marked as trusted right? But it was started as trusted ... don't know why it did... any reason it would run as trusted?

and while testing the first time DW crashed on me O_o


What should I use to test my HIPS?

Everything downloaded should be marked as untrusted. What did you use to unpack the zip file? Whatever the cause, it would be best to post over at the DefenseWall Forum. Ilya is VERY quick to respond to issues!

[Miyasashi]

Quote:

Originally Posted by ffreedom01

Everything downloaded should be marked as untrusted. What did you use to unpack the zip file? Whatever the cause, it would be best to post over at the DefenseWall Forum. Ilya is VERY quick to respond to issues!

I use 7-zip

[Ed_H]

Quote:

Originally Posted by Miyasashi

I use 7-zip

DW supports 7 zip. Best to post all the details at the DW forum so Ilya can sort it out.

The crash you had was most likely due to the GUI crashing. This has been an issue for some. It looks like this will be fixed shortly.

[Miyasashi]

Quote:

Originally Posted by ffreedom01

DW supports 7 zip. Best to post all the details at the DW forum so Ilya can sort it out.

The crash you had was most likely due to the GUI crashing. This has been an issue for some. It looks like this will be fixed shortly.

Yes, the GUI crashed. The service remained but it doesn't make you feel safe if you can't see what it's doing

[GES/POR]

I vote for both

[rOadToIS]

Go with Defense Wall.

[firzen771]

Quote:

Originally Posted by Miyasashi

I'd go for Malware Defender

Comodo Leaktest 280/320 I might have some settings wrong but still nice result. =)

Defensewall was 120/320 just installed DW and tested.

might be something wrong with what ur doing, plus CLT isn't a reliable test it seems, but i got 300/340 when i tested it.

[bellgamin]

Between Prevx & DW, I would choose SandboxIE.

[hammerman]

Quote:

Originally Posted by bellgamin

Between Prevx & DW, I would choose SandboxIE.

I'll go for all three.

[BrendanK.]

Quote:

Originally Posted by hammerman

I'll go for all three.

Haha. And how they do compliment each other

[chris2busy]

Like a threesome

[Kees1958]

My ranking

1. DefenseWall

Reasons:
a) Because Ilya has implemented all my resource protection extra's as default. So out of the box you will get a sharp edged fine tuned near to zero pop-up HIPS.
b) A Policy HIPS uses rights management to protect you. Great thing with DW is that even harmfull files downloaded can not do anything as long as they are UNTRUSTED. FIles downloaded by internet facing programs are untrusted by default, so no worries. Malware will remaine paralised (can do NO WRONG) until your ANti Virus has it in its blacklist data base.

Bill and othe Sandboxie fans: THIS IS THE GREAT ADVANTAGE OVER SANDBOXIE. Suppose you take a harmfulll zero day malware OUT OF the sandbox. Because it is zerdo day yoru AV won't recognise it. BANG YOUR SCREWED. DefenseWall is monkey proof, meaning user erors are very unlikely.

2. EDGE
Reasons:
a) Their first implementation (PRevX 1 and to a lesser degree 2) of using all instruments was a bit of a mixed bag. The latestst EDGE already provides the same tracking mechanisme of ThreatFire (reason why TF not always reacts as soon as f.i. Mamuto) and also provides an automated roll back option (DefenseWall has a manual option).
b) EDGE will in future provide an UNDO (so old values will be restored like in SPyberus). Meaning a repair action can be initiated from the intelligence at central PrevX servers. I think their technology will provide a low user interaction solution. When they are able to implement their vision, it will be one of the best security products around.

3. Sandboxie
a) On par or stronger defense strength as DefenseWall (currently stronger than Edge). Pitty it is not user fool proof.
b) The easy flush the toilet option (delete Sandbox contents), as long as the (knowledgeable) user does not moves the **** out of the toilet, SBIE is a near 100% safe solution. Inmy opinion this is the Achilles weak spot of SBIE: moving **** out of the toilet. Becasue SBI is poistioned as a zero day protection, no AV will warn you when you move **** of the toilet. So that is a fundamental weakness of virtualisation applications like SBIE. SBIE should implement Spyberus like mechanismens to compensate these user initiated errors.

When you read Chrome's technical documentation, you will notice that the sandbox implementation is based on policy like DW (not on virtualisation, like SBIE). PS: I am not against virtualisation, as long as it is used in Endpoint solutions at the speer head/disambarkation points of corporate networks.


I never understood why people wanted to use DW and SBIE alongside. Lately I began to undertsand that the easy toilet flush option (of SBIE) and the untrusted safety net (of DW) when moving something out of the toilet is the argument of those double secured PC enthousiasts. Although being a firm opposer in the past, recent development directions of PrevX has made me see the benefits of such a combo, so I stand corrected on this topic.


Cheers

[hammerman]

Quote:

Originally Posted by Kees1958

I never understood why people wanted to use DW and SBIE alongside. Lately I began to undertsand that the easy toilet flush option (of SBIE) and the untrusted safety net (of DW) when moving something out of the toilet is the argument of those double secured PC enthousiasts. Although being a firm opposer in the past, recent development directions of PrevX has made me see the benefits of such a combo, so I stand corrected on this topic.

Cheers

Nothing more satisfying than a good flush to get rid of all that internet crap. DW + SBIE combination works well for me with SBIE used for browsing and DW for everything else. Anything recovered from sandbox is automatically untrusted by DW as you say.

If I had to choose between DW and Edge, DW would get my vote. The protection is powerful yet remarkably quiet. If I get a DW pop-up, I know it's serious. Ilya's support is second to none. He has spent many hours helping me out with problems in a way that nobody else would. Edge offers something a little bit different that shows promise.