Some test ;)

[Kees1958]

That is funny, my reply to Hungjuri's post is shown before his

[HungJuri]

Quote:

Originally Posted by Kees1958

I hope you understand and feel less attacked

I don't feel attacked at all. So since nothing is 100% (your opinion), and the moon is made of Dutch cheese, we should all just sit idly by when blatant misinformation is being posted? Or better said "less than full" information?

[Kees1958]

No,

Isolate one of the three items of the discussion when you are faced with it.

You could have chosen to agree (third option, not guilty unless proven), yet you choose the two which made you deduct that I am telling you what to do. Which I am not, so I agree with the third (not guilty unless proven).

[HungJuri]

This is going off in some tangent that I don't even understand. (English is not my first language, so sorry). Remember that many new users regard Wilders in high esteem as far as computer security goes. Based off this thread, if I didn't know any better, I wouldn't go near Sandboxie with a ten foot pole. That is not fair to new users and it is not fair to the developer. But I'm done. Cheers!

[Kees1958]

Quote:

Originally Posted by HungJuri

This is going off in some tangent that I don't even understand. (English is not my first language, so sorry). Remember that many new users regard Wilders in high esteem as far as computer security goes. Based off this thread, if I didn't know any better, I wouldn't go near Sandboxie with a ten foot pole. That is not fair to new users and it is not fair to the developer. But I'm done. Cheers!

Problably lost in translation: but we agree on Sandboxie being a solid security application

[Joeythedude]

Quote:

Originally Posted by HungJuri

This is going off in some tangent that I don't even understand. (English is not my first language, so sorry). Remember that many new users regard Wilders in high esteem as far as computer security goes. Based off this thread, if I didn't know any better, I wouldn't go near Sandboxie with a ten foot pole. That is not fair to new users and it is not fair to the developer. But I'm done. Cheers!

Thats always my concern with threads here as well.
As well as the fanboy stuff I've seen posters here with large post counts writing other security "facts" which are completely inaccurate.

Its funny I've seen found new user guides around the net which are much better than our sticky here

[arran]

Quote:

Originally Posted by HungJuri

It is true that Arran has a point and I agree with that. That is the discussion on the test on the malware itself. It is the conclusions based off of those tests - the notion that suddenly sandboxed programs can terminate your firewall? That a sandboxed program can terminate Sandboxie itself? Where in these tests is the evidence of that?

It has already been proven with the registry test that malware inside sandboxie
can terminate every thing and shut down your pc.
http://www.ghostsecurity.com/registrytest/
you should try this registry test and you will see for your self.


I do have 2 more Important points to make in this thread as well.

1. Some body who is new to sandboxie, and they are still trying and learning
how to use sandboxie and they have not yet configured the start run settings. What if they download malware to their sandbox? and it executes and runs? As Proven in this thread Running malware can bypass Sandboxie.

2. For those of you here who have been using sandboxie for a while, would know that the Start Run Options was only added into sandboxies features a few months ago. Therefore it would be fair to say that only up until a few months ago seen how malware was able to run inside sandboxie, Sandboxie
would have been a very "Weak" security product.

I read some where on sandboxie website that the reason why start run access was added was because it was to prevent running malware from wasting CPU Usage. But the Real Truth is because to prevent running malware from escaping out of the sandbox.

Quote:

Originally Posted by ssj100

Yeah HungJuri, I understand exactly what you're saying. I had the same concerns with Comodo Internet Security and the whole Ask.com business.

Comodo's Firewall and Classical HIPS and Sandboxie are simply amazing products, and I fear that users will be deterred from using it because of politics and mis-information. Not to mention that they are incredibly light on the system and are completely free. Good stuff.

politics and mis-information and the ask.com issue have not deterred me from using comodo, What has deterred me from using comodo like I explained before in this thread is its Slow speed at intercepting executables from executing in the first place. The 2 Stop tests here prove that. If that had been real malware and user had Comodo their operating system would be History. So Comodo isn't
as Strong as a lot of people think.

[arran]

Quote:

Originally Posted by ssj100

Well mate, it's only for that particular Stop2.exe file. Who knows, perhaps it was specifically targeted at CIS to bypass. This is now fixed in the latest Comodo release. Also I'd recommend you to learn and use (if not already) Sandboxie for extra peace of mind haha!

It was stop.exe and stop2.exe, and no it wasn't specifically targeted to bypass CIS. and I already know how to use sandboxie LOL.

I am now instead using Defense wall and Malware defender. They are the STRONGEST programs that can control the behavior of Running programs that I have tested.

[aigle]

Quote:

Originally Posted by arran

It was stop.exe and stop2.exe, and no it wasn't specifically targeted to bypass CIS. and I already know how to use sandboxie LOL.

I am now instead using Defense wall and Malware defender. They are the STRONGEST programs that can control the behavior of Running programs that I have tested.

Did u try MD against them?

[aigle]

Wish he could post some screen shots.

Thanks

[demoneye]

Quote:

Originally Posted by aigle

Wish he could post some screen shots.

Thanks

its stop them on sight , also SSM,OA block them , Jetico Personal Firewall beta fails stop2, stop tests

cheers

[arran]

Quote:

Originally Posted by aigle

Did u try MD against them?

If you mean Malware Defender yes I already posted the results in this thread.

Quote:

Originally Posted by arran

after finally getting hold of this test thanks to a nice person who pm me.

I have tested

Comodo
Sandboxie
Process Guard
EQS
Defense Wall
Malware Defender.

Over all Defense Wall performed the Best at controlling the behavior of these
executables. It only failed with Stop2, but so did all the others, no product I tested can control Stop2. To be honest I am impressed with Defense Walls performance here.


Comodo would have to be the worst performer, when I clicked the stop tests
everything became frozen instantly before comodo even had a chance to throw up a pop up to ask permission if stop can be executed or not in the first place.. Comodo is just to slow at intercepting, So Comodo is history as far as I'm concerned.

Sandboxie, failed all, everything bypassed Sandboxie.

Process Guard and EQS failed the Stop2 and htaac and maybe 1 or 2 others I can't remember which.

Malware Defender only Failed on htaac and stop2 test. however with htaac, even tho explorer.exe gets terminated it fails to terminate malware defender and malware defender is still running. with malware defender screen still open you can terminate htaac and restart explorer.exe without having to restart your pc.

Malware defender does have a good self defense, in terms of performance I rate it as 2nd best after Defense Wall.

By the way MD and defense wall are the only 2 products that I know of that
can Survive the registry test http://www.ghostsecurity.com/registrytest/

Can anyone please post Screen Shots on how the latest CIS RC2 stops these tests? I would be interested to know how it intercepts it and if it does.

There seems to be many other bug fixes in this latest RC then the ones mentioned fixed.

Cheers,
Josh

[arran]

Quote:

Originally Posted by demoneye

its stop them on sight , also SSM,OA block them , Jetico Personal Firewall beta fails stop2, stop tests

cheers

hmm my MD failed to stop htaac.exe and stop2.exe I might give it another go.



SSM. are you saying SSM blocked all of them including stop2.exe ? if so SSM would be the only product so far that can block stop2.exe and Its a shame how SSM isn't updated any more.



OA. didn't a poster here say before that with stop2.exe with OA their pc hung and became frozen?

Jetico. I was wondering about jetico thx for results.

[Toby75]

Can someone PM me the test? I would like to test DriveSentry.

Thanks in advance,
Toby

[aigle]

Quote:

Originally Posted by arran

By the way MD and defense wall are the only 2 products that I know of that
can Survive the registry test http://www.ghostsecurity.com/registrytest/

Add GesWall too in the list.

[aigle]

Quote:

Originally Posted by demoneye

its stop them on sight , also SSM,OA block them , Jetico Personal Firewall beta fails stop2, stop tests

cheers

Pls if possible post some screenshots.

[aigle]

Latest CIS now intercepting all of them.

But pop up for stop 1 is not as clear as those of OA.

[aigle]

Stop 2

[metalforlife]

Quote:

Originally Posted by arran

after finally getting hold of this test thanks to a nice person who pm me.

I have tested

Comodo
Sandboxie
Process Guard
EQS
Defense Wall
Malware Defender.

Over all Defense Wall performed the Best at controlling the behavior of these
executables. It only failed with Stop2, but so did all the others, no product I tested can control Stop2. To be honest I am impressed with Defense Walls performance here.


Comodo would have to be the worst performer, when I clicked the stop tests
everything became frozen instantly before comodo even had a chance to throw up a pop up to ask permission if stop can be executed or not in the first place.. Comodo is just to slow at intercepting, So Comodo is history as far as I'm concerned.

Sandboxie, failed all, everything bypassed Sandboxie.

Process Guard and EQS failed the Stop2 and htaac and maybe 1 or 2 others I can't remember which.

Malware Defender only Failed on htaac and stop2 test. however with htaac, even tho explorer.exe gets terminated it fails to terminate malware defender and malware defender is still running. with malware defender screen still open you can terminate htaac and restart explorer.exe without having to restart your pc.

Malware defender does have a good self defense, in terms of performance I rate it as 2nd best after Defense Wall.

In case of Comodo 3.5, I am able to block all executables, except for htaab.exe, from running by blocking the first alert I get - "explorer.exe is trying to execute..." alert. Is this the alert you are referring to? Or is this the alert before the executable tries to run itself, because I am not certain if blocking explorer.exe from running the sample is blocking the malware or explorer.exe. For htaab.exe, even when I block explorer.exe from running it, it fails to stop it and I get alerts for all further accesses of the sample, blocking which, again, does nothing but freeze my PC. Now this is unacceptable since this the most basic of all that a HIPS should do.

[arran]

Quote:

Originally Posted by metalforlife

In case of Comodo 3.5, I am able to block all executables, except for htaab.exe, from running by blocking the first alert I get - "explorer.exe is trying to execute..." alert. Is this the alert you are referring to? Or is this the alert before the executable tries to run itself, because I am not certain if blocking explorer.exe from running the sample is blocking the malware or explorer.exe. For htaab.exe, even when I block explorer.exe from running it, it fails to stop it and I get alerts for all further accesses of the sample, blocking which, again, does nothing but freeze my PC. Now this is unacceptable since this the most basic of all that a HIPS should do.

Yes it is unacceptable since this the most basic of all that a HIPS should do.
Your right. Thats why for me comodo is history.

what you described is basically what I found, I specifically remember clicking on the stop test executables and comodo producing ZERO Popups.