DefenseWall and Sbie

[reinwald]

hi thanks ssj100 for your comment.. and to innerpeace.. it isnt ssj100's fault..ssj100 has been actually helpful and he is entitle to his own opinion.. anyway it's all good..
i was just wondering about the method of untrusting the sandbox folder.. is this the only method in making these two programs work to together?

[Dregg Heda]

Quote:

Originally Posted by chris1341

Just thinking out loud. DW allows you to have untrusted folders. Does that mean you can trust (or 'run as trusted' from the right click menu) your browser with DW but set your download, sbie container and cache folders etc to untrusted thereby making anything that runs from them untrusted?

If that works your browser runs as trusted but anything it downloads is untrusted unless you move it out of the untrusted folders. You would need to ensure anything you let out of sbie went into a DW untrusted folder though.

Maybe someone with more experience of the DW untrusted folder set up could confirm?

I don't really think you have to worry about a sandboxie 'breakout'. Has anyone heard of anything getting out other than by user intervention (deliberate or not!)?

Cheers

Hi Chris,

Yup that was pretty much what I was talking about. I think I will consult with some experienced posters on this forum about this setup before implementing it. Thanks!

PS: I havent heard of anything which can break out of a properly configured sbie, but it never hurts to be prepared.

[Dregg Heda]

Quote:

Originally Posted by illicit

That was what I stated initially. If you use both "out of the box", you will get browser slow down, however by untrusting the sandbox folder...DW will automatically untrust anything that comes out.

Hi Illicit,

Sorry but I guess I forgot about your initial suggestion and sort off came up with it on my own. Sorry for stealing your idea!

So what your telling me is if I untrust the sandbox folder, anything that I let out of it or anything that somehow manges to break out of the sandbox will automatically become untrusted, right?

[Dregg Heda]

Yes, thats the beauty of Defensewall. And sbie for its part deals with the one major weakness of DW for me, updating FF and its add-ons. For me this is as close as 100% protection gets imo.

[Dregg Heda]

Quote:

Originally Posted by ssj100

While I agree that having to temporarily set Firefox as trusted (with DefenseWall) in order to do updates is inconvenient, I think most people would not.

I agree with you on this "as close as 100% protection gets", except I'd also suggest a more generic approach. Sandboxie combined with any decent HIPS (which can provide system wide protection), whether it be a policy-based HIPS like DefenseWall or whether it be a classical HIPS like Malware Defender, will get you close to this 100%. This is why I no longer use a real-time black-lister/behaviour-blocker. I only use that type of technology on-demand, and really only for 2 reasons:
1. To give an opinion on any dodgy files that I've acquired
2. To give a bit of proof that I don't have any malware on my system with my real-time setup in place.

Of course, these are just my opinions too.

Yea I pretty much agree with what you're saying, with the caveat that I prefer policy HIPS to classical HIPS, as there are no pop-ups which I might answer wrongly.

[SafetyFirst]

Quote:

Originally Posted by Scoobs72

That's exactly how I use DW and SBIE. Anything I recover from the sandbox is automatically untrusted by DW, but my browser itself is not within DW's untrusted list. Seems to work well for me.

Can you give specific settings in both DW and SBIE, please?

[jmonge]

Quote:

Originally Posted by ssj100

I understand your point, and understand why you prefer policy HIPS. However, on the other side of the coin, I prefer classical HIPS because it gives me more control over what is happening. If I'm unsure about a pop-up (keeping in mind that I know how to answer the majority of pop-ups, and I'm not even an expert), I'd simply block it (at least temporarily) or isolate it, and then do a google search/virustotal etc on it. Very simple to do, and it gives incredible control over the system.

With a policy HIPS like DefenseWall, I could get infected by malware and not even know it. Sure, the malware can't do anything, but it's just a bit unsettling. What if I uninstalled DefenseWall etc?

Anyway, just my view on it.

i want to correct you a litle,i know that no security software is 100% bullet proof but with DefenseWall you will achieve at leats 99.99 % security safe
DefenseWall will criple any malware type software and this will include the most sophisticated malware(rootkits and keyloggers in real time)

[jmonge]

Quote:

Originally Posted by ssj100

Can I ask why that is a correction? I agree with you that DefenseWall will cripple any malware with a certainty approaching the "99.99%" level.

I just find it unsettling that DefenseWall may be crippling this malware on my system, and I don't even know anything about it. Sure, the malware can't harm me at all, but it's just a little bit disturbing. The classical HIPS on the other hand, will always tell you if something is going on (with a pop-up). And sure, some people prefer DefenseWall, while others prefer classical HIPS. Whatever works for you and makes you feel safe!

when malware is criple can not harm your system so it is not consider malware anymore cause can not do nothing to you dont worry about malware traces you can delete manually by hand

[jmonge]

Quote:

Originally Posted by ssj100

Completely agree, but I still find it a bit unsettling and I personally like to know when I'm being attacked by malware in real-time.

an antivirus is a good alerter too

[jmonge]

Quote:

Originally Posted by ssj100

But not as good as Defense+. Defense+ is the reason why I got rid of any real-time antivirus.

agree with you ,the hips are very good alerters and blockers too

[Dregg Heda]

Quote:

Originally Posted by ssj100

After careful consideration, I'm giving this combination another try!

Hi SSJ,

exactly which sbie files do you have DW untrust?