Recently I got a free license for BufferZone Pro. I have used its free version for sometime( this was the time when free version was as capable as pro but as I know current free version is limited as compared to pro). I always like BZ and the only complain from it is a bit slow down on launch of bufferzoned applications but that is tolerable. It has a nice GUI( probably the best GUI of all SandBoxes). Like DefenceWall it has zero pop ups, so might be good for user who don,t like pop ups. It has four processes running in ProcessExplorer but total memory taken by them is acceptable( all in all about 20 Mb). There is an option for confidential files too that will be hidden from untrusted( BufferZoned) processes. Also u can mark any process as ForBidden that will deny all access to it and will deny its execution as well. I tried it against few malware and my findings are as follows: Advanced Process Terminator from DCS: I tried to kill IE ( that was running outside of BZ) via APT running inside bufferzone. APT failed to kill IE, all tests passed by BZ. BTW Bufferzone service is itself immune to termination by any process/ malware etc. APT even running outside of bufferzone was unable to kill BZ service. Very hardened self defense indeed. I have rarely seen such type of self defense. Advanced process manipulation by DCS: tried to kill IE that failed. BZ passed. Simple Process Terminator from SysSafety: All tests passed A special termination method- discussed in this thread: http://www.wilderssecurity.com/showthread.php?t=172653&highlight=termination VideoLinkParser while running inside BufferZone failed to kill RegMon. BZ passed. An interesting kill method: Spy.exe running inside bufferzone was able to kill IE running outside of BZ. BufferZone FAILED. http://www.kobik.net/spy_capture.asp SysSafety KeyLogger test: All four tests passed Martin,s Undetectable Keylogger: Pass. An interesting thing is that unlike most other sandboxes and HIPS , BZ stops MUK totally as it does not allow even the logging of Alt, Shift, Ctrl etc keys. Very well PASS. AKLT by FireWall tester: BZ passed first two key logging methods but failed the last one. KeyHook by DCS: BZ Passed. Home Key Logger and Family Key Logger( use global hooking): I installed them outside of BZ and then launched main executable inside BZ, they were able to set global hook( that was located outside of BZ) and logged keystrokes successfully. If I shifted the dll inside BZ and the executed main the executable inside BZ, BZ passed as no keys were logged. I am not sure it should be regarded as pass or fail. To me it appears as FAIL. I will see what they reply to it on their forums. Zilla( Browsezilla) trojan/ worm: PASS, it was able to copy its executable in C:\ but all executables were inside BZ and if eexecuted they will crash. PASS GlobalHook( keylogger behavior) : I used Y,z shadow that uses a global hook( legitimate hook but similar hook can be used by malware). It failed to set global hook. PASS I am not sure but BZ,s behavior regarding global hooks seems inconistant. It blocks the global hook by YzShadow.exe but allows global hooks by HomeKeylogger and FamilyKeyLogger. There was nothing wrong in my testing probably it,s something wrong in BZ,s behavior and I will haver to wait for their reply in this regard. BlackDay Trojan( It,s a very nasty trojan. It overwrites a lot of the executables on ur different HD partitions converting them into its copies. Not only u get a lot of malware executables but also u loose all the executables overwritten by the trojan. One important thing is that it does not remain limited to C partition but also jumps to other partitions as well, so if u are covering ur C partition with some Instant Recovery Software like FDISR, Returnil or PowerShadow etc, it might not help u as trojan will infect ur non-OS partitions as well): BZ passed here. All copies of trojans were isolated inside bufferzone and it was not able to overwrite any executables. The only problem I noted that on attempted termination through BZ, I was not able to terminate BlackDay trojan process( may be some problem just on my system). DFK Threat Simulator: Passed. Although I got the message that u have been owned but I think all of DFK threat Simulator,s activity was inside bufferzone. I was not able to terminate Win32.exe though( as challenged by DFK threat simulator) but I checked and it was infact running inside BufferZone), So on reboot everything should have been fine but I was not able to verify as I did all this testing in ShadowMode and would have lost everything on reboot. I will say it Pass. Unable to terminate win32.exe seems a bug of BZ just like BlackDay trojan above. RegTest( 1 and 2) by Ghost Security: Pass. It was unable to reboot the system, though I was not able to reboot manually to confirm it( due to ShadowMode). W32/ Virut.P trojan( it was the trojan one user got from an infected torrent( a crack) and it messed with FDISR service and infected other snapshot of FDISR as well. When I tried it, it was not even detected by many AVs on Virus Total. On my system it killed my AV Antivir. I tested it with Antivir,s guard off as it was detected by Antivir). BZ passed, as trojan was not able to mess with Antivir and other processes( grossly). Qucan IM worm( IM-Worm.Win32.Qucan.a/ Win32.Worm.IM.Sohanat.A): This worm disables RegEdit and TaskManager: BZ Passed XP Killer trojan: It disables three services, Windows Firewall, System Restore and Automatic Updates Services. BZ Passed. Brontok worm: It makes a lot of copies of itslef: BZ passed. All copies of the worm were isolated inside BZ. In order to check malware cleaning capability of BZ, I installed an IE Spyware toolbar inside BufferZone. It was installed OK inside BufferZonesd IE. When I launched IE outside BufferZone, there was no toolbar. On launching IE inside BZ, toolbar was there. I then emptied BufferZone, removing all BZoned registry and files. Launched IE inside BZ and Spyware toolbar was gone. Same results with a legitimate toolbar( Google Toolbar). PASS SDT Unhooker malware( called RKIT/Agent.EZ by Antivir): Once executed it unkooks all HIPS SSDT hooks making them blind. BZ passed. Prueba trojan discussed here: http://www.wilderssecurity.com/showthread.php?t=179003&highlight=SSM bypassed BZ failed as prueba was able to make its copy outside of BufferZone in ProgramFiles> Config32 folder.( BTW CH failed against it but beta1 of ThreatFire stops this trojan). KillDisk virus: not tested as I have no VM. Anyone please? Results are quite good in my opinion. Only failures are against some keyloggers and Prueba. I will make a thread over their forums. Let,s see what is their response. Now I wonder why BZ is not so popular, it seems quite strong and I was able to run it alongwith Antivir, EQSecure, GeSWall, ThreatFire, and ShadowSurfer without any conflicts. That shows a lot of compatibility in my opinion. Note: during this testing there was a minor problem with BZ install( due to my system, not due to BufferZone). I uninsnatlled BZ, then when I tried to reinstall, I did not find the key( I could not re-retrieve it from my e-mail as I had no internet at that time, so I just did a system restore that brought BZ,s installation back though some of its functions/ options were disabled( making it more like a free version). I don't however think that the results are affected by this in any way.