DefenseWall question, I need your opinions...

Discussion in 'other anti-malware software' started by CoolWebSearch, Dec 5, 2011.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Sep 30, 2007
    I hope ssj100 will enter this thread because the following post is actually his. I just want to mention that the only thing I want is to hear more than one opinion, I hope that's not forbidden.
    My question is next:
    is using DefenseWall really that risky:
    "Don't get me wrong, DefenseWall is very strong at preventing active malware infestation of your system. However, it is rather unsettling that malware debris may be left on your REAL system - for example, it is possible that this debris could contain enough code to remotely execute via a specific buffer over-flow exploit, and thus log your keys, screen, clipboard etc, and send out this information via the application you have allowed internet access (eg. your web browser). In contrast, with Sandboxie, this is easily solved by the methods I described above. And very clearly, Sandboxie makes it much easier to empty out EVERYTHING (all the debris) your untrusted applications have created.

    With Sandboxie + LUA + SRP + DEP, the security approach as well as the actual security products you're using is what provides "100%" protection. I just cannot see any other way to achieve even close to this level of protection."

    My only question is: My question is is this possible?
    Does DW wipe out all the malware in the rollback section or not?
    If any part of malware is left, what happens than?
    I can't speak for others, but for myself I can speak: I use SBIE on one computer, DW on the other (for downloads of other softwares from the internet and removable drives). I always delete everything in rollback section and so far nothing vital from my computer was erased.
    I check manually ever 7 days with MBAM, Hitman Pro, Kaspersky, F-Secure and Panda, just to see if any malware sample is left-nothing was ever found.
    So, in my experience DW did not fail, not once.
    Can you share your experience with mine?
    Big thank you to everyone!!!

    One more thing: Does DW now fully protect against TOCTTOU?
  2. chris1341

    chris1341 Guest

    ssj100 is not a member here anymore. He has his own forum though if you feel the need to talk to him direct - - .The DW developer Ilya Rabinovic does come here regularly though so maybe the mods will move this thread to a more appropriate forum to get best responses for you.

    It might be possible but it seems highly improbable. How is this buffer over-flow implemented with DW running? Anyway Ilya himself says roll-back is for expert users and most users should use AV scanners should to clean infectiions DW prevents.
    3.16 fixed the TOCTTOU issues I believe. 'fully protect' is a big statement though.

    Last edited by a moderator: Dec 5, 2011
Thread Status:
Not open for further replies.