DefenseWall & SBIE

*DRINK*

 

Simple explanations, from me:

SandBoxie gives me some headaches to learn while DefenseWall is an install and forget program.

 

Another simple explanation:

DW provides system wide protection, which as others state, works out of the box. SBIE, is a point solution which requires configuration, and anything that leaves the sandbox (i.e. by user-action) is no longer protected.

From a total protection perspective the all-round solution is Defensewall imo.

 

Thanks to all!
I'll start using DefenseWall, firstly the trial version.
Greetings!

 

Are you claiming that third-party security products have no future with x64?

Do they (third-party security products) simply exist because of XP and/or x86?

 

Yes, this is exactly what I feel. Though, this will hardly happen immediately. Some margin of 10-15 years still exists (provided by inertia, for example). There is another option if MS change its mind and introduce API to control service requests (in the way they provided mini-filters and API to control Security Center). Then third-party vendors will be able to build reliable protection. But this needs a good will from MS, while on x32 platform MS good will is still not a mandatory condition.

 

lets make the long short , SB is much more advanced over DW in many aspects , if i have to choose between both of them my vote was to SANDBOXIE with out any hesitate

 

How so?

 

dw is advance already

 

Tell that to the tests that DefenseWall always passes 100%.

 

Both are great programs. If there was no Sandboxie, I would be using DW.

Bo

 

DW is much more advanced over SB in many aspects
my vote for over all protection goes to Defensewall,and i see lots of people use SB and other stuff too with defensewall it is so unique that you can just run it alone and get protected
DW has the rollback feature which is very handy to remove nasty malware and DW covers more out of the box
strong firewall i tested my self with real malware and keyloggers and stop them all

 

Do you mean by configuration or protection or both?
Tzuk specifically says on the sandboxie website, that none should rely on sandboxie as the only protection, because it always and very often need to be updated because of holes that open up, so basically you should have antivirus for extra safety.
But when you do tests, you always get the impression that Tzuk is actually wrong because Sandboxie always passes malware tests.

 

the weak point of SB is the user to recover to real enviorement

 

Maybe he is being humble.

I don't know but I know that SBIE don't need an antivirus to keep me clean. Same would be if I was using DW. I feel sure about that.

Bo

 

In a way, thats also DWs weak point as sometimes we need to change files status from untrusted to trusted.

Bo

 

agree he is a humble man

 

I think that is one of the strong points of DefenseWall. You have to change something to screw up protection. In Sandboxie you have change something to get more than a browser running in a Sandbox.No doubt you can get about the same protection out of both, it's how much you want to play with it. Anything ms comes up with is going to work more for them than it is for you.

 

DW might be great and all, but it simply cannot stay up to date as SBIE does with its excellent and modern x64 protection! Most of us northern europeans with a lot of cash on our hands do sit as potential buyers, and right now we're choosing SBIE over DW. Never ignore the Nordic market! We're the biggest consumers in europe when it comes to computer related security and hardware!

 

Hi,

I tested two malware on each [SBIE and DW] to see what differences are there between these two applications.

The samples I tested were [a] trojan Ransom LockEmAll and fake AV named “Security Tool”...

Downloaded both malwares from MDL and Clean-MX respectively. Ran both in SBIE [first Ransom, and second the fake AV]. Both malwares displayed their shady GUI on desktop but by right-clicking SBIE icon on taskbar and selecting Terminate All Programs both malwares were terminated immediately.

After terminating both malwares running on SBIE, I ran an on-demand scan with MBAM and HMP with updated definitions and both security applications found NOTHING on the hard drive. NOTHING! nada !



Did the same as above but this time running DW and having the browser set as Untrusted. Downloaded again trojan Ransom LockEmAll and the fake AV. Both downloads were automatically set as Untrusted by DW [because they were downloaded through an untrusted app, Mozilla Firefox 8.0.1].

Executed LockEmAll first and got an alert by DW. Hit STOP ATTACK button on DW and trojan Ransom stopped running. Did the exact same thing with the fake AV and was also prompted by DW. Hit the Stop Attack button for a second time and the fake AV was terminated on its tracks.


Finally, ran MBAM and HMP and both found malware on the hard drive. It's true that malware was under an Untrusted status and couldn't harm the system but they were still on the computer hard drive.

To get rid of the malware under DW, you have to: [1] Use anti-malware scanner to remove the traces that still are sitting on your HDD or...[2] Use the Rollback feature on DW to undo the changes made by Untrusted to the Windows registry.

Bottom line, the approach of each application [SBIE & DW] to deal with, let's say malware, is different.

With SBIE you can terminate the evil processes running on your PC and no traces of them can be found. With DW you also can terminate malicious processes on your PC but there are traces left which you have to , remove using MBAM or another anti-malware app or using the Rollback feature in DW.


Both are good but their approaches are different.


Regards

 

Sandboxie is a lot more than "a browser running in a Sandbox". You can run any application you want sandboxed not just your browser. I run just about everything sandboxed and the programs and folders that I use often, they are forced so basically all files that I open(unless I am installing a program) are always sandboxed which is sort of having them as untrusted, like DW does.

Bo

 

Or compliment DefenseWall with something like Shadow Defender and with a simple reboot those traces are no more.

 

Zyrtec DW has feature call rollback and with such feature you can easilly delete malware in real tme

 

If I have my programs forced to run in a sandbox (sandboxie paid) will they be able to update while in the sandbox? Also, what about a browser with add-ons and plug ins (java, flash, etc)...will those add-ons and plug ins be able to update if the browser is forced to always run inside a sandbox?

I have sandboxie paid and normally run either chrome or firefox browser.

I also just acquired a defensewall license and am trying to figure out which to run. I guess I can run them both at once if I like? The only apps I figure to force to run in a sandbox are my internet browsers and media players. The only issue is I download quite a few music videos from Youtube and I have to take then out of the sandbox after downloading them. I guess if I just ran DW I would not have to worry about emptying the sandbox?

 

Hey Jmonge,


I know DW has that feature [Rollback]. In fact, I mentioned it in my previous post.

Although, for the average John Doe computer user [my grandpa, for example], that Rollback feature might seem kind of scary because Ilya doesn't recommend its use by the average user but the advanced user due to it may affect registry entries and files from your hard drive. Therefore, if you don't know how to use it or are unsure, then the advice would be to run a anti-malware scanner or do as Lonewolf suggested, use Shadow Defender.

If a safe removal of malware traces [one the doesn't scare the average PC user] could be implemented in the future for DW, that would be excellent.

But, right now, the product the way it intends to be, makes it a strong contender and a must have application.


Regards.