MD's File and Folder rules an alternative to sandboxie?

For people here who have tried or currently use Malware Defender's file and folder rules what are your thoughts on using it as a replacement to sandboxie?

Because you can set it up so as your browser cannot download or create any new files or folders any where on C Drive, you can also make it so your browser cannot modify any existing files or Registry keys any where on C Drive. After doing this I found that at the end of each browsing session there was nothing there for Sandboxie to flush down the toilet. hence the reason why I no longer use Sandboxie. Because If Sandboxie has never got any thing inside it to Isolate from the harddrive then what is the point of having sandboxie running? Surley this must be a more effective and efficient method than using sandboxie. Because I am sure that most people would agree that its impossible to get infected without the creation of new files.

 

not only for files/folders but critical areas of your operating system:system32/start up program/program files/system etc to denny writes/modify and only allow reading mor effective than a sandbox i think whole control of the c:\* drive

 

In some ways it also Acts like a firewall.

Because the creation of all new files are blocked any where on C drive, therefore all incoming files from the internet are blocked. This would have to be one of the most powerful security solution I have ever seen.

 

C:\* full lock down default-denny

 

It sounds like you may have achieved isolation but how convenient is it for normal users? The point of Sandboxie would be compatibility with other apps and small conveniences like saving bookmarks. I'm not sure if you can create a rule in MD to allow bookmarks. Also, what about downloads and updating add-ons?

If you want total isolation you could burn a small Linux distro and surf with it.

 

I would have the rules disabled if I ever needed to do updating and add-ons Just like you have to run your browser outside of Sandboxie to do updates and add-ons.

When ever I download anything MD gives me a pop up asking if the file can be created.

as for book marks I haven't yet tried that, but I'm sure its possible I will keep u informed.

 

Ok, that's what I thought but is it easy to disable the rules?

Very interesting!

Be careful, if it works you may be helping others create rules for IE, FF, Opera, etc.

I'm not good with Windows inner workings and HIPS and that's why I use simple security programs and policies. I'll keep an eye on this thread and see if I can learn something.

P.S. I was talking about running a linux distro by booting from the cd where it runs in memory only.

 

spending a few seconds to temporary disable rules so you can do updates isn't much of a problem considering its only once every few months.

And the installed add-on's is normally done when you do a fresh install anyway.

PS, still yet to fine tune rules for book marks, its just a matter of allowing access to modify certain existing files, the creation of new files is still blocked.

 

with FF speed tweaks and inbound filtering you will find that with caching disabled it makes no difference in browsing speed. with cookies cslite blocks all global cookies and lets u create a white list of sites that u need cookies for.

 

But why would you need to have no script updated every week? is it a major security risk if you don't?

From what Ive read most people using Sandboxie flushes the toilet after each browsing session. So all your cookies,caching, history etc is gone gone gone. So at the start of each browsing session it is always slow, so wouldn't it be better to instead use FF Tweaks and inbound filtering? That way you could also have fast browsing at the start.

hmm you may have a point, depending on how and on how many files you download it could be an issue.

 

no no you don't understand how it works. It doesn't work the same way as a sandbox but it produces the same results as a sandbox by isolating your browser and all browser downloads and activities from the rest of the operating system.

Other than your normal already installed programs there is nothing to restrict start run and internet access. Because no malware gets in in the first place.

Think of it like this instead of the Battle taking place on your Territory on your pc inside Sandboxie the Battle has now been pushed forward out of your Territory into no mans land. By Blocking the creation on all incoming files.
So seen how there is no malware coming in then there is nothing for Sandboxie to do as it is always empty, there is nothing there to be blocked from start run and internet access, and there is nothing there to flush down the toilet afterwards.

 

ok here is the rules of how I have done it. with MD it reads the rules from the bottom going up, not from the top going down like most firewalls. So you have your white list at the bottom and all other files and folders on C Drive blocked at the top.

you actually don't need to disable any rules to add or remove book marks.

The rules are very strict FF is only allowed to create / modify certain files with certain file names in certain places. As you can see most of it takes place in firefox/profiles/33mk3hx3 folder that is where FF operates and works from.

For any downloads you will get a popup asking if the file can be created.
If you are downloading lots and lots of jpg image files you can add this rule at the bottom.
c:\documents and settings\awilliam\desktop\downloads
*jpg
and set all to permit and you won't get any popups.

my setup is MD version2.1.1 FF version 3.0.5 with caching and ff virus scans disabled.

It cauld do with some fine tuning but this is basically how.

Next step is I will be working on Registry Key Rules soon.

Any questions, just make a post.

 

By the way it is possible to do updates and change settings in FF without disabling MD rules, its just a matter of giving read / write permissions to certain files in certain areas. I just haven't got this far yet.


And also I have not been able to do updates and addon updates with FF inside Sandboxie can any one else confirm? or is it just me?

 

No I am not giving permissions for cookies and history to be remembered, I have cookies and history disabled. And every one else should also have these disabled.

And the only files that can be downloaded is the files that you download which MD gives you a popup asking if the file from the internet can be created. all other files from the internet are Blocked.

well there must a be a setting in sandboxie which I have missed to enable updatting for addons and FF updates and FF settings.

Because for the updates and new settings to remain Permanent it has to be able to write to your main hard disk outside of your isolated environment.

 

That is exactly how I use MD, see https://www.wilderssecurity.com/showpost.php?p=1360445&postcount=4

Works like a charm and very fast, but I fear some replies are right, you need some knowledge to set it up that way.

 

I already have the general rules set up the same way, but this thread is more about file and folder rules.

I notice your file rules are very limited for example c:/*
you do know that to cover all layers it needs to be more like this?
c:/*
c:/*/*
c:/*/*/*
c:/*/*/*/*

and Which are the replies that you fear are right?

 

Right so my original point still stands you can't do permanent updates while FF is running in Sandboxie. I take it that you never ever empty it out and flush the toilet.

If you don't care about privacy and you don't care about getting tracking cookies then by all means enable global cookies and browsing history.

And no I don't like Linux, How would I run all my windows apps and windows games on Linux? and MD is a hobby I am finding it quite addictive.

and Defense wall still has a purpose.

 

welp , i dont know how ppl even comapre SB to MD , both work differ.
SB is a msut software for ppl who know jack s**hit on pc security , MD(paid only) / CIS(free) can be used as an addon , to increse the line of defense.

 

It gives me such a warm and fuzzy feeling that after surfing thru dozens of porn sites loaded with malware and crap, and I run cc cleaner after wards and this is what there is to delete.

 

Fear

Just select the radio button Files and Folders in MD and C:\ will be sufficient.

 

I have restricted my browsers rights as much as I can with MD, But according to Defense wall's logs it is still Blocking certain Browser activities. Probably not serious but still I just like to have FULL CONTROL over all my programs behavior. It looks like Defense wall seems to cover areas that MD misses, I haven't had to time to properly investigate yet. And even tho it is highly unlikely that Defense Wall will ever have to deal with Malware on my pc, I just like to have FULL CONTROL over all my programs behavior and activities. And its not like my security setup is over kill they are very light on resources. That said there is a Remote possibility that I could download movie or image files infected with malware, so by default all movies and Images are run as untrusted. But in the whole 5 yrs out of all the movies and images I have downloaded I have never got 1 infected.

Yes Sandboxie is a good product I am not saying it isn't. But other products like MD can also achieve these same results that you have mentioned. By the way I have discovered some thing interesting, from MD's logs firefox can create files outside of the sandbox while running inside sandboxie.

No It wouldn't sacrifice usability and convenience, it is only the Blocking of creation of files downloaded from the internet via your browser that I am currently working on. All other files from within your operating system can be created as per normal by normal trusted programs.

With regards to transferring files over and unzipping them from other hard drives. you can block the creation of any Executable files which may pop out during the unzipping process. Because MD has the ability to not only Block the creation of files in certain places but also has the ability to block the creation of certain file "TYPES" But this is for another discussion all together.

I don't like SP3 features and I found it to conflict with certain programs. can't remember which tho. and I don't think Easter likes SP3 either.

yea I know I have done that now, My Bad. I still had EQS rules in my mind lol.

The blocking of the creation of file rules isn't for to control the BEHAVIOR of the viruses after they have been given permission to enter onto your harddisk and execute.

The file rules primary purpose is to prevent them from entering onto your operating system in the first place. Not controlling their BEHAVIOR after they are already on your hard disk.

If you want to test it get a list of malware infected drive by websites and surf thru them and see how many malware files the infected sites can drop onto your pc.

I probably should have called the thread title instead
MD's File and Folder rules an alternative to sandboxie for Browsing?