Policy sandbox, CPU load/covered area's

Hi,

Last few days I have been trying some Policy Sandox + HIPS/AV combi's on our XP box SP3 (Athlon 3900), this gave some surprising results

ThreatFire + DefenseWall = good 3 secs with Opera startup col
ThreatFire + GeSWall = just 3 secs (which is understandabe because GW is overall a tat faster than DW)

Rising AV/HIPS + FW + DefenseWall = just 2 secs
Rising AV/HIPS + FW + GeSWall = good 3 secs (?)

Security considerations

TF with GW:
- with TF custom outbound rule and GW confidential network outbound rule gives full outbound protection
- GW is able to protect against RegHide, GW covers more HKCU keys (than DW)

Rising with GW
- FW gives outbound protection, DW provides tampering protection with Resource Protection (meaning a policy wall between untrusted aps), so basically you have got outbound control covered, alyhough TF + GW is a bit more transparanet on explicit user setting)
- DW has total untrusted file control, which is completely build in and monkey proof (unlike GW)

Conclusion

ThreatFire free + GW Pro (paid) is a good option and Rising AV/HIPS/FW free + DW (paid) is a good option

Regards Kees

 

RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys.

 

so the rollback bottom will cover that,find the regkeys and delete it if you need to.

 

Yes, DW's rollback can delete such the "hidden" keys.

 

so we still have the protection to roll back the reg and delete which is good.

 

Ilya I am just being objective. I can live with it as long as you develop the new feature you discussed in the "rollback quarantaine post" on DefenseWall forum (maybe you could consider the suggestion of a 'positive critical' user of your application ).

Regards Kees

 

Kees, have you checked pre-2.45 version?

 

I did now, compliments

Resource protection
You implemented the web mail custom rule. Did you also implement it for Vista mail? (Guess I know the answer ). DW found that I had moved my mail directory, this is very user friendly added protection.

Context menu
At second thought I would think "allow to be modified by trusted only" is better than "allow to be accessed by trusted only". Access might confuse users with secured files, sorry my mistake.

What about using the same terminology as GeSWall (confidential) for secured files/folders. You guys are in the same class, so might as well establish same terminology where applicable.

Rollback
Put somewhere on the title header (right mouse click for options). Change column Time to date/Time. We are nearly there, just a few minor remarks:
- Query Google = only export program/file name (only copy string after last \ to Google search)
- Save details = okay
- Please provide an extra option like Anvir Task Manager does (provide extra option for executables: Check at VirusTotal)


Thanks

 

Vista Windows Mail is supported by resource protection rules since 2.40 version.

As about other remarks- I'll think about them.

 

Opera users tip

Change the temporary download directory to a place outside opera's program directory, this will cause lesser respurce protection pop-ups when opening txt, word files etc.