Understanding 'Proactive' Security Software

Discussion in 'sandboxing & virtualization' started by NODPortable, Nov 19, 2012.

Thread Status:
Not open for further replies.
  1. NODPortable

    NODPortable Registered Member

    Mar 22, 2008
    Hi All,

    Basically I'm trying to work out a security structure that is more proactive than what I have now (Sandboxie Lifetime Licence + ESET SS5) for my Windows 8 Pro x64 PC. I don't mind paying for security software, but I much prefer upfront one off payments for lifetime licenses, I'm not a fan of subscription software.

    I was hoping someone could provide a rudimentary breakdown of the different 'classes' of security applications (maybe with some examples of the commonly used products in each class) and outline What the classes of software aim to achieve and how to work out what different programs are complimentary to each other and what are likely to conflict.

    My rough understanding is that these are the 'classes' of proactive security software:

    Light Virtualisation
    (Returnil Virtual System, Faronics Deep Freeze, Shadow Defender, Toolwiz Time Freeze)
    (Returnil Virtual System, Faronics Anti-Executable, NoVirusThanks EXE Radar Pro)
    Policy Restriction:
    DefenseWall (32-bit), AppGuard (32/64 bit).

    For instance Sandboxie virtualises the system hardware on a per application and/or per folder path location basis. Do light virtualisation programs do the same, except totally system wide?

    I'm guessing policy restriction is the same as making your own SRP through windows just with a nicer GUI?

    Not really sure on what the Anti-Executables do (obviously they stop things launching) but how do they differ from just running your PC with a LUA that propmts for admin rights when a program starts?

    Which of these programs work well together?

    Does Sandboxie + Appguard essential equal the level of protection of something like Return Nil, or does it surpass it?
  2. jo3blac1

    jo3blac1 Registered Member

    Sep 15, 2012
    As for one time life time licence upfront payment here are your options:

    - No virus thanks anti executable - $20
    - App guard - $20
    - HIPS and Anti-Leak module of outpost FW 3x licence - $44
    - HIPS module of Private Firewall - Free

    There are other options that are subscription based.

    As for what programs would be complementary to each other. Well my understanding is that you want 1x of each component in layered security approach:
    1. Virtualization - SBIE, Shadow Defender, Etc...
    2. HIPS - App guard and anti executable radar pro are version of it. App guard works a little bit different than traditional HIPS by using default deny policy instead of asking user for permissions. Anti executable radar pro is only for executables and might not protect you from dlls, etc... A lot of modern Firewalls offer HIPS module.
    3. Firewalls: Private FW, Online Armor, Outpost FW, Comodo FW
    4. Antivirus and Antimalware if all else fails.

    My current set up:
    Virtualization: none at this point
    HIPS: Outpost HIPS module
    FW: Outpost FW
    Antivirus: MSE
    Antimalware: MBAM, Outpost Antimalware module, SAS
    Last edited: Nov 19, 2012
  3. Brandonn2010

    Brandonn2010 Registered Member

    Jan 10, 2011
    Considering how bulletproof Sandboxie and Appguard are, using both seems overkill, but that's just me.

    I think Sandboxie is quite different than Returnil, since Returnil virtualizes your entire session and can roll it back, where Sandboxie just runs programs in an isolated environment.
  4. PJC

    PJC Very Frequent Poster

    Feb 17, 2010
    It's Not just you...;)
    It's an overkill to me, too.:D
  5. TheKid7

    TheKid7 Registered Member

    Jul 22, 2006
    I agree that using both is probably overkill. However, it makes me feel better.
  6. jo3blac1

    jo3blac1 Registered Member

    Sep 15, 2012
    Maybe the OP wants to do financially sensitive transactions online. I wouldn't consider this too much in such case.
Thread Status:
Not open for further replies.