Right now I have this informative website, that unfortunately is not online because I can't find anywhere I could host it for free. I mainly email it to friends and family who could use some info on computer security. Anyway, I have different pages for different types of programs. Right now I have one called HIPS/Sandbox for standalone HIPS programs (of which I only have WinPatrol), as well as Sandboxie, DefenseWall, GeSWall, AppGuard, and BufferZone. Since DefenseWall, GeSWall, AppGuard, and BufferZone are in a league of their own, I want to have a separate page for programs like them. Right now I am calling them policy-based sandboxes, but I want a more accepted term. Sorry for the large post: please vote for what the most accurate term would be for the four programs.
I thought that BufferZone is primarily an application virtualisation program, similar to Sandboxie, whereas the other three programs are all similar in that they primarily work by applying restrictions to processes running within the real system, not by isolating processes from the real system. DefenseWall, GeSWall, and AppGuard all apply restrictions to running processes by applying a policy that determines what applications are and aren't allowed to do. In that sense the terms policy-restriction and policy-based are both applicable, and I don't see any fundamental difference between them, as it is the enforcement of the policy that creates the restrictions. I voted other because not everyone would agree that, when talking about programs such as DefenseWall, GeSWall, and AppGuard, the terms Sandbox and HIPS are applicable, so it may be better to avoid the use of these terms. The problem with the term Sandbox is that, for many people, the term sandbox implies isolation from the real system, not just restriction within the real system. There have been several threads where this has been previously discussed and the main point of issue is well summarised by the following quote from the FAQs page on the GeSWall website, explaining why the developers don't consider GeSWall to be a sandbox: - "Q: What is the difference between GesWall and sandbox products? A: GeSWall is not a sandbox. Perhaps the best sandbox you can afford is a separate machine or VmWare/VirtualPC, the rest is by definition incomplete solutions and will always have some flaws. Virtualization/sandboxing solutions create strictly separated environments. The less links between these envelopments and the rest of the system then better a sandbox is. That is a reason for usability problems. It is OK to run a browser there, but you would be reluctant to use e-mail client within a sandbox. Instead of breaking the links, GeSWall tracks an untrusted application data-flow: files, registry, etc. For example, GeSWall does not prevent a new file to be created by a browser, but it tracks out files created by isolated applications and isolates (restricts) an application that uses those file." Similarly, the problem with the use of the term HIPS is that, as with the term sandbox, there isn't a universally agreed definition of what is meant by HIPS. As HIPS just stands for "Host-based Intrusion Prevention System", in theory it could apply to any security program that runs on the host system with the aim of preventing intrusion, which could include firewalls and AVs. However, most people don't accept such a broad definition and the term is usually taken to mean security programs that are behaviour based, but that's where the agreement ends. For some people, the term HIPS is used to describe any kind of non-signature based software. For others, the term HIPS is used only in relation to what is sometimes called classical HIPS, e.g. Comodo Defense+ and similar programs.
Please read my post first to see if you think the terms sandbox and HIPS apply to policy-based software. If you still want to use both terms, it doesn't matter which order you apply them: the meaning is the same. If something is both a HIPS and a sandbox then, by implication, it must also be a sandbox and a HIPS.
Is there any way to edit the poll; I want to add another option. This would be "policy-restriction software" or "policy-restriction programs". That is specific enough to separate the four programs from other types of programs like behavior blockers and HIPS, but doesn't include sandbox which doesn't quite apply to them all. What do you think of that?
The only one that i know a bit in that list is DefenseWall, and i've always considered it's just a restriction based HIPS
What do you call DefenseWall/GeSWall/AppGuard/BufferZone ? I call them 'Leave Real-Time Anti-Malware Scanners Aside'...
DefenseWall is policy-based sandboxing-style Firewall and Host Intrusion Prevention System. The best!