antivirus, hips and sandboxes

i dont know if my post is apppropiate in the forum but just kind of curious
on which one is more effective at blocking malware the antivirus/antispyware
and the hips or sandboxes tools?

 

Re: antivirus ,hips ,and sandboxes

By malware do you mean all malicious softwares? Also, are specifically talking about getting infected from internet activities or all means?

A HIPS should alert to anything that want's to run, but it would require that you know the correct answer when the file runs. DefenseWall should also do a good job of limiting what a downloaded file can do.

Sandboxie can be setup so that only your web browser, etc. are the only thing that can run in the sandbox. I just set mine up like this last night and it works well. I even renamed a file (Storm worm) to "firefox.exe", "winamp.exe" and "start.exe" and it didn't run. It can also be set to block access to certain files, folders, partitions or drives. I think DefenseWall can do this also.

Anti-viruses/anti-malwares are still useful but far from perfect. I still run an AV because I'm just not that good with HIPS. Also, everything I download gets scanned with my AV and 2 anti-malwares and/or submitted to VirusTotal or Jotti before it's allowed to run on my machine.

 

Re: antivirus ,hips ,and sandboxes

http://wiki.castlecops.com/Different_classes_of_security_software is a good website to check out.

 

Re: antivirus ,hips ,and sandboxes

by malware in general,coming from all sources or internet faces apps,like internet explorer or wmplayer.security in general for a non geek user,familly or average user.

 

Re: antivirus ,hips ,and sandboxes

thanks for the link huanker i will check it out later.

 

Re: antivirus ,hips ,and sandboxes

Hi

I think the most effective for beginners are policy sandboxes because it does everything automatically and you rarely get alerts.

But it is best to use a combination of security software.

 

Re: antivirus ,hips ,and sandboxes

Hi jmonge
For determining what is the best security, you must first determine what are your "infection vectors". This means HOW CAN YOU GET INFECTED.
This will depend on your computing habits. For instance: are you a safe surfer; do you p2p; do you plug a lot of usb drives that are not yours; or does your own usb drive go to many computers, etc.
Once you have checked that, you must understand how security software works, and this way use that software to cover your bases against those vectors. If you don't do that, you MIGHT end up with layer over layer but with no real protection.
One example would be securing your browser as much as you can, but not paying attention to usb drives.

For better understanding of how security software works, read mi little analogy regarding real-time protection (if you go to post #10 in the same thread, you'll see how BlueZanetti explains it without an analogy)

I hope this helps.

 

Re: antivirus ,hips ,and sandboxes

Ok, thanks. IMO, a good suite is the way to go for the average user. The only problem is can/will they renew it when the time comes.

If not a suite then an plain AV with high detection rates would be easiest but the least effective (relatively speaking), but may be adequate. Next would be the policy sandbox as Someone suggested and depending on the user, Sandboxie (a virtualization sandbox) may be fine. Another easy HIPS/firewall would be Online Armor and they have both a paid and free version.

OT: Consider setting them up with a Limited User Account. Also, it's important to keep everything up to date and patched (see my sig. for an online scan to check). Most online malware is looking for holes in your software (browsers, java, flash, media players etc.) that probably already have a patch/fix.

 

Re: antivirus ,hips ,and sandboxes

A good solid HIPS is of enormous value if a user is so inclined, because NOTHING! and i do mean NOTHING! can compromise it as long as you suppliment it with an executable interceptor ia whitelist like AE provides.

Then of course theres virtual systems, sandboxes, etc. all of which cancelled my own interest in any AV ever again. Going on over a year now without one and i've had better results without their blacklist dependencies then the alternatives just mentioned. Plus my computer runs faster and the protection is much more dependable! and without wasting money!

EASTER

 

Re: antivirus ,hips ,and sandboxes

Hi

I agree with you except for the part about Online Armor. I think outbound protection is not really necessary so you can get something like ThreatFire and change it to automatically quarantine so the user does not need to do anything. And it's free.

 

Re: antivirus ,hips ,and sandboxes

Unfortunately, there are no comparative tests regarding real-world malware prevention. So, it's just impossible to ansewr your question with concrete numbers.

 

when it comes to getting infected by malware it doesnot matter your computer or surfing habits you just have to click the wrong link and you are infected and i thank this forum alot cause it was my path to know DefenseWall and SandBoxie the 2 only security software i really trust.
for ages i was computing with mcafee and zone alarm and i was always ended
infected no matter what or my computer habits.now i am very sure if i sandbox my internet apps or the apps that need to connect to the net i will
very secure.i am not trying to ditch any antivirus but for my own experience i am better with the policy base sandbox or pure sandbox for blocking malware.

 

i agree with you Someone about outbound protection maybe i am wrong but i think but if you take good care of what is coming in your pc why bother for what is going out,i mean if you are not infected how can
you get transmition out.now if you have a horse trojan those litlle horses that do alot of damage then we have to be concern about outbound.by the way i heard that a stealth horse trojan could bypass any firewall so no outbound protection.maybe i am wrong,i am novice here learning.i visit this forum and other ones i am learning alot so thanks again.i opened my eyes after reading alot of post out here and i realize that an antivirus alone is useless.i used to think that mcafee was the only and the best solution out there.

 

Which means that your infection vector are mainly internet facing apps. Which has to do with your habits, since you use those apps.
Being a safe surfer just reduce the risk associated to that vector.
I also rely in SBIE only (and Returnil), because it's rock solid and I understand how it works.

 

yes HURTS and also this is a pc for the whole familly now i want to ask you
if you configure sandboxie to allow only internet explorer to connect to the net ?do you really need to run a software firewall ofcourse when you have windows firewall on or maybe connected to a router.very soon defensewall
will have some kind of outbound protection too.

 

Actually you can't make that IExplore is the only app connecting to the internet.
What you can do, is make that IExplorer is the only app connecting IN THE SANDBOX.
Apps outside the sandbox will still be able to connect.
Still this is usefull for drive-by downloads that call out, but if you want full outbound protection you should go with a FireWall, since Win firewall only provides inbound protection.

I don't know how OB protection from DW will be (will it be full protection like a firewall, or only for untrusted apps, etc), perhaps Ilya could explain this.

 

ok hurts got it,
so thats mean that with that feature you could block spyprograms(keyloggers) and horse trojans from stealing data?
i really like sandboxie and defensewall it is like how can i say it is must to have those,
just kidding any way i like a feature from sandboxie and that is that you could delete
your sandbox empty it is like going to the washroom and flushing the toilet
"every thing is gone".

 

Yes. If those keyloggers and trojans are downloaded with the browser and stay in the sandbox, yes, they wouldn't be able to connect out.
If you recover the trojan and it runs out of the sandbox, you lost the battle.

Remember that sanboxie has a configuration option where other things can't even run in the sandbox. In other words, IE is the only app that can run, and any download of executable will be useless if kept in the sandbox.

And of course there is the "block folder" option, which can lock the folders you want to keep protected. Nothing in the sandbox can access those folders: no read, no write, no delete. For example, I lock some of my data folders that contain private data (finanacial records, etc).

 

I agree,If a surfer spends a vast majority of there time surfing porn sites and another spends there time on ebay which surfer is more likely to become infected.So surfing habbits can be a big Factor who stay clean and who gets infected.

 

yes i agree 100% thats why we only use our pc for surfing,banking,hotmail messenger,youtube but no limewire cause it is kind of dangerous
we try to keep safe and no adult content in my pc
thank you guys for your replies,i was invited to a bar b q, i am very hungry
so i see you later and thanks for every thing.i will reply later.see ya.

 

Only for untrusted processes, there is no need to do that for the trusted ones but one exception- if you put an app into the "always deny" list manually, this will stop it from internet connections in all modes. I think, this should be fine.

 

Sounds great.

Everyday I'm more tempted in trying DW.

 

Once you experience the overwhelming security of DW and it's simplicity that actually helps the user which requires a lot less interaction then say a full blown HIPS, you'll be sold on it.

DW is one of those in a class like FD-ISR in my book, a one-of-a-kind solution, and the support? Hey this maker watches over his creation as though it was permanantly attached to his person, which in some ways it is?

Seriously, this is a very strong prevention app, and some might wonder why i personally don't make a lot more noise over it then i do. It's because i do a lot of malware research and this app PREVENTS so many bad things from happening, and i need a a little wiggle room sometimes.

 

Yes, I know how good it is. Every day I read good things about it, and the support offered by Ilya is just another BIG plus for DW.
But I love SBIE.
Hopefully in a few months I'll buy another computer and then I'll have SBIE on my laptop and DW on the desktop (or the other way around).

 

i am back that barbacue was great anyway hurts i use DefenseWall and SandBoxie together with no problem,it may be too much protection but it is ok
my internet speed is great no slows down at any time.