What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I'll look for them.

    Wasn't being sarcastic, and haven't lost faith exactly, it's just that I've been running into some conflicts lately, like with VoodooShield and MBAE.

    We might be saying the same thing, imaging makes it safer to try different things.
     
    Last edited: Oct 4, 2013
  2. guest

    guest Guest

    If I were in that situation (which I really was) I'll consider about the advantages vs. disadvantages of dropping or adding other tools. If certain tools can give me some huge benefit then I'll keep it. If no benefit or if the benefit isn't really that much and the risks are too big, then I'll drop it. That's just how I personally deal with such problems.

    Let me clarify it a bit. ;)

    You can get hit by malware when browsing, one way is through an exploit. Chrome has its own sandbox and it will protect you so the infection attempt will fail (considering that the attacker doesn't use a critical unknown exploit which haven't been found by anyone before to bypass it). So Sandboxie, IMO, isn't really necessary since Chrome's sandbox already stopped the malware.

    But you can't use Chrome if you want to test a new video player that everyone is talking about. In that case, you can use Sandboxie to test it so that new video player will not touch your real system. However, you still can install that video player in your real system and, if something ever goes wrong, you can restore to the state before you install it with a clean image/snapshot you created earlier. Or maybe you can use a VM or even another computer you have specially for trying out programs, tweaks, etc.

    So, as Page42 said, what if Chrome's sandbox failed to stop the infection then? Simple, I have OA set to the chatty mode and it will alert me if there are unknown critical changes occurred out of the blue. And if it (or I) failed, I still have Windows built-in security features like ACL, UAC, DEP, etc. I just don't like having a sandbox on top of another sandbox, or MBAM Pro real-time on top of Avira, etc.
     
    Last edited by a moderator: Oct 4, 2013
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    No. Why do you need to run both Chrome and the download in Sandboxie? It's not as if drive-by's that can escape Chrome's sandbox will have much difficulty with Sandboxie that uses the same techniques.

    Here's my procedure for suspicious downloads: VirusTotal (website and executable) > Comodo File Verdict Service > Anubis: Analyzing Unknown Binaries > Maybe Sandboxie > Possibly VirtualBox > Email AV vendors if still unsure.
     
  4. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Sandboxie compromises Chrome's "sandbox"? Show me proof, please. Second, Chrome does not have a real sandbox like sanboxie in terms of virtualisation. It most certainly is not superior to Sandboxie in any way. Like I've said before, one of Sandboxie's most powerful features is start/run-access restrictions. Nothing gets to run that has not been approved before. No drive-by download is able to execute. No keylogger, no screen capturer, no malware of any kind. Sandboxie eliminates the need of an anti-executable, because it offers this feature itself.

    If you are so worried about comfort, give the browser full access to its profile folder. With start/run restrictions there is no need to burden yourself with virtualizing absolutely everything. You can install extensions, manage bookmarks and keep cookies.

    From what I've read so far I am getting the suspicion that many do not really understand the full extent of the abilities of Sandboxie. Instead unfounded rumors are spread by the same people about Sandboxie compromising Chrome's "sandbox" and how easily everything bypasses Sandboxie. This goes so far that some people here are even considering ditching Sandboxie. And for what? Chrome's "sandbox"? Relying on a HIPS? Real-Time-Anti-Malware Software? Inferior PITA (pain in the ...) solutions.

    I fully concur that Sandboxie offers very limited protection if it's not configured and understood properly. The start/run restrictions are not active by default. This way malware can be executed inside the sandbox. It won't be able to make permanent changes to your system, as all changes are virtualized and even the virtualized ones are made undone, once the sandbox is emptied. But it can still do a lot of damage in the amount of time when it's running. That's why the average joe is much better suited with a real-time protection suite and all of its features.

    Yet once understood and properly configured Sandboxie is three things. First, it impacts your performance way less than any AV. Second, it's much less a PITA than any AV and even more so than any HIPS. Third, it's protection is much stronger than any AV or HIPS.

    Finally, if you don't understand or, even worse, haven't even used the program, at least don't spread baseless rumors about it. Keep in mind, if you are wrong, you are spreading slander and should be held accountable for that. Other people have to spare their free time to correct this. Cleaning up the internet of false information is a Sisyphus task, so most of the wrong stuff stays. People looking for advice read that and defer to it.
     
  5. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    After reading this, I think I have much more confidence in SBIE than Google's Chrome sandbox. Chrome is often times a one buggy update release after another.
     
  7. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Hmmmm...

    Chrome is my primary browser.

    I update it every time an update comes out -- which is pretty regularly.

    I can't say I've ever noticed buggieness based on the updates.

    But I know acr1965 to be a long-time and logical Wilders guy... so I'm going to Google this and look into it.
     
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I can't say there have been any major bugs...just little things like js not remembering white lists, flash crashing, etc that have happened in the past...
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Where did I say that? It's only potentially possible, because it's increased attack surface and redundant. Your restrictions will be bypassed, because it's just another part of Sandboxie, which is working the same way as Chrome now.

    I've done that before, until switching to Chrome and realizing it's unnecessary. Sandboxie is still useful for containing other software.

    More like you're the one lacking in application of Sandboxie. Why do you need to run Chrome in Sandboxie? Opening downloads in Sandboxie can be done in so many different ways. Exploits that can escape Chrome won't be stopped by Sandboxie simply due to their similarity. Do you have malware running in the system that needs to be controlled? Or maybe just Chrome itself, as well as plugins/extensions? Cause those are the only reasons for running Chrome in Sandboxie.

    Assumptions, and no knowledge of how an exploit works. You'll need some research into that, and stop underestimating Chrome's sandbox as if it's not at Sandboxie's level. Are those people being infected and regretting their decisions?

    I can say the opposite, you know how Sandboxie works, but not every other software mentioned.

    But they aren't redundant layers of the same technology.

    You haven't read a single word of the thread I linked right?
     
  10. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Sorry J_L, I have read the thread now and I must admit it has rattled me. I can't take back what I've written so far but I should at least apologize to you. Thank you.
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Don't worry about it. We all learn new things, but you've show integrity by admitting past mistakes and moving on. I myself was once a Sandboxie diehard like you. :D
     
  12. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Further I would like to apologize to anybody else I have unjustly reproached for lack of knowledge.
     
  13. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    Still loyal to ESET :D
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I like the combo I use now Comodo Firewall and Avast.
    Comodo has good HIPS,
    Avast has Web, Network , Script and Behaviour shields. And his AV (File System Shield) is better then Comodo's AV component.
     
  15. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Don't forget that comodo firewall has the cloud AV engine that checks files as well. Once AIS 2014 comes out I'm going to try AIS, WSA and Sandboxie. Should be a killer combo.
     
  16. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Do you mean Raiting Scan?
     
  17. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Afternoon! Just updated my Account at Webroot...and had to re-install WSA Security Plus. Was delighted in receiving the new Version. This is in two words...Freakin Amazzzzzzzzzzing! Lol. Webroot in my opinion is a Galaxy ahead of it's Competitors...Job Well done...too all the Men and Women at Webroot. Sincerely...Securon
     
    Last edited: Oct 5, 2013
  18. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Afternoon! Introducing...the Triple Crown...WSA Security Plus...AppGuard...Voodoo Shield. YA ZA...YA ZA! Sincerely...Securon
     
  19. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Speaking of protection layers, I have just replaced my slatted bed frame...the amount of slats and their width increased...the spacing between each slat reduced by half...I have greatly reduced my attack surface and my mattress is supported way better...lol

    Getting back to business, after the release of KIS patch (b) I am trialing KIS on three different machines with very different hardware power...stay tuned! Sincerely...FleischmannTV
     
  20. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    I've never seen more impressive protection layer than this lol :D :thumb:
     
  21. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Hey I'm already running 2 out of those 3. If you aren't having any conflicts with those powerful programs, then I guess I'll have to try AppGuard. Just downloaded the 4.0 Beta.
     
  22. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    No the Cloud Behavior scanner. Integrated with the autosandbox. It picks up a lot of malware. Not bad for a cloud scanner.
     
  23. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Using AppGuard 4.0 beta now.
     
  24. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Using WSA 2014 version. :D Simply marvelous. :thumb:
     
  25. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    The Cloud Behaviour scanner? It sounds promising but I never heard of this. There's no info on their help site. And no checkboxes in the GUI.

    o_O

    Maybe there's any links to the info from COMODO ?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.