SandboxIE (Paid) vs Defensewall

I've been trying them both out but am starting to lean a little more on the Defencewall side.

 

Huupi, of course I was also very disappointed, but I guess these things are unavoidable, almost every HIPS out there can not protect against certain types of malware. Even HIPS who are developed by more than one guy still have holes, or don´t even monitor important stuff, so you also need to put things in perspective.

Btw, I think it´s best to execute malware (or apps that you´re not sure about) only inside VM, because you can never be sure if sandboxes wil be able to stop advanced attacks. Running as non-admin also helps a lot of course. But I must say that so far SafeSpace does make a very good impression, none of my malware samples were able to "leak".

 

hi all

both programs are great , DW is for more like home user and SB is for more advence users.

if u put this 2 awesome progs one against each other i am sure u will find out thats SB is more secure in many ways , more user control in programs behavior , and most command are open to edit and adjest the system for your needs.

and yes also abig and importand advantage SB on DW like other says in here its the option to clean the continer and get rid of any malware known and unknown to mankind

cheers

 

For good measure i cover these and my HIPS with Power Shadow or in everyone else's case it would be Returnil or some other one.

 

The x vs y threads are bothersome for me, particularly when you're dealing with two different concepts. DefenseWall and SandboxIE are not the same type of utility. SandboxIE can be called on to perform isolations from internet threats. DefenseWall was designed with isolating such threats in mind.

DefenseWall isolates through policy, and SandboxIE isolates literally though temporary environments. That is not a comparable arrangement.

The protection from DefenseWall is maintained after exposure by policy and tagging of potential threats. The protection from SandboxIE after exposure is by literal removal of the exposed environment.

I like them both. I have to recognize one thing though. If I have DefenseWall protecting me from Malware on my system, then removing DefenseWall leaves me vulnerable to the Malware. If I have Sandboxie protecting me, and I remove SandboxIE, there's no Malware still sticking around.

 

yes total agree with you . both use defrent method in order to prevent malware. SB use a virtual environments (like SD or DF) when DW uses policy.
this why SB is more secure and stable for any malware attack.

cheers

 

Please, back up your claims

 

Hmmmmmm I dont know. Both are very strong but just different in the way they work. I cant see a person going wrong running either.

 

As one of the resident noob testers, I can say that sandboxie was quite easy to set up and use effectively. With little effort with the free version, I was able to choose to run my browser sandboxed via the context menu, automatically delete the contents of the sandbox when closing the browser, or add the sandbox folder to both ccleaner and eraser if i wanted to securely wipe the contents of the sandbox. This was an earlier version, but I can't imagine the dev making subsequent versions more difficult to use.

 

exactly like I said before Sandboxies better because you can delete all malware after each browsing session.

if your running defense wall and you have live malware on your pc trapped inside, what if for some reason defense wall became tempory disabled either by uninstalling it or reinstalling it or installing an up date?? I would hate to think what might happen to your pc if defense wall ever became disabled with all that malware sitting on your pc.

 

That malware won't do anything because it couldn't create autostart entries earlier. Seriously, these malware first isolated by DW are nothing but inactive files which can't do anything unless you double-click them.
GeSWall FAQ

 

ClosedKeyPath=HKEY_CURRENT_CONFIG
ClosedKeyPath=HKEY_USERS
ClosedKeyPath=HKEY_LOCAL_MACHINE
ClosedKeyPath=HKEY_CURRENT_USER
ClosedKeyPath=HKEY_CLASSES_ROOT

 

hMMM, Interesting.

So in SandboxIE theres really no limitations to ClosedPaths except seems i remember tzuk saying in his forums that ClosedFolderPath would take precedence over other ClosedPath's, for example ClosedFilePaths. Gives me something to study up on since i'm not quite sure just how all this ties in so i think some more reading at SandboxIE forums are in store for me.

Thanks MikeNAS for posting those. I'll test them out.

Regards EASTER

 

Doesn't that depend on the user? If I gave SB to my wife, who then had to configure it, I bet you my house that SB would be far less secure that DW. In fact SB would probably not even work at all
As I see it, for 99.99% (or whatever percentage of people are not PC security literate) of people DW would provide a more secure solution, without the risks of configuration. Of course, most people on Wilders could probably handle SB. Myself? I just grew weary of the prompts from trying out various HIPS and never knowing with 100% certainty if "Allow" was really the right thing to do.

 

SB is secure without extra settings. Just remember to run programs inside of that

 

Ok, I'm using Sandboxie and trust me, I'm not an advanced user . However, it provides me advanced protection that changed the way I look at security setup. Sandboxie is the only sandbox program that I have tried and I'm sticking with it for now because it works, I understand it and it works with what I do daily.

With that said, I was very tempted to try DefenseWall when it appeared on GAOTD. 99% of what I read about Sandboxie and DefenseWall is positive and the same can be said about their developers. As already stated, you can't go wrong either way. I'm also sure if you have a problem with either program that a solution will be found eventually. What more could you want?

innerpeace

 

If that same 99.99% can do something as elementary as Copy/Paste text on a PC then they won't have any real difficulty with SandboxIE, since all a user needs do is access their RIGHT CLICK MENU and select RUN SANDBOXED.

How much simpler can it get?

But i see your point on DefenseWall but also consider this, DefenseWall ALSO employs a RIGHT CLICK MENU to access RUN AS UNTRUSTED/TRUSTED etc.

So there's very little difference in that respect.

 

And I think that's the bit that would catch most users out! It seems to me (and correct me if I'm wrong because as haven't used Sandboxie), that you need to add programs into the Sandbox to make them 'untrusted', whereas with Defensewall all you internet facing apps and anything you download from them is untrusted automatically, unless you specifically trust them. Have I got that right?

 

It's a two-way street as i understand it Scoobs72, some apps are by default auto-non-trusted=sandboxed and with the right click menu, it's there to add more or even change status to trusted and such. But i'm also still feeling my way around this fabulous program myself.

The resident specialist is it's chief developer Ilya and he can better address any concerns or questions regarding this program along with clarifying the rights from the wrongs ways of useage.

Regards EASTER

 

BTW Sandboxie users. Now you can add more than one program which can access to internet.

Download v3.23.05

 

Thanks for the heads up.


EASTER

 

Not Internet-facing, but those of them which contact potentially dangerous content. Also, there are too many such the applications in the world, it is simply impossible to add all of them into the built-in list- it is just out of the human possibilities. Some need to be added to untrusted manually.

 

welp new SB version been relese http://sandboxie.com/phpbb/viewtopic.php?t=2936..

SB owner is very fast

 

ClosedIpcPath=!opera.exe,* <- Only Opera can run.

With newest version you can use that ProcessGroup setting with ClosedIpcPath so you can set more than one program which can run inside of that sandbox. So you can set it like this:

ProcessGroup=<Browsers>,iexplore.exe,opera.exe,firefox.exe

ClosedIpcPath=!<Browsers>,*

Now I only need to easy way to block all unneeded system ( c: ) drive access. Maybe I have to start use portable K-Meleon.

 

i dont realy understand what this new improve can do....u can always make a new countiner and add lots of programs run in sandbox...what the improvment in the new ver?

cheers