IF You chose a very limited, sleek, but effective security solution. What would it be?

Discussion in 'other anti-malware software' started by rodneym, Mar 23, 2016.

  1. guest

    guest Guest

    In this case , i would choose Shadow Defender; it never failed me (no bypasses especially during my malware testing periods, no bugs, no BSODs, no incompatibilities, etc...)
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    The one problem that I see with my case use of the computer with using Shadow defender instead of Sandboxie is that all programs can run in Shadow mode. Everything runs with no restrictions. Shadow mode is sort of like a big sandbox where programs are not allowed to write to the real system but they can run, read and phone home. For security, were you are going to depend on one program alone, that's not good.

    The restrictions and being able to separate programs in the own sandbox and setting each sandbox according to the Leader program is what makes it possible for me to depend on Sandboxie on its own. Shadow defender is a great program but I would at least use MSE along with it.

    Bo
     
  3. guest

    guest Guest

    If you install SD after a clean install and set it to run Shadow Mode at boot , set up WinFirewall properly , malware won't have much effects.

    Im on Win10 so Windows Defender (MSE) is built-in. Personally i won't use old OSes whatever good they were.

    Anyway , my baseline is SD + Sbie :D
     
  4. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Banking trojans and keyloggers don't need to survive a reboot to clusterfubar your life, unless you don't count emptied bank accounts and stolen credentials as "much effects".
     
  5. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Chromebook
     
  6. guest

    guest Guest

    before entering a banking site , just reboot , no keylogger anymore.

    Beside you can block all outbound connections in Windows Firewall rules , and creates outbound rules manually on case-by-case.

    when using SD you must learn some safe habits to maximize its efficiency.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    To me, sleek, means smooth. That above is not smooth.

    While with Sandboxie, you just delete the sandbox and go. And besides that, the Restrictions, guest, that really is what makes the difference. Sandboxie is not an anti keylogger but opening a fresh browsing session, doing the sensitive browsing and delete the sandbox immediately after you finish is all thats required with SBIE. All done in a restricted sandbox were only your browser can run and connect. And if possible, using only well known addons (exactly what I do). This is important because if you have a malicious addon installed, it can hijack the browser and use it to phone home. Thats really all you have to do with SBIE to keep your money safe. This works as long as your computer is not infected to begin with.

    Something else. With Sandboixire, you can block sandboxed programs from having access to your sensitive data, personal files, this is something that can not be done with Shadow defender.

    Bo
     
    Last edited: Mar 30, 2016
  8. guest

    guest Guest

    I know, but by default Sbie is same as SD , it can't stop keylogging; you have to tweak Sbie to make it impervious.

    Out of the box, SD is safer than Sbie , all is virtualized right away , no tweaks , no setups, to do. You have to do several tweaks to get this result with Sbie.
    However , if the user take some time to understand Sbie, it may becomes safer when the proper tweaks are done.

    Another important thing is that SD protect the MBR , Sbie cannot.

    i am a big fan of Sbie , but you can't really compare each other; SD = system-wide virtualization, Sbie = Program Isolation. they complement each other, it is why i use both.
     
  9. True, but the same applies for a Sandboxie session (banking trojans and keyloggers don't need to survive a Sandboxie session). That is the reason why Tzuk asked Sandboxie to be removed from the MRG keylogger/banking trojan tests in the past.
     
    Last edited by a moderator: Mar 31, 2016
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yes, this settings that Sandboxie has is the reason that I can depend on Sandboxie on its own. They are the reason why I dont need to use anything along SBIE to be protected and feel confident. This settings allow me to use 5 different sandboxes for Firefox alone. Each sandbox is set differently and according to the purpose that I created it for. This are things that I cannot do with Shadow defender and the reason why I would not feel relaxed depending solely on Shadow defender.

    guest, the opening poster asked something....and I wrote here what I have been doing for more than 5 years which is pretty much what he asked for. What I have written here is not theory but my personal experience. I used Sandboxie on its own for over 5 years, nothing ever escaped the sandbox, I have felt confident and relaxed the whole time. And on top of that, using the PC feels like I am using nothing. Can it get any better? I doubt it.
    Tweaks, tweaks and tweaks. Be serious, this setting are called Sandbox settings.. Thats what they are and what they should be called. When you talk about Sandboxie, dont play games.
    Sandboxie doesn't protect the MBR? Who told you that? I like to see you post proof of that, otherwise is just blah blah. I know there aint none. If you get hit by malware that writes to the MBR, if the malware runs which probably wont but if it does, it stays in the sandbox. Thats how that works in Sandboxie. Please, post a video or something to prove what you said is true.

    Bo
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yes, Sandboxie is not an anti keylooger and doesn't pretend to be a anti keylogger but there are things you can do with Sandboxie that can help you do sensitive browsing. And come out just fine. Its nothing fancy, I wrote about it earlier in other threads and over the years. I am not going to repeat myself, look for it if you really want to know.

    Bo
     
    Last edited: Mar 31, 2016
  12. What you say about Sandboxie, also applies to Windows build-in mechanisms, there are things you can do to utilize them (UAC, SRP, ACL, Smartscreen, Protected Processes, AppContainer, etc) and the good news is, those build-in features only become better and better. Plenty of security experts, bloggers, enthousiasts and amateurs have written about it, look for it if you really want to know.

    Since I use Vista Business 32 bits (2008 ) nothing ever escaped SRP+UAC (really not using third party security software), so YES.

    When you use your own Boelam preference as the one and only and ultimate Boelam standard, nothing can beat your Boelam setup, so NO

    As @Peter2150 predicted, this would turn into a massive personal preferences promotions thread, post 62 and counting :eek:
     
    Last edited by a moderator: Mar 31, 2016
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,190
    Location:
    Among the gum trees
    Yawn... Is this thread still running?? o_O
     
  14. guest

    guest Guest

    tweaks means settings, everybody got that , don't transform my meanings to show your point ....smell fanboyism

    Sbie doesn't have a dedicated protection made to protect the MBR, it doesn't redirect writing made to the MBR , Sbie contains the malware, sure, so it can't write the MBR, sure, i never denied that; but it is not what i meant. The way you said , it is like every security software protect the MBR because it stop the malware, sure but it is not what i meant.

    does Sbie does that:

    Code:
    SD Version 1.4.0.519 - April 25, 2014
    New: Track 0 virtualization.
    New: Hidden boot volume will be shadowed automatically when system volume is shadowed.
    Fixed: Some minor bugs.

    So unless you prove me that Sbie does it , i keep my position.

    You have tweaked Sbie at such level that nothing can past it ; other users don't. You love Sbie , i get it , but please don't play words games !

    i don't know why you go into a debate while the topic is just "what you would use to get a sleek solution" , not " what is the sleekest software" ...

    i wonder what would you use if Sbie cease to exist...

    i will stop this useless offtopic debate
     
    Last edited by a moderator: Mar 31, 2016
  15. This maybe? @bo elam when talking about sandboxes, I can tell from years of personal experience, nothing beats the real deal

    ~ Removed Copyrighted Image ~

    (proof WS playing in a sandbox)
     
    Last edited by a moderator: Mar 31, 2016
  16. guest

    guest Guest

    @Windows_Security LOL
    btw, i edited my post above to quote the Track 0 virtualization, thing that , in my knowledge, Sbie doesn't do.
     
    Last edited by a moderator: Mar 31, 2016
  17. guest

    guest Guest

    a Linux distro unless you require specific windows software that can't be replaced.

    In windows: Avira and WFC, and if you want more MBAE
     
  18. guest

    guest Guest

    Yep , now we can't just say what we like to use without being drawn into a useless debate by someone who think his software is "bezt in Da world"

    I told what i would use , because i used SD since ages and it never let me down.
     
  19. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    What I use now. I use only windows defender, windows firewall (and a router) The free software "Simple Software restriction Policy"+ logging in as a standard user. Maybe it is overkill but extra antimalware software and Firewall seems redundant.
     
  20. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Just to add some further thoughts.

    1. The OP said "What limited software choices would you make." As "limited" means few and "choices" is plural, we can't conclude that he is only looking to run just one security application. All we know is that he wants something (open to interpretation as to whether he means an application or an approach) that provides effective protection and keeps the PC fast.

    2. As an approach, a combination of policy restriction and containment by isolation is likely to prove more effective and lighter than using a real-time anti-malware application if the goal is to keep the PC as fast as possible.

    3. The only application I know of that combines both restriction and isolation within a single program is Sandboxie. It is the rich set of policy restriction features that makes Sandboxie so much more than just an application sandbox. If the OP does only want one security application, and if he likes the approach that Sandboxie uses and it runs well on his system, then I agree with Bo that Sandboxie would be an excellent choice.

    4. No application, however good, is ever going to be a panacea for every user and every system. Sandboxie, for example, just doesn't run well on my system. I wish it did, but it doesn't, so I don't use it. The OP should trial different security applications to see what he likes and what works well for him before making a decision. There are always multiple possibilities available when it comes to choosing a security setup.

    5. Running more than one security application won't necessarily have a noticeable performance impact. It depends on the type of applications and how they work together. My system runs very fast using a combination of AppGuard and Shadow Defender.

    6. Policy restriction provides very effective protection for both the system and the user data. It can be used alone, but it is advisable to combine it with something that can provide remediation against any inactive malware traces that may exist in the user space. Applications like AppGuard are best combined with some form of containment by isolation or an anti-malware application with good malware cleaning capability.

    7. Containment by isolation on its own is not a complete security solution. It provides effective remediation against malware, but does not guard against unauthorised access to the user's personal data or protect against identity theft. Applications like Shadow Defender should be combined with some form of policy restriction or an anti-malware application with good malware prevention capability.

    8. As previously noted, Sandboxie has both policy restriction features and containment by isolation in a single program. It can be used on its own or in combination with other security applications. I agree with Bo that Sandboxie should definitely be on the OP's shortlist of security applications to try.
     
    Last edited: Mar 31, 2016
  21. guest

    guest Guest

    Indeed, policy restriction + isolation is the lightest combination possible. I have to pinpoint that anti-exe and similar could be source of issues in unskilled hands.


    on Win8/10 , any isolation/virtualization softs is backed up by Windows Defender, UAC, Smartscreen, etc... Sandboxie or SD alone could be enough for a user with safe habits.

    i have tweaked my system enough to even discard all 3rd party softs; but i like using/testing them so i kept them.
     
  22. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Nice post pegr, clear and informative as always.

    I for one like threads like this one (even with the normal disagreements), and especially this thread's question by rodneym, because I learn from reading how others combine the fewest layers for the most effect, and the thinking behind their decisions.
     
    Last edited: Mar 31, 2016
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I agree, :cool:.

    Bo
     
  24. IanMacdonald

    IanMacdonald Registered Member

    Joined:
    Apr 5, 2016
    Posts:
    2
    Do browsing in a virtual machine.
    Use Firefox or Chrome, disable IE.
    Remove(best) or disable(second best*) all browser plugins except H264.
    If you use MS Office, set macro security to max.
    Run internet-facing apps as a limited account.
    Install a software restriction policy.
    Install a lightweight AV product. (Internet security suites offer no more protection, and cause no end of trouble)

    *because it's all too easy for them to accidentally get turned back on.
     
  25. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Built-in OS security coupled with browser hardening.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.