Deep Freeze and Sandboxie

Same here, i raised questions about it first and was satisfied with the responses and other's results so been running it barely a week now i think. I went ahead and made it an investment like AE, i like Faronic's pair of AE + now DEEP FREEZE, and so far it's running like a champ and performing as claimed.

Only thing is i like to suppliment it even in FROZEN with either my HIPS or AE along with SandboxIE to get that IMPENTRATABLE shield of confidence up so no doubts can creep in.

 

I haven't looked at anti executable, so know idea how it works other than what I've read here. I've given up on HIPS. I just can't get my upper middle aged mind wrapped around them. In reality, considering my surfing habits, having both Sandoxie and DF is probably overkill.

 

hi there

welp to rely on my experience with DF its relay rocks!!
use it for long time and it the best of his kind.

add AE to it (also from faronic) thats be more than enough for home or even pro user.

so all thoos discussions about clean MBR or kill disk which "kill" DF are waste of time. there will be every day new tool to kill your hd or your hd ( btw this Robot Dog update frequently )

cheerss

 

Kees & Solcroft are really helpful with EQS (HIPS) and you can just about set your watch to EQS after applying the rules, ITS THAT GOOD!

On the other hand, SandboxIE + DEEP FREEZE is a good combo IMO also. I think DF is one of the better in the groups of Boot-To-Restore and is definitely efficient enough plus reboots are normal, no delays at all. I like that.

I like AE because it's like an offspring or compliment to DEEP FREEZE against executables, but then one can also argue a lot of others, like SandboxIE for one to go along with your own example, should make for a tight control of your system in FROZEN state.

I prefer HIPS or AE as additional measures in order to ward off any file infectors that might corrupt DF's own exe's, i got bit by one while testing it in FD-ISR and it did a pretty complete job of fudging things up. I don't know at this stage if DEEP FREEZE is immune (self-protection) to it's program files being taken advantage of by those type or not.

 

CleanMBR and Robot Dog use same technology to bypass the ISR.
CleanMBR bypass the ISR and wipe the first sector.
Robot Dog bypass the ISR and find where system files saved in disk and infect these files sector by sector.

They send SCSI command to the port of harddisk directly. File system filter and disk system filter is meaningless for them.

 

with AE on noting from all the above can happend

cheers

 

a question about DF 6.3:

If I install DF 6.3 to my computer and let it protect C:\ and D:\.

how to disable the protection to D:\?
I need to reinstall the DF and set the option in the installation again, yes?

 

I don't think any security software was designed for what is out there and/or coming today or tomorrow. All a vendor can do is get a sample as promptly as possible and update. I trust Sandboxie will be on top of it as tzuk has been in the past.

I especially like being able to download a file, open it in Sandbox and be able to look at it prior to installing. It's like altiris on steroids, since altiris wasn't designed with much security protection in mind.

An anti-executable might be advisable as an additional defense software, though, just in case. I'm just not sure at the moment how prevalent these Robot Dog type programs are, and whether I should be genuinely worried or if its another case of trying to induce paranoia where there's no need.

 

Hello QQ2595,

Please take a look at your PM's.


Peace & Gratitude,

CogitoErgoSum

 

Gets my vote.

 

Hi,

I am afraid so, my friend.
BTW: is 2595 your QQ acct # in China ?

 

not mine, it is my wife's. LOL

Hope DF has the plan to develop a specail version for home users. It is really No.1 in ISR market.

 

Hi,

I thought DP standard is good enough for home user. According to its web site, DP standard is geared for system with workstation number less than 10.
I would certainly assume that statement includes home user.

 

Not really. ISR solutions are very popular in China's Internet cafes, so it's no surprise that malware writers have spent a good amount of time studying how to bypass these solutions.
Of course, it's utter easy to protect your ISP application from being attacked/bypassed: use a limited account (it forbids low-level access to disks)

 

Hi,

In other words, using sandbox applications, such as DefenseWall, GeSWall or Sandboxie is a good remedy to this then.

 

How likely is it that anyone not living in China nor dealing with Chinese sites will
ever see a Robot Dog ? That bad things exist in the world is undeniable. what interests me is the probability of being attached not the possibility. Even then there is the question of the cost of contamination. If a Robot Dog gets on board and I am unaware that would be a problem but if it makes me aware of its presence and i am able to remove it is this really any more than a minor irritation ?

 

It's been said before. No software is ever going to be 100% effective. Every day something new is apt to appear. Deep Freeze has done its job nicely for me, and what it can't do Sandboxie hopefully covers.

Are there a few pieces of malware out there that present a danger to DF. No doubt. Combined with Sandboxie, geswall, bufferzone, defensewall, or one of the others and maybe an anti executable software we're probably as safe as we'll ever be in today's online world.

I'm looking at an anti-executable now and have found two that might fit the need: Faronics AE and exe Lockdown (abandonware but not too old) from Horizon Data.

 

Yes, a sandbox will help if it's properly used. The troubles begin when you start to run untrusted content (specially executables) outside of the sandbox.
That's why I prefer the "straitjacket approach" of a LUA together with a SRP (software restriction policy)
A LUA will ban all the dangerous behaviours (installing drivers, debugging processes, low-level disk access, access to physical memory, certain forms of code injection, etc) and the SRP will act as a poor man's antiexecutable.

I'm not sure on this. Since China is a primary source of PSW trojans and malware targeted to online games, I'd say that the possibility of being infected with malware like this is real for online gamers.

Since it's a PSW trojan (AFAIK) it will go pretty unnoticed, a very different situation than, for example, a Vundo/Zlob/worm infection.

 

You are better off using "Multi Hard disk" setup instead of some old pc... Faster, smoother and you can focus all yer energy on one pc... Just a thought!

I don't want to sound insolent or anything... But maybe I don't get something: Are not the majority of infections now global in scope?
Besides isnt the NSA and the CIA, not to mention the pentagon crying that they're being hacked by the Chinese on a regular basis?
My point is that if you are here instead of there means nothing really this is a fact of living in the online world.

The risks are minimal... right! Nothing to worry about...
This is cyber warfare! Short and simple. Now where's my flack jacket?

 

I think programs like Deep Freeze among Sandboxie and others mentioned In here, Is the technology Needed today to surpass any antivirus programs On the market today.I do not speak for any one else but my self Kinda tired of virus and mailware programs that just can not keep up with the constant nastys.Just my Feeling of course.

 

It is not entirely clear to me which product is most secure against certain types of kernel mode rootkit.

Returnil or DF... Can someone elaborate for my curious mind?

 

I Honestly can not answer that question,But I have trield returnil and like a lot and now using Deep Freeze and love It.I like the fact that It does not appear In the All programs or add and remove.

 

Both are equally capable against the most clever rootkits. The problem with ISR solutions is low-level disk access: Returnil has protection against low-level disk access (AFAIK, it works against all the samples which do low-level disk access), Deep Freeze has not.
There's a little amount of malware which do low-level disk access, most of them are destructive (KillDisk, CleanMBR) and some Chinese PSW trojans (Robot Dog)

 

I haven't run an antivirus in several months, depending on first Returnil, then SafeSpace, and now the Deep Freeze/Sandboxie combination to keep my computer clean. I do have a couple of hardware firewalls in place, one in the router and the other in the external modem, but that's all.

As I've said, I'm a very safe surfer which might also explain the cleanliness of the machine, and I do run an online AV once or twice a week just to be sure. I do, though, think the above combination might, at this point, be the ideal security combo.