Defense Wall - Trusted versus untrusted...

Discussion in 'other anti-malware software' started by pbw3, Dec 9, 2008.

Thread Status:
Not open for further replies.
  1. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    I thought I had understood the basic concept of Defense Wall, and have read through the help on the DW site.

    However, can someone explain in lay terms the practicalities of what might happen for say typical office type use.. Hence, e-mails arriving with spreadsheet or word docs; these are filed in folders, amended, and then returned or forwarded. At the same time, other confidential documents on the computer are also being accessed by Excel and Word.

    If say Outlook is untrusted, and I follow the "children" approach of Defense Wall, does Excel ordinarily become untrusted by association with the Excel files accessed from Outlook (or am I confusing "applications" with "files" when following the "children" approach), and hence are any private and confidential Excel documents then not accessible by Excel, etc..??

    Should Office programs, therefore, and hence all files associated, essentially always be untrusted, using DW terminology. I had assumed confidential documents should be trusted, and hence be protected from untrusted applications.

    For a machine partially accessing office type documents, is Defense Wall as useful in that context as say a simple application white list approach, such as OA HIPS for example? Or does one simply designate Excel and Word as always trusted (if one can?) - to avoid problems with data files. BTW, macros are never allowed to run in these office docs unless specifically called, ie there should be minimal risk from any such data files.

    Apols if wrong forum on here (also looked at DW forum, but one must log in there to search and I am not registered).

    Many thanks..
    Peter
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If you run an Office document with your e-mail program untrusted, it will runs untrusted. If you save this document at your hard driver, it will runs untrusted also.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    as simple as that:thumb:
     
  4. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    OK, that's absolutely crystal clear..:)

    Is the idea with Defense Wall therefore that:

    a) the e-mail program should be run as trusted, as I would always expect all spreadsheet and word documents to be trusted (once the external docs were successfully "checked in" from e-mail); or
    b) spreadsheet and word documents are generically expected to be untrusted, along hence with the e-mail program (which I would presumably have a problem with unless I am misunderstanding terminology).

    My gut tells me now, from the help on DW, that it's b) and, if so, is DW therefore simply geared more towards uses typically different from that I have included above? In which case, that's fine - I am simply keen to understand much better the kind of approaches that would best fit this particular usage.

    Or does a) in fact work, simply with the proviso that DW will not then protect against e-mail based vulnerabilities, but as regards all other external facing applications will work fine?

    Many thanks...
    Peter
     
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    b) is the right choice because "always expects unexpected".
     
  6. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    OK, I understand, and that's really helpful - many thanks for that...

    Peter
     
Loading...
Thread Status:
Not open for further replies.