Defensewall and Sanboxie

Discussion in 'other anti-malware software' started by Rabiddog, Aug 24, 2009.

Thread Status:
Not open for further replies.
  1. Rabiddog

    Rabiddog Guest

    I saw some posts about this, but I would like to know how exactly you have install these great programs side by side for the most effective security? Example: What is trusted or untrusted? , C:\sandbox, or leave DW with default setting? Or run DW sandboxed? Or is there another way?

    Thank you.
     
  2. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Never policy restrict a security application Rabiddog. IMO, best way to use these two together for avoiding redundancy (potential stability issues), is by simply letting DW untrust the sandbox.

    /C.
     
  3. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thats basically how I used them together.
     
  4. Rabiddog

    Rabiddog Guest

    Thanks for the information.
    I saw on another forum that it was set up this way :

    "Also, the concept of using SB and DW is very nice:
    1. Sandbox all internet-facing applications
    2. Configue DW to trust all internet-facing applications
    3. Configure DW to untrust C:\Sandbox"

    Does this sound correct?
     
  5. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I'd take a look though Kees1958 threads. He has lots of configurations using defensewall.
     
  6. Rabiddog

    Rabiddog Guest

    I have looked at many posts, but have not heard of a concise way to properly
    set these two to work together at their maximum potential, with the least conflicts. Anyone?
     
  7. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    If you look at it in terms of attack vectors ("drive-by-downloads") both cover a similar vector.

    Personally I think sandboxie is the easier of the 2 to understand .

    I would do this
    1) Sandbox all internet-facing applications.

    Then I would ask myself what do I want defensewall to cover ?
    USB keys ?
    Times I might forget to turn sandboxie on ( if using free version ) . ?
     
  8. Rabiddog

    Rabiddog Guest

    From what I read on DW's website, DW is sandboxing and virtualization in one. So wouldn't that make it a more secure program? Since Sandboxie is sandbox only? Sorry to get off topic.

    USB and removable drives are not a concern to me. It's just one lonely computer attached to the internet.
     
  9. Rabiddog

    Rabiddog Guest


    That was you, nice to meet you.
    I had Sandboxie configured to have all browsers and admuncher running in the sandbox, then installed Defensewall un-sandboxed with default settings and DW seemed to catch (put in untrusted mode) everything I "quick recovered".
    Is your setup (1. Sandbox all internet-facing applications
    2. Configue DW to trust all internet-facing applications
    3. Configure DW to untrust C:\Sandbox")
    more secure?
     
  10. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    If you use this combo ;
    What files would you save from the C\Sandbox , and mark as untrusted with DefenseWall ?

    1)
    If they are temp internet files ,would it not be easier just to delete the sandbox ?
    2)
    If its a file you mean to install , then don't you have to trust it manually in defensewall first ?

    I don't see what Defensewall gives you extra ...
     
  11. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Probably it's not related, but, just to be sure and to eliminate any doubt, I'll ask:

    If I have set Eraser to securely wipe the contents of a sandbox on closing of the sandboxed application, does making the sandbox untrusted (by DW) prevent in any way the secure deletion of the sandbox?

    My expectation is that if Eraser is trusted it will wipe the sandbox anyway, regardless the sandbox being untrusted itself. Am I right?
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Yes it does.
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    are you nuts:argh: yes DefenseWall will protect you in real time againts those file types:D ofcourse if they run as untrusted:)
     
  14. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I'd be interested to know if DefenceWall would protect against the image exploit.
    Has anyone tested it against it ?

    In my view , these sort of critical Microsoft exploits , can not really be prevented. As the jpg one involved a design mistake from windows 3.0
    http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_4.htm
    its very hard to see how any security software would have been able to prevent something that worked in such an unexpected way.

    Basically your asking the security developer X to have more insight into how MS works than anyone else .
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Anything I have ever recovered from sandboxie(a sandbox) while using together with DefenseWall by using either immediate recovery or closing my browser then recovering the file, be it .jpg or otherwise have always remained untrusted unless I chose otherwise and manually change it.
    I believe this is what you are referring to, correct?
    Maybe something was conflicting with DW on your system in your testing?
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Just tried again with immediate recovery as well as with recovering after closing my browser and again both times the .txt file remains untrusted.
    I'd like to see where Ilya said this, perhaps you misunderstood him.
     
  17. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    HI

    if u are using DW to secure the invoked files from SB , u can also try "hide folder 2009" , by setting lets say "c:\my download " to "read only" and even add "hidden" to it , allow only trusted process to menage it (explorer.exe,firefox.exe).
    so if a malware tries to to run from there after it been d/l and execute , it harm none.
    also folders remain protected from any hacking attempts or malware infection.

    cheers
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Just did.
    .txt file remains untrusted here.
     
  19. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    That was me, and I'm now able to consistently reproduce it with any type of file. BUT, I think it's something strange in my setup that's behind the problem, so until I've done some more investigation I would say that this isn't a problem others are likely to see. But....I need to investigate some more and then contact Ilya if it is indeed something that needs fixing.
     
  20. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i can confirm that also , try DW on a clean no software installed VM , same poor dangerous and odd results as your sj1000 :blink:
     
  21. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This is ball wrong. A true .txt file can't contain malware, if it is just an executable file with .txt extension- DefenseWall do cover this situation.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Ilya, cant wait to see the beta. If you can ever top that with 64 bit protection, you will be nominated for the Nobel Peace Prize as you will have gone full circle in creating protection.:thumb:
     
  23. Dr payne

    Dr payne Guest

    Do you mean "all wrong"o_O?
     
  24. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
  25. aieie

    aieie Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    175
    Yeah, protection againt exploits / overflows is a thing that always puzzled me too.

    Defensewall protects against them.............if an untrusted application is exploited?
     
Thread Status:
Not open for further replies.