DefenseWall and Sandboxie users

Discussion in 'other anti-malware software' started by Tony, Jan 16, 2009.

Thread Status:
Not open for further replies.
  1. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Now that i have a Sandboxie license I think it is time to get rid of the AV for on demand scanning only.

    I know this has been discussed in various topics in the past, but both programs have added better usage and have come on in leaps and bounds these past 12 months or so.

    So what are your settings that you use to have both programs co-existing together on your computers.

    :thumb:
     
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, all

    I have used Both together up until very recently.

    Both have lived upto what they are designed for.

    As to the need or not of AV real time scanner, IMO, there will be lots of different opinions. My view is

    Sandboxie and DW are adapting isolation or reducing right technology to protect you. They contain any possible malwares, but do not kill them. Their (malwarws) presence is lasting until you are off these apps.

    What would happen if both have some sort of cracks allowing these malwares to sneakthru ? You will not know it until your machine acts funny or some files begins to disappear. Then what do you do? using AV on demand scanner ? too late. You may be able to get rid of malwares, how about those essential files ? seeking help of undeltete apps ? not so sure.

    I would use any decent AV real time scanner with them.

    Both are excellent apps, but remember , not that mighty.
     
  3. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    no...actually all files(so malware too) downloaded from untrusted apps are automaticaly tagged as untrusted and unless YOU turn them into trusted they can do no hard..download any program through a isolated browser,download manager e.g and then try to install it..you'll see it fail.
    yea AV's are redundant
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    What if I want to
    unsandbox or trust these downloaded files and intall them onto the disk, and if
    those files do have some sort of malwares, will Sandboxie or DW come to rescue ? If so, how ?
     
  5. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    This is exactly the only danger he is going to face. If he downloads an installer which he isn't suspecting to have anything malcious, but it instead it does and he decides to install it (without sandboxing or adding to untrusted), he is going to get infected.

    Same story for malware hidden in usual files. Say jpeg, pdf with included exploits. Will you remember to run them untrusted or sandboxed? If yes, fine. If not, you 're busted. The other danger is that SB and DW can't always say that what you run is malware. I mean, they don't flag you "this is malware". So you may run something and appear to be running harmesly. And so decide to run it without sandboxing. Then you are busted.

    I would at least keep an AV on demand or have Threatfire.
     
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    JPEG files may contains only buffer overflow exploitation code against specific applications. Hardware DEP with OptOut is just for it. PDF files are perfectly opens as untrusted/sandboxes, why more?
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I only said if FORGETS to run them untrusted or sandboxed. Of course he can untrust everything. His PDF reader, his media player (for malicious media files), his word processor/office program and so on. So he won't forget.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Using ThreatFire free with GeSWall Pro or Avira free with DefenseWall is enough protection really.

    For ease of toilet flushing you could opt for a combo of DW and SBIE (e.g Avira - with chech at write only), DW - SBIE

    I agree with Fuzzfas, somehow it feels better to have an AV remove all the known malware.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Hi Perman

    I only download exe files from sites I totally trust. JPG files can be another matter, so what I do is remove them from the browser sandbox to my desktop. From there I right click them and run them in a special sandbox, that contains them, but allows no internet access. Then I can make sure it's just a picture file with nothing else. I do monitor with OA, and SSM to be sure nothing strange happens.

    I've been running this way with no AV or AS scanners with no issues for over a year.

    Pete

    PS. I do agree the advisability of this a function of the skill level of the user. I wouldn't recommend it for a total newbie.

    Pete
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    agree with peter,me too i dont run any antivirus/antispyware apps for more than a year now without any problems:thumb:
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Well, with either OA or SSM (even more if you have both), the AV can in deed become futile. Because in a setup of DW + SB, everything is very idiot-proof as far as protection goes and it's also without pop ups, very silent, very smooth. The only danger in fact comes from the extreme silense in the previously mentioned cases. An AV (even on demand) or classical HIPS or Threatfire, can "bark" in case you have shot yourself in the foot by trusting something you shouldn't have.
     
  12. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    I installed google Chrome as it runs fast in a sandbox also,and the download directory has full acces to disk,but i made it untrusted with Defense Wall.
    Also even if Defense wall can protect IM clients i run them in sandboxie as i did this long before using Defense Wall and i'm used to it.
    DEpends what you do if u want tips,but till now when the programs meet they don't conflict.
    Ilya knows that many of us use both and i'm sure he made things go smooth
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Same as peter other then SSM and OA.run them sanboxie from the desktop is safe.This can be done daily weekly for as long as it takes to earn its way aboard so to speak. Before the final write to the disk they can be uploaded to VT for a further opinions.Also one should look at the executable,thats being installed Example a 1Exe would be a flag that something is off if I was trying to install MBAM.
     
  14. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    I was intending on keeping my AV for on demand scanning, as in my first post.

    On second thoughts though i will most likely use my AV as per Kees1958 instructions.
    Following his advice i set my sons laptop to check at write only along with defensewall and his laptop performs fine and i am very happy with his set up.
     
    Last edited: Jan 16, 2009
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  16. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    Actually there is no such thing as "forget" to run them untrusted with DW..they are auto untrusted if downloaded from a threatgate... you have to set them to trusted to install-equal to pulling the trigger when looking at a gun lol.
    If unsure you can mail them to a virus analyst (kaspersky is my favourite) or threatexpert and see if they are harmful or no..the one i said (kasp) will have the answer mailed to you in less than 2 hours.and no AV can do that for you.i still believe they are redundant
     
  17. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Honestly, what are the chances of that happening? And if they do, all the more reason to use a virtualization program like Shadow Defender. Then throw in an imaging app and you'd be good to go. No malware in the work could possible harm you now. There's no need to resort back to irrelevant and ineffective malware scanners anymore.

    It's time to think differently about PC security.
     
  18. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    o_O write only scanning? Avira can do that!?! :eek: Kees....damn you're good!

    Edge you have a new real-time playmate...until you grow up. thanks for the tip Kees.


    Mike
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    kees you are freaking cool:thumb: thanks for advise
     
Loading...
Similar Threads
  1. max2
    Replies:
    16
    Views:
    1,101
Thread Status:
Not open for further replies.