DefenseWall and Sbie

Discussion in 'other anti-malware software' started by Dregg Heda, Aug 4, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    I am considering a new combo of DW and sbie. Anyone have any experiences with this combo? I know that Keyboard Commando uses this combo Are there any conflicts? Does DW cause sbie to fail in certain tests the way some other apps have done? Anything else I should know about?
     
  2. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    91
    When you initiate the browser, there is a noticeable slow down with both running "as is". If you trust, the firefox or IE .exe's, and untrust the sandbox folder, you get great protection and much better speeds....IMO, of course.
     
  3. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Slowdown in terms of boot-up time or loading pages or both?
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Im currently using DW with sbie and I have one window of iron open with 6 tabs, yet DW has 4 untrusted processes running all of them iron. Whats happening?
     
  5. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    91
    boot-up time.
     
  6. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Yes, there is a problem/conflict but not one that is obvious.
    Try this;
    Set your download areas as 'Desktop' in both apps using 'Quick recovery' in SBie.
    In DW open the GUI>advanced>secured files and add 'desktop' as secured. This means that the untrusted browser cannot access the desktop.
    Then download a small file (Prevx 3.0 is ideal as it under 1MB - http://info.prevx.com/downloadcsi.asp)
    You will get a pop-up from DW as per my first screen shot, click terminate, the browser will then close, BUT - SBie Quick recovery will then open giving the option to recover the download to the desktop (second screenshot)
    If you try this with SBie suspended DW simply stops the download. Its gone.
    DW is still doing its job and stopping the download but if this was Malware SBie would drop it on your desktop - not good :mad:
     

    Attached Files:

  7. chris1341

    chris1341 Guest

    I used this combo for a while but became frustrated with the additional start time for browsers (about double compared to using either independently) for me anyway.

    I also noticed that on the CLT tests DW scored less when you also ran the test sandboxed. This made me think perhaps sbie was in some way inhibiting DW protection. Can't remember exact nature of the additional failed elements of those tests I'm afraid, and it was on older versions of both products.

    I'm afraid I'm not skilled enough to work out why, and perhaps as has been said before the test is flawed, but everything with the way I set-up has to give me confidence and that dented mine so I moved on. Still using both products but independently on different machines. They are both brilliant but using them together was not ideal for me.

    Cheers
     
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    SBie would drop it on your desktop o_O

    Even if you don't hit "Recover to Same Folder".

    I've recovered a million malware.exes and their droppers from the sandbox to desktop for filing away without a prob.
     
  9. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    With hindsight I should have said 'could' instead of would.
    The point I was trying to make was that Sandboxie appears to be overriding the 'Secured Files' restriction of DW. That if you are running both apps together you need to be aware that just having the desktop/download area secured in DW will not stop any download (intentional or otherwise) from being downloaded, Sandboxie will override it. Yes, I realise that you don't have to hit 'Recover to same folder' and I wouldn't but someone less experienced might well do so.
    The bottom line is that in my opinion it is not a good idea to run them both together.
    In fact, I prefer to use Sandboxie. What I do if another family member is using my computer is remove any download/recovery area from Sandboxie and then anything unknowingly downloaded into the sandbox is gone on closing the browser - no recovery folder, nowhere to go.
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Illicit, Chris1341 and Dark Star:

    Thank you for your comments.

    I find like alluded to by both Chris and Illicit, that browsing speed is affected by using both apps. Without sbie my browser seems to fly. It is far more responsive and boots faster too!

    And as alluded to by both Chris and Dark Star, there may be conflicts by using two sandboxing apps concurrently.

    As such I have decided to dump this combo and instead try out DW in combo with a virtualisation app.

    Thank You everyone!
     
  11. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi ssj,

    the slowdown occurs when both sbie and DW are used. Its probably the effect of sandboxing the browser twice or something like that. And thanks for your well wishing!
     
  12. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Out of curiosity, would it be possible to disable browser protection by defensewall and leave that to sbie, but configure DW and sbie in such a way that anything coming out of a sandbox, whether you've let it out, or its has broken out, is automatically untrusted by DW?
     
  13. chris1341

    chris1341 Guest

    Just thinking out loud. DW allows you to have untrusted folders. Does that mean you can trust (or 'run as trusted' from the right click menu) your browser with DW but set your download, sbie container and cache folders etc to untrusted thereby making anything that runs from them untrusted?

    If that works your browser runs as trusted but anything it downloads is untrusted unless you move it out of the untrusted folders. You would need to ensure anything you let out of sbie went into a DW untrusted folder though.

    Maybe someone with more experience of the DW untrusted folder set up could confirm?

    I don't really think you have to worry about a sandboxie 'breakout'. Has anyone heard of anything getting out other than by user intervention (deliberate or not!)?

    Cheers
     
  14. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    That's exactly how I use DW and SBIE. Anything I recover from the sandbox is automatically untrusted by DW, but my browser itself is not within DW's untrusted list. Seems to work well for me.
     
  15. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    91

    That was what I stated initially. If you use both "out of the box", you will get browser slow down, however by untrusting the sandbox folder...DW will automatically untrust anything that comes out. :thumb:
     
  16. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    @ssj100

    How goes the testing? :D
     
  17. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    oh? why? what happened?

    i was hoping they would work together.. always wanted to try defensewall because of the many good feedbacks..
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Wow! Could you be more vague? Did you not like it because of personal reasons? How long did you try it? What were your settings? I'm being sarcastic of course but it would be nice if you helped someone who took interest in your opinion.

    To all: FWIW, the paid version of Sandboxie has a Forced Folder feature so if you set your download folder as forced then anything downloaded into will start sandboxed. http://www.sandboxie.com/index.php?ProgramStartSettings#folder
     
  19. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    hi thanks ssj100 for your comment.. and to innerpeace.. it isnt ssj100's fault..ssj100 has been actually helpful and he is entitle to his own opinion.. anyway it's all good..
    i was just wondering about the method of untrusting the sandbox folder.. is this the only method in making these two programs work to together?
     
  20. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi Chris,

    Yup that was pretty much what I was talking about. I think I will consult with some experienced posters on this forum about this setup before implementing it. Thanks!

    PS: I havent heard of anything which can break out of a properly configured sbie, but it never hurts to be prepared.
     
  21. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi Illicit,

    Sorry but I guess I forgot about your initial suggestion and sort off came up with it on my own. Sorry for stealing your idea!:p

    So what your telling me is if I untrust the sandbox folder, anything that I let out of it or anything that somehow manges to break out of the sandbox will automatically become untrusted, right?
     
  22. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yes, thats the beauty of Defensewall. And sbie for its part deals with the one major weakness of DW for me, updating FF and its add-ons. For me this is as close as 100% protection gets imo.
     
  23. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yea I pretty much agree with what you're saying, with the caveat that I prefer policy HIPS to classical HIPS, as there are no pop-ups which I might answer wrongly.
     
  24. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Can you give specific settings in both DW and SBIE, please?
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i want to correct you a litle,i know that no security software is 100% bullet proof but with DefenseWall you will achieve at leats 99.99 % security safe:thumb:
    DefenseWall will criple any malware type software and this will include the most sophisticated malware(rootkits and keyloggers in real time)
     
Thread Status:
Not open for further replies.