DefenseWall and Sbie

I am considering a new combo of DW and sbie. Anyone have any experiences with this combo? I know that Keyboard Commando uses this combo Are there any conflicts? Does DW cause sbie to fail in certain tests the way some other apps have done? Anything else I should know about?

 

When you initiate the browser, there is a noticeable slow down with both running "as is". If you trust, the firefox or IE .exe's, and untrust the sandbox folder, you get great protection and much better speeds....IMO, of course.

 

Slowdown in terms of boot-up time or loading pages or both?

 

Im currently using DW with sbie and I have one window of iron open with 6 tabs, yet DW has 4 untrusted processes running all of them iron. Whats happening?

 

boot-up time.

 

Yes, there is a problem/conflict but not one that is obvious.
Try this;
Set your download areas as 'Desktop' in both apps using 'Quick recovery' in SBie.
In DW open the GUI>advanced>secured files and add 'desktop' as secured. This means that the untrusted browser cannot access the desktop.
Then download a small file (Prevx 3.0 is ideal as it under 1MB - http://info.prevx.com/downloadcsi.asp)
You will get a pop-up from DW as per my first screen shot, click terminate, the browser will then close, BUT - SBie Quick recovery will then open giving the option to recover the download to the desktop (second screenshot)
If you try this with SBie suspended DW simply stops the download. Its gone.
DW is still doing its job and stopping the download but if this was Malware SBie would drop it on your desktop - not good

 

I used this combo for a while but became frustrated with the additional start time for browsers (about double compared to using either independently) for me anyway.

I also noticed that on the CLT tests DW scored less when you also ran the test sandboxed. This made me think perhaps sbie was in some way inhibiting DW protection. Can't remember exact nature of the additional failed elements of those tests I'm afraid, and it was on older versions of both products.

I'm afraid I'm not skilled enough to work out why, and perhaps as has been said before the test is flawed, but everything with the way I set-up has to give me confidence and that dented mine so I moved on. Still using both products but independently on different machines. They are both brilliant but using them together was not ideal for me.

Cheers

 

SBie would drop it on your desktop

Even if you don't hit "Recover to Same Folder".

I've recovered a million malware.exes and their droppers from the sandbox to desktop for filing away without a prob.

 

With hindsight I should have said 'could' instead of would.
The point I was trying to make was that Sandboxie appears to be overriding the 'Secured Files' restriction of DW. That if you are running both apps together you need to be aware that just having the desktop/download area secured in DW will not stop any download (intentional or otherwise) from being downloaded, Sandboxie will override it. Yes, I realise that you don't have to hit 'Recover to same folder' and I wouldn't but someone less experienced might well do so.
The bottom line is that in my opinion it is not a good idea to run them both together.
In fact, I prefer to use Sandboxie. What I do if another family member is using my computer is remove any download/recovery area from Sandboxie and then anything unknowingly downloaded into the sandbox is gone on closing the browser - no recovery folder, nowhere to go.

 

Illicit, Chris1341 and Dark Star:

Thank you for your comments.

I find like alluded to by both Chris and Illicit, that browsing speed is affected by using both apps. Without sbie my browser seems to fly. It is far more responsive and boots faster too!

And as alluded to by both Chris and Dark Star, there may be conflicts by using two sandboxing apps concurrently.

As such I have decided to dump this combo and instead try out DW in combo with a virtualisation app.

Thank You everyone!

 

Hi ssj,

the slowdown occurs when both sbie and DW are used. Its probably the effect of sandboxing the browser twice or something like that. And thanks for your well wishing!

 

Out of curiosity, would it be possible to disable browser protection by defensewall and leave that to sbie, but configure DW and sbie in such a way that anything coming out of a sandbox, whether you've let it out, or its has broken out, is automatically untrusted by DW?

 

Just thinking out loud. DW allows you to have untrusted folders. Does that mean you can trust (or 'run as trusted' from the right click menu) your browser with DW but set your download, sbie container and cache folders etc to untrusted thereby making anything that runs from them untrusted?

If that works your browser runs as trusted but anything it downloads is untrusted unless you move it out of the untrusted folders. You would need to ensure anything you let out of sbie went into a DW untrusted folder though.

Maybe someone with more experience of the DW untrusted folder set up could confirm?

I don't really think you have to worry about a sandboxie 'breakout'. Has anyone heard of anything getting out other than by user intervention (deliberate or not!)?

Cheers

 

That's exactly how I use DW and SBIE. Anything I recover from the sandbox is automatically untrusted by DW, but my browser itself is not within DW's untrusted list. Seems to work well for me.

 

That was what I stated initially. If you use both "out of the box", you will get browser slow down, however by untrusting the sandbox folder...DW will automatically untrust anything that comes out.

 

@ssj100

How goes the testing?

 

oh? why? what happened?

i was hoping they would work together.. always wanted to try defensewall because of the many good feedbacks..

 

Wow! Could you be more vague? Did you not like it because of personal reasons? How long did you try it? What were your settings? I'm being sarcastic of course but it would be nice if you helped someone who took interest in your opinion.

To all: FWIW, the paid version of Sandboxie has a Forced Folder feature so if you set your download folder as forced then anything downloaded into will start sandboxed. http://www.sandboxie.com/index.php?ProgramStartSettings#folder

 

hi thanks ssj100 for your comment.. and to innerpeace.. it isnt ssj100's fault..ssj100 has been actually helpful and he is entitle to his own opinion.. anyway it's all good..
i was just wondering about the method of untrusting the sandbox folder.. is this the only method in making these two programs work to together?

 

Hi Chris,

Yup that was pretty much what I was talking about. I think I will consult with some experienced posters on this forum about this setup before implementing it. Thanks!

PS: I havent heard of anything which can break out of a properly configured sbie, but it never hurts to be prepared.

 

Hi Illicit,

Sorry but I guess I forgot about your initial suggestion and sort off came up with it on my own. Sorry for stealing your idea!

So what your telling me is if I untrust the sandbox folder, anything that I let out of it or anything that somehow manges to break out of the sandbox will automatically become untrusted, right?

 

Yes, thats the beauty of Defensewall. And sbie for its part deals with the one major weakness of DW for me, updating FF and its add-ons. For me this is as close as 100% protection gets imo.

 

Yea I pretty much agree with what you're saying, with the caveat that I prefer policy HIPS to classical HIPS, as there are no pop-ups which I might answer wrongly.

 

Can you give specific settings in both DW and SBIE, please?

 

i want to correct you a litle,i know that no security software is 100% bullet proof but with DefenseWall you will achieve at leats 99.99 % security safe
DefenseWall will criple any malware type software and this will include the most sophisticated malware(rootkits and keyloggers in real time)