Defensewall and untrusted installs

Discussion in 'other anti-malware software' started by osip, Sep 11, 2007.

Thread Status:
Not open for further replies.
  1. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    If you install an application as "untrusted" it will run sanboxed...Does that mean that the sandboxed installation persists after reboot? And, if not happy what´s the best way to get rid of it?
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    No when you run untrusted it will have limited rights (all sensitive windows area's are protected). DefenseWall is not a virtualisation sandbox, but a policy sandbox.

    When not happy use the roll back option in the file and registry tracks.

    Regards Kees
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall do not erase files or registry keys automaticelly.

    Uninstall? :D
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
     
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    What is "partial"? What is "full duty"?

    Just tell me- what is the main aim of anti-malware defense?
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Perman,

    DefenseWall's effectiveness is as good as Sandboxie and Returnil, as a matter of fact I would trust DefenseWall and or GeSWall to perform on par or better (as many tests have shown).

    When taking protection (high) and hassle (no pop-ups) into account, I can not think of a better performing application for 32 bits XP and Vista.

    But your are right, defensewall is not a 'flush' session application, like virtualisation applications.

    Regards Kees
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I am not an expert in your field, therefore I can only use words as plain as any human being could possibly do. The main and foremost aim of any anti-malware application is to maximize its ability/capability protecting its user to a full extent. Anything deviated from this goal, I would consider its duty is NOT a full one. Since DefenseWall can not remove contents in untrusted box upon user's desire to do so, in other words, needing third means to implement such request, I would assume its power has not been fully extended to protect users. If users are not to remove those leftovers, does that mean there will be tons and tons of leftover remained in that box? I just wish the app could offer a dogie bag for users to take them to elsewhere.

    Thanks, Kees1958 for your explanations. Take care, all.
     
  8. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    So, in that case I understand that DW:s untrusted install makes a shield with restrictions for unwanted system changes...Nothing to empty just an insurance against unwanted actions...The function of an untrusted installation could consequently be not fully working as it´s restricted...

    Of course, but will the rollback wipe out the installation?
     
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, something like that.

    If you like if you install ActiveX as untristed, but need to re-install it on your next reboot, for example? I wouldn't! Also, erase files and registry without user's permission, automatically, is definitely a bad idea.

    Well, non of sandbox HIPS solutions can get a complete compatibility with new software installed as untrusted/sandboxed/wherever. Only VM can do this! That is why the reasonable balance is really important this case (in fact, in all cases).

    Rollback, mostly, is a tool for advanced users to wipe out malware modules manually, nothing more.

    Just let me clarify something. DW is not any kind of standalone anti-malware tool. What is the main problem of anti-virus solutions for an average Joe? Time between release of new malware module and when its signature will be added into anti-virus database. During this time your are naked, heuristics are not really good. So, we need a tool that keep unknown malware within untrusted zone, do not allow it to auto-start, install rootkit, read keystrokes, get screenshots and modify critical system areas untill anti-virus companies won't adds new signature to wipe their modules and registry keys out of average Joe's system. Average defense rate of the system should be 95-98% in automatic mode against unknown malware.

    And there is no need even to clean up malware modules with rollback- inactive malware is harmless, I've got some at my hard drive, but I'm not really sure I'm infected. :) Yes, those sandboxes that strongly relies on virtualization requires constant file and registry virtualization container clean up procedure. DefenseWall doesn't need it.

    Such the defense system must be very carefully balanced between protection strength and simplicity in every single day use. I can make, for example, 100% bulletproof defense system, but, I assume, only few people in the world will use it- too irritating, too many things for manual work. I wouldn't use it by myself :D
     
  10. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Thx for the clarification Ilya Rabinovich...
     
  11. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You welcome!
     
Loading...
Thread Status:
Not open for further replies.