DefenseWall vs. GreenBorder vs. SandboxIE

I am looking for a lightweight HIPS to add to my list of resident protection. I am concerned about lack of realtime antispyware protection. Currently I own Ewido 4.0 but I found that its resource usage is still a little too high for my taste, so I use it on-demand only. I run NOD32 and have Immunized IE with Spybot and Spywareblaster and generally am careful and use Firefox whenever possible. But I would like an extra layer of protection.

So I have determined that DefenseWall, GreenBorder and SandboxIE may be solutions but so far all of them I have tried have various compatibility problems. I will admit I did not yet try DefenseWall 1.60 final version and last time I tried SandboxIE was a while ago, also not the current release.

I was wondering if anyone has links to independent HIPS review site or has opinions on comparisons between these 3 programs? I am mostly concerned with reliability with minimal impact on system resources.

 

Currently, AFAIK, greenborder only works with Internet Explorer.

Defensewall review: http://security.over-blog.com/article-3030160.html
(reviewed was DW 1.40)

I have no experience with sandboxie

 

I never tried GB but I have tried Sandboxie. I didn't like it. I now have and love DefenceWall. I really feel that it is great. Give it a try.

 

I had tried v1.55~1.56 and had a few issues with it. I just downloaded 1.60 and will try again. I only wish there was a larger helpfile/documentation that goes with it so I can understand how to use it better

 

GreenBorder was a nightmare for me : everything worked unbearable SLOOOW.

I ever tried Sandboxie, but I couldn't make it work with Firefox and I'm not going to ditch Firefox for any security software.

My personal choice would be DefenseWall, if I had to choose between these 3 softwares. I used DefenseWall for awhile and it worked properly.

My personal problem with security softwares is that I can't choose, because I don't know :
- against what I'm protected.
- against what I'm NOT protected.
I like to pay for something, when I know exactly what it does for me.

 

Well then I have a similar problem as you Erik ... I also was very impressed initially with DefenseWall but the lack of understanding of exactly how to use it and what I am vulnerable to is still leaving me a little bit nervous about it. The review that was posted did not help much because the translated English was quite poor and I did not understand half of what they were saying.

 

Of course alot has to do with my poor knowledge of internet and malwares, I'm not a security analyst, but that doesn't really bother me.
I'm working on my own solution to get my freedom back on the internet.

Alot of security softwares are based on blacklists. In other words they are based on what the bad guys do.
As an application analyst, I would never fight against the bad guys by making a collection of their evil work.
That is a very bad approach and a solution for losers without a future.
The only advantage of such softwares : they give alot of people jobs, which is also important LOL.
The brilliant bad guys create the new sophisticated threats, the other bad guys create the variants in large quantities and the good guys do nothing but stepping in the footsteps of the bad guys, collecting their evil work.
You can't win a war when you run after the enemy, you have to run faster and use better weapons.
Concerning scanners, I have more respect for heuristics, than fingerprints.

I'm glad that some security companies are looking for other more intelligent solutions.
Not always userfriendly, but they try at least instead of re-inventing the wheel or hot water, like creating the n-th scanner. Pffft.

 

I agree but I can bet heuristics can never go ahead of signatures/ blacklists unless MS introduces some altogether new OS.
Also I am curious to know what are those intelligent solutions?

 

Short answer : any software that isn't based on blacklists even when they are not perfect.

 

Even when they are far behind the blacklist-based ones, and give u far less security.

 

Luckman - if you have any specific Defensewall questions, ask them. We can get them answered. Running a quality firewall and defensewall (v1.60), you're not vulnerable to much. Add in a free AV for giggles and you're really well off.

 

My trouble is that I can't verify if these softwares are good or bad. My knowledge is too poor. I only know that these softwares use another method than blacklists to detect malware.
I don't understand these softwares either, so I still have to look for another solution that keeps my computer clean with a method, I do understand.

 

I do understans that but in that case i can,t expect a statement like

BTW, I too like heuristics more than signatures etc but to be realistic I don,t expect them to be more powerful than signatures ever. As I said, for that u need a totally new windows/ OS that so far does not exist and does not seem to exist in near future as well. It,s such a bad feeling.

 

i've tried both defensewall and sandboxie and they are both excellent programs. but i've never tried (or heard of) greenborder. so i went to their site to check them out. apparently the program is "free" but you have to pay for a yearly subscription. why would they charge you a yearly subscription for a virtualization program? it's not like it's an antivirus/antispyware/signature based program. that just struck me as odd, anyone try greenborder and is it that good that it justify's a yearly subscription fee?

 

well I wanted to try DefenseWall 1.60 but alas, since I had previously tried 1.55, my trial period had expired. So I was not able to test it.

so, I purchased the program, anyway its only $29. I think it will be useful, and if not, I can give to a friend or something. I now await my license code, hopefully Ilya will send it soon!!

 

Hi guys, not sure if this is the correct forum to respond in. I work for GreenBorder but not as an official external contact. To contact our real support people, please send an email to support@greenborder.com or go to http://www.greenborder.com/support. Please let us know if you find a bug or incompatibility with GreenBorder. Feedback from anyone trying the product helps us make it better.

If you tried GreenBorder Pro before last Tuesday, you were using a pre-release version. We officially launched our website with the new build around 5am Tuesday morning (I know, because I was up all night). The current version/build number is 2.9.0.09008, visible in the License tab. I highly recommend the current release with the features and functions and fixes it has, so please uninstall the pre-release and install the current release. I suggest a uninstall/reinstall over an upgrade for a fresh start. Hurry, we have a year free license for the first 10,000 downloads, and we're already over 6,000. Download from www.download.com or through our website www.greenborder.com.

I can't speak for the other vendors, and I'll assume they work similarly, but I'll describe our product at an I.T. level (I'm an I.T. Director): What it does, is it creates a virtual application environment which has restricted access to local system resources. The local system resources restricted are; filesystem, registry, COM objects, local network services, clipbook, user shell, and system calls. Besides the standard restrictions such as; allow, deny, read-only, we add virtualize for the objects above. Over the years we’ve done a lot of kernel work to apply these restrictions while maintaining usability. The consumer version is new, we have a centrally managed enterprise version which has been in use by customers nearly two years which also protects Outlook and local networks and hosts from the virtual environment.

Normally there is zero overhead when running GreenBorder. We've found some incompatibilities with other security products, but our installer should check for these products and prevent installation. The best place to resolve a problem would be our support team. I've always been a strong critic internally as I hate the presence of unstable software on my network, and I've had to suffer through our development versions. However the GA release is really a good stable product.

Although we don't officially support FireFox, I run it within GreenBorder by adding GreenBorder protection to the desktop shortcut which launches FireFox. Other installed programs should work the same way. Any file downloaded would be tagged and also launch in the virtual environment (.doc, .pdf, .xls, .bat, .com, .exe, etc). For the enterprise version we also protect the system and networks from untrusted email messages and attachments.

I’ve run just about every type of malware I could find and have not found anything that breaks the environment. Viruses don’t stick, and either spyware won’t install if it tries to access the windows installer service, or it’s contained and wiped away on the next reset. PCMagazine couldn’t break it either http://www.pcmag.com/article2/0,1895,1980991,00.asp . I have been posting about it to Full Disclosure, Focus-Virus, and other lists during beta hoping it would be hammered by the security experts out there, no one has posted a disclosure. Besides KeyLabs, I’ve also submitted the product to mutiple other malware Labs. I use it at home and have no fear of any website, or enabling any feature (even VBscript and untrusted Active-X), or of running the browser as administrator.

Since we're approaching the 4th of July, what our product does is gives the user Freedom to browse the Internet, Freedom to enable all the browser features, and Freedom to open files downloaded or from other sources. It really also gives you Freedom of choice in browsers (unofficially), and defends your confidential data from those that want to steal your files or passwords.

 

Installed GreenBorder on my XP Home system today( uninstalled GesWall before that).Afetr reboot got error messages( see the pic). IE was able to run in GB.
I put opera and FF in GB and it spoiled their Icons. Cliccked GB desktop ion and windows said it can,t recognize how to open this.
Tried to run Opera in GB and it stucked( that I will not blame as Opera also stucked in Sandboxie on my system while IE and FF ran OK in sandboxie).
Tried to run FF and got BSOD.
Rolledback, reinstalled, almost same results with BSOD on running FF. Then I removed it.

 

I still have the same slowness after installing GreenBorder and I have a fast computer.
While booting in Windows, the screen with "Welcome" waits 105 seconds instead of 1 second.
The NOD32-icon doesn't appear in the system tray.

 

Just PM to NicM- he is who, mostly, wrote the review. Hi will help you to understand the parts you don't understand.

 

Again there is too many threads started about one product. Why not just stick to the one Greenborder thread?

This is the version I have.

Would this explain the troubles with alot of mixed bag computers and as we know the government won't allow you to touch the kernel.

I did go to the support page after failed install and it requires you to create a user account before posting a problem. Kind of a hassle since everyone is always in a hurry these days.

The only security software I have on this box is ms shared toolkit with disk protection off for now and BoClean, which I shut down before trying to install
greenborder. However I did not stop Bo's processes.


controler

 

Sorry, but most of the mogazine's "experts" are not experts at all. They write good reviews about Safe'n'Sec which could be bypassed in five minutes wrote piece of code.

Sorry, but DefenseWall already give it to it's users for six mounts. You are too slow.

 

I noticed the same as you. When running NOD32 and GreenBorder together, GB causes NOD32 to monopolize the CPU (check CPU usage or CPU time in the task manager or process explorer) therefore slowing your system to a crawl. I'm guessing its a compatibilty issue as GB runs very light on its own.

EDIT: I received an email from GB support stating that this issue has been fixed. I'll test it out.

 

Dooh , but Thanks for the feedback even so.

I know my english could easily be improved , but I must say I'm quite surprised by your comment, because the text was submitted to two English/US people before the final release, and they didn't find anything really imperious . I thought it was OK, and most of the sentences are straightforward anyway. This is not "litterature".

But please tell me what you don't understand then (by PM), it will help me to make the review more readable if that's not enough actually.

Cheers,
nicM

 

I just took a quick look at your review and it reads fine for me and english is my first language.



snowbound

 

Thanks for the info !!! I will create a snapshot without NOD32 and AVG as AV and try GB again.