defensewall vs runasadmin explorer shim

Discussion in 'other anti-malware software' started by ramoncin, Oct 18, 2008.

Thread Status:
Not open for further replies.
  1. ramoncin

    ramoncin Registered Member

    Joined:
    Jun 26, 2007
    Posts:
    28
    Hi all,

    what would provide better protection (I use XP SP3):
    1- running an admin account with lowered privileges with RunasAdmin Explorer Shim
    2- running an admin account with Defensewall

    I tend to think that RunasAdmin would be safer as privileges are lowered across the board, while DW requires to mark as Untrusted specific applications.

    RunAsadmin does also allow to run an app with admin privileges when needed thru a context menu option (it also allows to permanently raise rights for that application by hash or path).

    Any expert advice for this security noob? thanks
     
    Last edited: Oct 19, 2008
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I'm no expert but if you're looking for simple privilege control then runasadmin would suffice. However if you're after something more advanced with more features then defensewall is a good option.
     
  3. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello ramoncin,

    For best and maximum protection you should run a limited user account with DefenseWall(DW). On the other hand, based upon personal experience, it is my opinion that running DW under an administrator account with system and web browser hardening provides nearly impenetrable security.

    If you have not yet done so, please take a look at the following relevant DW links below.

    http://gladiator-antivirus.com/forum/index.php?showtopic=74057 (DefenseWall Offers Protection Beyond That of a Limited User Account)
    http://gladiator-antivirus.com/forum/index.php?showtopic=74162&st=0&p=208009&#entry208009 (Post #4)
    https://www.wilderssecurity.com/showpost.php?p=1306970&postcount=44
    http://gladiator-antivirus.com/forum/index.php?showtopic=75428 (Web Browser Hardening Resource List For DefenseWall Users)
    http://gladiator-antivirus.com/forum/index.php?showtopic=75558 (System Hardening Guide For DefenseWall Users)
    http://gladiator-antivirus.com/forum/index.php?showtopic=77256 (My DefenseWall System Lockdown Settings)


    Hope this helps.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Oct 19, 2008
  4. ramoncin

    ramoncin Registered Member

    Joined:
    Jun 26, 2007
    Posts:
    28
    Thanks Cogito for the detailed post, bringing up LUA possible exploits.
    DefenseWall seems to be the more flexible and secure option.
     
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall gives more protection and flexibility that a limited user account can offer you.

    1. Simple resource isolation and protection.
    2. More autorun areas are covered for untrusted processes.
    3. Pre-defined rules for the most known software (that works right out of box).
    4. Strong defense against keyloggers that can work under limited user account.
     
  6. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    If you run Defensewall while you are using a LUA account you are close to being bulletproof.
     
  7. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello ramoncin,

    You are very welcome.


    Peace & Gratitude,

    CogitoErgoSum
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Guys,

    The main difference with run as LUA and programs like DefenseWall and GeSWall is that the latter two will also treat files created by untrusted programs as untrusted (meaning a stronger than LUA rights containment).

    On an XP box I would not run DW as limited. Maintain the flexibility and add ThreatFire free for general coverage TF has an AV buid in).

    On a Vista32 box I would use the Norton UAC tool (and run as limited user by default) EDIT, plus defensewall and add a Antivirus to your liking when this feels to naked.
     
    Last edited: Oct 22, 2008
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    UAC tool doesn't support resource separations. Without it, all your passwords can be stolen.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry, see edit
     
  11. ramoncin

    ramoncin Registered Member

    Joined:
    Jun 26, 2007
    Posts:
    28
    What about Keyscrambler+Threatfire(level3), would that combo protect a LUA from possible exploits, or is Defensewall better?

    Thanks all again for the feedback.

    :)
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    All sandbox applications (SafeSpace, Sandboxie, GeSWall and DefenseWall) provide very tough protection when you start privacy sensitive internet sessions (like banking, shopping) et cetera from a clean sandbox. Key element is that sandboxed applications can access each other data (or in the case of GeSWall and DefenseWall untrusted applications). GeSWall has very granular control so you can create your own seperation rules.

    Nice thing of DefenseWall version 2.45 is that it has build in rules for resource protection. The concept of resource protection is that other untrusted applications can not access resources of other untrusted programs. In version 2.45 Ilya has adopted some suggestions to protect your e-mail folders and web address book (*.wab files) by default. For other applications there are also build in rules. So without being a power user DefenseWall offers out of the box resource protection simular to a very experienced GeSWall Pro/Sandboxie user (although Sandboxie is a different type of HIPS).

    This out of the box high level of protection with few pop-ups to bug the user, makes that DefenseWall has so many 'fans' here on wilders. The same applies to GeSWall Pro and Sandboxie, you will find a lot of knowledgeable POWER users who have fine tuned GW or SBIE to the maximum of their needs.

    It is more or less the same difference with Online Armour versus Comodo. Both are great, OA is also much easier to use than Comodo FW

    My MOM of 75 uses DefenseWall. There are only TWO things you have to know:
    1) use the Go banking/shopping feature when doing on-line business
    2) change a downloaded program from status UNTRUSTED to TRUSTED when you want to install it.


    As a rule of thumb combining TF or A2 with GW or DW behind a router ensures you of a strong security setup with few pop-ups and installation hassle.

    Hope this helps

    Cheers Kees
     
  13. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    723
    Location:
    Cumbria, England
    Great explanation Kees1958 :thumb:
     
  14. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    541
    Location:
    Sonoran Desert
    So does the UAC tool weaken your security? Or do you need additional security measures put in place?
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    No, it doesn't. DefenseWall works perfectly with UAC.
     
  16. minasmwl

    minasmwl Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    14
    i'm sorry but excuse my ignorance in this simple question but i really don't know
    1-if i created a limited user account , how can i make the windows to do auto login , when i power on my pc "i don't like the screen from which i choose which user account to log with
    i wany to automatically log in as limited user in the same way the computer behaves when i have one adminstrative account

    2-what is the advantages of LUA
    for example if i have an autorun virus or worms on some where on my hard disk , under the LUA can these malwares copy themelves to other locations?? or they will be automatically prevented from the 1st run ?

    i'll appreciate so much if some one helped me here and answered the above 2 questions
    thanks in advance
     
  17. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    541
    Location:
    Sonoran Desert
    Ilya, thank you for your reply but I should have been more specific. Does the UAC tool weaken Vista so that the passwords can be stolen? Or does it not provide that specific protection?

    I will install the Defenswall trial and see how it works for me.
     
    Last edited: Oct 24, 2008
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I have no idea.
     
  19. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    541
    Location:
    Sonoran Desert
    Oops, I edited my post as you replied. I think I get your meaning.
     
  20. ramoncin

    ramoncin Registered Member

    Joined:
    Jun 26, 2007
    Posts:
    28
    Hi all,
    I have spent a few days trying out different software and lua combinations, and have finally settled on using DW (got Friday deal license) on an admin account.

    I was wondering if running TF along DW would make sense, mainly because I don´t have a fresh pc installation and that would bring me peace of mind when it comes to the "trusted" processes.

    Thanks


    edit:
    oops, just noticed that Kees had already answered in post #12
     
    Last edited: Oct 26, 2008
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.