defensewall vs runasadmin explorer shim

Hi all,

what would provide better protection (I use XP SP3):
1- running an admin account with lowered privileges with RunasAdmin Explorer Shim
2- running an admin account with Defensewall

I tend to think that RunasAdmin would be safer as privileges are lowered across the board, while DW requires to mark as Untrusted specific applications.

RunAsadmin does also allow to run an app with admin privileges when needed thru a context menu option (it also allows to permanently raise rights for that application by hash or path).

Any expert advice for this security noob? thanks

 

I'm no expert but if you're looking for simple privilege control then runasadmin would suffice. However if you're after something more advanced with more features then defensewall is a good option.

 

Hello ramoncin,

For best and maximum protection you should run a limited user account with DefenseWall(DW). On the other hand, based upon personal experience, it is my opinion that running DW under an administrator account with system and web browser hardening provides nearly impenetrable security.

If you have not yet done so, please take a look at the following relevant DW links below.

http://gladiator-antivirus.com/forum/index.php?showtopic=74057 (DefenseWall Offers Protection Beyond That of a Limited User Account)
http://gladiator-antivirus.com/forum/index.php?showtopic=74162&st=0&p=208009&#entry208009 (Post #4)
https://www.wilderssecurity.com/showpost.php?p=1306970&postcount=44
http://gladiator-antivirus.com/forum/index.php?showtopic=75428 (Web Browser Hardening Resource List For DefenseWall Users)
http://gladiator-antivirus.com/forum/index.php?showtopic=75558 (System Hardening Guide For DefenseWall Users)
http://gladiator-antivirus.com/forum/index.php?showtopic=77256 (My DefenseWall System Lockdown Settings)


Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Thanks Cogito for the detailed post, bringing up LUA possible exploits.
DefenseWall seems to be the more flexible and secure option.

 

DefenseWall gives more protection and flexibility that a limited user account can offer you.

1. Simple resource isolation and protection.
2. More autorun areas are covered for untrusted processes.
3. Pre-defined rules for the most known software (that works right out of box).
4. Strong defense against keyloggers that can work under limited user account.

 

If you run Defensewall while you are using a LUA account you are close to being bulletproof.

 

Hello ramoncin,

You are very welcome.


Peace & Gratitude,

CogitoErgoSum

 

Guys,

The main difference with run as LUA and programs like DefenseWall and GeSWall is that the latter two will also treat files created by untrusted programs as untrusted (meaning a stronger than LUA rights containment).

On an XP box I would not run DW as limited. Maintain the flexibility and add ThreatFire free for general coverage TF has an AV buid in).

On a Vista32 box I would use the Norton UAC tool (and run as limited user by default) EDIT, plus defensewall and add a Antivirus to your liking when this feels to naked.

 

UAC tool doesn't support resource separations. Without it, all your passwords can be stolen.

 

Sorry, see edit

 

What about Keyscrambler+Threatfire(level3), would that combo protect a LUA from possible exploits, or is Defensewall better?

Thanks all again for the feedback.

 

Hi,

All sandbox applications (SafeSpace, Sandboxie, GeSWall and DefenseWall) provide very tough protection when you start privacy sensitive internet sessions (like banking, shopping) et cetera from a clean sandbox. Key element is that sandboxed applications can access each other data (or in the case of GeSWall and DefenseWall untrusted applications). GeSWall has very granular control so you can create your own seperation rules.

Nice thing of DefenseWall version 2.45 is that it has build in rules for resource protection. The concept of resource protection is that other untrusted applications can not access resources of other untrusted programs. In version 2.45 Ilya has adopted some suggestions to protect your e-mail folders and web address book (*.wab files) by default. For other applications there are also build in rules. So without being a power user DefenseWall offers out of the box resource protection simular to a very experienced GeSWall Pro/Sandboxie user (although Sandboxie is a different type of HIPS).

This out of the box high level of protection with few pop-ups to bug the user, makes that DefenseWall has so many 'fans' here on wilders. The same applies to GeSWall Pro and Sandboxie, you will find a lot of knowledgeable POWER users who have fine tuned GW or SBIE to the maximum of their needs.

It is more or less the same difference with Online Armour versus Comodo. Both are great, OA is also much easier to use than Comodo FW

My MOM of 75 uses DefenseWall. There are only TWO things you have to know:
1) use the Go banking/shopping feature when doing on-line business
2) change a downloaded program from status UNTRUSTED to TRUSTED when you want to install it.


As a rule of thumb combining TF or A2 with GW or DW behind a router ensures you of a strong security setup with few pop-ups and installation hassle.

Hope this helps

Cheers Kees

 

Great explanation Kees1958

 

So does the UAC tool weaken your security? Or do you need additional security measures put in place?

 

No, it doesn't. DefenseWall works perfectly with UAC.

 

i'm sorry but excuse my ignorance in this simple question but i really don't know
1-if i created a limited user account , how can i make the windows to do auto login , when i power on my pc "i don't like the screen from which i choose which user account to log with
i wany to automatically log in as limited user in the same way the computer behaves when i have one adminstrative account

2-what is the advantages of LUA
for example if i have an autorun virus or worms on some where on my hard disk , under the LUA can these malwares copy themelves to other locations?? or they will be automatically prevented from the 1st run ?

i'll appreciate so much if some one helped me here and answered the above 2 questions
thanks in advance

 

Ilya, thank you for your reply but I should have been more specific. Does the UAC tool weaken Vista so that the passwords can be stolen? Or does it not provide that specific protection?

I will install the Defenswall trial and see how it works for me.

 

I have no idea.

 

Oops, I edited my post as you replied. I think I get your meaning.

 

Hi all,
I have spent a few days trying out different software and lua combinations, and have finally settled on using DW (got Friday deal license) on an admin account.

I was wondering if running TF along DW would make sense, mainly because I don´t have a fresh pc installation and that would bring me peace of mind when it comes to the "trusted" processes.

Thanks


edit:
oops, just noticed that Kees had already answered in post #12