Does defensewall truly remove its blocked malwares?not sure!

Discussion in 'other anti-malware software' started by demoneye, Sep 2, 2009.

Thread Status:
Not open for further replies.
  1. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    HI

    first lets face the facts

    1.if any malware caught its will show in dw"rollback section"
    2.in order to get ride of this malware u need to use DW "rollback" feature
    3. DW "rollback" increase its size when longer uses DW.
    4. from DW on line help regard to rollback "This tool is for Advanced Users only. It removes files and registry keys from your hard drive! "
    5. from DW on line help "Regular users: Use a standard anti-virus or anti-malware scanner to get rid of any left-over malware modules. Inactive malware is harmless, so the time of reaction of anti-virus vendors and new signature updates is not really important in this case"

    ok... now here is the big problem , after couple of week i uses DW my "roolback" get big like more than 100 lines.... if i today get infected , how can i be 100% sure i "rollback" ONLY the malware infection not my important data by mistake?

    what most bother me is line "5" , so if no cure yet from my av vendor... the malware stays in my pc?? i feel so uncomfortable to know there is malware in my pc when i working on my important data....

    just to mention , if such thing append with sandboxie , i can just "clean container " and get rid of the malware for good, it doesnt depend on 3rd software in order to destroy any kind of malware activity :D
     
    Last edited: Sep 2, 2009
  2. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    If you have a number of lines, 100 or more, should take a few minutes to go through the list and allow photos and documents etc. After you allow the important items, delete the rest in file and registry tracks. I posted some screenshots awhile ago, I can try and find them.

    But regarding malware, and if it exists on your system, if it is causing no damage to your system, and can't cause damage even if you launch the file by chance 50 times, then DW has done its job.

    Edit - ssj100 said what I was wanting to say. :thumb:
     
  3. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i said more than 100 , i didn't count them ...but how can i be 100% sure i don't del important system files along side with the malware when uses "rollback"? can u guarantee that? and what about novice users ?should they gamble their way threw? or just stay with the malware hope their avs catch it some day?
    and that not correct , the malware can run even under DW but restricted , so if it dropper and u recognize it d/l from the net stuff , how can u say its "done its job"
    if its a malware that provide any kind of visibility how can u accept it?

    u can also see matt review on it , his infected pc remain infected until he manually dell the malware from DW dialogs "rollback", but remember it was clean DW install and for immediate malware infection test :D

    cheers
     
    Last edited: Sep 2, 2009
  4. mark.eleven

    mark.eleven Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    81
    Location:
    Island of Sodor
    I tested DW not long ago but for the same reason, revert back to Sandboxie. IMHO, I feel more secure knowing all baddies are "flushed" the moment I close my browser.
     
  5. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I see your point. But if you rollback continually, on a daily basis, the same with sandboxie when a session ends, then you won't have a problem.

    Difference I see for novice users, they can open up pdfs, images, and continue to use documents downloaded with DefenseWall. With sandboxie, they can either recover and hope it is a document, or if sandboxie is setup to automatically clear contents, they'll complain they lost all their downloads.

    Each to their own. For novice users, I'd still go with DefenseWall.
     
  6. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i 100% agree with u on "For novice users, I'd still go with DefenseWall";)
    other part is unpractical and can be very annoying when do on daily basis (rollback continually, on a daily basis):blink:

    cheers
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yep , i agree with you , its more convenient to know when u flash 100% of maybe potential malware gone for ever :D
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I think, you just misunderstand the aim of the DefenseWall project. It's intended for novice users first head. For them, partial virtualization is quite difficult thing to use properly. DW's "rollback" function too, BTW. That's why this function is limited and not advertised- "my" user can't use it properly.

    That's why the main aim of my protection is to stop malware cold as anti-virus scanner have an "infection window" for this sample. Detection pace is not important anymore, it doesn't matter if its signature will be added one day or one month as, being untrusted, malware is harmless.

    As for advanced users- they can use both DW's "rollback" and virtualization container "trash out" functions properly, but most of them are Wilders visitors...

    I strongly believe each piece of software have its own user, so, saying "I don't feel a concrete function is suitable for me" is right, but not really correct as it's intended for other type of users and other use cases.
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Ilya, interesting point about the detection window. Gives the AV the chance to catch up with new samples. Never thought of it that way. :)
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    You can always configure sbie to recover everything from the sandbox in another sandboxed folder and then set it to force sandbox anything that is opened from that. Also you can further force sandbox your word processor, pdf reader etc with appropriate run/internet restrictions. Sbie can be easily configured to provide as much protection as DW if not more imo.
     
  11. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    His SSJ,

    I see what you're saying and agree with you. However I was just pointing out that sbie too can be configured to protect against the particular threats Saraceno mentioned.
     
  12. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Who cares, those malware files are dead when running DW. And only if you were intentionally downloading something they are likely to be in such places that you can intentionally execute them. In case of SB you would take them out of the box (being in danger). For DW they are and will remain still "untrusted" (eg. exploit pdf:s), unless you have to install something and run them intentionally "trusted".
     
  13. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I have the pro version of SB, and have studied it a little. You can tune up it in many ways. This all requires some effort, so not suitable for the average guy.

    Moreover, what if you need to install something, you always install programs inside the sandbox? I think it impedes practical work unnecessarily.

    I also prefer to be able to handle and move files without strict dicipline. I'm lazy. :D
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    man , i think u don't understand the different between SB and DW concept...DW uses REAL system while SB hold all on VIRTUAL place ...so who care about malware stays on his real pc?? i think only idiot wont care lol
     
  15. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Well, I think I know the exact nature of both concepts pretty well. So, once again: so what?

    P.S. SB processes and files are not living in a virtual place.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    one thing i can say criple malware is like a regular file,it is dead can not do any harm you can even remove manually,is not a big deal:)
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i am a novice:D
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    wait a minute if you know how to use the roll back feature built in DefenSeWall you can also flash any toilet,flooded or not :):):) very easy;) peace of cake leaving you pc like nothing happen,i personally tested this my self;)
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    lol;) you made my day:) by the way i need some coffee:D
     
  20. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    What is a probability, that the average guy will by accident execute eg. following files

    * ME2[n].HTM
    * USBEWT.SYS
    * LJUBOMORE[n].EXE
    * MCDRIVE32.EXE
    * NPCOMMON.DLL
    * VMCOINST_VC0323.DLL
    * VNC-4_1_2-X86_WIN32.EXE
    * W3B388E.DLL
    * WOQRTDYQ.DLL
    * WPV681228549885.CPX
    * WPV681237410850.EXE


    staying dead at

    C:\WINDOWS, C:\WINDOWS\system32, C:\Documents and Settings\admin\Local Settings\Temp\, etc?
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i see and that is why there is a program called ccleaner to clean registry and debris, i dont use ccleaner i clean my registry manually:) by the way i got demoye's point :):)
     
  22. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Yes, of course. But even if one would later uninstall DW those files would not be a big threat.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    just did a scan with avira in a pc with DefenseWall and for more than a year and found o cero viruses,meaning defensewall is doing it's job,thanks Ilya;)
     
  24. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I use Defensewall mainly for the reason that Ilya stated. If something does get by my other malware programs due to them not having a signature that detects it, I know that Defensewall will let me shut it down if it does manage to run and that it won't start up again. Then someday down the road I might be doing a full scan with an av and lo and behold it detects and cleans these dead files that Defensewall killed. In the mean time. I safely use my computer without any harm done by the undetected malware.
     
  25. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This "virtual" place is just a folder at your c: drive. So, it's not that "virtual" as you thin about it.
     
Loading...
Thread Status:
Not open for further replies.