Does defensewall truly remove its blocked malwares?not sure!

HI

first lets face the facts

1.if any malware caught its will show in dw"rollback section"
2.in order to get ride of this malware u need to use DW "rollback" feature
3. DW "rollback" increase its size when longer uses DW.
4. from DW on line help regard to rollback "This tool is for Advanced Users only. It removes files and registry keys from your hard drive! "
5. from DW on line help "Regular users: Use a standard anti-virus or anti-malware scanner to get rid of any left-over malware modules. Inactive malware is harmless, so the time of reaction of anti-virus vendors and new signature updates is not really important in this case"

ok... now here is the big problem , after couple of week i uses DW my "roolback" get big like more than 100 lines.... if i today get infected , how can i be 100% sure i "rollback" ONLY the malware infection not my important data by mistake?

what most bother me is line "5" , so if no cure yet from my av vendor... the malware stays in my pc?? i feel so uncomfortable to know there is malware in my pc when i working on my important data....

just to mention , if such thing append with sandboxie , i can just "clean container " and get rid of the malware for good, it doesnt depend on 3rd software in order to destroy any kind of malware activity

 

If you have a number of lines, 100 or more, should take a few minutes to go through the list and allow photos and documents etc. After you allow the important items, delete the rest in file and registry tracks. I posted some screenshots awhile ago, I can try and find them.

But regarding malware, and if it exists on your system, if it is causing no damage to your system, and can't cause damage even if you launch the file by chance 50 times, then DW has done its job.

Edit - ssj100 said what I was wanting to say.

 

i said more than 100 , i didn't count them ...but how can i be 100% sure i don't del important system files along side with the malware when uses "rollback"? can u guarantee that? and what about novice users ?should they gamble their way threw? or just stay with the malware hope their avs catch it some day?
and that not correct , the malware can run even under DW but restricted , so if it dropper and u recognize it d/l from the net stuff , how can u say its "done its job"
if its a malware that provide any kind of visibility how can u accept it?

u can also see matt review on it , his infected pc remain infected until he manually dell the malware from DW dialogs "rollback", but remember it was clean DW install and for immediate malware infection test

cheers

 

I tested DW not long ago but for the same reason, revert back to Sandboxie. IMHO, I feel more secure knowing all baddies are "flushed" the moment I close my browser.

 

I see your point. But if you rollback continually, on a daily basis, the same with sandboxie when a session ends, then you won't have a problem.

Difference I see for novice users, they can open up pdfs, images, and continue to use documents downloaded with DefenseWall. With sandboxie, they can either recover and hope it is a document, or if sandboxie is setup to automatically clear contents, they'll complain they lost all their downloads.

Each to their own. For novice users, I'd still go with DefenseWall.

 

i 100% agree with u on "For novice users, I'd still go with DefenseWall"
other part is unpractical and can be very annoying when do on daily basis (rollback continually, on a daily basis)

cheers

 

yep , i agree with you , its more convenient to know when u flash 100% of maybe potential malware gone for ever

 

I think, you just misunderstand the aim of the DefenseWall project. It's intended for novice users first head. For them, partial virtualization is quite difficult thing to use properly. DW's "rollback" function too, BTW. That's why this function is limited and not advertised- "my" user can't use it properly.

That's why the main aim of my protection is to stop malware cold as anti-virus scanner have an "infection window" for this sample. Detection pace is not important anymore, it doesn't matter if its signature will be added one day or one month as, being untrusted, malware is harmless.

As for advanced users- they can use both DW's "rollback" and virtualization container "trash out" functions properly, but most of them are Wilders visitors...

I strongly believe each piece of software have its own user, so, saying "I don't feel a concrete function is suitable for me" is right, but not really correct as it's intended for other type of users and other use cases.

 

Ilya, interesting point about the detection window. Gives the AV the chance to catch up with new samples. Never thought of it that way.

 

You can always configure sbie to recover everything from the sandbox in another sandboxed folder and then set it to force sandbox anything that is opened from that. Also you can further force sandbox your word processor, pdf reader etc with appropriate run/internet restrictions. Sbie can be easily configured to provide as much protection as DW if not more imo.

 

His SSJ,

I see what you're saying and agree with you. However I was just pointing out that sbie too can be configured to protect against the particular threats Saraceno mentioned.

 

Who cares, those malware files are dead when running DW. And only if you were intentionally downloading something they are likely to be in such places that you can intentionally execute them. In case of SB you would take them out of the box (being in danger). For DW they are and will remain still "untrusted" (eg. exploit pdf:s), unless you have to install something and run them intentionally "trusted".

 

I have the pro version of SB, and have studied it a little. You can tune up it in many ways. This all requires some effort, so not suitable for the average guy.

Moreover, what if you need to install something, you always install programs inside the sandbox? I think it impedes practical work unnecessarily.

I also prefer to be able to handle and move files without strict dicipline. I'm lazy.

 

man , i think u don't understand the different between SB and DW concept...DW uses REAL system while SB hold all on VIRTUAL place ...so who care about malware stays on his real pc?? i think only idiot wont care lol

 

Well, I think I know the exact nature of both concepts pretty well. So, once again: so what?

P.S. SB processes and files are not living in a virtual place.

 

one thing i can say criple malware is like a regular file,it is dead can not do any harm you can even remove manually,is not a big deal

 

i am a novice

 

wait a minute if you know how to use the roll back feature built in DefenSeWall you can also flash any toilet,flooded or not very easy peace of cake leaving you pc like nothing happen,i personally tested this my self

 

lol you made my day by the way i need some coffee

 

What is a probability, that the average guy will by accident execute eg. following files

* ME2[n].HTM
* USBEWT.SYS
* LJUBOMORE[n].EXE
* MCDRIVE32.EXE
* NPCOMMON.DLL
* VMCOINST_VC0323.DLL
* VNC-4_1_2-X86_WIN32.EXE
* W3B388E.DLL
* WOQRTDYQ.DLL
* WPV681228549885.CPX
* WPV681237410850.EXE


staying dead at

C:\WINDOWS, C:\WINDOWS\system32, C:\Documents and Settings\admin\Local Settings\Temp\, etc?

 

i see and that is why there is a program called ccleaner to clean registry and debris, i dont use ccleaner i clean my registry manually by the way i got demoye's point

 

Yes, of course. But even if one would later uninstall DW those files would not be a big threat.

 

just did a scan with avira in a pc with DefenseWall and for more than a year and found o cero viruses,meaning defensewall is doing it's job,thanks Ilya

 

I use Defensewall mainly for the reason that Ilya stated. If something does get by my other malware programs due to them not having a signature that detects it, I know that Defensewall will let me shut it down if it does manage to run and that it won't start up again. Then someday down the road I might be doing a full scan with an av and lo and behold it detects and cleans these dead files that Defensewall killed. In the mean time. I safely use my computer without any harm done by the undetected malware.

 

This "virtual" place is just a folder at your c: drive. So, it's not that "virtual" as you thin about it.