DropMyRights VS Sandboxie?

I don,t know why I should use drop my rights while using sandboxie!

 

Dropmyrights -- make the application run as if it is in a limited account
Sandboxie -- isolate any change made fomr the application

There may be marginal benefits to run Dropmyright-ed IE with sandboxie. If somehow a malware break through the gates of sandboxie, the restricted IE may stop it from infection.

 

May be but I don,t know exactly!

 

@Anyone- I do hope someone will comment as to the differences in protection between DMR & Sandboxie while surfing the net. Unless the difference is significant, DMR seems like a superb tool at basically zero impact on my computer's resources.[/QUOTE]

Bellgamin

DropMyRights works with user rights during your IE of FF session. Any downloaded file is treated as 'trusted' even when it was created by a "restricted or untrusted" process. So the gates of your PC are wide open for more advanced malwares. Still it enhances your safety during surfing (so use it, when you do not have a sandbox or virtualization application in your line of defense)

GeSWall works via the Windows Policy Manager, same right limitation principle as DropMyRights, only with GeSWall you will get more protection, because of the more advanced options of GeSWall (granularity/white list) and big bonus GeSWall remembers the 'rights' a file/program has. The nice thing about GeSWall is that it uses Windows features and it is free and fast, but GeSWall is not able to protect you beyond the safety features of windows policy management and requires more knowledge.

Sandboxie works via a Sandbox. The protection of untrusted files is kept as long as they are in the sandbox. When downloading files outside the sandbox, your PC is left unprotected. Nice thing about Sandboxie it is free (after 30 days the reminder screeen can be removed by the 20 dollar life time lisence/subscription). It creates a low level disk write barrier for the sandbox. This concept makes it really hard to crack, but was hard on resources on my PC (and occasionally a programs might give incompatibility errors).

BufferZone is paid, but you can get single purpose freeware (for P2P, IE or FireFox for instance). It seperates protected applicatios in a seperated area (like sandboxie), but also remembers the rights of files like GeSWall. It is a fast easy to install application. With Bufferzone it is also possible to use other applications in your browser (fi when you are using firefox, BZ4FF you can use McFee siteadvisor 4FF).

I have no experience with Greenborder, looks to me it works in the same way as BufferZone, is only more expensive and seems to perform better than others (based on the test you refered to as Yonder).

DefenseWall also is a very easy (the easiest) to use application. It also remembers the state (untrusted/trusted). DefenseWall does not seem to physically seperate untrusted aps from trusted ones (like SandBoxie) and uses some kind of own priviledge restrictions (like GeSWall) and allows you to rollback registry changes. DefenseWall is also a fast/resource friendly application (only trial, paid 29 dollar for life time lisence, next years 10 dollar for support/subscription is not mandatory).

 

Hi Kees, nice review.

 

Geswall probably should be compared to Coreforce, not to sandboxie, since both lacks file virtualization features.How well Geswall and coreforce protects you depends on how intelligently you set the file and registry restrictions I think. They either allow or disallow file access that is it.


Sandboxie should be compared to bufferzone.

I just noticed that Bufferzone free single purpose actually works for any app and not just one app.

You can download the firefox version for BZ , but still add internet explorer, or any other app you want to be sandboxed by adding the process names to the rule editor! This appears to be by design.

There are differences between the free version and the full version but most of these extra features are not included in Sandboxie anyway.

This makes the free bufferzone version actually pretty much comparable to Sandboxie.

In fact, the free version of BZ actually has a couple of features not available in the unregistered version of Sandboxie.

* BZ automatically sandboxes processes regardless of how they are started, while in the unregistered version of Sandboxie this isn't available, you need to register to get it. For example in sandboxie if IE is started by some other program, it won't be sandboxed while they will be in BZ.

* Nicer interface, you can right click and run files sandboxed , set trust permissions , move files easily in and out of the sandbox (BZ). Most of this is possible with Sandboxie also but requires you to mess with ini files, or manually move files.

Cons of BZ free ,Pros of Sandboxie

* Sandboxie Allows multiple sandboxes

* Sandboxie smaller and more lightweight.

* BZ free does not allow blocking access to network shares, USB, devices, etc. In Sandboxie I believe these are blocked by default unless you allow them

There are probably other technical differences, but I didn't have the time to do a full test.

 

My only concern with BZ is the slow loading of applications. They need to imporove it.

 

Devil's Advogate

I compared GeSwall with DMR because Bellgamin asked to explain the differences.

Do you have any experience with CoreForce or GreenBorder?

Great that BZ allows to put in other aps as wel in the free version. My son is using BufferZone free. Works well. On his PC BZ was also faster than BufferZone (like on my PC), but you mention that Sandboxie is lighter?
It seems that Aigle also has the same experience. Is there a trick to speed up Sandboxie

Regards Kees

 

Well it looks fine on my system when testing on vmware. But I suppose if you pile on more security apps things might start to slow

 

In my experience SandBoxie, GW and DW were all very light.
BZ was also OK but just it was the launch of any sanboxed application like browsers etc that was slow, and I believe that it has some thing to do with the way BZ implements its virtualization. I got same results on two systems.
It is ofcourse subjective so opinions may vary.

 

Well it's subjective but simply judging from all the bells and whistles in BZ (the drawing of the red borders, addition of context menus, the more complicated interface) it's reasonable to guess that BZ might use more resources particularly the fixed GDI resources.

 

Personally I like multiple options provided by BZ.

 

If I use web-filtering proxy (Proxomitron etc.) should I then run it with DropMyRights or is web browser still the right option? Of course I can run both but really don't know which one is the best option.

 

DropMyRights -- make the application run as if it is in a limited account (so that app can't make changes which require administrative rights)
Web-filtering proxy like Proxomitron -- depending on the app, it can do more than just security (eg content/display control)

It really depends on what you would like to achieve. Personally I like web-filtering proxy since I have more controls on how a website can do.

 

Wai_Wai I mean that when I use this combination:

Firefox <-> Proxomitron <-> WEB

Where I should add DMR? Should I run it to Firefox or Proxomitron or even both?