EQSecure+Sandboxie+Returnil?

Discussion in 'sandboxing & virtualization' started by ahriman, Sep 19, 2007.

Thread Status:
Not open for further replies.
  1. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    I'm thinking of installing EQSecure. I already use Returnil and Sandboxie, as well as (occasionally) a virtual machine running OpenBSD.

    Is buying another copy of XP Pro to run in a virtual machine worth it? I'm thinking it may be necessary to deliberately get some malware and play with it in a safe environment. I need to understand malware better so I know how to protect myself.

    Several posters seem to run EQSecure in a virtual machine. I would install it in my 'real' OS? Is Returnil + Sandboxie + EQSecure going too far? It doesn't seem so to me, but then I'm paranoid.:D
     
  2. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    I haven't tried returnil (yet) but sandboxie with eqsecure run very well together. Eqsecure feels very light in resources also.

    Instead of buying another XP copy and the vmware you can try and then buy (as I did) FD-ISR. If you have free space you can do any testing you like. Under different boots you can use different HIPS and security programs.
     
  3. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    Thanks for the reply, mike21. I keep hearing about FD-ISR on the forum, it seems to be like a 'super' system restore. I do disk images of my C: drive frequently (and before doing anything that may cause problems, like installations), so the advantage with FD-ISR seems to be just automated snapshots?

    I'm not sure why I would I need both FD-ISR and disk imaging. If I could have different boots (different security apps in each) that sounds really interesting, but I didn't see any mention of that in the description of FD-ISR. (It's probably there, and obvious and I missed it, my excuse is that I just got up and haven't finished my first coffee yet ;) )
     
    Last edited by a moderator: Sep 19, 2007
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    ahriman,
    FDISR = Immediate System Recovery (ISR), so it restores your system faster than restoring an image with your Image Backup software and it does a much better job than Windows System Restore, because FDISR starts BEFORE Windows starts and that makes a recovery possible even when you can't boot in Windows anymore or when you have a frozen BSOD on your screen.
    So it depends on how fast you want to be back in business, when something goes wrong.

    FDISR can also be used for creating different work/test environments and as second backup tool.
    FDISR is the fastest backup tool, I know, but only for partition [C:]

    FDISR doesn't replace your Image Backup software, because it only works for the partition [C:] and ignores any other partition or harddisk.
    Image Backup software can backup/restore all your other partitions and harddisks.
     
    Last edited: Sep 19, 2007
  5. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    ErikAlbert,
    Thanks for clarifying, FD-ISR sounds like something I do need then. The different test/work environments is too good to pass up!
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Personally, i'm fairly settled in safely enough with the combination of EQSecure + Sandboxie + Power Shadow. If not for my absolute confidence from real-world results with PS, i would have jumped over like many to Returnil because it's a really dependable program.

    As much as i have a strong allegiance to System Safety Monitor, EQSecure, i'm finding does an equally remarkable job of behavioral monitoring and shielding against forced intrusions be it $M based or outsourced via malware distributors.

    Also with the onset of my decision to bring Anti-Executable into the mix, i don't imagine any real serious concerns anymore about something masked as legit, suddenly rearing up as a system threat. Couple these with a Solid imaging program (with storage capacity hard drives), the light is no longer at the end of the tunnel but in clear view now. :thumb:
     
  7. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    EASTER,
    Thanks for the reply. Anti-Executable is a program I've been about to install for two days now, but I heard it conflicts with FDISR (I have a 14-day trial copy). FDISR looks very, very handy, of course I haven't exploited its many benefits yet. But Anti-Executable is soooo tempting. I really prefer a whitelist. Perhaps I should look at Power Shadow! Then I could have Anti-Executable :D.

    With so many malwares with such excellent stealthing techniques, I just don't know if my system is really secure. I could be so owned, even with AV, anti-spyware,... (I was browsing at rootkit.com, so I'm kinda neurotic about this right now).
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    If you have another drive go ahead and get it. You WILL NOT be dissappointed. I tried this app back in it's infancy and although i liked it then there were issues. Not Anymore.

    AE runs on XP Pro of mine and you don't even know it's there unless "ANY" unauthorized executable attempts to run, and if it's not in your WHITELIST it goes nowhere fast. :D If you want to add a new program, theres where your WHITELIST comes in. It also has a BLACKLIST.

    One of the better iron fences no doubt in PC Security and confidence.
     
  9. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    EASTER,
    We seem to be playing 'hop scotch' between this thread and 'Why do people use so many programs...' :D . I do have another hard drive, so another copy of XP Pro and I'll be set.
    Thanks!
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    ahriman :cool:

    Try this one on for size. Along with AE run Power Shadow/Returnil "AND" Sandboxie and throw in a worthy HIPS too, mine is EQSecure 3.4. I dare intrusion to pass. :cautious:
     
  11. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    Try this one on for size. Along with AE run Power Shadow/Returnil "AND" Sandboxie and throw in a worthy HIPS too, mine is EQSecure 3.4. I dare intrusion to pass​

    Yes! AE+PowerShadow+Sandboxie+EQSecure. Looks like a winning combo to me :). And I don't have to buy another copy of XP Pro!
     
Loading...
Thread Status:
Not open for further replies.