Geswall + Sandboxie + Returnil

Discussion in 'other anti-malware software' started by Gargoyle, Dec 23, 2007.

Thread Status:
Not open for further replies.
  1. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    As I'm still learning about HIPS, I am thinking about using all three programs for things I download from the internet that I'm not sure aren't filled with malware. Has anyone tried running all three programs together? If so, any problems such as BSOD? And, would you say the setup is redundant?
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    I run GeSWall at all times (one of my main pieces of security software at this time)
    I fire up SandBoxie when I know i'm going into possible dangerous territory.
    But in order to do this without getting this error from SandBoxie I change the security setting in GeSWall to low,start SandBoxie then change the setting in GeSWall back to medium. Now I have a sandbox with all contents under the policy restrictions of GeSWall as well as my other security layers in place.
    Not sure about Returnil as I have never tried this app.
     

    Attached Files:

  3. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    It seems you are running Sandboxie inside Geswall. Have you tried running Geswall inside Sandboxie and see how it goes? Like, download something using your favorite Geswalled web browser. Then run sandboxie on the application after it has the isolated icon. That method, Geswall inside Sandboxie, is what I intend to do.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Returnil will save you from the many BSOD's on your computer, if you read this :
    http://www.returnilvirtualsystem.com/index_files/rvspersonal.htm

    Except for testing new softwares that require a reboot during installation.
    In that case, you will need your Image Backup/Restore software, if something goes wrong.
    If nothing goes wrong, but you don't like the software, you can't uninstall it with Returnil, then you have to uninstall it with the classical tools or restore an image.

    You can also use a Virtual Machine to test softwares, which is probably the best way.
     
    Last edited: Dec 23, 2007
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No never tried that. My way is just extra protection while surfing,not testing a software. After testing software and if its not staying I rollback to an earlyer snapshot,like it was never there.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I will never suggest to combine GE and SBIE9 very same type of software). Just use either one of them. Adding Returnil might be OK though.
     
  7. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I would say traditional/conventional wisdom is that you can probably drop GesWall or Sandboxie. And add something like Threatfire and ProSecurity. :D
     
  8. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    I'm still learning about classical hips and it just so happens I'm trying Prosecurity right now. EQsecure is something I can fall back.

    Aigle, check your PM.
     
  9. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Imho the combination of

    ProSecurity 1.40
    GeSWall 2.6 free
    and
    Returnil -any version

    makes for a rather omnicomprehensive and rather unhackable combination.
    You can drop anything else and have just a firewall and/or Router.
     
Loading...
Thread Status:
Not open for further replies.