geswall vs sandboxie

Discussion in 'other anti-malware software' started by ereal73, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. ereal73

    ereal73 Registered Member

    Joined:
    Nov 28, 2009
    Posts:
    4
    Hello. I am looking for a little advice.Which do you guys think is better-- geswall or sandboxie-- I have registered both but currently an running geswall. Geswall does not work with sandboxie at the same time.
    also running are online armor premium with run safer on internet programs activated. winpatrol- the latest, prevx 3.0-full, antivir premium 9.0--full.Threatfire- the latest is also on box but not running now since seems to possibly conflict with at least one of the others--seems to slow comp. down when running at same time but no crashes. running xp home sp3. Thank l you. :blink:
     
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I imagine many would say Geswall has greater all-round system protection, in comparison to Sandboxie.

    Sandboxie is great protection to withold something nasty and then dump it (mostly from internet facing applications). But user error potential is much higher with Sandboxie than the somewhat dummy proof Geswall - Geswall is more user friendly - click and go.

    JMO, though.
     
  3. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    A vs. B isn't allowed here but we can discuss the merits of both softwares for you to make an educated decision. I've used both and they are excellant apps. As far as being user friendly goes I think they are both about the same. I like the auto-terminate feature of GW but I don't like way you have to write rules. However it is pretty much ready to go "out-of-the-box."
    SB is an impressive app with a responsive developer and forum. You will also find many here with config suggestions (SB more so than GW). You really can't go wrong with either app just find what meets your pc usage style and use it.
    FWIW you really don't need all the apps you mentioned. I'm surprised you can do anything at all on your pc. SB, or GW, and a decent AV scanner should suffice for almost anybody.;)
     
  4. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    SB is much better , and trust me on that :)
     
  5. yeuxbleus

    yeuxbleus Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    90
    I can only tell you what I've experienced, which may or may not apply to you. The best advice would be to try each one without the other and see how your computer performs...it would come down to that, as they are both excellent. FWIW, I've tried both and Sandboxie seemed to have run better (lighter and the computer seemed snappier).
     
  6. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    ive ran both but i like sandboxie the best
     
  7. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    I ran both together, untill i made the switch to 64bit.

    Here's a thread of how i set it up.

    Cheers.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    Opinion statement, proof it
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Nothing against SB, but I use GesWall, powerful and very sure program. :)
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    GeSWall and Sandboxie should not be directly compared as they are different types of applications. Sandboxie is an example of an application sandbox using file system and registry virtualisation whilst GeSWall applies policy restriction to protected applications. The following quote from the GeSwall product description and comparison FAQ's on the GentleSecurity.com website makes clear the distinction between GeSWall and sandboxes.

    "GeSWall is not a sandbox. Perhaps the best sandbox you can afford is a separate machine or VmWare/VirtualPC, the rest is by definition incomplete solutions and will always have some flaws. Virtualization/sandboxing solutions create strictly separated environments. The less links between these envelopments and the rest of the system then better a sandbox is. That is a reason for usability problems. It is OK to run a browser there, but you would be reluctant to use e-mail client within a sandbox. Instead of breaking the links, GeSWall tracks an untrusted application data-flow: files, registry, etc. For example, GeSWall does not prevent a new file to be created by a browser, but it tracks out files created by isolated applications and isolates (restricts) an application that uses those file."

    It might be more relevant to compare GeSWall with products such as DefenseWall or AppGuard, which use policy restriction to guard untrusted applications and force them to run with reduced privileges and access rights. In terms of usage, GeSWall will protect those applications for which a policy has been defined. From the user perspective, policy restriction has the advantage of enabling the system to be used normally, except for software installation and updates when it is often necessary to temporarily suspend protection.

    Sandboxie is an example of light virtualisation where the virtualisation product runs as a normal application under the control of the OS, as opposed to a virtual machine machine where an OS must first be loaded into the VM. The approach utilised by Sandboxie is application virtualisation, so Sandboxie will only protect applications that are started within the sandboxed environment. Unlike other virtualisation approaches, Sandboxie does have the advantage of not needing a reboot to exit the virtual environment. From the user perspective, virtualisation has the disavantage of forcing the user to be aware of operating in a dual environment, which some users may dislike or find confusing.

    In the light virtualisation genre, there are also programs such as Returnil and Shadow Defender. These are both different to Sandboxie in that they virtualise the entire system partition, rather than individual applications. This makes them less convenient to use than Sandboxie as they both need a reboot to exit the virtual environment. Returnil and Shadow Defender enable a wider range of applications to be tested within a virtual environment than Sandboxie, and are both good choices for 64-bit systems where Sandboxie is not supported, or for those 32-bit systems where Sandboxie does not work well.

    The difference between policy restriction and virtualisation has important consequences for security and privacy.

    Policy restriction can provide a very strong security model, both in terms of prevention of infection by malware and also prevention of identify and data theft resulting from malware infection, but only for applications where a policy has been defined. Also, whilst malware may be effectively prevented from infecting the system, traces of activity can be left on the hard disk. As a result of this, products in this genre may adopt a hybrid approach, combining policy restriction with partial virtualisation and/or rollback capability in order to enable undesirable traces of activity to be eliminated. (I believe DefenseWall does this and I think GeSWall also has something similar.)

    Virtualisation, on the other hand, is not intended to prevent malware infection, but rather to isolate and contain it within the virtual environment. Virtualisation on its own does not provide a complete security solution, as identify theft, password and data stealing, etc., are not prevented. As a result of this, products in this genre may also adopt a hybrid approach, combining virtualisation with some policy restriction features. (Sandboxie does this.) Virtualisation shortens the time to removal of malware and guarantees 100% cleanup, as all traces of activity are automatically lost on exit from the virtual environment. This feature of virtualisation makes it particularly suited to testing software (exactly what can be tested within the virtual environment will depend on the type of virtualisation) and is also an advantage where privacy is an important consideration.

    IMO, to achieve a high measure of security and privacy, policy restriction and virtualisation are most effective when used together: either implemented separately or by using an application that combines the two approaches within a single product. As always, each user has to make their own decision as to what's best for them, based on a balanced assessment of requirements and risk.
     
  11. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    That was a very good post, pegr.
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Thank you very much - that's very kind of you to say so. :)

    Regards
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Just for the record, I run Outlook as an email client within Sandboxie, and it works very well.
     
  14. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    pegr, that's what I call 'informative and to the point'

    kudos
     
  15. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    its simple , Geswall got many holes and very hard (impossible) to configure when u encore sites in your mother language that not open .
    SB more flexible in so many ways compare to Geswall , u just have to over his option and see .

    also Geswall was bypass to many times in the past (check its forum) , and the most important thing they release fixes one a year almost :mad: :mad: :mad:

    i don't think more than that need to be add , a smart person should get the all picture(aren't you) :)
     
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    YES , and that is also way of setting up a good security environment, MIXING 2 or even more different protection mechanism to achieve max protection ;) , the argue will always remain which two or more to mix :D
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep,

    But you have it problably in a seperate sandbox, which you never clear or you recover e-mails and attachements immediately. When you use the last scenario the protection of mail attachements ends when they are recovered.

    We are talking about theoretical differences here.

    Theoretically the less interfaces the more robust a solution is. Simply because the attack surface is easier to control (attack vectors are only possible through documented and undocemented interfaces, the latter are called exploits) and there is less code involved (reducing the chances of errors in the code wihich should protect you in the first place).

    When you compare sandboxie with bufferzone for instance, sandboxie contains a more on the process level. Downside is that its interface is more complex, but Tzuk has proven to be an excellent programmer, so the interface disadvantage is theoretical, while the more complex process containment is a practical advantage. Same appleis when you compare GeSWall with DefenseWall. GeSWal uses windows internals, therefore it cannot overcome the limitations of NTFS security. DefenseWall on the other hand can offer total untrusted file control.
    Ilya is as fanatic (and possibly as square) asTzuk on securty and software quality. At the moment it will be hard for them to deliver the same standards with 64bits security/kernel limitations of Microsoft OS-ses, while GeSWall will problably be able to release a x64 bits version (due to the lower complexity of the interfaces and usage of OS-internals).

    Interface complexity advantage is the reason why Shadow defender and Returnil (partition/disk virtualisaton is simpler than application virtualisation) are able to deliver x64 versions.

    At the moment theres is one clear winner in application virtualisation (Sandboxie), while partition virtualisation is still a close finisch (personally I like Shadow defender over Returnil, but that is my subjective preference in regard to the options/settings provided), on policy management DefenseWall (v3 is simply great) has the advantage over GesWall (easier FireWall, total untrusted file control), but in future GeSWall might well jump ahead with a x64 version.

    Bottem line:

    For disk/partition virtualisation you can not go wrong with Returnil or Shadow Defender, same applies to policy sandboxes like GesWall and DefenseWall. Only on the applicaton virtualisation Sandboxie seems to out compete every other solution (GreenBorder, BufferZone, SafeSpace). So pick you preference, because every choice is a winner. Not much sense in discussing theoretical differences IMO

    Regards Kees
     
    Last edited: Dec 13, 2009
  18. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    SafeSpace..I was in love with this app...

    forgive me this lil OT...
     
  19. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Glad you found it useful. :)

    Regards
     
  20. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Can't go wrong with either. I've used both at different times using different browsers, OS's and other security software and they both work very well. This week I'm using SBIE maybe next week I'll switch back to GeSWall. :argh:
    The post's above explain the differences very well.

    Ice
     
Loading...
Thread Status:
Not open for further replies.