HIPs and Sandboxes

Discussion in 'other anti-malware software' started by starfish_001, Dec 28, 2005.

Thread Status:
Not open for further replies.
  1. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Not a strong area for me So I was wondering as a Process Guard / SNS user what the likes of DefenceWall and BufferZone actually give me. I liked Defencewall when I ran the Beta but ... Given I have these PG/SNS already and could run processes untrusted by launching like below:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp

    Michael Howard outlined how you can programmatically spawn a process that runs with reduced privilege, even if you are logged on as an administrator. The aim was to run processes performing Internet functions (applications most subject to attack), such as Web browsers and e-mail clients, in reduced privilege to decrease the damage potential of any malware using these agents as attack vectors.


    What am I missing?
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Running things as a non-admin is always a good idea, even if it is only with something like DropMyRights. DefenseWall will give you stronger protection that's a little easier to manage, but DropMyRights with ProcessGuard makes for some very strong protection as well. The one advantage you would have with something like DefenseWall is that once something is inside the sandbox area, it can't even see anything outside of the sandbox, which is not true for DropMyRights.

    Either way you go is going to give you very strong protection, so I think it's mainly up to you. My own preference is to use DefenseWall.
     
  3. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Notok

    Thanks - I came to that conclusion - defencewall does make the admin very nice - I'd forgotten about being able to see out of the sandbox area
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    You can actually run DW and DRM together, for that extra paranoid(tm) protection! :D (I did for a while, and actually didn't have any problems at all.)
     
Loading...
Thread Status:
Not open for further replies.