I am thinking of getting a sandbox app or intrusion detection app

Discussion in 'other anti-malware software' started by MalwareDie, Dec 24, 2006.

Thread Status:
Not open for further replies.
  1. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    Can anyone point me to any free ones?
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Sandboxie, GeSWall, BufferZone Home
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    System Safety Monitor Free
     
  4. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    GeSWall is an intrusion detection?
     
  5. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    Whcih is eaier to use GeSWall or SSM? I would liekto know mroe opinions on sandbox applications and why you think one is better than another
     
  6. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    BufferZone works great for me!

    My system had serious problems running Internet Explorer inside Sandboxie,
    (something broke through and turned AntiVirus off).:eek:

    Eight Security Sandboxes Reviewed and Rated

    Since September, have had excellent performance and protection from the BufferZone {free}
    with absolutely no problems or complaints.:thumb:

    http://www.trustware.com/
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    No. It´s a "sandbox" with "application firewall" like features. You install it on top of a trusted system and it:
    -isolates apps. such as browsers, mail clients, IM, media players, etc.
    -virtualizes registry calls.
    -tracks all objects created by isolated apps. without denying writing to disk.
    -treats all objects created by isolated apps as untrusted.
    -deny access to folders marked as "confidential".
    GeSWall without any doubts. SSM and the likes(PG, AD, PS) needs lots of imput from you: parent/child relationship, hooking permissions, DLL loaded, registry calls, etc. GeSWall enforces mandatory access control policy. See more
     
  8. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    O ok thanks
     
  9. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I am trialing BufferZone but the paid version.
    Yesterday I did a scan with Spybot S&D I found a security center Anti-Virus override which would turn it off, which I deleted.
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Re: BufferZone works great for me!

    Please elaborate.

    http://sandboxie.com/phpbb/
     
  11. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Re: BufferZone works great for me!

    Quote:
    Originally Posted by pilotart
    My system had serious problems running Internet Explorer inside Sandboxie,
    (something broke through and turned AntiVirus off).

    Sure,

    I had first used Sandboxie for the purpose of conducting 'shopping' sort of research on the 'net' with Firefox.
    This had worked very well and never had any problems at all.

    I have an old, free Email account with excite.com that will only open with Internet Explorer
    set to the lowest possible security settings and so I wanted to do this within Sandboxie.

    This was when I first encountered problems, after opening a few pages the first symptom was usually that the
    Bluetooth IntelliMouse would stop working and would need to revert to the ALPS Touchpad to control the cursor
    and buttons, this would soon progress (few more pages) to a total freeze of the system and a need to reboot.

    Removing Sandboxie and installing the most current version of Sandboxie (2.60) showed absolutely
    no improvement in these symptoms and they would occur within a few pages opened on every attempt to run a
    Sandboxie'd IE6. this would be true on a dial-up modem, WiFi or LAN connection. (see Thread {Re: Sandboxie 2.60 issues}

    The final straw came in late September when shortly after the loss of BT IntelliMouse (should mention that no other action
    had ever killed my Mouse except using a Sandboxie'd Internet Explorer 6, set to low security),
    I saw the AntiVir's Umbrella icon close (meaning active protection had been turned off, again never seen before)
    verified by Task Manager's loss of avguard.exe and the internet connection was still active!

    I immediately performed a 'hard shutdown' and rebooted with GoBack to a point in time prior to this
    Sandboxie Internet Explorer incident.

    Most other Reports and user's comments have glowed in their love of Sandboxie and with Firefox
    it never showed any problems for me. May be like AntiVir Classic works best for my Systems
    and is full of issues for some other users.

    The Eight Security Sandboxes Review had also spoke well of Sandboxie (along with GreenBorder and BufferZone)
    so I installed BufferZone's Free Internet Explorer Application and have used (version 1.9) since 27 Sept
    with none of the issues that plagued my Sandboxie.

    Although BufferZone was a much larger Program than Sandboxie, is very simple to use and is very well designed
    to do an excellent job of protection without problems. have also found that you can also open any other application
    (like Firefox) within BufferZone {FREE} from a Right-Click menu.
    see...application-level virtualization software that protects Windows hosts from malware.
    ________________________________________
    Have never seen that on S&D, but I have now set my Administrative Tools, Component Services to restart
    AntiVir (Guard) service after: [0] minutes and reboot on third failure.
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yep,Sandboxie is one of the best at a very small download and install.

    Some people do have issues but I haven't had any at all with no slowdowns either.

    I have deliberately gone to compromising sites and downloaded all sorts of evil stuff and executed as such within the confines of the Sandbox and haven't had a single one escape to cause havoc.

    Kav and SuperAS, used as on demand, never find a thing after emptying the sandbox.

    Ideal first line of defence against any inet borne zero day attacks and malware.

    Might add I do have ghost images and a clone on a slave just in case.:)

    Quote from the Eset (Nod32 av) site, Dec 15th blog:

    When I went to this specific web page it automatically launched a video! I’m sure glad I run Firefox and IE in SandBoxIE (www.sandboxie.com). If the video exploited a vulnerability I could have had become infected with all kinds of bad programs that could steal my passwords or other information on my computer.

    Virtualization technologies, such as SandBoxIE are a great compliment to Anti-virus solutions. Neither stop everything, but virtualization can protect sensitive data, and if something bad was installed it will be gone when I empty the sandbox.

    http://www.eset.com/threat-center/blog/index.php
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When looking for freeware

    For simple setup and more resource usage I would suggest

    - CyberHAwk as some form of "intrusion detection" (manipulating processes, etc) and BufferZone free as 'sandbox'/HIPS

    Lowest resource usage and more configuration effort
    - SSM free/Prosecurity free as "Intrusion Protection"
    - GesWall ans sandbox/HIPS

    Regards
     
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I have a mixed feelings towards Cyberhawk. It is now uninstalled from my system, but I leave a second chance to it. When it has I hope an option to switch it off etc. I felt my system was not as stable with it as it is now without it.

    Sandboxie has worked well for me. I think it and CH don't really work so well together, so CH was one to go. It is still in the beta stages imo.
     
Loading...
Thread Status:
Not open for further replies.