Iron Shield Security

Discussion in 'other anti-malware software' started by EASTER, Feb 13, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Theres many stacks of apps that serve all of us comfortabley well. How in some of your opinions do you see the percentages in a setup like this with DEEP FREEZE for one with it's sister AE as a compliment shore up in a support role with Sandoxie + a top notch HIPS? What possibly could stand any chance to pass thru such a wall of this with only 4 such security programs that could stand a chance to topple thru fortreses made as this one?

    AE would immeditately repel executables and even before it, the HIPS would surely pick up any approaches from any type of offending file to suspend their activity before their code signals even make it to their targeted designed locations of the files/location.

    And in addition with just those apps alone and with the entire system sandboxed with SandoxIE, where possibly does that leave potential attack files to go when they are solidly contained in a containment zone easily terminated & deleted without so much as a reboot?

    In 0ther words in your opinion what alternative to they (malare) have to even remotely make any real contact to your system let alone affect some type of disruption?

    And lest we forget, with DEEP FREEZE to finalize dismissal of the entire attempted ordeal. what percentages if any or points are left for any approach fashioned in this manner?
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    LOL, I thought it was some newly launched HIPS! :D

    I also must admit that I don´t really understand what you´re question exactly is. :doubt:
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    More than overkill ;)
    User mistakes, vulnerabilities in the security apps, instabilities caused by too many filter drivers, unknown attack vectors, interpreted code (scripts), etc.
     
  4. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I have DeepFreeze, Sandboxie and Returnil.

    If I'm just visiting one of the way too many forums on which I participate, I usually just use Sandboxie. If I'm downloading various types of softwares to look at or play with, I engage Returnil. I feel that's more than enough.

    IF I regularly played on risky or dangerous sites or places, I might look at more security. I really feel the three I have are more than enough.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Thanks.

    I don't of course agree just those 4 apps as "overkill" for obvious reasons, newly coded malware to both bypass a firewall and/or attempt to corrupt say for instance DEEP Freeze's executables because keep in mind, unless an app is self-protected well enough or even obfuscated like malware likes to do to conceal it's core main system, something as simple as a file infector could render them affected enough to force a user to have to resort to a reinstall from scratch in some worse case scenario.

    That's from the most destructive point-of-view of course, rootkits on the other hand would have to be the most clever to have any chance to hide on disk because a simple reboot with DF would clear the disk of any entries prior to going FROZEN.

    HIPS in my opinion would serve as a "live" reporter that something unusual might be making an approach for entry, and remember, HIPS file protections also covers those elusive and much used in the past scripts. AE would pick up on executables and abort those immediately regardless if not found matched in it's whitelist.

    SandboxIE would for all purposes have already captured any entry within it's sandbox, so as long as it would continue sturdy & durable enough to fence in anything, the rest of the security progs mentioned would just be in a supporting role more or less.

    I do appreciate all your comments and opinions and actually admire the reply of overkill since that gives a lot of credit that at least one or two of these security programs are formidable enough in their own right.

    EASTER
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    With AE onboard, the executables of DF should be protected from tampering.
    LUA bans the installing of kernel level drivers, low-level disk access, MBR modification and CMOS access. Not much space is left for rootkits (user mode rootkits, privilege escalation exploits, etc). Realistically speaking, almost all rootkits droppers are executables, so with AE aboard they won't even have the chance to execute.
    IIRC, the file protection feature of most (if not all) HIPS is extension-based, making then no more useful than Script Defender. The real advantage of HIPS is in the control of wscript.exe, rundll32.exe, etc
    That's for sure. Execution control (AE, SRP, classical HIPS in anti-execs mode), boot-to-restore (Returnil, DF, etc) and sandboxing threat-gates (Sandboxie, GeSWall, etc) or the system (LUA) are the most powerful tools we have. Combining two of them result in a virtually bullet-proof system.
     
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Good points, Easter. I've considered adding Online Armor. My purpose in Sandboxie, DeepFreeze and Returnil is to have solid protection without loading up my computer, as I have in the past. I trust that whatever new problem comes along in the future that can break either Sandboxie and/or Returnil, they'll have a fix for it very quickly.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I think lucas1985's reply pretty well dispels most any doubts that linger for some of us and help convince us to feel a lot better about our choices, i know it does me.

    All that which is mentioned is right-on-par AFAIK. Points made are very well said.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Another good point, if a leak appears somewhere, it's fixed rather quickly. In the meantime, we have images, data backups, fully patched systems, Firefox + NoScript and safe computing. They aren't security applications (except NoScript) but they're security layers in the end.
     
Loading...
Thread Status:
Not open for further replies.