Playing with SandBox HIPS

Go to GeSWall Console. Then select any application. Then right click and properties.

There are 4 security levels:
- always trusted
- trusted (auto-isolation)
- trusted
- untrusted

If you set the application as untrusted, it couldn't run at all.
But it is still called as trusted even if you auto-isolate the program (actually it is auto-restricted, a misnomer). At least that's how it calls.

Protection is what we are more concerned, right?

Inside a virtual desktop? Why?
Are you using another virtualization app? Which one?

You forget a third option - GesWall + Sandboxie.
Not just either this or that, but also "both".

Have you ever tested some super-virtualization app which "sandbox" the whole operating system? What it tries to do is to run a virtual operating system within your current operating system. Any change made by that virtual operating system will not affect your real one. As you can understand, it offers much better protection than any sandboxing application.

 

As far as sandboxie is concerned, you can set it to automatically delete all the contents when you un-sandbox the program.

Anyway, unless you know what you are doing, couldn't it be very silly to run programs thoughtlessly contained in sandboxed folders? They are supposed to trap all things including the poisonous malware. How come a user will have the guts to do that, not to say it defeats the purpose of sandboxing? That's beyond me.

But that's not the case for behaviour-blocker-type programs like GesWall. When you see a link on your desktop which looks like your favorite application, average Joe could get into the trap easily.

 

If any application runs on ur system that has no rules in the aplication data base, GesWall will let run without any interaction.
If u run an application which ahs rules in the data base it will run acc to those rules as trusted, trusted but autoisolated/ auto-restricted, or untrusted.
Never tried to run anything untrusted though as it will not let ,ost applicatiosn run i guess but not sure.

Ya.

I was talking os sandboxie, if I use it.

No way. Either of them, never both. Sandboxie is complete sandbox so u never need GesWall with it.

If u talk of VMware, there are issues as u need another XP licence to run virtual XP OS, also u need more ram in ur system. I personally never used so can,t say how good it is. If ever I will try then I will know.
An intermediate is ShadowUser/ Surfer. I use SS.
Only problem with GW is that its rules are very difficult to understand atleast for me and other beginners so I have to rely upon application rules updates esp when new versions of these applications launch( the rules might have to be modified accordingly). So infuture if anytime the support is gone teh software is useless. This is not the case with true sandboxes like Sandboxie or BZ where u can use one version for much longer time provided it is sufficiently bug free.