Policy sandbox, CPU load/covered area's

Discussion in 'other anti-malware software' started by Kees1958, Jul 20, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Last few days I have been trying some Policy Sandox + HIPS/AV combi's on our XP box SP3 (Athlon 3900), this gave some surprising results

    ThreatFire + DefenseWall = good 3 secs with Opera startup col
    ThreatFire + GeSWall = just 3 secs (which is understandabe because GW is overall a tat faster than DW)

    Rising AV/HIPS + FW + DefenseWall = just 2 secs
    Rising AV/HIPS + FW + GeSWall = good 3 secs (?)

    Security considerations

    TF with GW:
    - with TF custom outbound rule and GW confidential network outbound rule gives full outbound protection
    - GW is able to protect against RegHide, GW covers more HKCU keys (than DW)

    Rising with GW
    - FW gives outbound protection, DW provides tampering protection with Resource Protection (meaning a policy wall between untrusted aps), so basically you have got outbound control covered, alyhough TF + GW is a bit more transparanet on explicit user setting)
    - DW has total untrusted file control, which is completely build in and monkey proof (unlike GW)

    Conclusion

    ThreatFire free + GW Pro (paid) is a good option and Rising AV/HIPS/FW free + DW (paid) is a good option

    Regards Kees
     
    Last edited: Jul 20, 2008
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    so the rollback bottom will cover that,find the regkeys and delete it if you need to.
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, DW's rollback can delete such the "hidden" keys.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    so we still have the protection to roll back the reg and delete which is good.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ilya I am just being objective. I can live with it as long as you develop the new feature you discussed in the "rollback quarantaine post" on DefenseWall forum (maybe you could consider the suggestion of a 'positive critical' user of your application :D ).

    Regards Kees
     
    Last edited: Jul 21, 2008
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Kees, have you checked pre-2.45 version?
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I did now, compliments

    Resource protection
    You implemented the web mail custom rule. Did you also implement it for Vista mail? (Guess I know the answer :blink: ). DW found that I had moved my mail directory, this is very user friendly added protection. :thumb:

    Context menu
    At second thought I would think "allow to be modified by trusted only" is better than "allow to be accessed by trusted only". Access might confuse users with secured files, sorry my mistake. :oops:

    What about using the same terminology as GeSWall (confidential) for secured files/folders. You guys are in the same class, so might as well establish same terminology where applicable. :p

    Rollback
    Put somewhere on the title header (right mouse click for options). Change column Time to date/Time. We are nearly there, just a few minor remarks:
    - Query Google = only export program/file name (only copy string after last \ to Google search)
    - Save details = okay
    - Please provide an extra option like Anvir Task Manager does (provide extra option for executables: Check at VirusTotal)


    Thanks
     
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Vista Windows Mail is supported by resource protection rules since 2.40 version.

    As about other remarks- I'll think about them.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Opera users tip

    Change the temporary download directory to a place outside opera's program directory, this will cause lesser respurce protection pop-ups when opening txt, word files etc.
     

    Attached Files:

    • tip.JPG
      tip.JPG
      File size:
      44.4 KB
      Views:
      4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.