Policy sandbox, CPU load/covered area's

Discussion in 'other anti-malware software' started by Kees1958, Jul 20, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Last few days I have been trying some Policy Sandox + HIPS/AV combi's on our XP box SP3 (Athlon 3900), this gave some surprising results

    ThreatFire + DefenseWall = good 3 secs with Opera startup col
    ThreatFire + GeSWall = just 3 secs (which is understandabe because GW is overall a tat faster than DW)

    Rising AV/HIPS + FW + DefenseWall = just 2 secs
    Rising AV/HIPS + FW + GeSWall = good 3 secs (?)

    Security considerations

    TF with GW:
    - with TF custom outbound rule and GW confidential network outbound rule gives full outbound protection
    - GW is able to protect against RegHide, GW covers more HKCU keys (than DW)

    Rising with GW
    - FW gives outbound protection, DW provides tampering protection with Resource Protection (meaning a policy wall between untrusted aps), so basically you have got outbound control covered, alyhough TF + GW is a bit more transparanet on explicit user setting)
    - DW has total untrusted file control, which is completely build in and monkey proof (unlike GW)

    Conclusion

    ThreatFire free + GW Pro (paid) is a good option and Rising AV/HIPS/FW free + DW (paid) is a good option

    Regards Kees
     
    Last edited: Jul 20, 2008
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    RegHide is not any dangerous. See no reasons to improve DW against it as its rollback function works preperly with such the keys.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    so the rollback bottom will cover that,find the regkeys and delete it if you need to.
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, DW's rollback can delete such the "hidden" keys.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    so we still have the protection to roll back the reg and delete which is good.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ilya I am just being objective. I can live with it as long as you develop the new feature you discussed in the "rollback quarantaine post" on DefenseWall forum (maybe you could consider the suggestion of a 'positive critical' user of your application :D ).

    Regards Kees
     
    Last edited: Jul 21, 2008
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Kees, have you checked pre-2.45 version?
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I did now, compliments

    Resource protection
    You implemented the web mail custom rule. Did you also implement it for Vista mail? (Guess I know the answer :blink: ). DW found that I had moved my mail directory, this is very user friendly added protection. :thumb:

    Context menu
    At second thought I would think "allow to be modified by trusted only" is better than "allow to be accessed by trusted only". Access might confuse users with secured files, sorry my mistake. :oops:

    What about using the same terminology as GeSWall (confidential) for secured files/folders. You guys are in the same class, so might as well establish same terminology where applicable. :p

    Rollback
    Put somewhere on the title header (right mouse click for options). Change column Time to date/Time. We are nearly there, just a few minor remarks:
    - Query Google = only export program/file name (only copy string after last \ to Google search)
    - Save details = okay
    - Please provide an extra option like Anvir Task Manager does (provide extra option for executables: Check at VirusTotal)


    Thanks
     
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Vista Windows Mail is supported by resource protection rules since 2.40 version.

    As about other remarks- I'll think about them.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Opera users tip

    Change the temporary download directory to a place outside opera's program directory, this will cause lesser respurce protection pop-ups when opening txt, word files etc.
     

    Attached Files:

    • tip.JPG
      tip.JPG
      File size:
      44.4 KB
      Views:
      3
Loading...
Thread Status:
Not open for further replies.