Question

Discussion in 'other anti-malware software' started by Newby, Aug 10, 2010.

Thread Status:
Not open for further replies.
  1. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hi,

    I see some members (Tlu, Windchild, Lucy) pledging for using you OS internal mechanisms. On the other hand I see a lot of members running admin using HIPS and some sort of virtualisation. Somewhere in between I see a few active members (Kees1958, Sully) exploring the edges of the OS to find a 'safer' and still 'flexible' Admin environment.

    All these post and threads have given me the following impression
    a) some members invest in a more expensive OS version and use it security potential to the max and live happy with light and solid protection
    b) most members buy home version OS-ses and run Admin with their choice of protection (mostly HIPS/FW and/or virtualisation)
    c) a minority (Sully and Kees195:cool: uses the OS-internals as an admin, they come with new angles to get strong protection, but overall their solutions are more to difficult to implement.

    To me the A option is a past station, simply because my new laptop came with Windows 7 Home (and Microsoft does not has a wallet friendly trade up option). The C option looks very appealing to me, because of the low overhead (compare Kees1958 Browser startup times of a second with f.i. Sandboxed browser startups of 5 to 10 secs cold). In the sandboxie tread I also 'feel' some post are questions for help to put forward problems and negative thoughts about Sandboxie (so delay is exaggerated IMO)

    I am doubting between B and C, so therefore the following question

    a) What is your FW/HIPS or virtualisation solution?
    b) WHat is the difference in browser startup time when having enabled protection and what is it without it? (first cold and repeat startup)

    Thanks
     
    Last edited: Aug 10, 2010
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    I can give you only the example of my wife's laptop Athlon X52 @ 1,6 Ghz

    On XP home with DefenseWall + Avast file shield only
    - cold IE8 startup 4 secs, hot <2 secs
    - cold Chrome startup <3 secs, hot 1+ sec

    On Windows7 Ultimate 32 bits with OS-only + Norton UAC tool + PrevX Safe Online
    - cold Chrome startup 2 secs, hot < 1 sec
    - disabled IE8

    Other changes also were accompied with hardware changes
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    here PE Guard 2.1 very soon will have registry protection:D WinPatrol PLus:thumb: and some registry tweaks;) for peace of mind
     
  4. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Well glad you are a happy camper, but what is the difference in first launch and repetitive starts of your browser, with this setup and without those security programs running?
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what do you mean?:)
     
  6. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    See Kees1958 answer

    Time of first and second start of your browser, with and without having PE Guard, WInpatrol, hitman pro running?
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is same speed:) like 3 to 5 seconds for booting up after restart:D
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Option C DOES takes a lot of effort to implement.
    (Because later you can get software crashing, like i had with all the browsers, and some stuff more when i enabled SRP)
    BUT it's worth imo :thumb: :D
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Those members supporting common methods (Tlu,Lucy,Windchild.. you may as well include wat0114 too ;) ) are knowledgeable chaps with a tried and true method to teach. Anyone would do well to take note of their favored methods, because they work. Whether or not they are what you want is something only each person can decide. I have no problems at all with their approaches, in fact I think it is the best way to tread if you can.

    Others who use HIPS and all that, I personally think most of them just like to know and control. Some learn with HIPS as it is a great teacher, some just have to have that level of control. Nothing wrong with that either if you dig it.

    And then we have those like myself who either just like to experiment, or for whatever reason will not leave admin status, or perhaps just are tired of all the rules and configurations that hips brings. I can't speak for everyone, but for myself I am always tinkering and refining approaches that can be somewhat complicated to implement, but also don't require much in the way of maintenance either. It doesn't always work out that way, but it is the goal for me.

    So, which way is faster, better, more secure? The answer is none of them and all of them, totally dependent upon who you are and what you know. Option A is the easiest to implement. Option B is the option that will work if you learn enough to use those security tools properly. Option C, I think the verdict is still out on that one because it is still in a constant state of flux!

    Sul.
     
  10. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    If you are going with HIPS, there's really not anything much better than Defensewall. Some people go with Sandboxie, I personally prefer Defensewall.

    I use Defensewall + Prevx (free, not SafeOnline) on Win 7 x86, browsers are Opera and Chrome, browser startup times have gone up by MAX 1 second (and I really do mean MAX). Then again, it's a relatively fast machine with an SSD.

    With Defensewall, the golden rules is if you don't know it, check it out, verify it, only then trust it. Follow the rule, and getting infected is... Let's just say no matter how many times I've tried, I haven't managed to bypass it yet, and boy have I tried hard. There's not much learning with Defensewall, and there aren't a host of pop-ups: I've got several non-technical people to use it correctly with a 2 minute explanation.
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Hardware firewall.

    FF starts in half a blink normal and a blink sandboxed here, both hot or cold starts.

    You could try setting Sandboxie's working/storage folder to a ramdrive and see if that improves things speed wise.

    The good thing about using a no restrictions system, well at least for me, and Sandboxie/Returnil is that you can see what's going on and easy to harvest any malware droppers from within the sandbox.
     
  12. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Thanks,

    I noticed some people mention 5 to 10 and one even 20 secs delay using SandboxIE. As mentioned in my post I got the idea that the help-me questions were more directed to making SandboxIE look bad. Also I have the impresion that disk virtualisation (e.g. Retunil or simular) do not have noticeable delay issues.

    What are the specs of your hardware?

    A blink for you is a second?
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Xeon quad @ 2.66, Win 7 32 bit.
    8 gig ddr2 1066
    Ramdrive for Sandboxie's storage folder.
    And yep a blink is about or a bit less than a second.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    My recommendations:
    • Use either a standard account (my choice) or admin account in UAC approval mode
    • Use anti-executable technology. You don't need an upscale version of your OS to do this. You can use Comodo Internet Security as an anti-executable, for example.
    • Audit permissions regularly to keep your OS-provided sandbox strong.
    • Optionally, run your browser as a low integrity app, if possible. I do with Firefox.
    • Optionally, use real-time anti-malware. I do.

    I'm not sure whether this is closest to configuration A, B, or C from the first post. All of this can be done with downscale operating systems for free, except for the cost of the OS.
     
Thread Status:
Not open for further replies.