sand box and Hips

Discussion in 'sandboxing & virtualization' started by theflamingbush, Sep 17, 2006.

Thread Status:
Not open for further replies.
  1. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    ive recently got hold of spyware terminator, and have been running it in conjunction with my avg suite, and zone alarm pro. I am not financially fluid so free security software is a big big bonus for me, as im a writer, and well you know about us artistic types. Anyway, i have a couple of questions for the security brains on here, and i hope you dont mind me tapping into your experience.

    Im thinking of changing my ST program and moving to a sandboxie/SSM free hips combo, to ensure my online browsing is secure....has anyone had any experience of these in combination?

    I also run ewido, spyblaster, spybot, ad aware, and a sophos root kit scanner for on demand scans on a regular basis. But my major concern is online scanning. Am i right to want to get rid of ST in favour of SSM free hips and a sandboxie combo?

    any suggestions would be greatfully accepted, also i wonder if anyone can spot a hole in my security set up that i should be filling with an alternate (free) prog....thanks :)

    first post by the way! :cool:
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Welcome to Wilders!

    For a brief discussion revolving around free options, see here. There are other comments throughout the site, but that's a fairly recent thread with a free focus.
    Whether or not you have holes will depend on matters beyond the set of applications and/or settings that you use, so it's a rather difficult question to answer in general. With that caveat in mind:
    • I would tend to recommend Avira or Avast instead of AVG. This is based on performance testing trends displayed by these products over the past couple of years, see www.av-comparatives.org. Also, don't discount the AOL AVS free product, it is based on Kaspersky AV. Finally, verify whether or not your ISP has free security software available for subscribers. It is often not highly advertised. For example, through comcast.net I could get a fairly complete McAfee security setup.
    • Ewido/Spybot/AdAware are fine on demand. Personally, I use Ewido only, and very infrequently at that.
    • ZA Pro should have you covered very well on the firewall side of things. There's should be no need to make adjustments there.
    • As is (AV/demand spyware/firewall), you're covered well. Adding SandboxIE/SSM more or less puts a front line defense ahead of these. If you run from an Administrator account, you can always trying working from a limited user account. This does provide a fair level of protection although some software packages are really not written with the limited user in mind. Whether or not this would work for you depends on the applications you use.
    • The conceptually simplest HIPS type approach seems to be a default deny whitelisting scheme. These require installation on a known clean machine. Basically, applications unknown to the program will not be allowed to execute. Examples would include Abtrusion Protection (it really doesn't look like this has been abandoned), AntiExecutable (paid), PrevX1 - interesting licensing approach - as their website notes:
      I've been trying out the latter two options on and off for a while now. If you don't install new software frequently, AntiExecutable generally just sits in the background and is silent unless an unknown executable is started. For a machine in which the executable content is fairly dyanamic, I would strongly tend to go in the direction of PrevX1. Both appear to work quite well.
    Blue
     
  3. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    Thanks Blue for the welcome and the advise. I note that you dont mention the sandboxie/SSM combo in your reply, but you sure gave me something to concider over all , so ide like to thank you for that! :)

    I will trawl through the link that you gave me in relation to the free protection, thanks again for that.

    TFB
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Solely from lack of personal experience with the combo, as well as SandboxIE alone. I have looked at SSM. If you perform a search for the pair of terms, you'll pickup a number of hits. Both products are used by many here, not sure if the combination is, but I'd assume a number use the pair. Both products are fine. In the grand scheme of things SSM (not the free version mind you) is a little noisy for my tastes.
    My pleasure,

    Blue
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have run this combo (it was actually the full SSM), with no conflicts/problems
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Why you want to get rid of Spyware Terminator?

    Its realtime shield is great, use very very low resources, and it's a very good complement for your AV.

    I think that you should change your AV for a better one, like AOL Active Virus Shield (free version of Kaspersky), avast! Home Edition or AntiVir PersonalEdition Classic, that are much better then AVG Free Edition!

    In my opinion, Sandbox's or HIPS programs are a recent technologies that still requires works to become stable and works effectively...
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,124
    Location:
    Pennsylvania.
    dude spyware term has HIPS
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    V_C has disabled it though, and it is not required.

    Alphalutra1
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You are right, Alphalutra1 :)

    I don't use the HIPS feature of Spyware Terminator :p

    And it is disabled by default...
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But u can,t edit the rules as I know. If it is true then it is pretty useless.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I have used SSM Free with GesWall sandbox without problems( along with Antivir free, and Comodo firewall).
    I will suggest u to replace AVG with Antivir, Avast or AOL AVS.
    U did not mention firewall- I personally like Comodo.
     
  12. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    thanks Aigle,ive now taken it off my system, not because i thought ST was a bad program, in fact it was an excellent add-on to the avg suite i have. Ive been using the AVG suite by the way mostly because ive founf it adequate and not overly heavy on my resourses, also because of the extra email scanner is handy.....but im open to suggestions, it seems that others here like the Antivir suite, does it also cover email?

    Ive been working my way through some of the stuff that SSM provides for, and working out the sandboxie config this afternoon. I have to say ive found SSM quite complex in relation to the rule assignments, and although the notes by the 'herbalist' in a couple of the other threads are BRILLIANT and most helpful, its still been a little mind bending.

    ST is a great little program, but i found it a little bit of a resourse hog, maybe it was just the combo with AVG and ZONE ALARM pro, (my fire wall), But it slowed things down a bit on occasion, and streaming seemed to suffer accordingly. So i decided to try a different combo, each system is different after all. :)....so its not because i personaly had anything against the program. ;).....i dont believe any of that rogue spyware pish posh!;)....and thought actually that the AV was a great accompanyment to my present AV.
    i didnt disable the onboard HIPS, although i couldnt set the rules and this might have become a problem. That said, its probably a darn sight more user friendly , because setting the rules for SSM has become quite complex for a security dilletente like myself.

    Im trying it out anyway, and see how it all works....so far ive been bloody impressed with sandboxie, and i like the concept of having a virtual area that quarantines my working enviroment from my hard disc. It feels like a decent security solution to the ever increasing threat posed by unscrupulous others who would wish to procure info that youde rather they didnt have! ....lets see how it goes.

    I think i'll check out the antivir suite, but i have to say i have had no end of trouble with the avast av suite over the years...im simply not impressed by it.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Free version has no pop3 mail scanner. Have no idea about OutLook as I don,t use it. BTW pop 3 mail is alreadt scanned by some AV.
    Let som expert member to come and explain these things more better about Antivir.
     
  14. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    Well VC, i went to the sight that Blue posted concerning the comparisons between the AV scanners and suites, and although i have to say i was impressed by the avira antivirus 'premium' suite, the only free edition they offer is the 'classic', and there must be some reason that the premium is premium and the classic is classic. i do need some pop3 security for my email, and as im also running thunderbird and firefox, im thinking that a zilla friendly scanner would be a bonus as well. The AVG definately worried me in the polymorphic stakes, and if the classic can be shown to be better as a classic and not just as a premium i may well change suites.

    any ideas why its classic and not premium, and whether i can protect my emails, and hard drive, from my emails and attachments?....because so far the AVG has been pretty good along those lines....ive decided to go for overkill and have reinstalled the ST given the extra protection it offers on top of the avg. So now im running:

    avg
    zone alarm
    sandboxie
    Spyware terminator
    SSM

    and uncle tom cobbly and all! LOL! ;)....that should slow me down to a crawl!...although i have to say i havent noticed any problems or significant slow down, as ive disabled the onboard HIPS with ST....im sure this was slowing things down.....and am relying on the specialist HIPS with SSM.
     
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    One is paid, one is free. One is full featured, one is not.
    Do you know whether you ISP scans e-mail at the server level? Many do, which renders an email scanner potentially redundant.
    I've not used Avira, but according to the website, Premium gets you the following additions:
    • Integrated detection of ad/spyware
    • Extra protection through email scanner (POP3)
    • Exclusive download server for faster updates
    • User-defined update intervals
    • Scan function for selected directories
    It is somewhat germane to recognize that a standard AV can deal with email based malware attachments when the file is accessed. E-mail scanning gives you an earlier notification. It's a judgement call whether you need that early warning. As in all matters involving security and insurance, it's a question of your personal risk profile and aversion to downside outcomes - there is no one true path. AVG could be a perfect solution for you. Just recognize that there are alternate options and make your selections based on the best information available.

    Blue
     
  16. theflamingbush

    theflamingbush Registered Member

    Joined:
    Sep 17, 2006
    Posts:
    25
    thanks Blue...that was quite informative. It seems its a bit of a trade off, the avira has a better polymorphic scan, but the AVG comes with a good email scan client.....i shall see how running the double virus scan with ST on top of avg works, and post if there are any problems. Thanks for your assistance! :cool:
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Can you explain this a little better?


    About the AV's:
    I just suggest the best free AV's, then you should check their features and see what is best for you.
    If you need that the AV check the email, try first AOL AVS that have the best detection rate, and than avast! HE...
     
Thread Status:
Not open for further replies.