Sandboxie and Defencewall

Discussion in 'sandboxing & virtualization' started by AdamL, Feb 14, 2011.

Thread Status:
Not open for further replies.
  1. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    Hi :D

    I have been playing around with Sandboxie and Defencewall (separately).

    When I run Chrome sandboxed and download a file it then asks me if I want to move this file out of the sandbox?

    When I am running with Defencewall only I dont receive a similar message from Defencewall.

    It seems that both programmes work in different ways, am I correct?

    Does Defencewall sandbox my browser and any downloads in the same way as Sandboxie? If not, can I setup Defencewall to behave this way?

    I am very impressed with both programmes, now I just need to decide which to spend my money on (unfortunately buying both is not an option for me)

    Thanks,

    A
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    SBie and DW works differently.

    i suggest you try both for a few days and decide which one you like the best.

    if you are short on cash Sbie is the best deal (free version & lifetime license).

    you might also want to give Geswall a try, it is somewhat similar to DW.
    Geswall has a free version and a paid one.
     
  3. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Correct.

    No. DefenseWall saves the file to the actual directory that you chose to but gives the file a untrusted status. SandboxIE saves the file to a directory named C:\sandbox usually. This folder is isolated from the rest of your system that why it is asking if you would like to recover the file to the real directory.

    DefenseWall right out of the box is strong. It usually needs no configuration.
    SandboxIE right out of the box is strong but you need to tweak the settings.
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Sandboxie and DefenseWall do sandboxing differently so you should not
    expect them to behave the same way, they achieve sandboxing by
    virtualization(SBIE) and policy restriction(DW). In both cases files that
    come from the internet are sandboxed/isolated from the rest of your
    system so your real system can not be changed by this files. If you
    choose to use Sandboxie, all files are deleted at the end of your
    browsing session when you close your browser, only keeping the files
    that you want. If you use DW, all files will remain on your system but
    being untrusted, they will not cause any trouble. To get rid of them,
    you can use malware scanners or the rollback function.
    When you download, using SBIE, you ll see a prompt like you did, thats
    immediate recovery but you can change that setting to quick recovery.
    Downloading files using DW, its exactly the same way you do it now, the
    difference is that files are tagged untrusted and will remain untrusted
    until you change their status. If you download a installer for a program
    you want to install, change the status to trusted after you are 100%
    sure that the installer is clean and before you install it.
    This two programs are solid and either one will benefit you more than
    anything that its out there, in my opinion.

    Bo
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    You obviously have a 32-bit system but one thing to consider is that Sandboxie might be the better choice if you have any intention to upgrade to 64-bit in the near future. There is a 64-bit version of Sandboxie but there is no 64-bit version of DefenseWall and there may never be unless the developer changes his mind.

    In terms of overall protection on 32-bit systems, I would say they are about equal - both provide superb protection. As bo elam said, they work differently though, so it comes down to which approach you personally prefer - application virtualisation or policy restriction.
     
  6. albsat

    albsat Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    40
    I think that "bo elam" explained very well in details what others described perfectly regarding your questions. In my opionin with a little imagination you can use Sandboxie free to cover almost your security needs. However the full version gives you all the options at hand.
     
  7. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    Would the new version of Appguard be a consideration for him also? It's quite affordable. I own Sandboxie, but I am currently testing Appguard.

    Dave
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Yes, I suspect it would.

    I'm running Sandboxie and AppGuard together. Each has its place. Sandboxie's strength is application containment while AppGuard protects the entire system by policy restriction. Both have the advantage of being 64-bit compatible and both are undergoing active development by their respective developers.
     
  9. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    Do you use Sandboxie within Appguard for web browsing also, or just for application containment when testing new apps etc? I was wondering if sandboxing a web browser under Appguard was overkill and would just slow things down.
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I use Sandboxie mainly for web browsing and no, it doesn't slow anything down. When it comes to web browsing, I think that Sandboxie provides far stronger protection than AppGuard. Not only does Sandboxie provide complete containment for the browser session inside the virtualised sandbox environment but it has a comprehensive and flexible set of policy restriction features that exceed what AppGuard offers in the ability to be able to control what executables are allowed to run inside the sandbox, which sandboxed applications are allowed to access the Internet, and what system resources they have access to (i.e. private folders, etc). Configured correctly, Sandboxie is almost unbeatable.

    On the other hand, AppGuard is more global in operation. Although applications running in system space have full access to the system unless they are explicitly guarded, AppGuard automatically protects applications running in user space. It therefore provides good protection against drive-by downloads, USB autoruns, etc. The thing I like about AppGuard is that it allows me to run my XP Pro system in an adminstrator account while providing me with the kind of benefits that a limited user account offers. I find it more convenient to temporarily lower or suspend AppGuard protection to install or update software than to keep switching accounts.

    However, as I use Panda USB Vaccine to prevent USB autoruns and I also run Comodo Firewall, with Defense+ configured to act solely as an anti-executable which provides protection against drive-by downloads whether sandboxed or not, it is a moot point whether I actually need AppGuard. I use both because I already have licences for both but, if web browsing was my main concern, I would choose Sandboxie over AppGuard every time.

    When it comes to testing new applications that don't require a reboot, I use Shadow Defender (Returnil is just as good). For software that does require a reboot, I image the system before testing and restore it again afterwards. I don't do enough software testing to make it worth installing a VM.
     
  11. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    Thanks for sharing your thoughts and strategy. It appears that you are well protected with your setup. I am migrating primarily to 64 bit, and I am trying to optimize my protection. I always had a lot of confidence in Sandboxie in 32 bit environments, but I don't fully understand what its potential weaknesses may be in 64 bit. I also run Norton Internet Security, and perhaps using both Appguard and Sandboxie would be a good combination. My general goal has been to have sufficient protection without significantly impairing functionality.

    Thanks again!
     
  12. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    Just an update to the above. I can not find a way to configure Appguard to enable Sandboxie in Win 7 64 bit. It only seems possible with 32 bit, so far at least. :(
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    If adding the Sandboxie executables to the Application Execution List doesn't work, you could try reducing the AppGuard protection level to medium and disable MemoryGuard protection for your browser. If you always run your browser sandboxed, you don't need AppGuard for browser protection.
     
  14. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree that Sandboxie with out of the box settings might conceivably be less secure on a 64 bit system (at least from a theoretical perspective), it can still be configured to provide a very strong level of security similar to, if not equivalent to, that of a 32-bit system.

    Providing Sandboxie has been configured to control what executables are allowed to run inside the sandbox and access the Internet there shouldn't be any difference in protection between a 32-bit and a 64-bit system in practical terms. Also, on 64-bit systems, the Drop Rights setting is enabled as a default which restricts applications running in the sandbox to running with limited rights in order to partially offset the disadvantages imposed by Kernel Patch Protection.
     
  15. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I've also used SandBoxie in the past, but it's a little bit complicated (for me) to use it. Sometimes I forgot to run my browser in sandbox..:( .. and sometimes I also forgot to delete and/or save the downloaded "things" so that it'll not be gone after deleting the sandbox sessions. There are also times that I uses the scrapbook plus plug-in in Firefox to capture some sites info and that everything on it was also gone coz it was sandbox. :p ... etc... But, I know that this is a very good program to protect our system from unwanted infections, intruders, etc...

    I've also uses GeSWall in the past, it runs ok until I tried to open Adobe Reader X, it hangs and I couldn't do anything w/ it, it freezes like ice. :mad: Till I tried to disable GeSWall and Adobe runs smoothly with no problem, so the suspect is GeSWall and it could also affect other programs unnoticed. And the version of it was stucked that the author could probably are not interested to upgrade it. :blink: So, this one I also remove from my pc.

    At present, I have DefenseWall Personal Firewall installed and it works flawlessly. No problemo. Easy to use, no configuration needed and the protection is so good that in it's older version v2.56 receives Platinum Award in antimalware site for Zero-Day-Attack. I even tried the latest version for several tests and it got a high passing mark. :cool: Trust me, DefenseWall gives you more trouble free of use compared to others. :thumb:
     
  16. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I agree 100%. It has passed every test until now (including personal tests with real-world malware). Highly recommended both for expert and novice users :thumb:
     
  17. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    During my testing last night on the 64 bit laptop, I could only get Sandboxie to run if I set AppGuard to the off setting. There may be some settings in AppGuard that I haven't tried yet. I will experiment some more when time permits. :)
     
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm not sure why that would be. I'm running 32-bit XP Pro myself and AppGuard and Sandboxie do work together on my system. I wonder if any other 64-bit users are having similar issues. Maybe Eirik can shed some light on it.

    Regards
     
  19. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    I did find at least one person (justenough) in the AppGuard beta thread that was having the same problem on a 7x64 system. We'll see what Eirik has to say. :)
     
  20. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Nice thing of the Best of breed:
    a) SBIE has a life time lisence also avialble on x64
    b) DW has a very strong FW included, so when you are on XP, something to consider
    c) Bufferzone pro is free now, so hurry
    d) GeSWall, you could go for the free version, can be tuned to the max, for instance changing the shown Registry access of Internet Explorer from Allow to Redirect would have protected it also

    Cheers
     
Loading...
Thread Status:
Not open for further replies.