Sandboxie and Defencewall

Hi

I have been playing around with Sandboxie and Defencewall (separately).

When I run Chrome sandboxed and download a file it then asks me if I want to move this file out of the sandbox?

When I am running with Defencewall only I dont receive a similar message from Defencewall.

It seems that both programmes work in different ways, am I correct?

Does Defencewall sandbox my browser and any downloads in the same way as Sandboxie? If not, can I setup Defencewall to behave this way?

I am very impressed with both programmes, now I just need to decide which to spend my money on (unfortunately buying both is not an option for me)

Thanks,

A

 

SBie and DW works differently.

i suggest you try both for a few days and decide which one you like the best.

if you are short on cash Sbie is the best deal (free version & lifetime license).

you might also want to give Geswall a try, it is somewhat similar to DW.
Geswall has a free version and a paid one.

 

Correct.

No. DefenseWall saves the file to the actual directory that you chose to but gives the file a untrusted status. SandboxIE saves the file to a directory named C:\sandbox usually. This folder is isolated from the rest of your system that why it is asking if you would like to recover the file to the real directory.

DefenseWall right out of the box is strong. It usually needs no configuration.
SandboxIE right out of the box is strong but you need to tweak the settings.

 

Sandboxie and DefenseWall do sandboxing differently so you should not
expect them to behave the same way, they achieve sandboxing by
virtualization(SBIE) and policy restriction(DW). In both cases files that
come from the internet are sandboxed/isolated from the rest of your
system so your real system can not be changed by this files. If you
choose to use Sandboxie, all files are deleted at the end of your
browsing session when you close your browser, only keeping the files
that you want. If you use DW, all files will remain on your system but
being untrusted, they will not cause any trouble. To get rid of them,
you can use malware scanners or the rollback function.
When you download, using SBIE, you ll see a prompt like you did, thats
immediate recovery but you can change that setting to quick recovery.
Downloading files using DW, its exactly the same way you do it now, the
difference is that files are tagged untrusted and will remain untrusted
until you change their status. If you download a installer for a program
you want to install, change the status to trusted after you are 100%
sure that the installer is clean and before you install it.
This two programs are solid and either one will benefit you more than
anything that its out there, in my opinion.

Bo

 

You obviously have a 32-bit system but one thing to consider is that Sandboxie might be the better choice if you have any intention to upgrade to 64-bit in the near future. There is a 64-bit version of Sandboxie but there is no 64-bit version of DefenseWall and there may never be unless the developer changes his mind.

In terms of overall protection on 32-bit systems, I would say they are about equal - both provide superb protection. As bo elam said, they work differently though, so it comes down to which approach you personally prefer - application virtualisation or policy restriction.

 

I think that "bo elam" explained very well in details what others described perfectly regarding your questions. In my opionin with a little imagination you can use Sandboxie free to cover almost your security needs. However the full version gives you all the options at hand.

 

Would the new version of Appguard be a consideration for him also? It's quite affordable. I own Sandboxie, but I am currently testing Appguard.

Dave

 

Yes, I suspect it would.

I'm running Sandboxie and AppGuard together. Each has its place. Sandboxie's strength is application containment while AppGuard protects the entire system by policy restriction. Both have the advantage of being 64-bit compatible and both are undergoing active development by their respective developers.

 

Do you use Sandboxie within Appguard for web browsing also, or just for application containment when testing new apps etc? I was wondering if sandboxing a web browser under Appguard was overkill and would just slow things down.

 

I use Sandboxie mainly for web browsing and no, it doesn't slow anything down. When it comes to web browsing, I think that Sandboxie provides far stronger protection than AppGuard. Not only does Sandboxie provide complete containment for the browser session inside the virtualised sandbox environment but it has a comprehensive and flexible set of policy restriction features that exceed what AppGuard offers in the ability to be able to control what executables are allowed to run inside the sandbox, which sandboxed applications are allowed to access the Internet, and what system resources they have access to (i.e. private folders, etc). Configured correctly, Sandboxie is almost unbeatable.

On the other hand, AppGuard is more global in operation. Although applications running in system space have full access to the system unless they are explicitly guarded, AppGuard automatically protects applications running in user space. It therefore provides good protection against drive-by downloads, USB autoruns, etc. The thing I like about AppGuard is that it allows me to run my XP Pro system in an adminstrator account while providing me with the kind of benefits that a limited user account offers. I find it more convenient to temporarily lower or suspend AppGuard protection to install or update software than to keep switching accounts.

However, as I use Panda USB Vaccine to prevent USB autoruns and I also run Comodo Firewall, with Defense+ configured to act solely as an anti-executable which provides protection against drive-by downloads whether sandboxed or not, it is a moot point whether I actually need AppGuard. I use both because I already have licences for both but, if web browsing was my main concern, I would choose Sandboxie over AppGuard every time.

When it comes to testing new applications that don't require a reboot, I use Shadow Defender (Returnil is just as good). For software that does require a reboot, I image the system before testing and restore it again afterwards. I don't do enough software testing to make it worth installing a VM.

 

Thanks for sharing your thoughts and strategy. It appears that you are well protected with your setup. I am migrating primarily to 64 bit, and I am trying to optimize my protection. I always had a lot of confidence in Sandboxie in 32 bit environments, but I don't fully understand what its potential weaknesses may be in 64 bit. I also run Norton Internet Security, and perhaps using both Appguard and Sandboxie would be a good combination. My general goal has been to have sufficient protection without significantly impairing functionality.

Thanks again!

 

Just an update to the above. I can not find a way to configure Appguard to enable Sandboxie in Win 7 64 bit. It only seems possible with 32 bit, so far at least.

 

If adding the Sandboxie executables to the Application Execution List doesn't work, you could try reducing the AppGuard protection level to medium and disable MemoryGuard protection for your browser. If you always run your browser sandboxed, you don't need AppGuard for browser protection.

 

I agree that Sandboxie with out of the box settings might conceivably be less secure on a 64 bit system (at least from a theoretical perspective), it can still be configured to provide a very strong level of security similar to, if not equivalent to, that of a 32-bit system.

Providing Sandboxie has been configured to control what executables are allowed to run inside the sandbox and access the Internet there shouldn't be any difference in protection between a 32-bit and a 64-bit system in practical terms. Also, on 64-bit systems, the Drop Rights setting is enabled as a default which restricts applications running in the sandbox to running with limited rights in order to partially offset the disadvantages imposed by Kernel Patch Protection.

 

I've also used SandBoxie in the past, but it's a little bit complicated (for me) to use it. Sometimes I forgot to run my browser in sandbox.. .. and sometimes I also forgot to delete and/or save the downloaded "things" so that it'll not be gone after deleting the sandbox sessions. There are also times that I uses the scrapbook plus plug-in in Firefox to capture some sites info and that everything on it was also gone coz it was sandbox. ... etc... But, I know that this is a very good program to protect our system from unwanted infections, intruders, etc...

I've also uses GeSWall in the past, it runs ok until I tried to open Adobe Reader X, it hangs and I couldn't do anything w/ it, it freezes like ice. Till I tried to disable GeSWall and Adobe runs smoothly with no problem, so the suspect is GeSWall and it could also affect other programs unnoticed. And the version of it was stucked that the author could probably are not interested to upgrade it. So, this one I also remove from my pc.

At present, I have DefenseWall Personal Firewall installed and it works flawlessly. No problemo. Easy to use, no configuration needed and the protection is so good that in it's older version v2.56 receives Platinum Award in antimalware site for Zero-Day-Attack. I even tried the latest version for several tests and it got a high passing mark. Trust me, DefenseWall gives you more trouble free of use compared to others.

 

I agree 100%. It has passed every test until now (including personal tests with real-world malware). Highly recommended both for expert and novice users

 

During my testing last night on the 64 bit laptop, I could only get Sandboxie to run if I set AppGuard to the off setting. There may be some settings in AppGuard that I haven't tried yet. I will experiment some more when time permits.

 

I'm not sure why that would be. I'm running 32-bit XP Pro myself and AppGuard and Sandboxie do work together on my system. I wonder if any other 64-bit users are having similar issues. Maybe Eirik can shed some light on it.

Regards

 

I did find at least one person (justenough) in the AppGuard beta thread that was having the same problem on a 7x64 system. We'll see what Eirik has to say.

 

https://www.wilderssecurity.com/showthread.php?t=288962

http://translate.google.com/transla...dpress.com/vergleichstests/sandboxen/&prmd=iv

 

Nice thing of the Best of breed:
a) SBIE has a life time lisence also avialble on x64
b) DW has a very strong FW included, so when you are on XP, something to consider
c) Bufferzone pro is free now, so hurry
d) GeSWall, you could go for the free version, can be tuned to the max, for instance changing the shown Registry access of Internet Explorer from Allow to Redirect would have protected it also

Cheers