Sandboxie and DefenseWall

Much praise has been heaped on two quality products, DefenseWall and Sandboxie. Both are considered sandbox type HIPS.

Perhaps those who have dabbled with both might like to chip in with a few words as to whether these are 'birds of a feather' or do each of them have a unique strength?

 

Yep, I can confirm that each has a unique strength behind: Ilya Rabinovich and Ronen Tzur

 

I have been using Sandboxie for some time to sandbox my browser Firefox. I like the control you have with extracting information out of the sandbox if you need to keep it. Most of the time I do not need to keep anything so I just empty the sandbox after each session.

I am trying out Defensewall because I would like to cover my other applications such as Outlook Express, Media players, messaging etc. I feel the method of extracting data out of the sandbox is not suited for these app's. I prefer the Defensewall method of saving files in the normal locations but marked as untrusted.

My problem is running Sandboxie and Defencewall together. I have had to set Firefox as a trusted application in Defencewall and run it seperately under Sandboxie. If I set Firefox as untrusted, each time I start it sandboxed Defencewall loses track of the number of untrusted processes that are running.

When I start Firefox sandboxed, Defencewall counts up to 5 untrusted processes. When I stop Firefox, Defencewall counts down to 2 untrusted processes- not 0. I believe this is a known problem and I have tried adding the Sandoxie process Start.exe in the Untrusted list. This didn't make any difference. I would appreciate any advice on how to get round this.

 

Can I combine Sandboxie and DefenseWall on the same computer or is this a stupid idea ?

 

I don't think it's a stupid idea at all. I'm using Sandboxie for my browser and Defensewall for all other app's.

The only issue I have is that Defensewall loses count of the number of processes started by Firefox/Sandboxie. I therefore have to remove Firefox from the Defensewall untrusted application list. It is still protected by Sandboxie so no problem.

 

It is a known issue and already solved. The fix be published with the next, 2.10 version.

 

Hi,

I am happy using DefeseWall, but never try Sandboxie.

Would running both together be an overkill(overlap) ? are they not possessing very similar family name ?

If there is a need for running them together, then that would reveal the weakness for both, because they, each, can not handle the situation single-handed.

Double-layered insulation does sound very sound, but, may clip the performance and the sensitivity--poor job is the end result ?

 

That's good, because I like to torture malware on my computer.

1. First I isolate them in a sandy environment.
2. Then I lock my data partition to make them hungry and thirsty.
3. Then I limit their actions to the very bone.
4. Once they are crazy, I obliterate them.

 

Thanks Ilya,

I may well invest my xmas money on Defensewall (sad ain't it).
Any other clues as to what might be in the next version?

Hello Perman,

I've used Sandboxie for a long time with Firefox. The thing I like about it is that with a couple of clicks my sandbox is emptied along with any nasties picked up while browsing. I don't think you can do that with Defensewall. In any case, I just feel comfortable with Sandboxie.

I would now like extra protection for my other internet-facing applications (mail, messaging etc) and I don't think Sandboxie would be the best application for this. I don't want to have to keep extracting data from the sandbox. I thought Defensewall would fill that role quite nicely.

Having run this setup for a while, I feel I'm gettng the best of both worlds.

Hello ErikAlbert,

I like your style. A trifle aggressive perhaps.

 

Erik, you're cruel!

Acadia

 

Questions:

I know I can download a file/program from the net with DefenseWall and it is easy just like DefenseWall isn't there. What about Sandboxie? Can I just click & download with Sandboxie or are there special rules to d/load a zip file?

I have read that Sandboxie is good for testing a new program as its contained within the Sandbox. Many programs call for a reboot to initialize. Any problems?

On DefenseWall one can install either trusted or untrusted. After installation and I'm happy can I change the program's catogory from untrusted to trusted or do I have to uninstall & reinstall as trusted? And what about Sandboxie here?

 

Yes, I have some ideas

 

I guess it's too early for a overview...

 

do SB & DW offer defense against 'keyloggers'?

 

DefenseWall does.
With SandBoxie emptying the sandbox would get rid of the keylogger but if i'm not mistaken the keylogger can log keystrokes while in the sandbox.

 

I did'nt know that...... Thanks for the info

 

I run Sandboxie with KeyScrambler Pro.

 

If i install a program in the sandbox and decide to keep it can I drag it out of the sandbox or do i have to re-install in 'normal mode'?

 

You need to run the installer outside the sandbox.

 

I have now Sandbox and DefenseWall on board in my frozen on-line snapshot.

Poor keyloggers : isolated, frozen and chained.
They can now write their recorded keystrokes in the sand with trembling fingers,
while AE is beating them to death, because they are not whitelisted.
One reboot and they are history.

That's what keyloggers get when they install themselves on my computer.
Thank you Ilya and Tzuk to make that possible.

 

Hi ErikAlbert,

Now you have a layered setup
Ultimate? may be . Easy to use ? sure not

Regards,

MaB

 

Nothing is perfect, that wasn't my goal although some members think it was.
My goal was to save TIME and to keep my computer CLEAN without doing anything, than reboot and I got what I want.
And of course, I'm forced to use what is available in the software world, because I can't write a program myself. I'm just waiting for better softwares ...

 

I understand that with Sandboxie you can install a program etc to 'check it out' & then kill the sandbox & its gone - totally, no fuss.

Question:

Apart from the above feature what is the main benefit that I'm going to add to my setup if I include SandBoxie to run alongside my DefenseWall?