Sandboxie and DefenseWall

Discussion in 'other anti-malware software' started by AaLF, Dec 15, 2007.

Thread Status:
Not open for further replies.
  1. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Much praise has been heaped on two quality products, DefenseWall and Sandboxie. Both are considered sandbox type HIPS.

    Perhaps those who have dabbled with both might like to chip in with a few words as to whether these are 'birds of a feather' or do each of them have a unique strength?
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yep, I can confirm that each has a unique strength behind: Ilya Rabinovich and Ronen Tzur :)
     
  3. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    I have been using Sandboxie for some time to sandbox my browser Firefox. I like the control you have with extracting information out of the sandbox if you need to keep it. Most of the time I do not need to keep anything so I just empty the sandbox after each session.

    I am trying out Defensewall because I would like to cover my other applications such as Outlook Express, Media players, messaging etc. I feel the method of extracting data out of the sandbox is not suited for these app's. I prefer the Defensewall method of saving files in the normal locations but marked as untrusted.

    My problem is running Sandboxie and Defencewall together. I have had to set Firefox as a trusted application in Defencewall and run it seperately under Sandboxie. If I set Firefox as untrusted, each time I start it sandboxed Defencewall loses track of the number of untrusted processes that are running.

    When I start Firefox sandboxed, Defencewall counts up to 5 untrusted processes. When I stop Firefox, Defencewall counts down to 2 untrusted processes- not 0. I believe this is a known problem and I have tried adding the Sandoxie process Start.exe in the Untrusted list. This didn't make any difference. I would appreciate any advice on how to get round this.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Can I combine Sandboxie and DefenseWall on the same computer or is this a stupid idea ?
     
  5. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    I don't think it's a stupid idea at all. I'm using Sandboxie for my browser and Defensewall for all other app's.

    The only issue I have is that Defensewall loses count of the number of processes started by Firefox/Sandboxie. I therefore have to remove Firefox from the Defensewall untrusted application list. It is still protected by Sandboxie so no problem.
     
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is a known issue and already solved. The fix be published with the next, 2.10 version.
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    I am happy using DefeseWall, but never try Sandboxie.

    Would running both together be an overkill(overlap) ? are they not possessing very similar family name ?

    If there is a need for running them together, then that would reveal the weakness for both, because they, each, can not handle the situation single-handed.

    Double-layered insulation does sound very sound, but, may clip the performance and the sensitivity--poor job is the end result ?
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's good, because I like to torture malware on my computer.

    1. First I isolate them in a sandy environment.
    2. Then I lock my data partition to make them hungry and thirsty.
    3. Then I limit their actions to the very bone.
    4. Once they are crazy, I obliterate them.
     
  9. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Thanks Ilya,

    I may well invest my xmas money on Defensewall (sad ain't it).
    Any other clues as to what might be in the next version?

    Hello Perman,

    I've used Sandboxie for a long time with Firefox. The thing I like about it is that with a couple of clicks my sandbox is emptied along with any nasties picked up while browsing. I don't think you can do that with Defensewall. In any case, I just feel comfortable with Sandboxie.

    I would now like extra protection for my other internet-facing applications (mail, messaging etc) and I don't think Sandboxie would be the best application for this. I don't want to have to keep extracting data from the sandbox. I thought Defensewall would fill that role quite nicely.

    Having run this setup for a while, I feel I'm gettng the best of both worlds.

    Hello ErikAlbert,

    I like your style. A trifle aggressive perhaps.
     
  10. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Erik, you're cruel! :D

    Acadia
     
  11. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Questions:

    I know I can download a file/program from the net with DefenseWall and it is easy just like DefenseWall isn't there. What about Sandboxie? Can I just click & download with Sandboxie or are there special rules to d/load a zip file?

    I have read that Sandboxie is good for testing a new program as its contained within the Sandbox. Many programs call for a reboot to initialize. Any problems?

    On DefenseWall one can install either trusted or untrusted. After installation and I'm happy can I change the program's catogory from untrusted to trusted or do I have to uninstall & reinstall as trusted? And what about Sandboxie here?
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Downloading is transparent with Sandboxie. But what you do have to do is recover what you downloaded from the Sandbox. It is good for testing up to a point. Rebooting in and of itself doesn't delete anything from the sandbox. However chances are if an installation calls for a reboot it will fail in the sandbox, as the sandbox by defaults, blocks installing new services and drivers.

    You can disable that feature, but if you do why bother installing in the sandbox to begin.

    Pete
     
  13. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, I have some ideas :)
     
  14. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I guess it's too early for a overview...:D
     
  15. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    do SB & DW offer defense against 'keyloggers'?
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    DefenseWall does.
    With SandBoxie emptying the sandbox would get rid of the keylogger but if i'm not mistaken the keylogger can log keystrokes while in the sandbox.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    With Sandboxie it depends on the keylogger. If it has to install a driver, or services, then it can't do that in a Sandboxie sandbox. So in that sense yes you are protected.

    Pete
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I did'nt know that...... Thanks for the info
     
  19. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    I run Sandboxie with KeyScrambler Pro. :D
     
  20. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    If i install a program in the sandbox and decide to keep it can I drag it out of the sandbox or do i have to re-install in 'normal mode'?
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You need to run the installer outside the sandbox.
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have now Sandbox and DefenseWall on board in my frozen on-line snapshot.

    Poor keyloggers : isolated, frozen and chained.
    They can now write their recorded keystrokes in the sand with trembling fingers,
    while AE is beating them to death, because they are not whitelisted.
    One reboot and they are history.

    That's what keyloggers get when they install themselves on my computer.
    Thank you Ilya and Tzuk to make that possible. :)
     
  23. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi ErikAlbert,

    Now you have a layered setup :p
    Ultimate? may be . Easy to use ? sure not ;)

    Regards,

    MaB
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Nothing is perfect, that wasn't my goal although some members think it was.
    My goal was to save TIME and to keep my computer CLEAN without doing anything, than reboot and I got what I want.
    And of course, I'm forced to use what is available in the software world, because I can't write a program myself. I'm just waiting for better softwares ...
     
  25. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    I understand that with Sandboxie you can install a program etc to 'check it out' & then kill the sandbox & its gone - totally, no fuss.

    Question:

    Apart from the above feature what is the main benefit that I'm going to add to my setup if I include SandBoxie to run alongside my DefenseWall?
     
Thread Status:
Not open for further replies.