Discussion in 'sandboxing & virtualization' started by taleblou, Jun 29, 2010.
Perhaps the reason you've not received an answer is that not many have tested both products to see which is "better".
I've tested every drive-by I can find using Faronics AE and nothing gets by. AE is Default-Deny.
the links are not working for me, they were ok before. Any one knows the reason? Thanks
Working here. They did take a long time to load up
Or, alternatively, a LUA/SRP combo.
No it was not sandboxie forced me to use linux. I just got pissed after loosing all my stuff with the sandboxie installation and all the headache I had with windows. Linux is so much problem free. lol. I always had issues with sandboxie in the past. It slowed my pc reboot time and took a long time for browsers to open, etc. and now the BSOD. Heck sandboxie is a heavy software. Anyway from now on I will stay away from sandboxie and will never buy or pay to microsoft products ever (since bill gate has joined the rank of ruling elite and bilderburgs (the illuminati) and has asked for the implementation of savage bilderburg and illuminati policies). Everyone should boycott MS.
Sandboxie for me is the hidden gem of the internet i purchased it 1-2 years ago and love it fantastic software//
Is running defenswall like being in lua/srp Mode ? Or am i misunderstanding things
@ the sly dog
Defensewall is for your computer what Sandboxie is for your browser.
Today I got someone to try a hardware based solution against TDSS. The hardware was a Custodius Enterprise:
The result is that TDSS was still installed on the system after rebooting.
I´ld not be surprised to find out that all hardware solutions rely on software for doing the rollback part so they are vulnerable.
That is because these PCI hardware based rollback solutions need a SOFTWARE driver! I was totally flabbergasted when I discovered this a while ago. Only solutions like CoreRestore are 100% hardware. See this thread.
I´ld not call "solution" to something that can not be purchased and that will not work on actual PCs.
boom boody-boom boody-boom boody-boom
I don´t know that song, I only know "boom boom" by John Lee Hooker.
I think I recognize that
Is it ...Goodness gracious me by Peter Sellers?
(sorry for going OT)
This may be an indication it's time to close this thread, but lets "sing" our way to back on topic.
Guys I would recommend that threads like this one be archived in the forum section sticky in order to make sure that these bypasses are kept track of and the issue and method revisited in the future. This would be crucial in making sure which products are safe enough to recommend for people seeking a LV security solution.
DefenseWall prvides an isolated environment for guarded programs and files downloaded by those programs. DefenseWall isolation goes beyond LUA/SRP.
On XP processes and objects of a limited application can touch processes and objects of higher rights processes with the exception of data stored in Windows and Program Files directory and the HKLM hive of the registry. In Vista and Windows 7 lower rights objects can not touch higher rights objects, this still leaves open side by side infection (objects of simular rights). LUA/SRP can only be set on user/group level, while DefenseWall provides granular control on process level (which will be done automatically for you).
In XP/Vista/Windows you also have something called ACL (Access Control Rights), these can only be evoked on a user or group level applying on files and directories. DefenseWall also captures files of guarded applications. Meaning the stronger than ACL protection is automatically set on a per program basis (applying on downloaded files, user defined directories).
So yes can be compared in the sense that a Hummer and a tank both provide transport and safety to soldiers, but they are from a different league to defend against malware.
I am interested to know anyone's thought on Returnil Light 2011, and whether it can be infected with this.
With the system guard enabled and any unknown.sys denied then no.
Can anyone test TDL/TDSS trojan against Kaspersky Internet Security 2011 CF1 (126.96.36.1990)? KIS 2011 has "Safe Run for Applications" feature, which turns desktop to secure sandboxed desktop and don't allow installation of drivers. Moreover, any application can be started in its sandbox via right click on normal desktop. It would be interesting to know its resistant/capability against TDL/TDSS trojan.
EDIT: According to my tests in Windows 7 x86 Virtual Machine (MS Virtual PC 2007 SP1) + Kaspersky Internet Security 2011 CF1 (188.8.131.520) with disabled File Anti-Virus , TDSS (Trojan.Win32.Tdss.bdmh) and other malwares requiring installation of driver in "Safe Run for Applications" mode, all of them failed. Moreover, exiting "Safe Run for Applications" recovered normal desktop.
It would be nice to see tests by Leach.
This test are good to point out limits of security, especially if we consider that "Software as security" is a religion for most users
I personally appreciate the post of Buster Bsa against pretentious marketing of some editors, but by experience i know that it is a lost game.
It's currently difficult to find a soft editor that launch a defeating challenge to prove the effectiveness of their products.
Some have done it in the past like Faronics/Deep Freeze but have been defeated of course.
I'm wonder why talking about AE, because there is no need additional soft to prevent this accomplished (bravo) rootkit: give me an unpatched XP SP1 under admin account, without av/HIPS/firewall and this rootkit will not be able to install anything...because it won't be able to write on disk
Testing under VM is not useful because many malwares uses armoring techniques to evade malware analysis (anti-vm and debugging), possible with packers as it is the case for this rootkit (but stealth debugging can be done with IDAStealth plugin).
There is aklso hardware recovery solution alernative to deepfreeze and co designed for forensic purpose, but unfortunately too expensive.
Well...many things to say without time...as Blue thread is closed as a sticky, and as some users might be interested in other choice (is freedom) or test, i mention here some similar products:
PC Vaccine: http://www.fsn.com.my/
SysFreezer: http://cafesuite.net/sysfreezer or http://sysfreezer.com/
Magic Restore: http://eunisol.com/P_Magicrestore.htm
SmartShield (Centurion technology like DriveVaccine): http://www.smart-shield.biz/Home/ (download http://www.codework-systems.com/products/centurion/smartshield/smart-shield-download-page/ )
Instant Recovery: http://www.instantrecovery.net/overview.htm
Virtual Protect: http://download.cnet.com/VirtualProtect/3000-8022_4-10902410.html (free)
Icore Virtual Account (security as a Service) : http://icoresoftware.com/
Thanks for posting kareldjag.
Didn't know about those applications.
Nice to see you still popping in now and then
I'd only heard of 3 of them !
Be interesting to see how they cope, or not
It´s a lost game because I´m not living at USA. If I was there I´ld sue the companies. Sadly I´m in a country where I doubt anything can be done to stop editors from using pretentious marketing.
Could you mention what hardware recovery solution is it, please? I got someone testing a Custodius card (www.custodius.com) and it was bypassed because the rollback is done by software, not hardware.
Thanks for the list! As soon as I have time I will test them.
I think it´s fair to put every vendor where it deserves.
Separate names with a comma.