Understanding 'Proactive' Security Software

Hi All,

Basically I'm trying to work out a security structure that is more proactive than what I have now (Sandboxie Lifetime Licence + ESET SS5) for my Windows 8 Pro x64 PC. I don't mind paying for security software, but I much prefer upfront one off payments for lifetime licenses, I'm not a fan of subscription software.

I was hoping someone could provide a rudimentary breakdown of the different 'classes' of security applications (maybe with some examples of the commonly used products in each class) and outline What the classes of software aim to achieve and how to work out what different programs are complimentary to each other and what are likely to conflict.

My rough understanding is that these are the 'classes' of proactive security software:

Light Virtualisation
(Returnil Virtual System, Faronics Deep Freeze, Shadow Defender, Toolwiz Time Freeze)
Anti-Executable:
(Returnil Virtual System, Faronics Anti-Executable, NoVirusThanks EXE Radar Pro)
Policy Restriction:
DefenseWall (32-bit), AppGuard (32/64 bit).
Sandbox:
Sandboxie

For instance Sandboxie virtualises the system hardware on a per application and/or per folder path location basis. Do light virtualisation programs do the same, except totally system wide?

I'm guessing policy restriction is the same as making your own SRP through windows just with a nicer GUI?

Not really sure on what the Anti-Executables do (obviously they stop things launching) but how do they differ from just running your PC with a LUA that propmts for admin rights when a program starts?

Which of these programs work well together?

Does Sandboxie + Appguard essential equal the level of protection of something like Return Nil, or does it surpass it?

 

As for one time life time licence upfront payment here are your options:

- No virus thanks anti executable - $20
- App guard - $20
- HIPS and Anti-Leak module of outpost FW 3x licence - $44
- HIPS module of Private Firewall - Free

There are other options that are subscription based.

As for what programs would be complementary to each other. Well my understanding is that you want 1x of each component in layered security approach:
1. Virtualization - SBIE, Shadow Defender, Etc...
2. HIPS - App guard and anti executable radar pro are version of it. App guard works a little bit different than traditional HIPS by using default deny policy instead of asking user for permissions. Anti executable radar pro is only for executables and might not protect you from dlls, etc... A lot of modern Firewalls offer HIPS module.
3. Firewalls: Private FW, Online Armor, Outpost FW, Comodo FW
4. Antivirus and Antimalware if all else fails.

My current set up:
Virtualization: none at this point
HIPS: Outpost HIPS module
FW: Outpost FW
Antivirus: MSE
Antimalware: MBAM, Outpost Antimalware module, SAS

 

Considering how bulletproof Sandboxie and Appguard are, using both seems overkill, but that's just me.

I think Sandboxie is quite different than Returnil, since Returnil virtualizes your entire session and can roll it back, where Sandboxie just runs programs in an isolated environment.

 

It's Not just you...
It's an overkill to me, too.

 

I agree that using both is probably overkill. However, it makes me feel better.

 

Maybe the OP wants to do financially sensitive transactions online. I wouldn't consider this too much in such case.