Using DefenseWall and Sandboxie for digital fort Knox security

Discussion in 'sandboxing & virtualization' started by Kees1958, Oct 18, 2009.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    I have ranted in the past against people using both DW and SBIE on their threatgates (internet facing software).

    With the 20th coming up and the opportunity to buy SBIE for a reduced price, see https://www.wilderssecurity.com/showpost.php?p=1556466&postcount=1

    ...and (ask Creer, AKO, Jmonge) the new DefenseWall HIPS+Firewall coming out. DWv3 will be more expensive than DW Hips, but Ilya allready has promised that existing users will get the upgrade for free. With DWv3 you will have the most user friendly Software FireWall available, it will also shake up Matousec top 2 (top-two since Comodo also scores a 100%, so their will be ex-equo nr 1 position).

    Luckily there are Wilders Members which do use them both in a way to obtain synergy and compensate for DW's and SBIE's protection limitations. A true 360 degree digital fort knox security, without the hassle of pop-ups


    like RSpanky posted:thumb: :thumb: :thumb:


    See the wrong way to use them: https://www.wilderssecurity.com/showpost.php?p=1555258&postcount=32, Scoobs has replied that he did not use it any more, but still had DW on the PC of his wife (like Jmonge and I also have done for instance). Explanation of synergie between DW and SBIE, see https://www.wilderssecurity.com/showpost.php?p=1555011&postcount=31 and RSpanky's posting his experience https://www.wilderssecurity.com/showpost.php?p=1559443&postcount=41

    I will problably also buy SBIE at the 20th :eek:

    When DWv3 comes out of pre-beta, contact Ilya or organise a poll to ask for a discount when you are beta testing the V3. :D

    Regards Kees
     
    Last edited: Oct 18, 2009
  2. wat0114

    wat0114 Guest

    Hi Kees,

    that's an impressive setup for sure, although I would content probably overkill. Sandboxie or DWv3 should suffice, but if you like it, that's all that matters :) However, you've triggered my curiosity so now I'm going to have to try this out once DWv3 hits the shelves :)

    On a couple of of your points from one of your links:

    This is fine if it's a small, simple program, otherwise a lot of programs will not install install properly or at all in SB. A virtual machine is a far better method to test programs. At least this has been my experience.

    True but that's where enabling the Immediate Recovery option makes this a non-issue.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No true, when you recover the files your unprotected, that is the point I am making. DW has statefull protection while SBIE has session protection. Nice thing about SBIE is that it deletes all when the user wants, it is much easier than manually deleting those files through the Files and Registry tracks option of DW (although Jmonge disagrees), down side is when you end the session (moving it out of the sandbox), the protection layer is gone. The object is in your real system

    Use DW as the seamless sandbox (allways protected, less start up drag than SBIE, no recovery issues) and Sandboxie as the virtual sandbox (programs installs and easy clean dodgy browsing).

    With both programs you can have one without the other

    - DW: seamless protection, but it ends when you strust something (e.g. at installs)

    - SBIE: virtual layer protection, but it ends when you recover (put it out of the sandbox)

    The other thing people have difficulty to understand that it is not an overkill, one program protects at a time, they do not overlap, but complement each other. This is also the reason why it is a low CPU cycle 360 security solution, either DW or SBIE is the one that protects you.

    Regards Kees
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes Virtualising hardware is the best, but the knowledge threshold of VM is much higher than SBIE.

    The idea is that those both programs can be used in this setup without hassle or deep PC knowledge.
     
  5. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    I use deep freeze and boxie together and defense wall.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    with DefenseWall and if you know how to use the rollback feature is like you are using sandboxie empty what ever you want from the sandbox i tested this and it works ;)
     
  7. wat0114

    wat0114 Guest

    Higher, but much higher? That's debatable.

    Unprotected only if it's a malicious file and it's launched on the real system. It's an interesting approach you have with these programs working in tandem, but I'm not really convinced it's necessary, especially for someone like yourself - if it is for you - who knows more than most anyone what they're doing.

    If I can quote Mrkvonic:

    "you don't need all that" :D

    FWIW, my digital Fort Knox is now:

    • LUA + SRP
    • SandBoxie: Forced web-facing programs, restricted web access for selected programs, read only access to a couple key system directories
    • Vista firewall with with a number of custom rules - especially outbound - used in the active Public profile, with outbound blocked by default.
    • Malware Bytes free, for on-demand scanning, if desired
    • VirtualBox with Malware Defender installed, all protection enabled, used mainly for testing legit programs but also malware when the mood arises (Frankilin twisted my arm :D :p ). So easy to revert to clean, pristine state when done.
    • Everything backed up to image for fast recovery, if necessary.

    NAT router for perimeter firewall - mainly to keep internet noise off the pc's network interface.
     
  8. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    very interesting! aside from SB and DW i guess a AV scanner is needed to double check file right?

    may try DW when v3 comes out!
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    with DefenseWall and a good scaner that all you need cause DefenseWall has a good/strong firewall i personaly tested againts a buch of new trojans:thumb:
     
  10. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    any news when it'll be releasedo_O :-D hope there'll be a discount offer!
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Ilya is wating for the skin to be finish to be completed and it is coming soon stay tune:D for promotion dont know but if you ask ilya is very nice fellow maybe he give you a generous discount:D
     
  12. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    ohhh really? hahaha hope he see my post! uhm i've noticed that your also testing OA.. what are your opinions between the two? OA and DW v3 w/ firewall?
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    of course DefenseWall:)
     
  14. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    ic! hehe makes me even more excited to try it out!

    i hope i can make it compatible with my SB!

    thanks!
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is compatible with sandboxie;)
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    to be honest if you have sandboxie you dont need DW or if you have DW you dont need SB or if you are extra-paranoid use them both without any problems:thumb:
     
  17. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    Well i was planning to try DW out because of its new firewall feature because my license of OA will expire..

    and i guess i'm the "extra-paranoid" type :D
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i am testing Online armor just for a week or so but i personaly prefer DW;) it's firewall is new but it works:thumb:
     
  19. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I am waiting for the DW public beta but am currently using OA as my firewall. Curious why you like DW's firewall better?
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    less pop ups for example when i run a malware using both i get 2 pop ups with DW and i get like 5 with online armor= i want to work in peace not too much pop ups and at the end they both will protect you in real time the diference here in my own opinion is that defensewall will protect your pc with way less pop ups and ;)
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    forgot to mention that i get a alitle boot up slow down with OnLine Armor and with DefenseWall is always fast:)
     
  22. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    Thanks...hopefully it won't be too long before the public beta!!!
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    very soon;) plus with the new skin:)
     
  24. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Interesting post as ever Kees. IMO there's no 'wrong' way to use SBIE+DW together, but some approaches have advantages over others and I think you've outlined a good one. Also IMO, nothing beats DW as a "If you could only choose one security product" solution, having total untrusted file control, compared to SBIE's 'limitation' that once you recover a file from the sandbox it is free to potentially cause menace. Conversely, DW's 'limitation' is the one that SSJ has mentioned in that all activity occurs on your real system, whereas with SBIE you can "flush the toilet".

    DW+SBIE has the potential to be an awesome combination - even more so when V3 comes out, given the firewall functionality. If only Ronen and Ilya would get together and create Defenseboxie ;)
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    or SandWall:argh:
     
Loading...
Thread Status:
Not open for further replies.