Using DefenseWall and Sandboxie for digital fort Knox security

Hi,

I have ranted in the past against people using both DW and SBIE on their threatgates (internet facing software).

With the 20th coming up and the opportunity to buy SBIE for a reduced price, see https://www.wilderssecurity.com/showpost.php?p=1556466&postcount=1

...and (ask Creer, AKO, Jmonge) the new DefenseWall HIPS+Firewall coming out. DWv3 will be more expensive than DW Hips, but Ilya allready has promised that existing users will get the upgrade for free. With DWv3 you will have the most user friendly Software FireWall available, it will also shake up Matousec top 2 (top-two since Comodo also scores a 100%, so their will be ex-equo nr 1 position).

Luckily there are Wilders Members which do use them both in a way to obtain synergy and compensate for DW's and SBIE's protection limitations. A true 360 degree digital fort knox security, without the hassle of pop-ups

like RSpanky posted

See the wrong way to use them: https://www.wilderssecurity.com/showpost.php?p=1555258&postcount=32, Scoobs has replied that he did not use it any more, but still had DW on the PC of his wife (like Jmonge and I also have done for instance). Explanation of synergie between DW and SBIE, see https://www.wilderssecurity.com/showpost.php?p=1555011&postcount=31 and RSpanky's posting his experience https://www.wilderssecurity.com/showpost.php?p=1559443&postcount=41

I will problably also buy SBIE at the 20th

When DWv3 comes out of pre-beta, contact Ilya or organise a poll to ask for a discount when you are beta testing the V3.

Regards Kees

 

Hi Kees,

that's an impressive setup for sure, although I would content probably overkill. Sandboxie or DWv3 should suffice, but if you like it, that's all that matters However, you've triggered my curiosity so now I'm going to have to try this out once DWv3 hits the shelves

On a couple of of your points from one of your links:

This is fine if it's a small, simple program, otherwise a lot of programs will not install install properly or at all in SB. A virtual machine is a far better method to test programs. At least this has been my experience.

True but that's where enabling the Immediate Recovery option makes this a non-issue.

 

No true, when you recover the files your unprotected, that is the point I am making. DW has statefull protection while SBIE has session protection. Nice thing about SBIE is that it deletes all when the user wants, it is much easier than manually deleting those files through the Files and Registry tracks option of DW (although Jmonge disagrees), down side is when you end the session (moving it out of the sandbox), the protection layer is gone. The object is in your real system

Use DW as the seamless sandbox (allways protected, less start up drag than SBIE, no recovery issues) and Sandboxie as the virtual sandbox (programs installs and easy clean dodgy browsing).

With both programs you can have one without the other

- DW: seamless protection, but it ends when you strust something (e.g. at installs)

- SBIE: virtual layer protection, but it ends when you recover (put it out of the sandbox)

The other thing people have difficulty to understand that it is not an overkill, one program protects at a time, they do not overlap, but complement each other. This is also the reason why it is a low CPU cycle 360 security solution, either DW or SBIE is the one that protects you.

Regards Kees

 

Yes Virtualising hardware is the best, but the knowledge threshold of VM is much higher than SBIE.

The idea is that those both programs can be used in this setup without hassle or deep PC knowledge.

 

I use deep freeze and boxie together and defense wall.

 

with DefenseWall and if you know how to use the rollback feature is like you are using sandboxie empty what ever you want from the sandbox i tested this and it works

 

Higher, but much higher? That's debatable.

Unprotected only if it's a malicious file and it's launched on the real system. It's an interesting approach you have with these programs working in tandem, but I'm not really convinced it's necessary, especially for someone like yourself - if it is for you - who knows more than most anyone what they're doing.

If I can quote Mrkvonic:

"you don't need all that"

FWIW, my digital Fort Knox is now:

• LUA + SRP
• SandBoxie: Forced web-facing programs, restricted web access for selected programs, read only access to a couple key system directories
• Vista firewall with with a number of custom rules - especially outbound - used in the active Public profile, with outbound blocked by default.
• Malware Bytes free, for on-demand scanning, if desired
• VirtualBox with Malware Defender installed, all protection enabled, used mainly for testing legit programs but also malware when the mood arises (Frankilin twisted my arm ). So easy to revert to clean, pristine state when done.
• Everything backed up to image for fast recovery, if necessary.

NAT router for perimeter firewall - mainly to keep internet noise off the pc's network interface.

 

very interesting! aside from SB and DW i guess a AV scanner is needed to double check file right?

may try DW when v3 comes out!

 

with DefenseWall and a good scaner that all you need cause DefenseWall has a good/strong firewall i personaly tested againts a buch of new trojans

 

any news when it'll be released :-D hope there'll be a discount offer!

 

Ilya is wating for the skin to be finish to be completed and it is coming soon stay tune for promotion dont know but if you ask ilya is very nice fellow maybe he give you a generous discount

 

ohhh really? hahaha hope he see my post! uhm i've noticed that your also testing OA.. what are your opinions between the two? OA and DW v3 w/ firewall?

 

of course DefenseWall

 

ic! hehe makes me even more excited to try it out!

i hope i can make it compatible with my SB!

thanks!

 

it is compatible with sandboxie

 

to be honest if you have sandboxie you dont need DW or if you have DW you dont need SB or if you are extra-paranoid use them both without any problems

 

Well i was planning to try DW out because of its new firewall feature because my license of OA will expire..

and i guess i'm the "extra-paranoid" type

 

i am testing Online armor just for a week or so but i personaly prefer DW it's firewall is new but it works

 

I am waiting for the DW public beta but am currently using OA as my firewall. Curious why you like DW's firewall better?

 

less pop ups for example when i run a malware using both i get 2 pop ups with DW and i get like 5 with online armor= i want to work in peace not too much pop ups and at the end they both will protect you in real time the diference here in my own opinion is that defensewall will protect your pc with way less pop ups and

 

forgot to mention that i get a alitle boot up slow down with OnLine Armor and with DefenseWall is always fast

 

Thanks...hopefully it won't be too long before the public beta!!!

 

very soon plus with the new skin

 

Interesting post as ever Kees. IMO there's no 'wrong' way to use SBIE+DW together, but some approaches have advantages over others and I think you've outlined a good one. Also IMO, nothing beats DW as a "If you could only choose one security product" solution, having total untrusted file control, compared to SBIE's 'limitation' that once you recover a file from the sandbox it is free to potentially cause menace. Conversely, DW's 'limitation' is the one that SSJ has mentioned in that all activity occurs on your real system, whereas with SBIE you can "flush the toilet".

DW+SBIE has the potential to be an awesome combination - even more so when V3 comes out, given the firewall functionality. If only Ronen and Ilya would get together and create Defenseboxie

 

or SandWall