Using DefenseWall and Sandboxie for digital fort Knox security

Also I like it because you have ALL in ONE small application which indeed is very powerful. Also please note that so far almost always 3rd party firewalls efficiency depends on network usage - if you are using torrents/media streaming/etc... then resources usage are properly higher... In DW case NOT. It's the same if you media streaming TV/radio or simply you do nothing on your computer. This is a real difference

 

Agree, I will settle for higher

On the Vista x64 gaming box we have a simular setup: only UAC, Norton's UAC tool, SRP policy the easy way through Sully's PGS, Immunet (checks at installs only, so uses no cycles during gaming), a normal browser (IE) and a sandboxed browser Chrome, Since Chrome does not allow side by side injection (like Vista allows ), you do not need sandboxie, so you can do with even less. For dodgy browsing it starts with --safer-plugins and -incognito through PSEXEC (with lowest rights), then it does not even allow to download stuff or inject low rights processes objects. When you do NOT collect garbage, you do not need to flush the toilet.


I am interested in the visual box malware defender combo, may be you could post how you have set it up and where to find some instructions on setting up hardware virtualisation.

Thx in advance

Kees

 

OA is also a best in class application. So it is up to personal preference and context (behind a router or directly connected to the internet through modem) really.

We have a SPI hardware firewall with additional rules to harden against security breeches/intrusion/man in the middle. So it is just ease of use and the performance gain (I only need application network control not advanced network level filtering)

Regards Kees

 

I love your LUA+SRP+SAndboxie speeches. A virtualisation purist. But you do not mind the LUA + SRP protection is on the real system also. We should find some issues to discuss and argue about soon

By the way, you use Kafu, but you should ask the developer to extend the registry user space protection with these keys, see attachment

 

Sorry, my system can't be hardware virtualized, so I can't help here

Otherwise, my VirtualBox/Malware Defender setup is pretty simple:

VitualBox guest runs on the host's LUA+SRP account; just in case for some odd reason malware escapes, it can't destroy the host system. If I test malware, it of course has to be done on the VBox admin account, and I have Malware Defender setup with full protection on, but to significantly reduce the barrage of pop-ups, I have created - experimental still - an "install mode" Application rule as described here. What this does is provide me with a set of "eyes", so to speak, affording me the opportunity to see at least most of the critical influences upon the system the malware is making, giving me some insight to its behaviour, and especially what it might do differently - and therefore suspiciously - than a safe program. The outbound network protection alerts when the malware attempts to call home - something I've often seen, and I could probably present some nice evidence of how a two-way firewall is not such a bad thing after all Finally, MBAm free might be used on-demand to look for embedded malware. When i'm done testing one sample, I simply close with a revert to current snapshot, putting me back to the original, pristine state. However, for me all this is mainly just for fun and hobby-like purposes because it interests me

BTW, you will see a full "Permit" rule for the System registry rule because I feel the registry alerts are by far the most difficult to understand, not only for myself but for the majority of us, so I see no need to have this fully guarded by the rule set.

There are other ways to do this sort of thing, as I know ssj100 advocates sandboxing the vm, and that is actually a better and more intriguing idea to me now than I thought before, because if that setup can't isolate the vm from the real system, then probably nothing will One could even try sandboxing the malware within the vm, which I used to think was fine until I discivered not everything will install properly when it's sandboxed.

But no matter what aproach is taken, it all projects from the real system anyways, heh, heh, heh

 

I'm waiting for skinning library polished from the contractor programmer.

Yes, after V3 release I'm going to make a BDJ sale.

 

@Ilya

Thanks for the great news!

 

told ya

 

Any objections to using both DefenseWall and Sandboxie together, full protection (browsers both sandboxed and untrusted)?

Oh, and I use Online Armor Premium in the same time...

 

Point is you do not need to

Use DW for all except your dodgy browser, exclude DW defense for an Install directory

Use Sandboxie for your dodgy browsing and define the install directory as forced folder within sandboxie. Only allow your sandbox to recover files to a special "Recovery directory"

Add this "Recovery directory" to DefenseWall's untrusted programs list.

This way you have complementary protection without doubling the load on CPU (you only use one program at a time, while fully protected)

 

I was talking about efficiency relating to overall resource usage by firewalls during network activities eg. media streaming/torrents/etc.

 

yes and yes agree

 

Defensewall is one of those applications that works perfectly and doesn't require much to secure your pc. I wait anxiously for v3. The only issue I ever had with DW is the hard drive I/O use, there' s a bit of hard drive crunching. Other than that it is an app should be on everyone's PC.

 

DefenSeWall Personal FireWall v3 is running smooth here

 

well by just running DW and MB is all good here without the headaches

 

Okay dodgy defined: porn sites, warez/keygen sites.

 

That issue is solved, I have used GeSWall Pro as a replacement for a while (also have a lisence of it), until that issue was solved. New V3 has very low disk I/O

Sorry for the Dutch, these are the UK column headers
CPU %
CPU total time
Memory usage
No. of I/O read
No. of I/o write
Bytes read
Bytes Written