Windows build-in mechanisms vs. third-party security options-where is the catch?

Discussion in 'other anti-malware software' started by CoolWebSearch, Jul 12, 2016.

  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Windows_Security posted:
    https://www.wilderssecurity.com/thre...n-what-would-it-be.384711/page-3#post-2577011

    "What you say about Sandboxie, also applies to Windows build-in mechanisms, there are things you can do to utilize them (UAC, SRP, ACL, Smartscreen, Protected Processes, AppContainer, etc) and the good news is, those build-in features only become better and better. Plenty of security experts, bloggers, enthousiasts and amateurs have written about it, look for it if you really want to know."

    So, if I have Voodooshield, rehips, AppGuard, Sandboxie, NVT Exe Radar Pro, HMPA or MBAE on the computer and instead of these mentioned, third-party software security solutions you use UAC, SRP, ACL, Smartscreeen, Protected Processes, AppContainer, etc. on Windows 10 Pro, you basically have exactly the same protection level as you have with the combination of VoodooShield, Rehips, AppGuard, Sandboxie and MBAE or HMPA, right?

    So, what's the point of having Voodooshield, NVT Exe Radar Pro, rehips, AppGuard, Sandboxie if you are already equally fully protected with the combination of UAC, SRP, ACL, Smartscreeen, Protected Processes, AppContainer, etc.?

    The only thing you really need is anti-exploit solutions like MBAE or HMPA, right?
    Where I'm wrong here in my conclusions?

    Big thanks in advance to all posters who can find time and patience to explain me the differences.
     
  2. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    528
    You can't use any random application in appcontainer. Only those of MS that are appcontained and Chrome(with flag) from what i know. SRP/ACL cool and all but not user friendly. UAC protects only a small part which is elevation and malware can do damage without it. Protected processes are there it will not change if you use a security software. Basically some application complement Windows build in mechanism but there is no reason to go overkill.
    You for sure don't need all those you listed because the have similar protection but it depends on the user and it's internet habits.
     
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    @CoolWebSearch

    The catch is that you need a Windows Pro or are willing to run as standard user with parental control and invest time in learning how to set it up.

    Also it works well with programs installing installing in Programs Files. My wife uses a photobook creator program which auto updates and installs in user space. That is why I installed VoodooShield on my wife's laptop and dropped SRP.

    But yeah with MBAE-free and EMET-free (covering seperate programs) you should be fine.

    Enjoy your journey :thumb: because afterwards you will have a (boring) stable setup and a lot of spare time, because you miss out on updates of security software when the OS or a browser has been updated.
     
    Last edited: Jul 13, 2016
  4. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    It's nice to see you in the thread, WS, but here is the thing: if I had time I would spent both days and nights in investigation of capabilities of Windows 10 Pro (64-bit) and its built-in mechanisms since I like to do my own research, but I don't have time at all, second problem is that my family also uses my computer, so I cannot really lock down everything in a way I want.
    The only thing that you really need is anti-exploit and that's it, right?
    However I'm not sure if you need VoodooShield, hmmm....

    However, most likely I will not use anything of the third-party security software applications except an anti-exploit and VoodooShield.
    I'm not even sure if I need Sandboxie anymore, I mean I have Edge and Chrome, what do I need more, and yes I do use Firefox as well.
    I'm not sure if I need something for USB protection-as far as I know VoodooShield does have usb protection.
    What about cd/dvd? That I do not know.

    I was only saying if my Windows 10 Pro 64-bit built-in security and protection mechanisms combined are equal in both security and protection to combination of Voodooshield, rehips, AppGuard, Sandboxie, NVT Exe Radar Pro, so what's the point of having third party security solutions at all if Windows 10 Pro 64-bit has and offers everything this mentioned combinations of third party security solutions offers?

    I have to admit that I really did not understand what you meant by "Enjoy your journey :thumb: because afterwards you will have a (boring) stable setup and a lot of spare time, because you miss out on updates of security software when the OS or a browser has been updated"o_O??

    I apologize I did not respond earlier but I couldn't since my both computers right now are at repair shop, so I had to go into places where I can find wifi internet.
    So, it will take some time before I respond again.
    Big thanks in advance to everyone for replies.
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,135
    Location:
    in your mind ^^
    Easy steps:

    1- use ALL Windows' built-in security mechanism (SUA, UAC, smartscreen, etc...) from your version of Windows (Home < Pro < Ent)
    2- then look for what "holes/missing layers" your security products can fill (example: Win10 Home doesn't have Applocker so an anti-exe is welcomed on it).

    Once you have edited the "holes/missing layers" of your version of Windows, it is easy to fill them with the appropriate security application.
     
  6. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Big thanks for the reply, I do have and use Windows 10 Pro 64-bit, so what are Windows 10 Pro's 64-bit holes/missing security and protection layers?
    However I'm still wondering if I need something like VoodooShield and anti-exploit, and if I need anti-exploit, which one should I use: MBAE Premium or free, HMPA or EMET?
    Big thanks in advance.
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,135
    Location:
    in your mind ^^
    i don't have Win10 Pro; so i can't answer you precisely... to choose an anti-exploit (like every softs) , just look what it offers and what you need. For example , i use HMPA because it has some features i like/need (keystroke ecryption, etc...)
     
  8. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,015
    Running Windows 10 x64 Pro (SUA, UAC, SmartScreen, etc.)
    with Sandboxie and
    MBAE Premium
    :thumb:
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,622
    Location:
    Toronto, Canada
    Very nice, well thought out setup which would be light and efficient yet solid protection. :thumb:
     
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,183
    I was surprised running Chrome SBIEd and then not offering any little exploit protection that i have. My mouse cursor starting to behave wierd etc. In the end even could not start ccleaner without an admn popup, that i refused. I shut down my computer.

    So Sandboxie is nothing IMO if you are black hacker targeted. You will need some exploit protection, i have to say which you do have I think CWS.
     
  11. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    What do you mean by that statement that Sandboxie has only a little exploit protection?

    So, what do you mean by that statement, I'm kind of hard to understand; what do you mean by "So Sandboxie is nothing IMO if you are black hacker targeted"?
    Did you mean Sbie, even when tightly and properly configured cannot protect you against black hackers if you are their target?
    Yes, I think everyone should have anti-exploit protection tools against exploits.
    I have to check it out what exactly HMPA as anti-exploit tool protects against, plus what are its additional protections....
    And of course I'd try out VoodooShield, plus I need usb protection against malwares and exploits as well as well as cd/dvd protection against malwares and exploits.

    And what are differences between HMPA and MBAE free and premium?
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    @CoolWebSearch ,

    you are probably wasting your time hyper-analyzing the two approaches you bring up. Either one or a combination of the two in a Pro Windows system should be perfectly secure, unless you are being specifically targeted. My simple approach is utilize what's already built-in to Windows/Linux, then maybe augment it with some 3rd-party utility. In my case the browser is my primary focus.
     
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    I wish a black hatter targetted me. Changes are so low, when that happens I will probably also win the Dutch Lottery (I buy a 1/5 "street" every month, but have not won anything over 250 guilders in 30 years).
     
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,183
    To CWS, using SBIE does disable what exploit protection I have. Other exploit protection programs might work SBIEd too. I silence myself from this thread or you, so don't ask more.

    To WS, you don't want that. If that happens to you, you will then loose somehow all trust.
    I myself installed my laptop W7 from optical disk back with factory settings about a year ago, and have been careful. No help. I'm so disgusted about this situation, that I won't bother with any built in security in the operating system. Appguard is simple and I have it. And run under SUA. And thats all I care about this disguating situation. I hope Flash dies soon from pages I see.
    If W10 offers any better for those who have the professional version I don't know. It is not something for normal users who buy their laptops from where they get it most economically.
     
  15. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,015
    I forgot to write about my SpyShelter Premium...;)
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    The catch is that third party tools are a lot more user friendly in general. Also, you can't do the same stuff with "Windows build-in mechanisms", like you can do with HIPS and sandboxing for example. Windows doesn't provide virtualization and behavior blocking. It can also not protect against advanced exploit attacks, so you're right about needing anti-exploit. And UAC/SRP is basically a dumbed down, less user friendly version of anti-exe, so why not use the real thing.
     
  17. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    In my case, it's web-browser and removable drives that need to be protected this is why I thought having some third party that protects infections and from exploits from both web-browser and removable drives is my priority.
     
  18. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    I see what you mean, most likely I will have an third party software or 2 on my Windows 10 Pro 64-bit, and that's about it.
     
  19. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Well, HMPAlert does work with Sandboxie with Sandboxed web-browser very well; at least that was in my case.
     
  20. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Why would you want that?
     
  21. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Wait a minute what exactly features HMPA has?
    I mean it's waay more than just an anti-exploit tool.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,135
    Location:
    in your mind ^^
    it has plenty of features. you should check their website.
     
  23. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    Chances are so low, when that would happpen, I would probably also win the lottery ;)

    I was just kidding. Most of Wilders Members are preparing for war, which is likely never going to happen. That said I don tell people should not prepare for disaster (like in the real world buying an insurance), but you can not rule out every risk. Balance paranoia with enjoying life and security with useability.
     
  24. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,188
    Well, I can laugh at this, because I was on of those people who actually won the lottery 4 times, the money price was not that great at all, I always go on smaller amount of dollars, I don't trust big money lotteries, however this also beats argument about the chances of not getting lottery, yeah right, you should compare this with something else, like the sun will not rise tomorrow-what are the chances, like 0.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,767
    Location:
    Nicaragua
    I think the best protection for not getting infected via removable drives is not to plug in any that's not yours. You have been using Sandboxie for years, you can use it to protect your system from infected removable drives that get plugged in. If you force your USB folders, anytime a flash drive gets plugged in, the USB folder pops up using a sandboxed version of Windows explorer. Anything that runs, runs sandboxed automatically. You can use a dedicated sandbox for the external drives, and restrict it according to the programs you usually run out of removable drives. Its easy to set up and it works. :)

    Bo
     
Loading...