Jump to content


Photo

What makes DefenseWall more secure than Sandboxie (I'm a rookie wi


  • Please log in to reply
No replies to this topic

#1 Kane

Kane

    Active Member

  • Active Members
  • 12 posts

Posted 02 December 2011 - 05:12 PM

I apologize, if I ask totally wrong question.
I never used Sandboxie, but I started to use DefenseWall, and as it seems I will keep it, because it is so easy to use.
My first question is: Does DW protect against man-in-the-middle attacks?
If not what I should use to protect from such attack?

What is the main difference between DW and Sandboxie?
Last year 2010, Sandboxie did fail to protect against some malware:
http://www.wildersse...ad.php?t=269880

Users often say that in SBIE can be configured in such a way so that malware can't start/run and can't access the Internet.
So, without configuration SBIE fails against against keyloggers for example.

Also, this post from ssj100 worried me:
"Yes, I've tried DefenseWall several times in the past - it's reasonable software for the noob user, but it's frustrating for the more experienced user. It also causes more slow down than Sandboxie (although most people won't mind it, as it's only a slight slow-down).

The most frustrating aspect of DefenseWall is certainly the rollback function - basically various debris (file and registry "tracks") is left behind by "untrusted" applications and are stored in Defensewall's rollback list. If you get infected by malware, or if you simply want to clean up your tracks, it is very difficult to do so after several weeks of use - there's just no way anyone will sit there for hours sifting through the crap left by your untrusted applications! And if you're not careful, you may even remove/delete something vital by accident. But for the noob user who doesn't care about this debris, he/she will be blissfully unaware of the (potential) mess DefenseWall has allowed. And so the noob user will remain happy. Ignorance is bliss as they say.

Don't get me wrong, DefenseWall is very strong at preventing active malware infestation of your system. However, it is rather unsettling that malware debris may be left on your REAL system - for example, it is possible that this debris could contain enough code to remotely execute via a specific buffer over-flow exploit, and thus log your keys, screen, clipboard etc, and send out this information via the application you have allowed internet access (eg. your web browser). In contrast, with Sandboxie, this is easily solved by the methods I described above. And very clearly, Sandboxie makes it much easier to empty out EVERYTHING (all the debris) your untrusted applications have created.

With Sandboxie + LUA + SRP + DEP, the security approach as well as the actual security products you're using is what provides "100%" protection. I just cannot see any other way to achieve even close to this level of protection. Just think, I was changing my security setup almost every week for most of the year 2009 when I was actively posting at the Wilders forum. When I reached this setup, I did not change. It's been working perfectly for several months!"

So, if you delete everything in rollback list some malware might still be in an folder in the real system?

Also, one question for Ilya:
Does current DW pass the following tests from 2006:
http://security.over...le-3030160.html

Thanks to all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users