hi all
i just bring some possible setup someone mention around
the set up is simple
set ALL browsers(firefox,opera,iexplorer..) u are using as TRUSTED under DW
set sandboixe folder (c:\sandboxie) as UNTRUSTED
now ... what u ppl think on that?
ilya i will be glad to hear your thinking on this setup , is it safe?does it sound logic?
*ps*
how can i set 08.08.2009 13:33:52, module C:\Program Files\Internet Explorer\iexplore.exe, Loading untrusted/untrusted created module D:\Sandbox\home\exp2\drive\C\WINDOWS\Downloaded Program Files\launcher.ocx. Process is untrusted now. (Process)
to run trusted? i try add it(launcher.ocx) in untrusted area and disable it(red bar appear) and add it to exclude list, nothing help , it still run untrusted....anyone can help me on that file?
10x!!
cheers
Full Version: running Defensewall+Sandboxie , logic setup is it?
All your browsers, e-mail, IM, multimedia, P2P and IRC clients must be set as untrusted.
QUOTE (Ilya Rabinovich @ Aug 8 2009, 05:13 PM) 
All your browsers, e-mail, IM, multimedia, P2P and IRC clients must be set as untrusted.
i don't understand what u mean ... maybe u mean all need to be trusted , but what is your impression of my setup?
Just read help file carefully- all the dangerous Internet-facing aps must be set as untrusted.
QUOTE (Ilya Rabinovich @ Aug 8 2009, 07:13 PM)
Just read help file carefully- all the dangerous Internet-facing aps must be set as untrusted.
oww , i think we miss understood each other , i TRUSTED all under DW coz i want to prevent it double protected by SB (dangerous Internet-facing aps) and DW
so all "dangerous Internet-facing aps" are protected by SB and the folder SB installed by DW
what do u think about that set up?
I have no idea- I don't use SBIE and have no idea about its defensive capabilities.
@ilya
how can i set 08.08.2009 13:33:52, module C:\Program Files\Internet Explorer\iexplore.exe, Loading untrusted/untrusted created module D:\Sandbox\home\exp2\drive\C\WINDOWS\Downloaded Program Files\launcher.ocx. Process is untrusted now. (Process)
to run trusted? i try add it(launcher.ocx) in untrusted area and disable it(red bar appear) and add it to exclude list, nothing help , it still run untrusted.
cheers
how can i set 08.08.2009 13:33:52, module C:\Program Files\Internet Explorer\iexplore.exe, Loading untrusted/untrusted created module D:\Sandbox\home\exp2\drive\C\WINDOWS\Downloaded Program Files\launcher.ocx. Process is untrusted now. (Process)
to run trusted? i try add it(launcher.ocx) in untrusted area and disable it(red bar appear) and add it to exclude list, nothing help , it still run untrusted.
cheers
Hello,
demoneye, why use SB and DW?
I think, it is useless to multiply the protections. DW is more effective than SB therefore, in your place, I no longer use SB.
1 firewall + 1 antivirus + DW, these three programs are sufficient.
In addition, do not forget to use software update to avoid vulnerabilities.
You have a test online here: http://secunia.com/vulnerability_scanning/online/
You must do this test with a Trusted browser (only during the test of course).
demoneye, why use SB and DW?
I think, it is useless to multiply the protections. DW is more effective than SB therefore, in your place, I no longer use SB.
1 firewall + 1 antivirus + DW, these three programs are sufficient.
In addition, do not forget to use software update to avoid vulnerabilities.
You have a test online here: http://secunia.com/vulnerability_scanning/online/
You must do this test with a Trusted browser (only during the test of course).
QUOTE (Sacles @ Aug 9 2009, 08:12 AM)
Hello,
demoneye, why use SB and DW?
I think, it is useless to multiply the protections. DW is more effective than SB therefore, in your place, I no longer use SB.
1 firewall + 1 antivirus + DW, these three programs are sufficient.
In addition, do not forget to use software update to avoid vulnerabilities.
You have a test online here: http://secunia.com/vulnerability_scanning/online/
You must do this test with a Trusted browser (only during the test of course).
demoneye, why use SB and DW?
I think, it is useless to multiply the protections. DW is more effective than SB therefore, in your place, I no longer use SB.
1 firewall + 1 antivirus + DW, these three programs are sufficient.
In addition, do not forget to use software update to avoid vulnerabilities.
You have a test online here: http://secunia.com/vulnerability_scanning/online/
You must do this test with a Trusted browser (only during the test of course).
Don't tell demoneye that DW is more effective than SB - he'll never believe that haha.
[edit] This advice is 'cooked' by the user for own customization and product mix - it is not sanctioned by the developer
Also, the concept of using SB and DW is very nice:
1. Sandbox all internet-facing applications
2. Configue DW to trust all internet-facing applications
3. Configure DW to untrust C:\Sandbox
Therefore, anything that you recover from the sandbox will come under the untrusted protection of DefenseWall. If you don't understand why someone would want to configure it like this, then you clearly do not understand how Sandboxie works.
Expanding the number of protections does not necessarily increase the security and sometimes even it decreases. We should not become paranoid.
I repeat 1 firewall + 1 AV + DW is enough efficient. No need to have other things.
What is the advantage? In my opinion nothing if you use browsers ... as Untrusted.
I repeat 1 firewall + 1 AV + DW is enough efficient. No need to have other things.
QUOTE
1. Sandbox all internet-facing applications
2. Configue DW to trust all internet-facing applications
3. Configure DW to untrust C:\Sandbox
2. Configue DW to trust all internet-facing applications
3. Configure DW to untrust C:\Sandbox
What is the advantage? In my opinion nothing if you use browsers ... as Untrusted.
good explanation SJ100
@Sacle
its seems u dont know SB very well ,so your opinion is incorrect ( say the least).
i just sugest to merage DW+SB , skip the double protection from the browser or like ilya called them "dangerous Internet-facing aps"
cheers
@Sacle
its seems u dont know SB very well ,so your opinion is incorrect ( say the least).
i just sugest to merage DW+SB , skip the double protection from the browser or like ilya called them "dangerous Internet-facing aps"
cheers
For information, I am sufficiently aware for the protection of PC.
I use DW for a few days but I'm in charge of security for years.
Install the protections as you want but do not become paranoid.
I use DW for a few days but I'm in charge of security for years.
Install the protections as you want but do not become paranoid.
@Sacles
the aim is to make the best out of all protection , and keep system light , also a double same protection or even close to that is stupid , that why i set up DW+SB as the way it is.
so "paranoid" is a childish word , and realy missed to thread in here
cheers
the aim is to make the best out of all protection , and keep system light , also a double same protection or even close to that is stupid , that why i set up DW+SB as the way it is.
so "paranoid" is a childish word , and realy missed to thread in here
cheers
In French: Paranoia = anxiety, distrust exaggerated. This is not a childish word.
Sorry if I translate wrong.
Sorry if I translate wrong.
DW + SBIE is a good setup for me. The one big weakness of DW for me is that any activity or changes that happen as a result of browsing using internet facing apps (and I'm not talking about malicious activity, just things like caching of web pages) and installing applications actually happens on your real pc environment. With SBIE you can wipe all traces of them instantly by deleting the sandbox. So I can install software to test in the Sandbox for example and then wipe all traces of it instantly if I want to.
The big weakness of Sandboxie is that anything you recover out of the sandbox no longer isolated and could potentially damage your pc.
Using DW + SBIE is the ideal combination for me. It's not about increasing the level of security, because if all I wanted was maximum security I'd use DW by itself. It's about usability and appreciating the benefits a sandbox can offer in day to day use of your pc.
The big weakness of Sandboxie is that anything you recover out of the sandbox no longer isolated and could potentially damage your pc.
Using DW + SBIE is the ideal combination for me. It's not about increasing the level of security, because if all I wanted was maximum security I'd use DW by itself. It's about usability and appreciating the benefits a sandbox can offer in day to day use of your pc.
QUOTE (Scoobs @ Aug 9 2009, 06:23 PM)
DW + SBIE is a good setup for me. The one big weakness of DW for me is that any activity or changes that happen as a result of browsing using internet facing apps (and I'm not talking about malicious activity, just things like caching of web pages) and installing applications actually happens on your real pc environment. With SBIE you can wipe all traces of them instantly by deleting the sandbox. So I can install software to test in the Sandbox for example and then wipe all traces of it instantly if I want to.
The big weakness of Sandboxie is that anything you recover out of the sandbox no longer isolated and could potentially damage your pc.
Using DW + SBIE is the ideal combination for me. It's not about increasing the level of security, because if all I wanted was maximum security I'd use DW by itself. It's about usability and appreciating the benefits a sandbox can offer in day to day use of your pc.
The big weakness of Sandboxie is that anything you recover out of the sandbox no longer isolated and could potentially damage your pc.
Using DW + SBIE is the ideal combination for me. It's not about increasing the level of security, because if all I wanted was maximum security I'd use DW by itself. It's about usability and appreciating the benefits a sandbox can offer in day to day use of your pc.
Well put, and this is why I use Defense+ with Sandboxie. Anything I recover out of the sandbox will still be under the protection of Defense+. Defense+ is great, as it will tell me in real-time when something is unsafe with pop-ups. The control you get over the system is just brilliant too.
If you dont like pop-ups and you don't like classical HIPS in general, then DefenseWall is for you. However, can I ask what happens to your "Untrusted List" when you recover eg. an archive containing 1000 .jpg files out of the sandbox and under DefenseWall's protection? Also, I find it unsettling that malware could be trying to attack me (and being crippled by DefenseWall) without me even knowing about it. With a classical HIPS, you know everything that's going on, as it will give a pop-up.
Hello,
DW, like other HIPS should be installed only on systems that are not infected. Your system must be 'clean' before installing DefenseWall (or an other HIPS).
These are not tools to correct, these are prevention programs.
The HIPS (DW or others) as to protect your system from external attacks. Any files and applications downloaded or launched through those untrusted gateways are also marked Untrusted - they cannot harm your system, they operate in an isolated environment.
Untrusted processes or program run within a virtual space but separated from the trusted space on your system, with reduced rights.
Little experience: Place Notepad as Untrusted and try to modify your hosts with Notepad: it's impossible.
DW has been tested in AV-Comparatives: http://www.av-comparatives.org/comparative...product-reviews The results are very good.
Excuse-me for my bad English.
DW, like other HIPS should be installed only on systems that are not infected. Your system must be 'clean' before installing DefenseWall (or an other HIPS).
These are not tools to correct, these are prevention programs.
The HIPS (DW or others) as to protect your system from external attacks. Any files and applications downloaded or launched through those untrusted gateways are also marked Untrusted - they cannot harm your system, they operate in an isolated environment.
Untrusted processes or program run within a virtual space but separated from the trusted space on your system, with reduced rights.
Little experience: Place Notepad as Untrusted and try to modify your hosts with Notepad: it's impossible.
DW has been tested in AV-Comparatives: http://www.av-comparatives.org/comparative...product-reviews The results are very good.
Excuse-me for my bad English.
QUOTE (ssj100 @ Aug 10 2009, 05:54 AM)
However, can I ask what happens to your "Untrusted List" when you recover eg. an archive containing 1000 .jpg files out of the sandbox and under DefenseWall's protection? Also, I find it unsettling that malware could be trying to attack me (and being crippled by DefenseWall) without me even knowing about it. With a classical HIPS, you know everything that's going on, as it will give a pop-up.
I tested this out by putting an archive called "Test" containing 100 jpgs on my Desktop. If I extract to a new folder called "Test" then all that appears in the untrusted list is reference to the "Test" directory as being untrusted. If I extract to an existing directory that is not on the untrusted list then the jpgs are classed as "Allowed to be modified by untrusted" and therefore appear in the "File and Registry Protection Excludes" list. This wasn't the result I was expecting but I guess it makes sense.
I use both and love it 
QUOTE (SIR****TMG @ Aug 11 2009, 05:13 AM)
I use both and love it
did u try me method? if so what do u think on it
cheers
QUOTE (Scoobs @ Aug 10 2009, 07:46 PM)
QUOTE (ssj100 @ Aug 10 2009, 05:54 AM)
However, can I ask what happens to your "Untrusted List" when you recover eg. an archive containing 1000 .jpg files out of the sandbox and under DefenseWall's protection? Also, I find it unsettling that malware could be trying to attack me (and being crippled by DefenseWall) without me even knowing about it. With a classical HIPS, you know everything that's going on, as it will give a pop-up.
I tested this out by putting an archive called "Test" containing 100 jpgs on my Desktop. If I extract to a new folder called "Test" then all that appears in the untrusted list is reference to the "Test" directory as being untrusted. If I extract to an existing directory that is not on the untrusted list then the jpgs are classed as "Allowed to be modified by untrusted" and therefore appear in the "File and Registry Protection Excludes" list. This wasn't the result I was expecting but I guess it makes sense.
Meaning you'll end up with an enormous list in the "File and Registry Protection Exludes". You like that?
QUOTE (ssj100 @ Aug 12 2009, 05:46 AM)
QUOTE (Scoobs @ Aug 10 2009, 07:46 PM)
QUOTE (ssj100 @ Aug 10 2009, 05:54 AM)
However, can I ask what happens to your "Untrusted List" when you recover eg. an archive containing 1000 .jpg files out of the sandbox and under DefenseWall's protection? Also, I find it unsettling that malware could be trying to attack me (and being crippled by DefenseWall) without me even knowing about it. With a classical HIPS, you know everything that's going on, as it will give a pop-up.
I tested this out by putting an archive called "Test" containing 100 jpgs on my Desktop. If I extract to a new folder called "Test" then all that appears in the untrusted list is reference to the "Test" directory as being untrusted. If I extract to an existing directory that is not on the untrusted list then the jpgs are classed as "Allowed to be modified by untrusted" and therefore appear in the "File and Registry Protection Excludes" list. This wasn't the result I was expecting but I guess it makes sense.
Meaning you'll end up with an enormous list in the "File and Registry Protection Exludes". You like that?
It's not an issue for me. It doesn't affect usability or performance. It's a bit like people who use a host file like MVPS - it doesn't affect usability or performance and it's not something you need to manage.
QUOTE (Scoobs @ Aug 12 2009, 07:44 AM)
QUOTE (ssj100 @ Aug 12 2009, 05:46 AM)
QUOTE (Scoobs @ Aug 10 2009, 07:46 PM)
QUOTE (ssj100 @ Aug 10 2009, 05:54 AM)
However, can I ask what happens to your "Untrusted List" when you recover eg. an archive containing 1000 .jpg files out of the sandbox and under DefenseWall's protection? Also, I find it unsettling that malware could be trying to attack me (and being crippled by DefenseWall) without me even knowing about it. With a classical HIPS, you know everything that's going on, as it will give a pop-up.
I tested this out by putting an archive called "Test" containing 100 jpgs on my Desktop. If I extract to a new folder called "Test" then all that appears in the untrusted list is reference to the "Test" directory as being untrusted. If I extract to an existing directory that is not on the untrusted list then the jpgs are classed as "Allowed to be modified by untrusted" and therefore appear in the "File and Registry Protection Excludes" list. This wasn't the result I was expecting but I guess it makes sense.
Meaning you'll end up with an enormous list in the "File and Registry Protection Exludes". You like that?
It's not an issue for me. It doesn't affect usability or performance. It's a bit like people who use a host file like MVPS - it doesn't affect usability or performance and it's not something you need to manage.
Also what about a file you download and is under DefenseWall protection. What if the file phones out using your internet? I guess DW version 3 will stop this?
Anyway, what if your "File and Registry Protection Excludes" numbers in the millions (or you know what I mean), and you open it up to look at this list...what happens? Is there any slow-down etc? (I'm actually genuinely asking this, thanks for any help).
QUOTE (ssj100 @ Aug 12 2009, 11:32 AM)
What if the file phones out using your internet? I guess DW version 3 will stop this?
Personal Firewall edition- yes, it will.
QUOTE (ssj100 @ Aug 12 2009, 11:32 AM)
Anyway, what if your "File and Registry Protection Excludes" numbers in the millions (or you know what I mean), and you open it up to look at this list...what happens? Is there any slow-down etc? (I'm actually genuinely asking this, thanks for any help).
Naturally, it will cause some slowdowns- because it will takes registry resources. But it won't be significant. At least, shouldn't be so... Any way, there is a checkbox "Automatically remove items from rollback list", it's implemented to avoid potential problems.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.