DefenseWall and Sandboxie together?

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: DefenseWall and Sandboxie together?

Post by Guest on 6/6/2010, 22:58

Yes I know, I was just making the point that Sandboxie is useable and understandable for people across the board as it comes, which is maybe more attractive to a whole range people with different skill levels. You can get setup and running fairly quickly with a rough idea of the concept of it and then "upgrade" your configuration yourself later by using the forum or Sandboxie Help etc.
Whilst some other security softwares are fantastic for the people "in the know" with advanced skills they can be daunting/intimidating for many who don't want or haven't yet got the ability/experience to jump in at the "deep" end.

bo.elam wrote:Hi Patrick Sandboxie gives you considerable protection at default level
like you said but you ll be much more protected if you make just a few
changes to harden the sandbox.
Bo

Guest
Guest


Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by Hawkwind on 15/6/2010, 16:47

My preferable way of using the two together would be to have the browser run using Sandboxie, the Sandbox recovery folders would be in Defensewalls untrusted list, therefore anything saved from the Sandbox would automatically run as untrusted by Defensewall until it was moved into a trusted folder.
avatar
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

View user profile

Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by ssj100 on 15/6/2010, 17:32

Hawkwind wrote:My preferable way of using the two together would be to have the browser run using Sandboxie, the Sandbox recovery folders would be in Defensewalls untrusted list, therefore anything saved from the Sandbox would automatically run as untrusted by Defensewall until it was moved into a trusted folder.

I understand what you're saying here, but we seem to keep forgetting that not everything will open untrusted by DefenseWall:
http://www.sandboxie.com/phpbb/viewtopic.php?p=53555#53555

The above link is the one I thought of first. I'm sure I've written something similar at least 10-15 times in the last year on various forums haha. Also a key point in that link is that neither Sandboxie nor DefenseWall directly block buffer overflow attacks (which are actually very common...more common than most people think. I think Comodo claimed that they were the most frequently seen attacks in 2008, although I suspect these attacks were not targeting home users as much as corporate facilities).

I guess with Sandboxie, we give ourselves the best hope of at least mitigating a deadly buffer overflow attack by configuring appropriate start/run restrictions, although if you have a system wide default deny mechanism in place, this may not be so important.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by wingman on 18/6/2010, 17:50

Hawkwind wrote:My preferable way of using the two together would be to have the browser run using Sandboxie, the Sandbox recovery folders would be in Defensewalls untrusted list, therefore anything saved from the Sandbox would automatically run as untrusted by Defensewall until it was moved into a trusted folder.

Here is a statement about DW opening pictures as trusted; http://gladiator-antivirus.com/forum/index.php?s=733ae7853591ea3e999b74cb38227554&showtopic=105974
Ilya says not a problem, "There is Hardware DEP to protect against this."
Who knows?
avatar
wingman
Member
Member

Posts : 50
Join date : 2010-05-15

View user profile

Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by ssj100 on 18/6/2010, 18:02

wingman wrote:
Hawkwind wrote:My preferable way of using the two together would be to have the browser run using Sandboxie, the Sandbox recovery folders would be in Defensewalls untrusted list, therefore anything saved from the Sandbox would automatically run as untrusted by Defensewall until it was moved into a trusted folder.

Here is a statement about DW opening pictures as trusted; http://gladiator-antivirus.com/forum/index.php?s=733ae7853591ea3e999b74cb38227554&showtopic=105974
Ilya says not a problem, "There is Hardware DEP to protect against this."
Who knows?

I think Tzuk more accurately and comprehensively sums it up here:
http://www.sandboxie.com/phpbb/viewtopic.php?p=53719#53719

My take on it? Here you go:
1. Buffer overflow exploits are everywhere and could be discovered in any software (including security software).
2. All real-world malware exploits have always involved a payload executable file to do its harm, period.
3. There are many ways to mitigate or block these exploits, including Hardware DEP (which isn't hard to bypass I am told, but better to have it ON than OFF I suppose), anti-execution mechanism (which blocks the malicious payload file from running, thus preventing any harm to your system), sandboxing (prevents the exploit interacting with the REAL system), and perhaps most importantly to keep all software up to date (including Windows).
4. If the exploit targeted kernel mode code (presumably Ring 0: http://en.wikipedia.org/wiki/Ring_%28computer_security%29 ), then there isn't much we can do except hope Microsoft release a patch for it ASAP.
5. Worse come to worse, we can simply load up our last clean working image.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by tnegjm on 18/6/2010, 21:17

I agree with and use the same methods ssj. I also truecrytp as much sensitive data as I can to protect it from being stolen if/when those unpatched instances are exploited.

tnegjm
Member
Member

Posts : 37
Join date : 2010-04-20

View user profile

Back to top Go down

Re: DefenseWall and Sandboxie together?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum