Joint Winners: SandBoxie and DefenseWall
2006 should have been called "The Year of the 0-day Threat."
0-day threats are security problems involving brand new exploits. Typically these include new virus threats or exploits of previously unknown flaws in computer products.
Normal security products like anti-virus and anti-spyware scanners provide only limited protection against such threats. Your AV program can’t fully protect you against a new virus that’s not yet in its signature database nor can your anti-spyware program prevent you from being infected by a previously unknown flaw in a product like Microsoft Office.
Unfortunately these threats have recently escalated to unprecedented levels. Hostile web sites that use 0-day threats to secretly infect your PC have proliferated rapidly while new email threats have arisen that only require you to open an HTML email to get infected.
Although the overall level of such threats has increased they are not yet common. Users who surf widely and use P2P networks are currently most at risk. However if the problem continues to escalate, 0-day threats will pose a serious threat to all users in the near future.
In this context it is appropriate that my award for the product of the year for 2006 should go to a security product that protects your PC against 0-day threats.
Well, two computer security products. The two winning products are both so good that I really couldn’t choose one over the other.
SandBoxie and DefenseWall are both sandboxing programs designed to isolate your PC from internet based threats. Unlike anti- virus programs that rely on signatures to detect threats they protect your PC by fencing off and isolating potentially dangerous programs so they can’t infect your PC. They don’t replace your AV program but rather are designed to provide an additional layer of protection.
SandBoxie and DefenseWall have a lot of similarities but they operate quite differently.
SandBoxie works by allowing you to run your web browser, email program and any other program of your choosing in a virtual environment that’s totally corralled off from your real PC. Any malware programs that are downloaded through your browser or email can run in this virtual environment without infecting your real PC. When you have finished you can shut down the sandbox and all the infected programs will be erased without ever getting onto your real PC.
DefenseWall offers a similar capability but with a twist. While SandBoxie requires the user to consciously decide what programs to sandbox, DefenseWall automatically sandboxes your browser, email program, instant messaging, FTP utility and any other program it considers a potential vehicle for introducing infection onto your computer.
It does this using an inbuilt list of "untrusted" programs. This list includes Internet Explorer and all the common browsers plus email clients and lots of other utilities as well. You can also manually add programs to this list.
Any program or process that is started by an untrusted program inherits the untrusted (i.e. sandboxed) status. So if you visit a hostile website in your browser, any malicious programs that run secretly are automatically sandboxed as they inherit the untrusted status of the browser.
This policy based approach used by DefenseWall brings about distinct differences in use compared to SandBoxie.
With DefenseWall, your browser is automatically sandboxed every time you run it unless you choose to run it unsandboxed. With SandBoxie your browser is only sandboxed if you choose to start it sandboxed.
This is a critical difference, particularly when the PC is being operated by less experienced users.
There is another important difference. SandBoxie corrals off all downloaded and changed files into a special area of your disk: the sandbox. These files are not easily accessible unless you go hunting around in the sandbox and choose to move them to the normal working areas of your disk
In contrast DefenseWall downloads files to the normal locations on your PC. That’s because DefenseWall is not seeking to control infection by physical isolation but rather by preventing malware programs from running.
Each approach has its strengths and weaknesses.
SandBoxie can be annoying when you download a legitimate file and then have to go hunting for it. This is an inconvenience but can be tolerated. The situation with email files is much more serious. Keeping all your email files in the sandbox is so awkward that it verges on the impracticable.
On the other hand it’s comforting with SandBoxie to be able to clear the sandbox and know everything you downloaded is gone. And that comfort extends to privacy as well as security.
DefenseWall doesn’t interfere with the normal location of your downloaded files or email and that’s a real convenience. However if any of these downloaded files are infected they could pose a risk in the event you ever accidentally run them.
I say "accidentally" because DefenseWall allows you to run downloaded files quite safely by selecting the "run as untrusted" option from the mouse right click context menu. In this case they are completely sandboxed and your PC cannot become infected. However if you didn’t use this option and absent-mindedly double click an infected download, then you could get infected.
On balance DefenseWall may be better suited to average users as its policy based approach requires less user intervention. On the other hand, more experienced users may prefer Sandboxie as it leaves the decision making firmly in their hands.
Despite the differences in operation, both products offer outstanding protection. Both are totally resistant to termination by a hostile agent. Both provide near perfect isolation of malware programs including 0-day threats. Both are small and efficient and will hardly use any of your computer resources.
Anyone who surfs widely on the internet or uses P2P networks should consider using one of these products. Should 0-day threats continue to escalate in 2007 as they have in 2006, we may all need them.
I congratulate the program authors, Ronen Tzur and Ilya Rabinovich on their achievements.
http://www.sandboxie.com/ Donationware, Windows 2000 and later, 242KB
http://www.softsphere.com/ Shareware, $29, 30 day trial, Windows 2000 and later, 1.02MB
Insider tips, how-tos, best security practices, and more
The Windows Secrets Newsletter brings you essential tricks for running Windows XP, Vista, 7, Internet Explorer, Firefox, Windows Update, and more — weekly, free.
Bonus: get this free download when you subscribe
Interested in Windows 8 but don't know where to start? You have a friendly guide in My Windows 8 Consumer Preview: A Sneak Peek at the Windows 8 Public Beta, by Katherine Murray. This month, all subscribers can download Chapter 1 and Chapter 5. In this excerpt you will learn about the new look of Windows 8, how to make things happen in it, how to use the apps that come with it, and how to get more apps.
We guarantee your privacy: We will never sell, rent, or give away your address to any outside party, ever. We will never send you any unrequested e-mail. Unsubscribe requests are honored within one business day. Privacy Policy
Related posts:
