Default/Deny comparison -- the results

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Based on your initial posts, it's not a clear cut solution (reading the Cons)?

What I meant by Install and Forgot, is it's ease of use, when dealing with threats and non-threats. For example, How Auto-Protect in Norton Security will handle your Security compared to a talkative product.
right, I agree that it's not a clear-cut solution. It would be futile to rate the apps, because each user has different priorities. There are too many pros and cons.

my joke about install and forget (about your system) was trying to poke fun at the experience of installing a new default/deny app, only to find that it trashed the system.
 
  • Like
Reactions: AtlBo and Rengar
D

Deleted member 178

@Duotone You need access to the options to tighten VS, especially the whitelisting/blacklisting, look at the "greyed" options and you will understand.
 
  • Like
Reactions: AtlBo and Rengar

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I assume Sandboxie's only used to sandbox certain programs like browsers since it would be inconvenient otherwise in the free version.
no one said it was convenient...
Sandboxie also lacks the application control that you have in ReHIPS .
On the other hand, I think that Sandboxie has the advantage of being more intuitive and easier to grasp, for the average user.
It's strange,I don't hear people talking about SBIE anymore. Did it go out of style or something?
 
  • Like
Reactions: AtlBo and Rengar
D

Deleted member 178

I assume Sandboxie's only used to sandbox certain programs like browsers since it would be inconvenient otherwise in the free version.
you can isolate programs, the only difference between free and paid is that you don't have "forced" apps and cannot run 2+ isolated programs at same time.

no one said it was convenient...
Sandboxie also lacks the application control that you have in ReHIPS .
That is the advantage of ReHIPS , and why i love it.

On the other hand, I think that Sandboxie has the advantage of being more intuitive and easier to grasp, for the average user.
yes easier to use
It's strange,I don't hear people talking about SBIE anymore. Did it go out of style or something?

because i think (based on my experience with it):

- Sbie is breakingmany apps, its mechanism is based on specific kind of whitelist , so if a program has serious code modifications (like Chrome) , it is out of the list and sbie beak it , then Sbie need to be updated to adjust to it... And even then, some bugs may be still there because the compatibility isn't fully implemented. The best background to use Sbie: Win7 + firefox , unfortunately , we are on Win10 and chrome is popular.
Just look at the number of updates Sbie had since Win8/10 compared to Win7. Most of the changelogs are " incompatibility/issue with software x is fixed" ... It is the main reason i ditched it (i have a lifetime version) in the favor of ReHIPS.
ReHIPS uses Windows mechanisms so it doesn't need constant updates, the price is the wannabe users need to take more time to learn how to use it.

- People can have a decent easy to use sandbox for free with Comodo.

I still like sandboxie, but it is not my favorite sandboxing apps anymore. Not saying in a close future , Chrome and Edge will have their own isolation so Sbie will not be needed anymore, except for isolating other applications.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
my joke about install and forget (about your system) was trying to poke fun at the experience of installing a new default/deny app, only to find that it trashed the system.
I don't use an Install and Forgot, but for the average user of Windows, would Default Deny be a viable option for them. They already have Windows Defender on enabled on Windows 10.

Not trying to make a point or argument, because I have nothing to add to the topic. :)
 
D

Deleted member 178

I don't use an Install and Forgot, but for the average user of Windows, would Default Deny be a viable option for them. They already have Windows Defender on enabled on Windows 10.
Deny-default is not for average users , those want use their computer for work or leisure not for mounting Fort-Knox.
Look at Emsisoft , they abandoned their HIPS and simplified their BBs to fit the reality : Average Joe won't need default-deny solutions. Reason why MS increase passive security in Win8/10.

Deny default is more for corporate admins who needs to lock access to the system from employees. Obviously seurity geeks will also use them.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I don't use an Install and Forgot, but for the average user of Windows, would Default Deny be a viable option for them. They already have Windows Defender on enabled on Windows 10.

Not trying to make a point or argument, because I have nothing to add to the topic. :)
aha, now I finally understood your post! sorry I am so thick.

avast with hardened mode is set-and-forget, although it is not as strong as the other options.

voodooshield wants to be set-and-forget, but in my experience, it has not lived up to that claim. maybe it will get there someday, that is the dream of the dev.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
as a followup to my poll yesterday,
Compare Protection - Which default/deny solution wins, and why?
I will offer my comparison of the products discussed...

COMODO Firewall

...poorly documented exploit protection...
Yesterday, I got some clarification on the Comodo forum, regarding protection for fileless exploits such as Powelicks. Thanks to their global moderator @futuretech for the info.

Historically, fileless exploits posed a problem for Comodo (unless you were running your vulnerable apps in sandbox).

This issue was addressed in Comodo 10 with the new feature called "embedded code detection".
This feature catches the code executed on various script interpreters, even if no actual script file (.bat, .cmd, .py, .js, .ps1) was involved. Thanks to this new feature, the browser and other trusted apps cannot be exploited in order to filelessly execute malicious code.

From here on, I will state my own observations, not those of @futuretech.

In the current build of Comodo 10, this feature is turned off by default for cmd.exe and certain other script interpreters. (Assumedly, because it was causing a lot of software conflicts and generating user discontent.) But it is enabled by default for powershell.

Various kinds of memory exploits are protected by the feature called "detect shellcode injections". (This is not a new feature at all.)

I am still seeking clarification on how dll protection works.
 
  • Like
Reactions: AtlBo and lab34

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Great power comes with great responsibility.

That is how default-deny concept works, in order to attain the maximum capabilities is to tweak it carefully and observe the differences.

You cannot put Default-Deny software to provide a lot of whitelisted application cause that will cause more possible risk for bypass; which why a lot of criteria to provide like digital signature and reputation of the program.

Definitely not a user friendly, remember that default-deny is not meant to make it automated as possible but rather interactive.

As mentioned, the programs are meant for large scale based which engage on heavy tweaks and maximum restrictions.
 
  • Like
Reactions: AtlBo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top