HitmanPro.Alert or Sandboxie

[Solarquest]

Issue is not a hacker trying to actively penetrate your system because in 99.9999% of the cases user will do all the work.

Real issue is malware that is downloaded, installed and allowed to run - usually without restriction whether deliberately or not... and then captures and transmits data with outbound connection. In that case VM will be of no help... same with any virtualization software. An infected virtual session permits data theft.

That's why it is important to run AV and have outbound connect monitoring while running virtualized... VM or otherwise.

Hi Hjlbx,

what outbound connect monitoring SW do you recommend/use? thank you

 

[hjlbx]

Hi Hjlbx,

what outbound connect monitoring SW do you recommend/use? thank you

If you want to use built-in Windows firewall, then BiniSoft's Windows Firewall Control 4 ($10 US, Lifetime License, Unlimited Installs). WFC is a GUI for Windows firewall that notifies user of all outbound connections. It improves Windows firewall security.

If you want to use firewall as part of security suite: Emsisoft Internet Security, Comodo Internet Security (free), Kaspersky Internet Security, ESET Smart Security.

Comodo Firewall (free) = Comodo Internet Security with AV turned off... might as well use the entire suite as it has everything you need.

I haven't tested other firewalls like ZoneAlarm, Private Firewall, etc.

You might want to take a look at GlassWire (currently free). Testers that I trust liked it a lot.

 

[Solarquest]

Thank you
WFC is the one you use when you test malware?

 

[hjlbx]

Thank you
WFC is the one you use when you test malware?

Yes. I've used all the ones that I mentioned earlier.

Windows Firewall Control is much more powerful user interface:

• WHOIS remote address look-up (this can be customized)
• IP address look-up (this can be customized)
• Virus Total look-up
• Other features

It is nice GUI. In some ways it is much better interface than provided by top-rate AV suites.

You will be very busy creating firewall rules when you first start using it.

Start out with\use the recommended Windows firewall rules.

You don't get notifications on free version; only available on paid version.

With WFC, Windows firewall is much better and is sufficient under typical use by typical user.

 

[Solarquest]

thank you!

 

[bjm_]

Sandboxie added Hitman Pro.Alert Template
Prior to Sandboxie adding Template. HitmanPro.Alert developer noted OpenPipePath to add. HitmanPro.Alert and Sandboxie communicate. HitmanPro developer is in the know re Sandboxie. And Sandboxie obviously knows Hitman.
I run both....

 

[bjm_]

Sandboxie is better for general security needs. In my opinion the main feature of HitmanPro Alert is its anti exploit. You can easily use the free EMET to do the same job.

However, depending on your setup, you may not need both. If you use chrome for browsing, you do not need sandboxie as it does not give any additional benefits. Both their sandboxing techniques are similar.

Chrome sandboxing Isolates Chrome tasks. In simple non computing 'geek' terminology sandboxing is Chrome's way of opening tabs/windows in their own space. In Chrome, HTML rendering and JavaScript execution are isolated in their own class of processes. Running each tab in Chrome in a sandbox allows Web applications to be launched in their own browser windows without the ability to write or read files from sensitive areas. Plug-ins are run in separate processes that communicate with the renderer.
"It's designed to prevent malware from getting installed on the system, from being able to start again when you close the browser and restart the computer; it's designed to help prevent malware from being able to read files on your file system."
http://www.eweek.com/c/a/Security/Google-Chrome-Puts-Security-in-a-Sandbox
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.