- Jul 3, 2015
- 8,153
that sounds interesting. could you explain the difference?
Does isolation imply inability even to read the files?
Malvertising Strikes Even When You Don’t Click
- Thread starter cruelsister
- Start date
Does isolation imply inability even to read the files?
Anti-executable is application control.
Isolation is whereby a program is denied or given only restricted access to the real user profile, file system, registry, etc - with or without virtualization. Depending upon the soft (COMODO, ReHIPS, Sandboxie, SpS, most HIPS) you can set access rights to be as restrictive or as loose as you like. In COMODO, for just an example, you can deny read\write (complete) access to folders and files. Same can be achieved identically or similarly in other softs. What and how varies from one soft to the other.
Software restriction policy softs likewise can restrict access to file system and registry plus control program and file type execution.
Softs that use virtualization (Sandboxie, COMODO, Shadow Defender, etc) replicate the file system and registry inside a virtual container. Any modifications are made to the virtualized file system and registry and those changes are non-permanent unless you make exceptions or "commit" the changes to the real user profile. ReHIPS does not use virtulization, but instead relies upon Windows' built-in protection mechanisms via separate user profiles. Each user profile cannot access another user profile - which is true isolation.
- Jul 3, 2015
- 8,153
okay, so let's say for example that I "upgrade" from voodoo's browser application control, and instead I go for browser isolation, ala comodo sandboxed browser or rehips browser user profile.
what did I gain in security?
Real user profile is not compromised by malware with isolation. There are exceptions: if a malware can defeat COMODO sandbox (it is rather rare, but it has happened - same with Sandboxie). If that happens then your goose is cooked, but like I said, it is rare and not something to get all OCD-level paranoid about. A bypass that results in the real user profile being compromised while using ReHIPS would be even more rare (whatever is in the ReHIPSUser profile can be compromised - encrypted by ransomware or plain text passwords stolen for example, but that's the extent of it. Besides you shouldn't have anything valuable in ReHIPSUser anyway if you are using ReHIPS properly).
If malware bypasses Voodooshield or you make a mistake, then your goose is cooked... because the malware will have direct access to the complete system.
All of this is particularly critical if you use the Admin account on a day-to-day basis.
With that being said, if you get into the habit of blocking first and asking questions later, then it is unlikely you will run into trouble. This is not difficult...
You should ask fixer at ReCrypt forum. He will give you all kinds of good-to-know infos...
* * * * *
I use Adguard, AppGuard and Rollback RX Pro and I malware test heavily. Windows Defender is disabled. For a scanner I use Hitman Pro free version (unactivated) just to verify system is clean after reverting system to the clean, baseline snapshot.
With the above setup I have only 1/1000th of the problems that are reported by others with complicated security configs.
The only real pain that I have is Windows 10 forced updates or reinstall of removed components with each cumulative update...
Last edited by a moderator:
- Jul 3, 2015
- 8,153
okay, but if there is application control on the browser, how will a compromised browser be able to mess with your user files, even if it theoretically has access to them?
If browser is exploited and malware gains escalation of privilege (EoP) - it has been shown multiple times in the past and even more recently to completely bypass application control. This is a known issue on Windows and confirmed by Microsoft, McAfee, Norton\Symantec, Kaspersky, etc, etc. In other words, the malware runs with at least Admin privileges. The risk is small, but it can happen.
Combining application control with isolation\containment and a means to revert system to pre-infection state has proven to be a solid strategy.
- Jul 3, 2015
- 8,153
these are awesome explanations. I am running out of questions!
Your security config does not need to be complicated; a relatively simple config can provide very good baseline security.
Voodooshield and Reboot Restore RX or Rollback RX Home (both freeware) would work nicely. Add a decent adblocker (uBlock Origin as an example) and TinyWall (or similar) and your config is quite solid without heavily impacting your system.
From being here at MT you should already have a good idea of the more popular effective security soft combos.
- Feb 1, 2013
- 969
On my laptop, I use basic user setting in SRP (Windows 10 Pro) along with EMET, ublock origin, Netcraft (only xss protection ticked) and Windows Defender. Of course flash is click to play set in browser. I think this conf. is enough good too for browser exploits. If I want to visit specifically risky websites, I use SBIE for Chrome but for general browsing I don't.
Correct me if I m wrong.
It's a sound config, but why not do all general browsing in Sandboxie ? - because during general browsing your browser and system are still at risk. The websites you think are safe are more than likely prone to attack through negligence or improper security configs - and you have no way of knowing it until it is too little too late. A browser attack will happen when you least expect it... but, I will admit, with a fully updated browser the risk is small. I assume you have your browsers properly configured in EMET and with Flash click-to-play so that diminishes the risk even further. Just something to think about... that's all.
It looks good... well thought out config.
- Feb 1, 2013
- 969
Indeed, the attack comes the time you least expect it. My problem with SBIE is that lately it has some problems with Chrome and error/warning messages appear out of the blue while browsing. I cannot figure out the exact cause.
That's why I no longer mess with SBIE; Windows updates, browser updates or certain browsers always causing issues - until Invincea fixes them - which isn't always a fast process. In my experience the problems creep up on a fairly consistent base so for me it is more than a mere annoyance but a real interference.
- Feb 1, 2013
- 969
Is there any free reliable solution (or <10$) to sandbox google chrome?
- Jul 3, 2015
- 8,153
comodo will sandbox the chrome browser pretty well. If you want the least intrusive form of comodo, take comodo cloud AV, and disable active AV protection. You can also disable autosandbox, if you want, but you might actually like it.
In sandbox settings, add chrome, if you want chrome to run always sandboxed.
If you want your choice, click on "run an application in sandbox", and you will see a button already there for chrome.
In sandbox settings, add chrome, if you want chrome to run always sandboxed.
If you want your choice, click on "run an application in sandbox", and you will see a button already there for chrome.
My goof...
- Comodo Internet Security
- Comodo Firewall
- Comodo Cloud Antivirus
You might want to take a look at Rollback RX Home and Reboot Restore RX - both freeware. Both are worthy of consideration.
In my experience the least problematic are ReHIPS, Rollback RX and Reboot Restore RX.
CIS\CF and CCAV will protect system, but take some concerted effort on the user's part to really understand how they work.
- Jul 3, 2015
- 8,153
but keep in mind that ReHIPS free version cannot run chrome isolated.
- Feb 1, 2013
- 969
I used to use Comodo for such reasons, but I prefer not to mes with such a big package that contains other features too.. but I will think of it as the only alternative.
- Jul 3, 2015
- 8,153
CCAV is their smallest package, but it's still a package...
- Nov 19, 2014
- 2,346
Because of the 10 processes limit of the demo. The full version does it perfectly. In theory if you don't use a lot of tabs or extensions you can use chrome but i must agree it's hard.
Similar threads
