Advice Request [Windows 7-10] What would be in your opinion the most lightweight yet effective security?

Please provide comments and solutions that are helpful to the author of this topic.

Electr0n

Level 4
Thread author
Verified
Well-known
Feb 19, 2018
182
For networkability in the class of Windows, it is true. Windows is a monopoly product, and Microsoft has done everything possible to make sure that noone will be able to compete with the same caliber (scope of networkability) of OS. Ironically, I think one of the worst situations is the fact that MS owns and controls DirectX. What a gigantic conlict of interest that hostage code represents while in MS' hands. It's not just a problem for gamers, though it is one for them, but I think it all but guarantees that advancements in graphics will have to come from MS of all places. This is a horrible thought for me. Only a lawsuit will wrestle control of DX from MS.

The other really horrible situation is the complete dominance of .NET when it comes to development platforms. This is another area where MS has vehemently controlled the marketplace by setting up everything so that it's easy to develop for Windows and by making sure that the developments for Windows aren't 100% easily adaptable to other plaforms.

Linux competes with Windows with the scalability and better than Macs do. Apple is too concerned with keeping their own identity and maintaining loyalty to their product line amongst customers. They don't care about networkability as much as MS do. The problem for Linux is that it's not as simple to develop for the platform, and also it's an entirely new platform to learn. None of the language of the OS is common to Windows. There isn't any money in developing for Linux, so who can afford to devote their life to the platform. Thank goodness it's there and thanks to those who have worked on it, but it's not easy competing with Windows while not being able to use the exact same language references for elements of the OS when speaking to potential users.

When MS bought DOS, this whole sequence of falling dominos began. I feel like we kind of have ourselves to blame for letting it get to this point in a way...:cry:
I heard Vulcan was supposed to dethrone DirectX, let's see what happens. If only Chromebooks become more mainstream, maybe then Microsoft will get it's ##### together.
 

legendcampos

Level 6
Verified
Aug 22, 2014
286
I heard Vulcan was supposed to dethrone DirectX, let's see what happens. If only Chromebooks become more mainstream, maybe then Microsoft will get it's ##### together.
It also depends on the developer$ of games not only of the platform, despite the monopoly Directx the Vulcan seems to be a new path but also depend on the Inve$icereaches given, Micro$oft do not want to lose the girl's eyes say Directx..
 
Last edited:
  • Like
Reactions: Electr0n and AtlBo

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thx for these great details Evjl's Rain. Does this mean that CCAV will not block hardware/system/driver based malware via the sandbox? If it cannot block the system malware will it sandbox the changes anyway?

EDIT: You are saying it blocks, but is the reason the CCAV sandbox is weaker because it records system changes (in the sandbox)? Don't know the specific difference between user hook and hardware virtualization, but it sounds like CF actually blocks changes to the system by isolated programs. This matches what I have seen as nothing works in CFs sandbox. Would be interesting to see if something might work in CCAV as long as the changes are being recorded so the sandbox can then be emptied etc.

I messed around with the 360 sandbox last night. Executables won't run in the sandbox, except when executed by something in the sandbox. I dropped Autoruns it there and ran it via the manual choice to sandbox an application. It worked perfectly. Seems like a pretty good idea for portable applications. Installing Dexpot to the folder didn't work out so well, but the test got kind of off kilter. I meant to install to the sandbox Programs folder but installed on the sandbox root. It did run, however, but removing it was a problem, because, a tmp file for unistalling wouldn't run. Just turned off the sandbox protection of the app, emptied sandbox, reinstalled app and then removed no problem. Think I could get this to work for some applications.

Really interesting concept that borders on what ReHIPS is doing. The 360 sandbox is a root sandbox that will record changes system-wide. It just won't allow .exes in the sandbox to be executed from the outside or via mouse click etc. Wondering if you are saying that CCAV's sandbox is more this same way.
the difference between a hardware-based sandbox is that it's much harder for the malware to escape the sandbox (sandbox evasion), I think. I'm not an expert in this field
I read on comodo website, in the latest version, they claim CCAV now uses the same sandbox as CF. In the past, they clearly stated the difference between the 2
now, CCAV is equally effective as CF using proactive profile, in theory

hardware virtualization is like creating a mini virtual machine and executing inside it
user-hook: I think it's like isolating the files from other files with some restricting rules
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thx for passing on the information @Evjl's Rain. So I guess previously, CCAV was treating sandboxed like maybe a partially hardened SUA environment, where CF and the new CCAV use a more hardened version of isolation. Honestly, I haven't found many if any things that run in the Comodo sandbox in CF. If it requires data from an MS source like Event Viewer or minidumps, forget it.

If Comodo wanted to add some popular functionality to the products, they could take a look at the Q360 sandbox. It will run anything that will run without requiring Admin rights. I didn't test to see if setting the program to run with admin rights for all users would make it possible, however, for those programs to be run in 360 SB. One thing I did notice is that I can run, for example, Ashampoo WinOptimizer (2012...it's old I know but it was free) inside the sandbox and the browser and use WO2012 to clean up traces inside the sandbox container. That's hilarious to me. Anyway, Comodo could actually set up a virtual install enviroment for installing and testing unrecogized applications. If they set up the sandbox used for this purpose in the same way as 360, that would be amazing. Comodo sets up an auto-bypass of the auto-sandbox for the sandboxed installation, then monitors it as it normally would otherwise. User uses it until he/she is sure it is safe. Would be very easy to look at the installation which would be nice, and if an infection occurs, dump the sandbox and say goodye to the app and the infection at the same time LOL.

Maybe someone for the fun of it will create an app like that. It would be really cool for sure. It would be amazing to be able to select it as an option on an alert though...
 
Last edited:
  • Like
Reactions: Electr0n
F

ForgottenSeer 58943

Why is no one suggesting voodoo-shield paid

FortiClient with JUST the Antivirus (+zoo+heuristic level 3 realtime modified CONF), VoodooShield Pro and sysHardener would probably be the lightest possible setup offering what should be an un-infectable environment.

If you want to ramp it up a bit with no loss in performance toss in Heimdal Pro for DNS/Traffic/Web protection/app updating and you can't beat it. It's how I run with my daily driver Win10 machine where I cannot tolerate ANY slowdowns or reduced performance but require a system capable of sustaining even state sponsored attacks. If you feel like you need it (you don't) Hitmanpro on-demand checks every week aren't going to hurt.

This should be considered not only one of the lightest setups possible, but also one of the most paranoid.

835q8C.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top