ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

The confusion of the rollback list

4 posters

Go down

The confusion of the rollback list Empty The confusion of the rollback list

Post by ssj100 6/5/2010, 16:01

Ilya seems to ignore users when they ask questions like this (quoted from the DefenseWall forum by a user named "Libra"):
http://gladiator-antivirus.com/forum/index.php?s=273adf729633f522923707d270808749&showforum=193

I'm not really grasping this. If I check "Automatically remove items from rollback list" in the options what will be removed and what happens to whatever is removed? (Are they the items in the Untrusted Applications list?)
You mention applications and folders in the black list - and that you set them remove>apply. Most of what I have in the Untrusted Applications (in black) are app data files. Should they all be removed from the list?

Ilya is usually very helpful and responsive to all questions. But when it comes to these types of questions, he seems to ignore them? Any reason why? Hawkwind, any ideas?

The fact is that checking "Automatically remove items from rollback list" doesn't really do anything. All it does is clears up the list of entries that shows what has changed on your system. It doesn't actually do anything to your system. It's just a cosmetic thing really. And that's the part that I've never liked about DefenseWall - you might have "frozen malware" on your system for days/weeks/months/years, and you'd never know about it! Rolling back every 30 days just means that you can't sift through the potential thousands/hundreds of thousands of entries that would accumulate over a few years, and remove "frozen malware".

Isn't that right Hawkwind? And Ilya?
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Guest 7/5/2010, 05:02

Ok,ssj100 now I understand the rolling back ever 30 day thing.

It always seemed kind of arbitrary to me..

I mean how do I know one file from day 29,is not the one file in the list I need to keep out of extensive list?

But it really removes nothing!!
It is like limiting the number of scan logs an anti-virus,for example saves.

I didn't know that.

I just cant live with the frozen maleware concept.
Sure I can run a blacklister and remove it,eventually.

But what if say DefenceWall "breaks"?

I suppose though, the malware would still need to execute.

The point is,it seems like a lot of DefenceWall users,tend to see it as the flagship of their security system.
The idea that my mainline security program allow maleware into me real,system,but not to worry about it,just does not sit well.

noor

Guest
Guest


Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 7/5/2010, 08:21

Yes, and it's unfortunate that Ilya didn't reply to the user's question on his own support forum.

I've also always wondered what would happen if you had to clean re-install DefenseWall and had acquired "frozen" malware. Is it possible for any malware out there to pounce once DefenseWall is uninstalled?

Of course with Sandboxie, you are able to simply delete all sandboxes to completely get rid of all potential malware.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Guest 7/5/2010, 08:44

Right!!
If you, for one reason or another, uninstal Sandboxie,you are back to square one.
All sandboxs and their content are gone.

What happens in the event of a DefenceWall uninstall?
With say six months of "frozen malware"?

For you or I that may not amount too much,but one is enough!!

noor


Last edited by noorismail on 7/5/2010, 09:36; edited 1 time in total

Guest
Guest


Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 7/5/2010, 08:53

You mean in the event of a DefenseWall uninstall?
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Guest 7/5/2010, 09:15

Well yes,or a catastrophic failure of the program itself.
(maybe doubtful,yet within the bounds of possibility.)

noor

Guest
Guest


Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Hawkwind 7/5/2010, 15:32

ssj100 wrote:
I've also always wondered what would happen if you had to clean re-install DefenseWall and had acquired "frozen" malware. Is it possible for any malware out there to pounce once DefenseWall is uninstalled?

Of course with Sandboxie, you are able to simply delete all sandboxes to completely get rid of all potential malware.
-----------------------------------------------------------------------------------------------------------------------------------

If Defensewall is uninstalled then yes the malware would remain on your system and it is possible then that you could execute the malware.
Anyway, here is Ilyas responce to the question.
Since DW isolates malware, if at any time if I wanted to uninstall DW, will that malware do it's bad things?

Yes, potentially it's possible. Practically, DefenseWall is just an essential part of multi-layered protection, includes anti-virus and backups (and firewall, if HIPS edition is used). It's not very reasonable to rely on just one technique/approach/implementation because non of it is the silver bullet.
-----------------------------------------------------------------------------------

With regards to what is removed from "Automatically remove items from the rollback list" then i am not 100% certain, but i would say it is everything apart from file/registry keys.

I guess with all software its horses for courses, My 14 year old son is very adept at using sandboxie, and i can trust him with his laptop, he scans everything that he saves out of the sandbox and to date he has had no malware or problems with his laptop.
My 22 year old daughter however is completely different, i was forever reinstalling a back up image to her laptop, she, like a lot of computer users is too click happy and she and her facebook buddies were forever coming to me with virus infections or fake security application rendering the laptop useless, that was until i installed Defensewall on her laptop.
Now i have no problems, i (or my son) scans her laptop every 2 - 4 weeks, remove the junk that Defensewall has disabled, her laptop has been running smoothly ever since Defensewall was installed.

I know she could have used shadowdefender or had sandboxie to block everything but then she would not be able to use her laptop as she would like.

As i said its horses for courses, 2 laptops and one PC in our house, all with different security set ups, and importantly, all work just fine.
Hawkwind
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 7/5/2010, 17:25

Have you tried simply running LUA + SRP for your daughter? That way, you won't have any junk ("frozen malware") to worry about.

If she understands not to run something she downloads as "trusted" with DefenseWall (because it doesn't install properly as "untrusted"), wouldn't she have a reasonable understanding of malware "threat-gates" by now also?

This might be of interest also:
https://ssj100.forumotion.com/security-f7/what-is-the-actual-risk-of-getting-infected-t54.htm

...However, the above user (who uses CIS) is perhaps smarter than everyone who is paying for their security software! CIS is completely free with no annual fees whatsoever! So for example, is DefenseWall really protecting you? Or is it just good computer common sense and experience that's doing the job? The user who understands the concept of "trusted" and "untrusted" files (and therefore understands things enough to use DefenseWall) would also likely have enough computer common sense and experience to never get infected in the first place! So is DefenseWall really worth paying annual fees to use and update?

And now comes the third ultimate point:
"For high risk users (like demoneye's brother), what if you could deny them from installing/executing anything new?"

Yes yes, I can hear people yelling obscenities already haha. If you did that to the average computer user, they would either hate you for the rest of their lives, or simply pester you with questions like "Why can't I run this file?".

However, that's the only way you're going to prevent infections for people like demoneye's brother, who sounds like a typical "high risk" computer user. And how would you do this?

The answer lies in the final ultimate point:
"LUA/SUA + SRP/AppLocker + Hardware DEP". All completely free...without annual fees.

...it's very clear that when dealing with a "wife's PC", LUA/SUA + SRP/AppLocker + Hardware DEP would be ideal. If the "wife" wanted to run/install new files/software, she would simply ask you for permission. And why would she need to ask you? Simple. You have better computer common sense and experience (and a better security approach) than her! This would be the best way to keep the "wife's PC" clean, even if she used it like demoneye's brother!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Hawkwind 7/5/2010, 17:48

I have given up trying to teach her how to use a computer safely, its always the same answer, i dont know what happened i did not click anything lol.
I have tried the lua etc but it is more trouble than its worth to me as "nothing ever works right now" so Defensewall is the easy answer for me and her, after all at the end of the day its her computer and she pays for the Defensewall license so its the best solution all round Very Happy
Thanks for the link and advice though.

I work in a school where you would think teachers would have the knowledge to avoid infecting their computers and everyone elses.
Nope, their same few computers are always infected and then when they plug their usb sticks into globaly used computers they then infect them.
I have got the sensible teachers into the habit of always scanning shared computers before plugging in their usb sticks which they are now happy to do as it now saves them a lot of time before they start there work.
It is amazing just how many had never had any security of any type on their home computers, and "why dont they ever work" until i took them through the basics.

It really is of no suprise to me how so many computers are infected globally when so many have such a lax attitude or are completely oblivious to even the basics of computer security.
Hawkwind
Hawkwind
Member
Member

Posts : 29
Join date : 2010-04-24

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 7/5/2010, 18:07

Hawkwind wrote:I have given up trying to teach her how to use a computer safely, its always the same answer, i dont know what happened i did not click anything lol.
I have tried the lua etc but it is more trouble than its worth to me as "nothing ever works right now" so Defensewall is the easy answer for me and her, after all at the end of the day its her computer and she pays for the Defensewall license so its the best solution all round Very Happy

How do you mean "nothing ever works right now"? What is she doing in a LUA + SRP that would result in "nothing ever works right now"?

If she's "not clicked anything", then that suggests she doesn't intend to run fake AVs etc. Therefore, SRP would suit her very well.

Fact is, we know LUA + SRP works, since corporate facilities all around the world use them. And how often do they get infected? And remember, you can configure your LUA + SRP to be much tighter than the majority of corporate facitlities (see my security setup/approach post), and yet still enjoy your computer!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by wingman 15/5/2010, 06:16

ssj100 wrote:Yes, and it's unfortunate that Ilya didn't reply to the user's question on his own support forum.

I've also always wondered what would happen if you had to clean re-install DefenseWall and had acquired "frozen" malware. Is it possible for any malware out there to pounce once DefenseWall is uninstalled?

Of course with Sandboxie, you are able to simply delete all sandboxes to completely get rid of all potential malware.

Here is a post about having malware on your system, what would happen if you uninstalled DefenseWall :
http://gladiator-antivirus.com/forum/index.php?s=d993d38a29e30b3c0a8a8dfc9b56f956&showtopic=102952&hl=
wingman
wingman
Member
Member

Posts : 50
Join date : 2010-05-15

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 15/5/2010, 15:43

wingman wrote:
ssj100 wrote:Yes, and it's unfortunate that Ilya didn't reply to the user's question on his own support forum.

I've also always wondered what would happen if you had to clean re-install DefenseWall and had acquired "frozen" malware. Is it possible for any malware out there to pounce once DefenseWall is uninstalled?

Of course with Sandboxie, you are able to simply delete all sandboxes to completely get rid of all potential malware.

Here is a post about having malware on your system, what would happen if you uninstalled DefenseWall :
http://gladiator-antivirus.com/forum/index.php?s=d993d38a29e30b3c0a8a8dfc9b56f956&showtopic=102952&hl=

Yes exactly. This is why I don't like DefenseWall's concept of "frozen malware". It's like having rubbish and toxic waste in your bedroom which is all sealed up in a box - it's not going to harm you (unless you open the box = uninstall DefenseWall and execute the malware), but it's just not a very nice feeling to have!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by wingman 15/5/2010, 20:39

ssj100 wrote:
wingman wrote:
ssj100 wrote:Yes, and it's unfortunate that Ilya didn't reply to the user's question on his own support forum.

I've also always wondered what would happen if you had to clean re-install DefenseWall and had acquired "frozen" malware. Is it possible for any malware out there to pounce once DefenseWall is uninstalled?

Of course with Sandboxie, you are able to simply delete all sandboxes to completely get rid of all potential malware.

Here is a post about having malware on your system, what would happen if you uninstalled DefenseWall :
http://gladiator-antivirus.com/forum/index.php?s=d993d38a29e30b3c0a8a8dfc9b56f956&showtopic=102952&hl=

Yes exactly. This is why I don't like DefenseWall's concept of "frozen malware". It's like having rubbish and toxic waste in your bedroom which is all sealed up in a box - it's not going to harm you (unless you open the box = uninstall DefenseWall and execute the malware), but it's just not a very nice feeling to have!

I have a license for both products DW and SB and now not using either one. Reason being, Defensewall slows down FirstDefense when making a snap-shot (5 minutes compared to 1), boot times are longer, by about a minute. Also having "toxic waste" left around not good. On the positive side great support.

I stopped using Sandboxie because it won't work with Thebat! on my computer, support is great if you are in the advanced category, not for beginners.
Problem with Thebat! is it freezes when forced in the sandbox, if I open the Sandboxie window it will unfreeze for a second then freeze, I can see Thebat! listed, and it is flashing on and off very strange! The e-mail is encrypted within Thebat!, maybe that has something to do with it?
I set it up just like the help page said, and tried other ways to no avail.
For now just running OA++. Feeling slightly vulnerable.
wingman
wingman
Member
Member

Posts : 50
Join date : 2010-05-15

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 16/5/2010, 00:13

You should ask Tzuk about it on the Sandboxie forums. Also, OA++ should be good enough protection anyway.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by wingman 16/5/2010, 00:33

ssj100 wrote:You should ask Tzuk about it on the Sandboxie forums. Also, OA++ should be good enough protection anyway.

I will do that. Like your new forum, heard about it over at Comodo. I am getting a lot useful information from here.
Good luck in your new venture!
wingman
wingman
Member
Member

Posts : 50
Join date : 2010-05-15

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 16/5/2010, 09:48

wingman, thanks for the support and hope to see you around more!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by bo.elam 4/6/2010, 12:07

I agree that the "Automatically remove items from rollback list" is pretty
much a cosmetic thing but using the rollback function is not. If you use
the rollback function you are actually deleting files and registry keys so if
I get infected all I have to do is use the rollback to get rid of the infection.
Now I use Sbxie for browsing so the chances that I ever use the rollback
are almost zero. To this day I have never had to use it to get rid of a
infection but it feels nice that if I ever need it , its available.
Bo

bo.elam
Member
Member

Posts : 18
Join date : 2010-06-04

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 4/6/2010, 15:09

bo.elam wrote:If you use
the rollback function you are actually deleting files and registry keys so if
I get infected all I have to do is use the rollback to get rid of the infection.

But that's the problem right there. How do you know what's the infection and what's not? With Sandboxie, you can safely "flush the toilet" with a couple of clicks. With DefenseWall, you potentially have to sit down for a prolonged period of time and sift through carefully the "bad files" (and how would one know which are the "bad files"...I know I'd personally struggle with this, and I consider myself an "above average" user). And if the rollback list grows to several hundred/thousand entries...good luck with that.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by bo.elam 5/6/2010, 07:00

ssj100, I personally like Sbxie more because of the "flush the toilet" thing but
is a nice feeling to have that other layer to fall back just in case. On my case the rollback is only about 25 things and I have become use to see what should be in
there. If ever something gets thru Sbxie or if I make a mistake with something that
I download it would be very easy to detect it when I open the rollback or the
unrestricted applications window. For you it should be easier than to me because
you are way ahead of me about security. I only started getting interested about
a year and a half ago and basically Sbxie and Defense Wall are the ones keeping
me safe.
Bo

bo.elam
Member
Member

Posts : 18
Join date : 2010-06-04

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 5/6/2010, 08:40

You mention that the rollback is only about "25 things". Why is that? I can only think of a couple of reasons:
1. You don't really do much with your computer
2. You are "cleaning up" your rollback list every so often

If you don't do much with your computer, then I don't really see why you'd need to run much (if any) security software.

If you're "cleaning up" your rollback list every so often, it means you are doing it by 2 ways (that I can think of):
1. Automatically clearing the list every 30 days (purely cosmetic).
2. Manually clearing the list every so often

If you're automatically clearing the list, this defeats the purpose of having a rollback list in my opinion - you're basically sweeping the dust (potential malware) under the carpet. If you're manually clearing the list every so often, this sounds like more work than running a Classical HIPS etc.

demoneye installed DefenseWall on his brother's computer in the hope that he would stop getting infected once and for all. It failed because his brother wanted to run randomly downloaded files (newly introduced files) on his REAL system. Since it didn't install properly as untrusted, he'd simply install it as trusted. The point is that if you're already using Sandboxie to isolate/contain your malware threat-gates (eg. web browser), there is simply no need for also running DefenseWall. Another point is that for people who get their systems infected so frequently, the only "100%" method to protect them is LUA/SUA + default-deny mechanism (and don't give them the admin password haha). Oh and by the way, when demoneye wanted to "rollback" using DefenseWall, he was faced with hundreds of lines to sift through...and he simply didn't have the patience to wade through all that.

Sure, you want to recover something out of the sandbox. If it's a dodgy executable (eg. an executable that you downloaded from an unknown web-site), are you really going to run it on your REAL system anyway? If it's a .pdf file or a video file, and you're worried about some fancy malware exploit, you can simply open it with a sandboxed explorer.exe.

Ultimately, I'm glad that you're having no issues running both Sandboxie and DefenseWall together. I'm just giving reasons why I decided not to. Food for thought for people out there who may be wanting to use them both together.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by bo.elam 6/6/2010, 06:02

ssj100 those 25 things mostly are videos that I DL and leave untrusted for a
few days and afterward I change the status to trusted or delete it.
Why is only 25 things? I dont know but I can tell you that I do heavy surfing
and visit all type of sites. It could be that I always delete the Sandbox when I
close my FF browser. Whenever I browse is always done sandboxed so basically
everything gets deleted when I close my browser and the only files that remain
in the rollbacks are files that I recover untrusted to my hard disc. That is what
its in there after a re boot.
Bo

bo.elam
Member
Member

Posts : 18
Join date : 2010-06-04

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by ssj100 6/6/2010, 06:22

That makes sense - Sandboxie is keeping things nice and clean!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by bo.elam 6/6/2010, 07:12

ssj100 wrote:That makes sense - Sandboxie is keeping things nice and clean!


Thats what I thought.
Bo

bo.elam
Member
Member

Posts : 18
Join date : 2010-06-04

Back to top Go down

The confusion of the rollback list Empty Re: The confusion of the rollback list

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum