I've been using Avast Free. The first thing I noticed is that opening a browser is probably twice as fast with WSA installed vs. Avast Free. It was amazingly fast.
Is there a tutorial or a webpage for recommendations for "getting to know WSA"? Links or suggested sections within the forums?
Lastly, since I use Sandboxie to sandbox any and all browsers at all times, should I disable the webshield protection?
I look forward to getting to know some of you and learning all I can about WSA.
Best answer by RetiredTripleHelixView original
I've been using it for years and I feel naked without it. In all open honesty, open kimono statement, if WSA prevented sandboxie from working then I would rather drop WSA than sandboxie.
And yes it's good to write tight rules for your browsers, each browser gets their own sandbox and each browser sandbox is not allowed to read or write to system folder or any other drive beyond your installed drive.
Users who don't know how to leverage Sandboxie often don't configure it correctly to block malware from accessing sensitive files and interfaces outside of the sandbox. By default anything running is free to view your screen, read your documents, read your cookies, etc. Sandboxie's only promise is to not let malware modify outside the sandbox, not prevent reading. Even with those restrictions you still have malware running on the machine capable of messing with the sandboxed applications. What if those sandboxed applications are the browser for someone in Finance? Sure, the proper way is to clear the sandbox before launching something sensitive, but I don't trust a user to do that.
I'm more worried about WSA not protecting against IPs/websites hosting threats that use kernel vulns to break out of the sandbox than something custom designed to hit WSA exceptions in the configuration. Bromium has shown that Sandboxie is not an effective defense against the most dangerous Windows 0days - however targeted and rare they may be.
Unfortunately, Bromium costs crazy $$$. AFAIK it's the only seamless on-machine tech that can offer reliable protection against kernel vulns.
Also, the author of sandboxie has found acceptable ways to build in rules for many different applications to run properly "through the membrane" including multiple AV suites that surely require more whitelisting than Webroot stuff would.
I see a sandbox as just another layer. It's protects against some things, WSA against others. If WSA can prevent code from running in the first place, that's much more preferable than it running in an imperfect prison. Plus, the more visibility into web browsing activity and communication the better Webroot is able to protect all my computers, including those not running Sandboxie.
You can read the Bromium report here. It's very well written and understandable and even gives background info.
I'm in no way dismissing Sandboxie. We have a PO pending to buy it. It works at what it does. If I'm a corporate user it's an amazing jump in protection.
Well this is all I have observed and understood. 🙂
So that's what I was considering.
I also don't mind loosing some "sandbox" security as long as I can implement the web shield infrastructure.
We are initially using Sandboxie as an isolation tool for a crappy poorly designed Internet Explorer add-in that stores files on the client and gets corrupted all the time. We are not yet exploring it as a security measure by forcing all browser windows to run in it, though that will happen. I agree that the web shield isn't reliable protection under Sandboxie, though with their new plugin architecture it may be easier for them to fix issues going forward. Will probably require some modifications to the Sandboxie settings to fully work however.
Have you ever tried to use Sandboxie with WSA as a security combo? Did you notice any problems associated with its funcionality? My observations are quite similar to those mentioned by tempnexus.
Browser works pretty well while it's sandboxed and WSA detects threats (eg, downloading files), but I feel that the Web Threats Shield doesn't work exactly as it should. For example I can't t see any prompts which would suggest the user to block sites with malicious content. That's why I simply get an impression that something is missing and makes full cooperation between Sandboxie and WSA difficult.
I regret that this is so, because such a combination, in my opinion, would be a great and lightweight protection for every single computer :D
In one of the recently posts I have presented my thoughts and Mike R. suggested to submit a ticket, but I' ve decided to abstain until I receive the update of WebShiled - unfortunately I'm still waiting for it... :(
Getting WSA to hook into Sandboxie is something I'm going to be seriously investigating and lobbying on in the near future as we deploy it as a security and stability solution to our userbase. 100+ endpoints are going to be running it. =0
Everything works fine.
HOWEVER, the ID protect of sandboxed browsers is spotty. Sometimes it works and sometimes it doesn't, meaning that sometimes the padlock shows up and sometimes it doesn't.
Also, if I visit any malware site from a sandboxed browser then the site is not intercepted by webroot, I can also execute the malware in the sandbox and it won't be intercepted.
So it appears that Webroot only works on unsandboxed processes. However, running both along side of each other is not a problem.
Cheers and have a goodnight,
Great idea! I should have thought of that!
Anyway, it's a minor annoyance. Like I said, I'll wait a day or so and see what happens. At this point, it appears that a re-boot may have addressed the issue.
I'm going to re-boot and then give it a day or two and see if it continues or if it goes away. If nothing else, I'll just leave the CD in the tray for now. (Who really uses CD's or DVD's much anymore anyways.....)
Thanks again for the link to the user guide(s). I'm going through it/them now.
If I click on a couple of areas, like "backup & sync", I get an error message that it is looking for the CD that I used to install the software. This has happened a number of times. (Of course, I've taken the CD out after I did the install.). If I click continue 3 or 4 times, it goes away, but it is annoying.
You might check out the User Guides, the link is below in my signature area, and also some of the Knowledge Base. (Some of the KB articles I am sure are due for an update with the 2014 version, but they will still give you some info!)
As for Sandboxie... I will have to let others answer that as I have not used it, but I have seen a number of threads regarding it in the past and I believe you will be fine leaving all shields up and running. They usually play well together from what I have read.