Defense+ versus Sandboxie -- which is more secure?

I have been using the full CIS for several years. I am concerned that CIS doesn’t protect against many actions by script malware executed by Firefox plugins. Examples include deleting or reading data files with financial or other personal info. I use the NoScript extension, but I share my PC with someone who allows too many scripts due inexperience.

I am considering moving to Sandboxie, which allows tight control over many Firefox behaviors, including which folders can be read and written. I am sticking with a 32-bit OS (WinXP and Win7) to ensure Sandboxie has kernel access for max protection.

The problem is that Defense+ causes serious problems for some Sandboxie users, both now and historically. See:

Thus, I would rather not plan on using D+ and Sandboxie together in the long term. Since I already use a LUA for everything except installations, and I have an SRP, I am considering disabling D+ and replacing it with Sandboxie. Here’s a website promoting Sandboxie+LUA+SRP+DEP as being highly secure and trouble-free:

I would like to get a dialog going here on the forum about comparing:
(a) LUA+SRP+Full CIS
(b) LUA+SRP+Sandboxie+Comodo AVS+Firewall+DEP

Comodo’s market includes inexperienced users who administer their own PCs, but I would like to focus this discussion on savvy users, especially those who administer for inexperienced users.

I have experienced frustration with (a) because CIS upgrades often require a clean re-install to avoid problems (the mods usually suggest a clean re-install as a first remedy), then I have a long, painful process of retraining D+ and re-entering custom rules. If I just keep the firewall from Comodo, maybe I never have to upgrade it. In fact, dumping the AVS would make (b) a quiet, unobtrusive security solution. I rather like the idea of security through rules rather than signatures. Automatically deleting a Sandboxie sandbox when closing a browser session seems like a reliable rule. Using a special configuration (admin account) while installing software also seems like a reliable rule. When I download software, I don’t want to wait days for humans at Comodo to declare whether each is safe. I would rather use CIMA online and install updates in a Sandboxie sandbox that totally erases changes if I find it is malware.

One concern about (b) is that DEP does not catch ret2libc buffer overflow attacks like D+ does. I can use Comodo Memory Firewall for WinXP, but I assume I have to rely on DEP only for Win7.

Another concern about (b) is that protection of autostart folders and registry keys is through permissions changes, which is not as convenient as D+'s pop ups for single changes.

In case anyone wonders why I want to keep the Comodo Firewall, one reason is to prevent spying by software I trust. I found one reputable application sending info to Google and Yahoo. Another reason is to prevent auto-updates. See

Looking forward to the discussion!

Edit: correct typo

Hi SilentMusic7,

I will just put a brief note at the moment:
Both points are extremely(!) wise decisions :-TU


p.s. As for “actions by script malware executed by Firefox plugins”…
This one is not a proper definition according to my “taste” (do not get it wrong)
but including the fact that : “I share my PC with someone who allows too many scripts due inexperience”
Well, there is no such security that will ever protect you 100% (platitude)
… and that will never be developed
but when you are sharing PC (does “P” stand for “personal” … I forgot :smiley: )
there is definitely no way in Hell even if one can “dance on his ears” as we use to say in Russia

I do not think you can really compare the two.

As far as problems are concerned I have none, there were some during the Beta stages which were fixed in both V4 and V5 not sure about V5 in might have been after first release.

The temp fix was easy though not secure just disable monitoring of Device Driver Installations, I would not upgrade on my main computer to V5 until the problem was fixed.


With the correct “security approach”, Sandboxie + LUA + SRP + DEP provides as close to 100% protection as you can get. In my opinion, nothing comes close to this. And perhaps the more amazing thing is that usability/convenience is not sacrificed much at all. However, I feel that this “security approach” would only be realistic for “above average” users (which sounds like you!). I can’t speak for other people using your computer though.