I had to reinstall the latest version because it slowly ended up freezing my machine. I don't know whether this is an inherent problem of this version or because or incompatibility issues.

After reinstalling and rebooting things are back to normal. Poor box, it was so stressed.

Running here (software stuff):

1. AntiVir
2. Win Defender
3. Ad-Aware

In the previous version I was using Avast instead and other utilities and never had an issue.

So my toss would be between the last version being buggy or Sandboxie and AntiVir are kind of an unhappy marriage.

Any ideas?

Otherwise I was thinking of swapping to these other free alternatives:

1. Fortres Virtual Sandbox 1.0

http://www.fortresgrand.com/products/free/vsb_free.htm)


2. GeSwall. I read some users having problems with it.


3. VMware.

http://www.vmware.com/


4. QEMU.

http://fabrice.bellard.free.fr/qemu/about.html


5. Microsoft Virtual PC

http://www.microsoft.com/windows/virtualpc/default.mspx


6. Xen.

http://www.xensource.com/xen/downloads/index.html


7. OpenVZ. Unfortunately only for Linux boxes.

http://openvz.org/


8. Parallels Not free though.

http://www.parallels.com/


9. DiscoverStation. As above.

http://userful.com/products/discoverstation


10. And others mentioned in Wikipedia:

http://en.wikipedia.org/wiki/Comparison_of_Application_Virtual_Machines

http://en.wikipedia.org/wiki/Comparison_of_virtual_machines



Which free product would you recommend me?


I'll probably shoot for Virtual PC but I'd like to hear your opinions first.


Cheers.

Hi, folks: A good and reliable freeware is very hard to come by nownadays. If you ever got stuck w/ these freewares, why not to invest some $$$ for a foolproof(so far is) app called DeepFreeze standard version(for workstations up 10). I have been using it for 3 weeks. I gain more confidence each time I use it. It is probably the ONLYONE app in its catagory still immune to malware attack. The newest version is 6.0.20.1523. You owe yourself a mouse click. Good luck.

I know but Virtual PC is Microsoft owned and it can't go bad as it comes from the mother source.

I also read excellent reports on VMware.

DeepFreeze doesn't even come close to some of the programs I mentioned.


Cheers.

Hi, folks: I respect your opinion, however, by looking at your defence lineup, you are very weak in the area of spyware and trojan protection, even your antivirus app is not a top-notched. and Do you have a firewall(softwall)? All these things factor in, believe me , you do need an app with DF's calibre to protect you. Why not pay DF's web site a visit, and make up your mind from there?

-{ Quote: "Hi, folks: I respect your opinion, however, by looking at your defence lineup, you are very weak in the area of spyware and trojan protection, even your antivirus app is not a top-notched. and Do you have a firewall(softwall)? All these things factor in, believe me , you do need an app with DF's calibre to protect you. Why not pay DF's web site a visit, and make up your mind from there?" }-

Wow! Slow down :)

(1) Router + (2) Limited + (3) Fully Patched XP SP2 + (4) Not surfing either porn, crack, warez and other *&^% sites that plague the Internet today (basically here has finished the real protection for any Win machine)+ (5) XP FW (in the process of installing either Kerio 2.1.5 or a-Wall though, just thinking about it) + (6) Firefox + (7) SpywareBlaster + ( 8 ) rest of software-junk you want to toss in.

I'll most likely install a free virtualization software and stop counting. That's it. I need no more. Call it "minimalistic smart approach" and not "a bloated dopey one".

I'm just slow in making decisions as I don't want to stress my machine with a series of installation & uninstallation processes.


;)

Right now, I'm playing with this combination : Anti-Executable installed in a frozen snapshot (FirstDefense-ISR).

The combination is based on two quotes :

1. From the "Anti-Executable Manual" :
-{ Quote: "Faronics Anti-Executable is a software program that prevents any unauthorized applications from running on a machine. Depending on the security level chosen, even low-level drivers can be prevented from running. Anti-Executable works on a “whitelist” principle. When installed on a machine, Anti-Executable scans all the executables currently installed on a machine and adds them to the whitelist: a list of programs that are authorized to run. Any program that is not on the whitelist is considered
unauthorized and will not install or run." }-

2. From the "FirstDefense-ISR Help" :
-{ Quote: "Every time you boot the frozen snapshot it will be restored to the frozen state. FirstDefense-ISR begins repairing the changes made during the previous session immediately at startup." }-

I still have a "Router + Firewall Look'n'Stop" and removed all my AV/AS/AT/AK-scanners and other security softwares and my computer is clean in 90 seconds.
I'm not paranoid, I'm lazy. ;D 8) ;D

Hi, folks: Erik, AE is highly recommended by DF people, it is an excellent companion to any app utilizing freeze/thaw cycle. Do you think it is a MUST HAVE app? And do you have to uninstall AE each time a new program is been installed? I just wonder that should I jump on the wagon that offer a deep discount(it has been mentioned on this forum by one of the GMs)?

-{ Quote: "Hi, folks: Erik, AE is highly recommended by DF people, it is an excellent companion to any app utilizing freeze/thaw cycle. Do you think it is a MUST HAVE app? And do you have to uninstall AE each time a new program is been installed? I just wonder that should I jump on the wagon that offer a deep discount(it has been mentioned on this forum by one of the GMs)?" }-
You don't have to uninstall AE, you deactivate it.
Another quote from the Anti-Executable Manual :
-{ Quote: "When making changes to a machine, such as installing new software or performing updates, Anti- Executable must be deactivated. After the new software is added or updates have been downloaded, Anti-Executable must be reactivated, and the new programs and changes are added to the whitelist." }-

Anti-Executable is not a problem in this combination.
The frozen snapshot is a problem, it doesn't accept ANY changes (good or bad).
Of course both softwares allow exclusions. The more exclusions you have, the more vulnerable becomes your system.
I'm trying to figure out how to make it more flexible and liveable. :)

-{ Quote: " DeepFreeze standard version(for workstations up 10). I have been using it for 3 weeks. It is probably the ONLYONE app in its catagory still immune to malware attack. " }-

Who says so? Wishful thinking with your own enthusiastic choices can be excused, but unsubstantiated statements of this type are pretty meaningless.

-{ Quote: "Who says so? Wishful thinking with your own enthusiastic choices can be excused, but unsubstantiated statements of this type are pretty meaningless." }-
Hi, folks: any post I made IS strickly my OWN opinion, you do not have to swallow it! I did not seek your approval nor disapproval, therefore pls show a bit respect towards others' 2-cents opinions, to dress down others IS NOT a good protocol call at all. BTW, I notice that you are a user of ShadowUser.

I think you are confusing opinions and facts: "DeepFreeze standard version(for workstations up 10). I have been using it for 3 weeks. It is probably the ONLYONE app in its catagory still immune to malware attack." Quote from Perman.

If you say you prefer DF to anything else, be my guest, I don't give a stuff about it. But if you say DF is the "ONLYONE app" in its category still immune to malware attack, I'm telling you that's not an opinion and if I ask you what makes you say such a thing it is not lack of respect, I'm just curious.

Yes I do have ShadowUser, and honestly it's just a program I have chosen for my own reasons. If you think my rebuke towards your statement had something to do with this, then I should think no further comments are necessary.

ShadowUser, DeepFreeze, FirstDefense-ISR, ... does it really matter what software you use.
They all put your system partition back in a healthy state, only the software has a differett name and the used method is different, but the final result is the same.

What I like about Anti-Executable is the WHITELIST, based on MY COMPUTER.
A general white-list based on all softwares world-wide would be too big and makes an update as good as impossible.

All scanners and several other softwares are based on BLACKLISTS.
Blacklists are based on what bad guys do, the most unreliable source you can get.
A blacklist can never be sufficient, because the bad guys keep on making new malwares and researchers have to discover these malwares first before they can blacklist them. It's a hopeless neverending job and the bad guys are getting better and better. The bad guys know that too and that's why they keep on creating new ones everyday.

Whitelists are based on what good guys do, the most reliable source you can get. Anything what isn't whitelisted is bad and won't be executed. That is alot better than blacklists.
Is Anti-Executable perfect ? No, it isn't, because it doesn't cover at least two things :
1. Non-executable malwares are not covered.
2. Exploits are not covered, because they abuse legitimate executables to do their evil job.
3. ... (only experts can complete the list, I'm not an expert in anything).
That's why I needed something else to kill these threats : a frozen snapshot.
A frozen snapshot doesn't allow ANY change on my system partition [C:] and only a simple reboot is required to clean all the bad objects completely in just 90 seconds.
I still need Anti-Executable, because it will stop the execution of most threats during the period between reboots. A frozen snapshot doesn't stop the execution, it only removes them completely after reboot.

Now let's talk about the good changes, because a frozen snapshot REMOVES also the good changes completely.
1. Personal Data
If you create a new personal file or you download a file and you do this in a frozen snapshot, all your personal and downloaded files are GONE, after the first reboot, unless you exclude the folder "Documents and Settings", but I didn't like the idea of having my personal data stored on the system partition [C:] and I moved all my data to second internal harddisk : data partition [D:].
So a frozen snapshot isn't a problem anymore for personal data, which are after all the most important changes.

2. Software Updates
In a frozen snapshot any automatic "Windows Update" and any definition update of any scanner will be gone after the next reboot. At first sight, this sounds 'very frightening' and 'very dangerous' and it's true that any scanner without definition updates will be useless immediately, everybody knows that.
BUT, if a frozen snapshot removes all threats, I don't need scanners anymore and it doesn't matter anymore if they get their daily definition updates or not.
So I removed all my scanners, because my frozen snapshot removes all bad changes, even the threats that aren't removed by scanners. No change is no change. Period.

I turned OFF Automatic Windows Update as well and I can't use "Windows Update" either, because any update is gone after reboot. Are these updates important, if nothing changes on my system partition and everything is working fine ?
There are also other methods to update Windows, like downloading and installing the patches.

People will most probably ask me : "How can you be sure that a frozen snapshot removed everything ?"
I don't know for sure, I just trust Anti-Executable and FirstDefense-ISR until the opposite is PROVEN.
I also have questions for these people :
- "How can you be sure that your scanners removed everything ?"
- "How many scanners do you need to remove everything ?"
- "How long does it take to run all your scanners, faster than 90 seconds ?"
I can go on and on and I don't want a verbal fight about this either.

I'm just looking for another kind of security setup that uses a minimum of security softwares.
Whatever the disadvantages are, this is quite a simple security setup and worth to think and talk about. :)

-{ Quote: "I'll most likely install a free virtualization software and stop counting. That's it. I need no more. Call it "minimalistic smart approach" and not "a bloated dopey one".
I'm just slow in making decisions as I don't want to stress my machine with a series of installation & uninstallation processes." }-
I hate scanners such av, as etc etc what a waste of computer resources,:) although they are invaluble to normal users.
Although I do have a few licenses for various software I dont like them installed in my main 'light' system or running in a virtual machine environment (VMWare) with a light XP os and firefox at full speed, or with varied oses. If I do use something then its a tool that takes seconds to a few minutes and the time for me to look at Message Hooks, Processes, Startups, Services, Drivers etc etc and much more fun than selecting full scan.

I'd recommend vmsurfing and take a look at VMware, I cannot talk about Virtual PC as I dont know it, I'm just looking at the free stuff at the moment.
FirstDefenseISR I really like also and then a good image.
I'd run/test them all in a vm then they wont be installed on your productive system until you deside which one you like or works best for you and your level of knowledge.

Going back to Sandboxie problems, have you tried their forums, submitted your problems.

-{ Quote: "1. Non-executable malwares are not covered." }-What is non-executable malware? I don't understand what you mean.

-{ Quote: "2. Exploits are not covered, because they abuse legitimate executables to do their evil job." }-Is this really true? I don't know enough about exploits to answer. However, I thought the exploits still need to run their own code which would be stopped by an anti-executable software. An example is the wmf exploit which would be stopped by AE.

I'll quote from this post: http://www.wilderssecurity.com/showpost.php?p=536454&postcount=33

-{ Quote: "The only pure code attack seen is the SQL Slammer worm which was a small exploit of SQL servers." }-It seems to me than a programme that blocks exe's has got it pretty much covered.

-{ Quote: "What is non-executable malware? I don't understand what you mean.

Is this really true? I don't know enough about exploits to answer. However, I thought the exploits still need to run their own code which would be stopped by an anti-executable software. An example is the wmf exploit which would be stopped by AE.

I'll quote from this post: http://www.wilderssecurity.com/showpost.php?p=536454&postcount=33

It seems to me than a programme that blocks exe's has got it pretty much covered." }-
I'm not an expert in malware or internet.
It's not the first time I'm talking about Anti-Executable at Wilders and in those threads, other members told me that
non-executable malwares really exists. No examples were mentioned. I don't even know if it is true and how many of them exist.

Executables that are abused by exploits, seems also to be real, but not in large numbers.

It also seems to me that Anti-Executable will block 99% of executable malwares, but I'm not sure of it and I can't say it's wrong or right, I'm not the expert. :)

Then there is Microsofts Shared Computer Tookit.

Trying out sandboxie and if I play a movie with power dvd I see the video but no sound. do I need to add the sound card to sandboxie?

-{ Quote: "What is non-executable malware? I don't understand what you mean." }-Basically malware that is in the form of a malicious script which is processed by a validated executable. I don't know if this is a good example for the present case, but a malicious Excel macro would conceptually fit the bill.

Blue

Hm, i am using also Sandboxie 2.6 and i have _NO_ slowdown of my system. Wouldn't it be better, as you are a satisfied SB user, to find out what causes this slowdown? I love this little tool, low memory and does what is has to do in an excellent way..

-{ Quote: "Basically malware that is in the form of a malicious script which is processed by a validated executable. I don't know if this is a good example for the present case, but a malicious Excel macro would conceptually fit the bill.

Blue" }-

Does executable include scripts?

-{ Quote: "
2. Exploits are not covered, because they abuse legitimate executables to do their evil job " }-

Well true, i guess, if say program x that reads images has a vulnerability, you feed it some image file designed to exploit that inject code/buffer overflow??? and take over it and make program x do bad things. At least that was what some guys here were talking about, doing bad stuff like deleting files and stuff.

But most likely if it really needs to do something it will need to call some other exe, i mean you can't make a image viewer phone home, not easily anyway given the constrains.

I always thought that was why anti-exe was effective against wmf exploits, you didn't catch the exploit per se, but when the exploit inevitably used the taken over program to start some other exe, you noticed and stopped it...

I'm probably wrong on most of this btw.

-{ Quote: "Does executable include scripts? " }-Are far as I know, no.

Blue

Thanks for the comments.
I don't think these non-executables and exploits will be a big problem.

Anti-Executable protects me against the execution of most malwares.
If some malwares get through Anti-Executable, my frozen snapshot will remove them anyway within 4 or 8 hours.
If my frozen snapshot gets infected, I copy/update a clean archived snapshot to a new snapshot, freeze it and I have a new CLEAN frozen snapshot to work with.

-{ Quote: "If you say you prefer DF to anything else, be my guest, I don't give a stuff about it. But if you say DF is the "ONLYONE app" in its category still immune to malware attack, I'm telling you that's not an opinion" }-I agree. Perman's comments are worded like pronouncements from Mt. Olympus rather than opinions. However, I'm pretty sure he didn't intend it to sound that way.

I am running Sandboxie 2.60 with K-meleon. So far it works great, with no discernible slow-down.

controler said :
-{ Quote: "Then there is Microsofts Shared Computer Tookit" }-

Excellent suggestion.
You may need the hive cleanup and then make a space for working in but once your away you'll have a very good way of keeping the machine clean and it is free.

-{ Quote: "I agree. Perman's comments are worded like pronouncements from Mt. Olympus rather than opinions. However, I'm pretty sure he didn't intend it to sound that way.

I am running Sandboxie 2.60 with K-meleon. So far it works great, with no discernible slow-down." }-
Hi, folks: Thanks for your understanding. I think(IMO) this forum has one purpose among many others, is to encourage viewers to post their views and opinions ( of course sometimes theirs may be regarded as statements by some others). If each time their 2 cents' postings are subjected to some others's amusement(not abusement) then they(including me) will be shy from doing so next time around. Posing here is to exchange views and SHOULD NOT have such a fear/worry at all, of course my opinion.:gack:

Meriadoc

ZOverlord wrote much info on the Toolkit over @ DSLR

It uses lots of script. I didn't like the fact you can only tie a few security programs directly to its interface but I did find while you are using it real time before reboot and everything is gone, most security software still work & I found this with Vm also. With Vm I used the toolkit they had and allowed drag and drop and also the tie between say BoClean and the VM.
Yes you need the User Hive cleanup tool for sure.
There is nothing wrong with using say the MS toolkit along with a program like sandboxie so you still have the browser seperated along with your e-mail program.

DA

I don't know we should be using the word executable. I think any program that sends commands to the CPU would be a better. I mean look at an exe or script. it is just a file with a bunch of commands. script has a starting and ending point and full of commands in between.

controler

Only wanted to use it for 'shopping expeditions' on Firefox (no problems) and to visit Excite.mail (that only functions on IE with low security settings, so it can load 'tracking cookies').>:(

Running IE in Sandboxie will result (after opening a few pages) in a first symptom of losing Bluetooth IntelliMouse (absolutely the only time this occurs) followed by a slowly freezing system, ending in a 'Hard Shutdown'. :thumbd:

Sandboxie 2.60 will not work with Outlook 2007 Beta 2. You can't send and receive.

Sandboxie with Bounceback

If you do not terminate sandboxed processes and delete contents you with crash with BounceBack !

con

Does anyone have trouble with Sandboxie working with Opera 9.01? I get [#]Opera[#] on top, but with Firefox 1.5.0.7, looking in Process Explorer under firefox.exe, I see:

firefox.exe
SandboxieRpcSs.exe
SandboxieDcomLaunch.exe

When launching Sandboxie with Opera, looking in Process Explorer under Opera.exe, I do not see the two Sandboxie COM files loaded. (SandboxieRpcSs.exe and SandboxieDcomLaunch.exe) I just see Opera.exe alone. Is this normal?

IMO the latest version of Sandboxie conflicts with certain software. The previous version run flawlessly in this machine.

I had to reinstall Win again as Sandboxie hooks into the kernel.

-{ Quote: "Does anyone have trouble with Sandboxie working with Opera 9.01? I get [#]Opera[#] on top, but with Firefox 1.5.0.7, looking in Process Explorer under firefox.exe, I see:

firefox.exe
SandboxieRpcSs.exe
SandboxieDcomLaunch.exe

When launching Sandboxie with Opera, looking in Process Explorer under Opera.exe, I do not see the two Sandboxie COM files loaded. (SandboxieRpcSs.exe and SandboxieDcomLaunch.exe) I just see Opera.exe alone. Is this normal?" }-
Few months back I installed sandboxie and I was never able to run Opera in it. It will always freeze just after start up until I will kill it by task manager.
I tried on two laptops wiyh XP Home and Pro with same results.

-{ Quote: "
Few months back I installed sandboxie and I was never able to run Opera in it.
" }-
I believe it, however the author of this program claims that it does indeed work with Opera. Sandboxie will load Opera, you will get copied folders in the Sandbox, you will get the [#] brackets on top, but I don't believe it loads and runs Opera correctly. I get nothing but crashes and Process Explorer doesn't lie. Firefox and IE operate normally. I seriously think Tzuk has overlooked Sandboxie's compatibility with Opera. He may have got it to run ok with v8.54, but not v9.01. :(

-{ Quote: "I believe it, however the author of this program claims that it does indeed work with Opera. Sandboxie will load Opera, you will get copied folders in the Sandbox, you will get the [#] brackets on top, but I don't believe it loads and runs Opera correctly. I get nothing but crashes and Process Explorer doesn't lie. Firefox and IE operate normally. I seriously think Tzuk has overlooked Sandboxie's compatibility with Opera. He may have got it to run ok with v8.54, but not v9.01. :(" }-
I have no problem running Opera 9.x in Sandboxie on a Windows XP SP2 system. Only added Bookmarks are getting lost because Sandboxie does not seam to recognice this change or what ever.

May be some software conflicts. As a matter of fact when I installed Opera in a clean snapshot of XP Home without any other software installed, it worked. But In most of my RollBackRx snapshots it did not work and I failed to find the conflict. Tzuk suggested to gather some data but the procedure was so long that I did not get time to do it. I simply replaced it with GeSWall.

-{ Quote: "
I have no problem running Opera 9.x in Sandboxie
" }-
Tommy, do you get the two Sandboxie COM files (SandboxieRpcSs.exe and SandboxieDcomLaunch.exe) running in the background with Opera.exe?

-{ Quote: "
Tzuk suggested to gather some data but the procedure was so long that I did not get time to do it.
" }-
I think I read that post over on his forum.

-{ Quote: "Tommy, do you get the two Sandboxie COM files (SandboxieRpcSs.exe and SandboxieDcomLaunch.exe) running in the background with Opera.exe?" }-
Ups, you are right. These two files are not running when i launch Opera in Sandboxie. It shows only 'opera.exe' , declares it as sandboxed, I get [#]Opera[#] on top, and the directories and files are copied to the Sandbox TopLevel folder.

-{ Quote: "
Originally Posted by Tommy
Ups, you are right. These two files are not running when i launch Opera in Sandboxie. It shows only 'opera.exe' , declares it as sandboxed, I get [#]Opera[#] on top, and the directories and files are copied to the Sandbox TopLevel folder.
" }-
Good, this confirms my analysis. Which means that yes, Opera "works" on the surface, but not correctly like the other two browsers. (IE and Firefox) This is the point that I have been trying to convey to Tzuk.

-{ Quote: "Good, this confirms my analysis. Which means that yes, Opera "works" on the surface, but not correctly like the other two browsers. (IE and Firefox) This is the point that I have been trying to convey to Tzuk." }-
I confirmed you posting in the Sandboxie Forum, perhaps he will pay attention to this problem now, but still no reaction over there.

Thank you Tommy.

Sandboxie version 2.62 Released

What's new:
- Closed the small security hole, recently identified in the Tech Suppor Alert newsletter.
- Delete Sandbox operation now renames sandboxed files and folders that are too long, making it possible to delete them.
- Sandboxie Control now shows processes from all users in the same logon session, and fixed SandboxieRpcss/DcomLaunch to handle this scenario better.
- Extended HarddiskVolume setting to support removable devices.
- Fixed occasional error 233.
- Fixed problems in SandboxieExplorer (occasionally crashed on close).
- SandboxieIni configuration file can now include the UNICODE BOM prefix character, if desired.

and comment from @Tzuk regarding the Opera problem:
-{ Quote: "The Rpcss and DcomLaunch aren't always needed. This doesn't mean Opera is failing. If Opera is working properly, that's what matters.

So this leaves the question, does Opera work properly?" }-

Not on my two systems, XP Home and Pro.