I would like to know, of the users who utilize sandboxing technology, what applications you run sandboxed, with a brief explanation of why you find it wise to run said program sandboxed, and maybe a quick example of how running said program sandboxed would theoretically save you against malware....

Newsreader, emailclient and webbrowser. new malware wich are not detected yet by any anti virus/malware by signatures or heuristics is for the most part safely isolated from your main system trough a sandbox. The programs i mentioned should be the most obvious ways from ways of infections. I say most cause there is malware out there capable of breaking out the sandbox. However with your anti virus, anti malware, anti spyware, firewall, anti ads, alternate browser, hips and sandbox you need not worry.

Cheers.

Thanks for the reply- if you run your email client sandboxed, wouldnt you lose your emails, when you empty the sandbox?

-{ Quote: "Thanks for the reply- if you run your email client sandboxed, wouldnt you lose your emails, when you empty the sandbox?" }-
You may find some insight re: sandboxing & email clients here:
http://sandboxie.com/phpbb/viewtopic.php?=&p=5332
http://www.sandboxie.com/index.php?EmailProtection

I don't much use anymore any email clients, but Sandboxie has an option to Thunderbird mail client. So all my ISP email posts will remain in my local hard disk TB mail box, even after clearing out the sandbox.

I feel though more comfortable using my gmail email and that only in web browser instead in an email client. Cause of possible exploits and a web browser is always sandboxed tight!

That leaves of course the trust to google to keep them private. My emails though have not much to hide or to exploited so that someone possibly could make a fortune on them. Private they should remain and that is a trust factor we all depend who use a gmail account.

Jarmo

-{ Quote: "I would like to know, of the users who utilize sandboxing technology, what applications you run sandboxed, with a brief explanation of why you find it wise to run said program sandboxed, and maybe a quick example of how running said program sandboxed would theoretically save you against malware...." }-

I mainly sandbox the browsers. That way anything downloaded is sandboxed, both good and bad. Good can be retrieved, and bad deleted.

An example. The killdisk virus. Suppose it is flyby downloaded, and it was to new to be detected by an AV, or like me you don't even bother any more. If it ran it would wipe out your hard drive. But in the sandbox it can't access what it needs to access to do it's nasty work, so it fails. Then when you empty the sandbox it's gone. This isn't theoretical. I've tested it.

Pete

Just about any sandboxing utility will do as long as you have control over outgoing communications. Anyone who wants to be very secure will have a good firewall that will stop most leaks and run a sandbox that empties on reboot.

SourMilk out

I do sandbox besides browsers also email client, instant messengers (Skype included) and also torrent client. They need some effort to save chats and downloaded stuff if wanting, but thats the way I like to keep it.

I agree, the foremost thing is the browser. Sandboxie has the option to allow bookmarks (favorites in IE) to be unsandboxed.
The Firefox extensions that are to be permanent has to be installed in unsandboxed browser, but you can try them of course first sandboxed.

Pete:
-{ Quote: "An example. The killdisk virus. Suppose it is flyby downloaded, and it was to new to be detected by an AV, or like me you don't even bother any more. If it ran it would wipe out your hard drive. But in the sandbox it can't access what it needs to access to do it's nasty work, so it fails. Then when you empty the sandbox it's gone. This isn't theoretical. I've tested it." }-

Hm, I see-

I use opera run through proxomitron, with outpost firewall-blockpost plugin enabled - could I catch a virus like this just from surfing and without intervention?

The only virus i've ever caught is that one we were discussing on the isr forum a few weeks back, and that wasn't from just surfing, I deliberatly allowed it by clicking on something suspicious I downloaded. I don't think i've ever had any trouble just from surfing, maybe someone could post a link towards some reading on this ?

Thanks for all the input by the way;)

Anything you try to install or run with a sandboxed browser session should also be sandboxed. That is the main reason of using a sandbox.

-{ Quote: "Just about any sandboxing utility will do as long as you have control over outgoing..." }-
Good point to bear in mind. Sandboxie does an excellent job of keeping stuff off your system. Not as well at preventing stuff from leaving your system.
My Sandboxie rational:
One of my primary reasons for liking this software (enough to register), is it's convenience, aside from all the security benefits (and they are substantial).
Before SandboxIE, I was constantly turning cookies on/off (depending on site visiting), as well as Java, JavaScripting, etc. Made me crazy.
OK, I'm at Wilders, cookies on. Browsing elsewhere, cookies off. Other trusted sites, damn, they're not rendering correctly, Java/JavaScript on.
Constantly clicking permission stuff depending where on the web I was.
At the end of sessions, I was constantly reviewing, subsequently selecting/deleting cookies, as well as clearing history, etc.
Ahhhh....With SandboxIE, I find the browsing experience much more relaxed.
Cookies, Java, JavaScripting, all ON.
Browsing done, close browser, EVERYTHING gone.
Surf with virtual impunity.
Simplistic approach. I like simple.

Bob D,

You make good points- but surfing with everything on in a sandbox, while your security wouldn't be compromised, what about your privacy?

Myself, I use agnitum firewalls active content plugin to control these things- globally I set most active content elements off, then I add site exclusions as necessary, for instance with Wilder's it's set to allow cookies, referers, javascript, etc.

I understand your points about convenience and not sacrificing security, but I wonder about privacy.

-{ Quote: "Bob D,

You make good points- but surfing with everything on in a sandbox, while your security wouldn't be compromised, what about your privacy?

Myself, I use agnitum firewalls active content plugin to control these things- globally I set most active content elements off, then I add site exclusions as necessary, for instance with Wilder's it's set to allow cookies, referers, javascript, etc.

I understand your points about convenience and not sacrificing security, but I wonder about privacy." }-

Sandboxing only contains what comes in. Of course when you clean sandbox cookies and the like are gone, but you still have to take care on that score.

Pete,

Exactly- that's why I don't understand with his case for surfing with all active content allowed, because though it empties after the sandbox session, those active elements can compromise privacy while surfing.

But basically I think what's being said, is, in spite of your other defense layers, go ahead and surf sandboxed, just in case, right?

-{ Quote: "I would like to know, of the users who utilize sandboxing technology, what applications you run sandboxed, with a brief explanation of why you find it wise to run said program sandboxed, and maybe a quick example of how running said program sandboxed would theoretically save you against malware...." }-
i run my web browsers sandboxed, that's about it, use it as a layer of security against anything AV may not recognise, from a privacy perspective I use Opera which controls cookies, referrer logging, JS, and plugins, etc.

-{ Quote: "...I don't understand with his case for surfing with all active content allowed, because though it empties after the sandbox session, those active elements can compromise privacy while surfing..." }-
I agree, but I'm not terribly worried about tracking cookies telling "Site A" that I subsequently visited "Site B".
And IF I should decide to surf the dark side, I turn cookies, java, etc OFF. (With K-Meleon's "privacy bar", control / visibility of these is so easy).
Any nasties that do "run" are constrained to the sandbox.
Any serious violations (i.e.: outgoing), should be picked up by FW/HIPs.
Common sense (and a modicum of paranoia) prevails. For instance when doing online banking or the like, I typically close browser, re-open browser, do transactions, close browser, re-open browser, continue surfing.

Sandboxie and any AV rated Standard or better will secure 95 percent of you. Sandbox your web browser and email.

I agree with trjam that SandboxIE will do the job. Make sure you configure SandboxIE correctly with your browser and email client though. Then add any good AV to it and that is sufficient.

dja2k

-{ Quote: " Make sure you configure SandboxIE correctly with your browser and email client though.
dja2k" }-

I've been trying out SandboxIE, and have read through the FAQ sections on the SandboxIE website, but am not sure what needs to be configured. Any recommendations would be appreciated.

Cloudcroft I have sent you a PM about your question.

dja2k

You can also alter Sandboxies configuration file to tighten things up. For example, you can add a line that blocks a Sandboxed program from My Documents.

-{ Quote: "You can also alter Sandboxies configuration file to tighten things up. For example, you can add a line that blocks a Sandboxed program from My Documents." }-

I was actually referring to that exactly plus other configurations.

dja2k

-{ Quote: "
I understand your points about convenience and not sacrificing security, but I wonder about privacy." }-
Add the four lines to Sandboxie's ini file.Replace firefox with the browser that you will use then go over to the leaktests site and see how you go.

Of course nothing else, except your browser, that is sandboxed should be able to connect,
ClosedFilePath=!firefox.exe,\Device\Afd*
ClosedFilePath=!firefox.exe,\Device\Tcp
ClosedFilePath=!firefox.exe,\Device\Udp
ClosedFilePath=!firefox.exe,\Device\RawIp
Leaktests (http://www.firewallleaktester.com/)

Just a thought... No one mentioned Returnil as a sandbox option. I have been thinking of trying it and wonder how many people are using it rather than Sandboxie. :)

Using both here with no probs or slowdowns on all my Vista/XP drives.

Exceptionally fine and rock solid apps the both of em.(for me anyways)
193824

I just tried the DEL C: /F /S /Q from a sandboxed command prompt. Didn't get very far before it said "access denied."

-{ Quote: "I just tried the DEL C: /F /S /Q from a sandboxed command prompt. Didn't get very far before it said "access denied."" }-

Nice.

After i finish with damage control from a recent virus :-[ , (yes, sometimes i been known to push the wrong button or overlook turning on a shield occasionally), i intend to throw a full compliment of the works on another drive with my current defense shields of Sandboxie + EQSecure + Power Shadow at a couple of FD-ISR snapshots and see how things go.

The Kool combo of Sandboxing + Virtualizing the partition/drive is been a long time coming on this end, and is finally here.

-{ Quote: "I just tried the DEL C: /F /S /Q from a sandboxed command prompt. Didn't get very far before it said "access denied."" }-
Thanks! I was just thinking about how this would pan out today. It would be nice to have a confirmation or hear the results of a similar virus executed in Sandboxie. What about running the virus in Sandboxie as a limited user. I'm really curious about this, because I run my internet facing programs as a limited user with dropmyrights and Sandboxie. If I can't get a confirmation, any educated knowledge will be appreciated. I'm looking to eliminate FUD in my setup and in the advice I occasionally give.

Thanks

-{ Quote: "Thanks! I was just thinking about how this would pan out today. It would be nice to have a confirmation or hear the results of a similar virus executed in Sandboxie. What about running the virus in Sandboxie as a limited user. I'm really curious about this, because I run my internet facing programs as a limited user with dropmyrights and Sandboxie. If I can't get a confirmation, any educated knowledge will be appreciated. I'm looking to eliminate FUD in my setup and in the advice I occasionally give.

Thanks" }-

While agreeing it's an old virus, Sandboxie, shutdown Killdisk.

http://wiki.castlecops.com/Sandbox_-_Comparison

-{ Quote: "While agreeing it's an old virus, Sandboxie, shutdown Killdisk." }-
Thanks Pete :). I'm really feeling good about using Sandboxie. I finally updated to the newest version this week from version 2.86 and all went well.

Cheers

When I do use a sandbox program,it's Sandboxie.
It's easy to use and it's stable.
I like it better than the few others that I have tried.