Hi all.

I'm pleased to announce the release of SafeSpace Personal Edition. This can be downloaded at http://www.artificialdynamics.com/content/products/register-personal.aspx

This is our first full release of the software, and includes a number of updates including:


Extended application discovery
Bettrer support of multiple user profiles
Advanced diagnostics utility
Anti-keylogger switch
Global enable / disable switch
Better tagged file management
Support for 16-bit applications
'Welcome' tutorial
Seperated Notification tray icon from main console
Lots of optimizations and bug fixes
'New version' autochecker


The full list of changes can be viewed in the release notes once installed.

I would like to take this opportunity to thank everyone in this community who tried the Beta versions and provided feedback on their evaluation. Your comments have been invaluable to us. Keep up the good work :)

As always, if you would like to provide feedback or raise a support case, please use the online form at http://www.artificialdynamics.com/content/support/overview.aspx. We will shortly be unveiling a forum with which to provide additional support.

SafeSpace is completely free for personal use, so give it a try today!

Best regards,

Kris.

Artificial Dynamics.

Thanks Tidyup

Haven't tried this since one of the beta versions - it looks impressive so time to give it another go.

:thumb:

Hi

Did try this before in beta.

Just d/loaded this version. It has a Block Keylogger tab which I enabled and ran the AKLT tests.

It failed tests 1,3,4 and 5 . Passed test 2

Am I missing something TidyUp ?

I would just caution anyone trying this to have a current backup plan.

I have just gone through a second attempted install of SafeSpace Personal and it is reproducibly generating a spontaneous restart near the end installation on the my machine, which persists in anything except safe mode. There are not any obviously conflicting applications on this machine.

Blue

{QUOTE-> Hi

Did try this before in beta.

Just d/loaded this version. It has a Block Keylogger tab which I enabled and ran the AKLT tests.

It failed tests 1,3,4 and 5 . Passed test 2

Am I missing something TidyUp ? <-QUOTE}

The keylogger protection is on by default, highlighted by a padlock over the icon. Are you sure you didn't just switch it off? Also, is AKLT.exe running inside or outside of SafeSpace?

Hi

I notice it also has a keylogger tab in the Techincal Activity section which purports to log keystrokes stopped/allowed.

No activity logged at all after the AKLT tests :-\

Look forward to Kris's comments.

Hi Kris

{QUOTE-> The keylogger protection is on by default, highlighted by a padlock over the icon. <-QUOTE}

Yep, noticed the padlock. Tried it both ways just to make sure


{QUOTE-> Also, is AKLT.exe running inside or outside of SafeSpace? <-QUOTE}

Ah ok that could be it. Let me double check and I'll post back later.

Nice swift response there Kris. :thumb:

Hi, Tidyup:

I really appreciate your kind invitation, however....
There are many virtualization/sandbox applications available including some freewares as well. IMO, those who will test your new product are probably folks who already use similar products. In your website, you have mentioned the difference between some products and yours, but lacking comparison involving popular ones, such as sandboxie, returnil, bufferzone etc. How different and better is yours ? Your reply will certainly enhance readers' interest in testing your product, otherwise, it could be just another me-too, or seeking rabbit-eye testing. I always ask this very same question when I see an application with similar nature and intention; I have done so with another German product a week ago, still awaiting its reply (he has been evading my sincere questioin). Take care, and await your reply of any sort.

Hi Perman

That is a very interesting question you have asked.

Agreed there are alternative products in this new market, but I don't think this forum is the best place for me to discuss their drawbacks. So rather than make direct comparisons, I would like to highlight a few key areas in SafeSpace:


The ability to download web content and save it to the native file system, i.e. you don’t lose everything when the virtual environment is purged. You can save to standard places, such as My Documents and Desktop, and SafeSpace will protect any private content in these directories. SafeSpace content is automatically tracked and re-opened within SafeSpace. SafeSpace protection can easily be added or removed from any file using the context menu in explorer.
Extensive virtualization, which ensures complete application isolation (see note below)

Kernel mode – file system, registry, IPC
User mode - windows messaging, DDE, COM/RPC

Extremely flexible privacy settings, with a default configuration that should meet the needs of most users. Advanced users can choose to virtualize different areas of the system (by default, windows and program files), or restrict/relax access to private files (by default, no private files can be read from data directories, other than content saved directly from within SafeSpace).

Generic blocking of numerous keylogging techniques, ensures that even if your sandbox is contaminated, no virtualized processes can log keystrokes.


Note:
In particular, DDE and COM virtualization ensures that content in SafeSpace is never hosted in the same process as native content. Applications such as Microsoft Office and Adobe Acrobat Reader will either share the same process instance or not work, unless DDE is fully virtualized. COM virtualization ensures that embedded content will function correctly and more importantly stays within SafeSpace (without COM virtualization applications can break or worse still launch other processes outside of the sandboxed environment). The extensive virtualization layer ensures SafeSpace can virtualize many applications, including those that usually only run a single process instance, such as task manager and explorer.

We also have a user guide which explains the key concepts of SafeSpace:

http://www.artificialdynamics.com/assets/pdf/Artificial%20Dynamics%20SafeSpace%20User%20Guide.pdf

Regards,

Kris.

Kris

I have a problem.

Just rebooted with SafeSpace installed and I can no longer access any dektop program

I get the Windows message along the lines of ''cannot find file specified - inadequate permissions etc''

Also I cannot right click menu on icons in sys tray.

Computer will not come out of standy. Need to force shutdown.

SafeSpace is certainly not liking something on my machine :ouch:

Hi Kris, I'm facing problems aswell. It's failing to install on my system.

Edit got it installed now, after disabling Threatfire.

Hi, Kris:

Very much appreciated your speedy reply, with this in mind, I believe members here will be feeling more comfortable to try out your product, you are responsive to our concern; to act and react to any request. I shall give a good spin, although I am very happy with DeepFreeze. I wish your smooth sailing. Take care.

Hi Kris

I am not sure whether a previous post was resolved (about Safespace failing the keylogger tests).

1) Does it pass the AKLT tests?

2) Is SafeSpace still incompatible with KeyScrambler (or vice versa)?

3) I see the 30mb downlload has been reduced to 10mb or so. Does SafeSpace still need the .NET Framework?

Thanks

Terry

{QUOTE-> Hi Kris

I am not sure whether a previous post was resolved (about Safespace failing the keylogger tests).

1) Does it pass the AKLT tests?

<-QUOTE}

Hi Terry

I'll let Kris answer as well but for me it now does. I had to add AKLT to the protected items

I wrongly assumed that as Opera was protected then by default so would Opera d/loads.

1) Does it pass the AKLT tests?

Yes.

2) Is SafeSpace still incompatible with KeyScrambler (or vice versa)?

SafeSpace requires an object exclusion to be added to SafeSpace to allow KeyScrambler to run. I will post these details on our forum once it has been launched, but for now, please PM me if you use KeyScrambler.

3) I see the 30mb downlload has been reduced to 10mb or so. Does SafeSpace still need the .NET Framework?

Yes. But only on XP - Vista already has it installed.


Regarding Opera, any downloads which are saved to a private area (IE, My Documents, Desktop will be tagged automatically, irrelevant of which virtualized application introduced them.

Jeez, I like this product better than other sandbox software (yes inculding sandboxie ;) ) Just a better feeling about the interface and stuff, but it doesnt like my current setup (or vice versa) :(
Before I had problem with Firefox crashing under certain (common) circumstances and now when I install this new version Firefox wont load at all inside Safespace. I havent seen anyone else complain about the problems I have so it is without any doubt something in my system.

But as soon as I get the time (all my spare time goes to learn ubuntu) to install windows from scratch I will try it again.

Hi Kris

Which version of .NET Framework is needed 1.1 or 2.0, or doesn't it matter?

{QUOTE-> Hi Kris
Which version of .NET Framework is needed 1.1 or 2.0, or doesn't it matter? <-QUOTE}
Note that it is 2.0 :)

The scroll button on the touchpad (on my laptop) does not work under safespaced browser. Is there anyway to resolve this?

{QUOTE-> Before I had problem with Firefox crashing under certain (common) circumstances and now when I install this new version Firefox wont load at all inside Safespace. I havent seen anyone else complain about the problems I have so it is without any doubt something in my system.
<-QUOTE}

Ok, so after some help from Tidyup I got Safespace running. Nothing wrong with my system, just me having problems to get the idea behind Safespace, I complicate things sometimes :) (I have firefox installed on another partition and SS treats that as a private space.)

I have tried to provoke Firefox to crash as it did before, but so far so good.
I am not sure I need a sandbox application really since I run a Limited user account, it might be my imagination but Firefox feels much more responsive (page loading) inside the box.

Ran this against AKLT it passes all except it fails GetKeyboardState

{QUOTE-> I have just gone through a second attempted install of SafeSpace Personal and it is reproducibly generating a spontaneous restart near the end installation on the my machine, which persists in anything except safe mode. There are not any obviously conflicting applications on this machine. <-QUOTE}The issue I've seen above has apparently been traced to a conflict with a driver associated with Dr Web AV-Desk (beta).

Blue

{QUOTE-> The scroll button on the touchpad (on my laptop) does not work under safespaced browser. Is there anyway to resolve this? <-QUOTE}

This is a known issue, and should be resolved in the next patch release.

{QUOTE-> Ran this against AKLT it passes all except it fails GetKeyboardState <-QUOTE}

Yes, you are right yankinNcrankin. This is a new addition to AKLT. I will get a fix through to block this asap.

Tried it on 2 computers except when I selected purge both computers had a BSOD. I had to disable all safespace services and startups, use ATI to restore the MBR and then restore the image I created before I installed safespace.

Think I'll pass for now.

Hi Kris,

Liking it on my noteboook so decided to install on my desktop. But facing the following issue with firefox:

Note: I have my profiles folder on a seperate partition (D drive).

Internet explorer is fine.

2. Is there anyway to reset/restore default rules, if you accidently modify the default tab? Cheers

{QUOTE-> Hi Kris,

Liking it on my noteboook so decided to install on my desktop. But facing the following issue with firefox:

Note: I have my profiles folder on a seperate partition (D drive).

Internet explorer is fine.

2. Is there anyway to reset/restore default rules, if you accidently modify the default tab? Cheers <-QUOTE}

Yes - in the SafeSpace console, if you click on the logo in the top left corner there is an option to 'Restore Factory Defaults'.

When you refer to your profile, do you mean your Windows user profile, or your Firefox profile?

Best regards,

Kris.

What is the difference with Bufferzone ?
Seems the same idea.

As far as I can tell, BZ has been developed for a longer time and automatically puts email attachments in it's secure zone.
I believe Safespace has no security for email threats ?

I'm looking for a virtualization/sandbox soft myself and just want to know why choose Safespace? what are the advantages if any? ???

{QUOTE-> What is the difference with Bufferzone ?
what are the advantages if any? ??? <-QUOTE}
FYI, SafeSpace Personal Edition is free for home use

Hi, coen99:

Comparison between BufferZone and SafeSpace ? One thing I am so sure is this:

BT's driver is called redlight.sys Just Google it to see what it reveals. That info will make your jaws dropped. As for SafeSpace , no reports of this nature just yet. Take care.

{QUOTE->
BT's driver is called redlight.sys Just Google it to see what it reveals. That info will make your jaws dropped. As for SafeSpace , no reports of this nature just yet. Take care. <-QUOTE}

Oops :o
Any info on Safespace handling email attachements ?

Hi, I'm new here.

After I installed this proggie, I couldn't use Total Commander.

TC starts alright but the right and left fields are empty, and the rest of the interface is somewhat scrambled.

What could it be?

Windows XP Home, need more?

After disabeling Safespace, it still didn't work so I had to uninstall it. Pity....

Hi coen99

You can right click any saved attachment and 'Enable SafeSpace Protection', so when it is opened, it is forced into SafeSpace.

Regards,

Kris.

{QUOTE-> Hi, I'm new here.

After I installed this proggie, I couldn't use Total Commander.

TC starts alright but the right and left fields are empty, and the rest of the interface is somewhat scrambled.
<-QUOTE}

Hi Yoda.

We are looking into this, and will provide a fix in the next release.

Regards,

Kris.

Thank you for your fast reply. Looking forward for the fix ;D

{QUOTE-> When you refer to your profile, do you mean your Windows user profile, or your Firefox profile? <-QUOTE}

Firefox Profile - Thanks

Just wanted to say that I have been using SafeSpace for the past 4 days under Vista and everything has been pretty smooth. Very nice. Congrats.

This looks a lot like GreenBorder only with a Red border. The average user will not know the difference. Some of the differences you have cited are so technical there is no way for you to differentiate as no one will understand. Sorry, good idea, too late.:thumbd:

Hi All

To Zombini, a smart answer. Only thing is, GreenBorder no longer here and SafeSpace is free unlike the former Greenborder.

Seems a pretty clear difference to me. And whats in a colour.

Terry

{QUOTE-> This looks a lot like GreenBorder only with a Red border. The average user will not know the difference. Some of the differences you have cited are so technical there is no way for you to differentiate as no one will understand. <-QUOTE}

That's the problem with places like this really. We pretend to care about security and say we want to learn. But when push comes to shove, what people really concentrate on are things that are easy to understand , which might not map to what is really important.

Take the concept of leak tests , the basic idea is very simple to understand , that is why people are so focused on it. But what about differences in inbound filtering? No-one talks about it, they think passing GRC's shield's up is all that is needed... Why? Because understanding differences in inbound protection is more *technical*.

So in the end we end up clamouring for features that are easy to explain and understand, but might not be that important.....

{QUOTE-> That's the problem with places like this really. We pretend to care about security and say we want to learn. But when push comes to shove, what people really concentrate on are things that are easy to understand , which might not map to what is really important. <-QUOTE}

Then why come to this forum? It´s pretty obvious that most of us are no true experts with a lot of technical know-how, we´re just a bit fascinated with security tools and like to test and play with them (on our level), I don´t see what the problem exactly is? And I´m waiting for your response in the CMG thread.

On topic:

At the moment SafeSpace is not really that interesting to me, because for now I have chosen not to use virtualization as a realtime protection tool, and that´s because of the extra overhead, especially when starting apps. But from a technical point of view it does seem to be impressive, I wonder if it offers even more protection/isolation than Sandboxie.

{QUOTE-> I have chosen not to use virtualization as a realtime protection tool, and that´s because of the extra overhead, especially when starting apps. <-QUOTE}
You haven't tried GeSWall or Defensewall :)

If I apply 'Full Control' to my Firefox profile (under Privacy tab) will Safespace protect my system from any exploits through the Firefox cache?

@ Rasheed - I hardly notice any difference, in speed, whilst opening virtualised applications in Safespace.

SafeSpace is still too buggy for my tastes. I think it has a cool GUI, but it takes forever to load up and Windows Explorer likes to crash while using it.

{QUOTE-> Then why come to this forum? It´s pretty obvious that most of us are no true experts with a lot of technical know-how, we´re just a bit fascinated with security tools and like to test and play with them (on our level), I don´t see what the problem exactly is? <-QUOTE}

You miss the point, It's not the lack of technical knowhow that borthers me.

Right now you are pretending that you dont' really care about security, but you just want to play with the tests

But fact, is most of the time you *say* that you want the build the strongest security possible, you constantly look for more and more features that can block mroe and more tests in a never ending quest for greater security (whatever that means). I don't have to quote you on your HIPS crusades I trust?

But then you can't turn around and say "I don't care about the technical details". But how do you know if what you have is really more secure if you don't care about the technical details? Run some blackbox test by some guy?

How do you know the difference if the test you ran really *did* something. Sure any "test" can pop up something saying "You are vulnerable to buffer overflow", but did it really test that?


{QUOTE->
At the moment SafeSpace is not really that interesting to me, because for now I have chosen not to use virtualization as a realtime protection tool, and that´s because of the extra overhead, especially when starting apps. But from a technical point of view it does seem to be impressive, I wonder if it offers even more protection/isolation than Sandboxie. <-QUOTE}

I wonder if from a technical pov if it is indeed impressive. :)

Dismissing the advantage of a security program as "too technical" seems to me that one isn't really looking for more real security but rather one wants to feel safe (whether one actually is or not).

Just cos you don't understand something , doesn't mean it is not important, conversely just cos you understand something, doesn't mean that detail is!

Same with just running test....

i've never had any problems with safespace : crashes, bluescreens, etc.. the only suggestion i can give the devs is to try and reduces the resource usage. safespace uses like 40-70 megs of ram on my pc, this normally wouldn't be a problem but my laptop only has 512megs of ram. :D

Hi,ZopZop, can you use SafeSpace with Returnil activated?

Hi all,

Strange so many problems were reported with safespace. The update of my work (selected freeware) recommended this program. Prerequisites are that programs are freeware, easy to use, no nagware or beta and are available on both XP 32 and Vista 32.

Novice:
- AV Avast (only freeware offering teh full package with fast updates)
- Firewall (Windows standard behind a hardware FW)
- Other: ThreatFire

Advanced
- AV Avast
- Firewall Webroot firewall (for additional outbound protection)
- ThreatFire
- SafeSpace personal (for dodgy browsing)

Off course with a decent hardware FW (router with Nat + SPI) and seperate harddisk (a Maxtor one touch) with freeware image backup Maxxblast. Router + Backup disk are provided (for freee) when signing a contract to take sufficient precautions against malware (otherwise you won't get your VPN on your laptop to work at home).

This is not my setup, so do not start arguing with me. I know that those programs scored high on a (on-going) test with ease of use and defense strength as criteria (besides the criteria mentoned above). I know there was a footnote (when OA free was available on Vista32 also it would have won).

Because I have a different setup I always have to choose access from a public computer with limited rights (only e-mail no access to directories) in stead of the full access when accessing work from a private PC at home.

Regards Kees

{QUOTE-> Hi,ZopZop, can you use SafeSpace with Returnil activated? <-QUOTE}

i wouldn't know ;) i uninstalled returnil to test safespace. i don't push my luck with too much security software running at the same time. i'm just paranoid that way.

I have tested SafeSpace and Returnil, and they do co-exist well (with a bit of configuration to accomodate the virtual share in Returnil).

In terms of Memory usage, the SafeSpace console does use a fair amount, but this is only required for configuration. For day to day use of SafeSpace, you don't need the console at all. The icon in the Notification Bar (bottom right corner of your screen) gives access to most of the regular functions.

{QUOTE-> I have tested SafeSpace and Returnil, and they do co-exist well (with a bit of configuration to accomodate the virtual share in Returnil). <-QUOTE}

Hi Kris

Could you just expand a little on the ''bit of configuration''

Are you referring to the virtual partition?

Yes. By default, SafeSpace blocks access to any files which are not in a folder listed in the Privacy page. So if you need access to files in the virtual partition, you might have to relax the security to Read-Only or Full Control.

{QUOTE-> Yes. By default, SafeSpace blocks access to any files which are not in a folder listed in the Privacy page. So if you need access to files in the virtual partition, you might have to relax the security to Read-Only or Full Control. <-QUOTE}

Ok Kris

Thanks for that clarification

this certainly seems to be a nice security app-with prehaps some stability/compatibility issues. tidyup, would you consider, perhaps after opening your forum, implementing a beta-test program? while i realise that by offering the personal edition as a fully functioning build, coupled with the feedback form , you are implementing a defacto beta program. but i submit that with the beta designation, you are telling users, that SafeSpace, while almost 'there' needs some further development. i see a couple advantages to that.

1) people will tend to download it with the explicit intention to test and feedback to assist with development.

2) lower compatibility/stability expectations which i believe will reduce word of mouth black-eyes SafeSpace might otherwise suffer. the public may be more forgiving, because it is afterall a beta. your organization would probably benefit from an enlarged window of opportunity to get compatibility/stability issues addressed, while not being so pummeled in the public eye.

my 45 cents.


Mike

Simmikie if you look back at history you will find that SafeSpace already offered this as a beta.
By the way I thought after your comments HERE (http://www.castlecops.com/t202695-PrevxCSI.html) you didn't like us at Wilders.
Maybe you just had a bad day.
So if I understand Safe Space correctley it is a sandbox, a virtual environment, a HIPS ?
Sorry personily i've havent tried this on yet but i'm kinda curious.

Hello Simmikie.

Thank you for your feedback.

We did offer two Beta versions, the forst one back in August. These proved to be very successful in terms of feedback, and helped to shape the console and default configuration in the current version.

Given the nature of what SafeSpace does, there will always be some compatibility issues with other programs. We can't test everything inhouse as there are an infinite number of setups out there, so it is crucial that feedback is given to us. Compatibility issues are generally straightforward to fix, and usually by a simple configuration change. You will see regular updates to SafeSpace over the coming months as we further refine it, in terms of performance and compatibility.

Please don't hesitate to contact us at support@artificialdynamics.com, or by using the online form HERE (http://www.artificialdynamics.com/content/support/overview.aspx), or if you want, by PM'ing me on this board. We are here to help.

Best regards,

Kris.

Artificial Dynamics.

{QUOTE-> So if I understand Safe Space correctley it is a sandbox, a virtual environment, a HIPS ?
Sorry personily i've havent tried this on yet but i'm kinda curious. <-QUOTE}

SafeSpace is indeed a Sandbox, which uses numerous virtualization methods to isolate the activity within the sandbox. It is classified as HIPS, but HIPS is quite a broad term. "Passive Behavioural HIPS" would be more accurate :)

Regards,

Kris.

Artificial Dynamics.

{QUOTE-> Simmikie if you look back at history you will find that SafeSpace already offered this as a beta.
By the way I thought after your comments HERE (http://www.castlecops.com/t202695-PrevxCSI.html) you didn't like us at Wilders.
Maybe you just had a bad day.
So if I understand Safe Space correctley it is a sandbox, a virtual environment, a HIPS ?
Sorry personily i've havent tried this on yet but i'm kinda curious. <-QUOTE}

perhaps a little of both, though largely my assesment remains unchanged. i was actually looking for any Prevx posts in other antimalware when i noticed SS. since there is good vender participation, and not merely PA participation...


Mike

{QUOTE-> Hello Simmikie.

Thank you for your feedback.

We did offer two Beta versions, the forst one back in August. These proved to be very successful in terms of feedback, and helped to shape the console and default configuration in the current version.

Given the nature of what SafeSpace does, there will always be some compatibility issues with other programs. We can't test everything inhouse as there are an infinite number of setups out there, so it is crucial that feedback is given to us. Compatibility issues are generally straightforward to fix, and usually by a simple configuration change. You will see regular updates to SafeSpace over the coming months as we further refine it, in terms of performance and compatibility.

Please don't hesitate to contact us at support@artificialdynamics.com, or by using the online form HERE (http://www.artificialdynamics.com/content/support/overview.aspx), or if you want, by PM'ing me on this board. We are here to help.

Best regards,

Kris.

Artificial Dynamics. <-QUOTE}

hey Kris, i just stumbled onto this thread while actually looking for something else, so i hadn't a chance for an in-depth investigation. it seems to me as SS is going thru it's development paces, that it was taking a fair amount of hits, and thought a minor adjustment in concept would help. i noticed you are using past tense in reference to beta-testing. if utilizing betas was helpful yesterday, is it not possible it could be helpful today?

very compelling software, and i wish your organization good success with it.


Mike

{QUOTE-> is it not possible it could be helpful today? <-QUOTE}

Very much so. Any feedback you have regarding features, compatibility, issues, general comments, will be greatfully received. All feedback is dealt with promptly. If not fixed immediately, then it will be considered for a subsequent release.

As I mentioned before, we will be publishing regular releases of SafeSpace so if you do want to see any changes, let me know via any of the communication channels.

We already have a few fixes ready, so expect a new release in the next couple of weeks.

We will also be continuing the Beta program for major releases, which will be announced in advance on our forum, when it is launched (soon).

Best regards,

Kris.

Hi zopzop, how do you compare SSpace with GW, interms of speed, security, ease of use and features?

Did u try KillDisk against it?

Thanks

{QUOTE-> Hi zopzop, how do you compare SSpace with GW, interms of speed, security, ease of use and features?

Did u try KillDisk against it?

Thanks <-QUOTE}

hey aigle. on my laptop with 512 megs of ram it's noticeably slower than geswall (but then again, my laptop is sorta ghetto :D ). in terms of security it's pretty impressive (it's like a mix of geswall and sandboxie), although the bufferzone trojan simulator still manages to read the contents of "My documents" folder even after i marked it as restricted. it's really easy to use, almost idiot proof (in fact i put it on my cousin's laptop and she loves it. and she's not pc savy at all. to this day she's had no malware problems). feature-wise it's comparable to geswall paid (restricting/virtualizing folders, sandboxing applications with normal or limited rights, etc..). it's a very good program overall. i wouldn't hesitate to recommend it.

as for killdisk, i haven't tested this myself but i've been told that the virus can't even run in safespace because safespace limits it's rights or something. maybe tidyup aka kris can explain it better than i have.

{QUOTE->
as for killdisk, i haven't tested this myself but i've been told that the virus can't even run in safespace because safespace limits it's rights or something. maybe tidyup aka kris can explain it better than i have. <-QUOTE}

Thanks zopzop, I am ATM totally devoted to GW but might try SSpace in future. I have used and tested GW with satisfying results for such a long time that it will be a real pain to reapeat all these scenarios with SSpace. GW has proved to be the most trustworthy security application on my system( never failed against any experimental malware from day-one of its use). From the posts in this thread I guess SSpace still has problems on significant number of systems, so seems a bit less problem-free than GW( though it has been OK on ur system).

I wish somebody can try it against KillDisk, best to be done on a VM only IMO.

{QUOTE-> Did u try KillDisk against it? <-QUOTE}

SafeSpace blocks all interaction with the kernel, which stops KillDisk from functioning as it attempts to erase sectors at the device level.

{QUOTE-> although the bufferzone trojan simulator still manages to read the contents of "My documents" folder even after i marked it as restricted. <-QUOTE}

This test is a bit false, as it only attempts to read the contents of a folder ,not the contents of a file. SafeSpace blocks applications from reading private data - I.E., the contents of the file, not the name of the file.

Best regards,

Kris.

{QUOTE-> SafeSpace blocks all interaction with the kernel, which stops KillDisk from functioning as it attempts to erase sectors at the device level.
<-QUOTE}
Is it ur expectation or you have actually tested it with KillDisk?

Actually tested.

Thanks. That,s good indeed!:thumb:

@Tidyup,
In your words, what are the technical/practical advantages of SafeSpace over the established competition (Sandboxie, GeSWall, Defensewall, Bufferzone)?
Thanks in advance :)

@ LUSHER

{QUOTE-> Right now you are pretending that you dont' really care about security, but you just want to play with the tests <-QUOTE}
Strange remark, of course I care about security, otherwise I wouldn´t be spending so much time on this forum. However, at the end of the day I´m just a simple consumer, I´m no security expert, so when I´m testing these tools it´s on a certain level, I´m not trying to bypass these tools with advanced methods.

{QUOTE-> But fact, is most of the time you *say* that you want the build the strongest security possible, you constantly look for more and more features that can block more and more tests in a never ending quest for greater security But then you can't turn around and say "I don't care about the technical details". But how do you know if what you have is really more secure if you don't care about the technical details? <-QUOTE}
I wonder what you mean with "technical details"? What are you expecting from us, that we will try to reverse engineer these tools, analyse code and run "fuzzing" tests? What´s your point again? Again, it´s obvious that most of use are no true experts, and we don´t claim to be, I don´t see a problem with that.

For the record, I´ve read quite a lot about the methods that malware may use to infect a system, so I do know why it´s important to guard certain system areas. And I´m also aware of the fact that probably all these HIPS can be bypassed, I never claimed they are bulletproof.

Hi there, I have just decided to take SafeSpace for a spin and am having some problems with it. When I want to purge a session, my computer automatically reboots. Now I'm aware it will do this if I set it to "Purge on Log off", but it also does it even if I turn that option off and just use the icon in the task bar to purge. Should it be doing this? I didn't see in the help file anything about requiring reboots.

Also, when it does reboot, when the computer comes back up I get the "system has recovered from a serious issue" Microsoft warning. This happens even when using the manual "purge on log off" option and logging off normally. That's a little worrying to me. I also noticed that when I ran Yahoo Messenger (by double-clicking and it opening up in the SafeSpace environment), that that also caused a reboot.

Firefox seems to crash almost every time inside SafeSpace too. I uninstalled Returnil and Sandboxie to try it out, and I do like the way SafeSpace does things, but these hard crashes can't be good. I currently only have SpywareTerminator and Avast Home running real-time, with SAS and A-Squared Free as manual scanners. Again I actually like the way SafeSpace does things, but if I can't get these crashes worked out I guess I'll head back to Returnil and Sandboxie, and hopefully try SafeSpace at a later date with better results.

*EDIT I now can't open Internet Explorer without the computer restarting, and trying to uninstall SafeSpace results in reboots also and the uninstall fails. This program has to go for now, if I can get it off of here. No disrespect to the dev, maybe it's my system alone.

{QUOTE-> Hi there, I have just decided to take SafeSpace for a spin and am having some problems with it. When I want to purge a session, my computer automatically reboots. Now I'm aware it will do this if I set it to "Purge on Log off", but it also does it even if I turn that option off and just use the icon in the task bar to purge. Should it be doing this? I didn't see in the help file anything about requiring reboots.

Also, when it does reboot, when the computer comes back up I get the "system has recovered from a serious issue" Microsoft warning. This happens even when using the manual "purge on log off" option and logging off normally. That's a little worrying to me. I also noticed that when I ran Yahoo Messenger (by double-clicking and it opening up in the SafeSpace environment), that that also caused a reboot.

Firefox seems to crash almost every time inside SafeSpace too. I uninstalled Returnil and Sandboxie to try it out, and I do like the way SafeSpace does things, but these hard crashes can't be good. I currently only have SpywareTerminator and Avast Home running real-time, with SAS and A-Squared Free as manual scanners. Again I actually like the way SafeSpace does things, but if I can't get these crashes worked out I guess I'll head back to Returnil and Sandboxie, and hopefully try SafeSpace at a later date with better results.

*EDIT I now can't open Internet Explorer without the computer restarting, and trying to uninstall SafeSpace results in reboots also and the uninstall fails. This program has to go for now, if I can get it off of here. No disrespect to the dev, maybe it's my system alone. <-QUOTE}

Just to confirm, there is a known issue with Online Armor, who are now aware of the issue and are working on a fix. We have no information about when this will available, but as soon as we know, we will advise.

Unfortunately, this is out of our control.

Kris.

{QUOTE->
In your words, what are the technical/practical advantages of SafeSpace over the established competition (Sandboxie, GeSWall, Defensewall, Bufferzone)?
<-QUOTE}

I'll refer to a previous post I made:

{QUOTE->
Agreed there are alternative products in this new market, but I don't think this forum is the best place for me to discuss their drawbacks. So rather than make direct comparisons, I would like to highlight a few key areas in SafeSpace:


The ability to download web content and save it to the native file system, i.e. you don’t lose everything when the virtual environment is purged. You can save to standard places, such as My Documents and Desktop, and SafeSpace will protect any private content in these directories. SafeSpace content is automatically tracked and re-opened within SafeSpace. SafeSpace protection can easily be added or removed from any file using the context menu in explorer.
Extensive virtualization, which ensures complete application isolation (see note below)

Kernel mode – file system, registry, IPC
User mode - windows messaging, DDE, COM/RPC

Extremely flexible privacy settings, with a default configuration that should meet the needs of most users. Advanced users can choose to virtualize different areas of the system (by default, windows and program files), or restrict/relax access to private files (by default, no private files can be read from data directories, other than content saved directly from within SafeSpace).

Generic blocking of numerous keylogging techniques, ensures that even if your sandbox is contaminated, no virtualized processes can log keystrokes.


Note:
In particular, DDE and COM virtualization ensures that content in SafeSpace is never hosted in the same process as native content. Applications such as Microsoft Office and Adobe Acrobat Reader will either share the same process instance or not work, unless DDE is fully virtualized. COM virtualization ensures that embedded content will function correctly and more importantly stays within SafeSpace (without COM virtualization applications can break or worse still launch other processes outside of the sandboxed environment). The extensive virtualization layer ensures SafeSpace can virtualize many applications, including those that usually only run a single process instance, such as task manager and explorer.

We also have a user guide which explains the key concepts of SafeSpace:

http://www.artificialdynamics.com/assets/pdf/Artificial%20Dynamics%20SafeSpace%20User%20Guide.pdf

Regards,

Kris. <-QUOTE}

{QUOTE-> Just to confirm, there is a known issue with Online Armor, who are now aware of the issue and are working on a fix. We have no information about when this will available, but as soon as we know, we will advise.

Unfortunately, this is out of our control.

Kris. <-QUOTE}


This is fixed - just going thru the beta process now.


Mike

{QUOTE->

Strange remark, of course I care about security, otherwise I wouldn´t be spending so much time on this forum. However, at the end of the day I´m just a simple consumer, I´m no security expert, so when I´m testing these tools it´s on a certain level, I´m not trying to bypass these tools with advanced methods.
<-QUOTE}

Hmm you are contradicting yourself on so many levels , I don't know where to start.

You are not trying to bypass these tools with advanced methods.

But you are looking for stronger HIPS

But since the best HIPS like PS basically defeat all the basic methods (which by that you mean leak tests and such) , you are looking for HIPS that do indeed defeat those "Advanced methods".

But how do you know they do?



{QUOTE->
I wonder what you mean with "technical details"? What are you expecting from us, that we will try to reverse engineer these tools, analyse code and run "fuzzing" tests? What´s your point again? Again, it´s obvious that most of use are no true experts, and we don´t claim to be, I don´t see a problem with that.
<-QUOTE}

You seem to take pride at not being an "expert". You go into this defensive mode , hiding behind this posture of not being an expert, and just wanting to "test" using tools. When in this mode, you pretend to be humble, and you constantly state you just want to be left alone to test at your own level.

But when you start critizing and demanding features at forums like neoava guard, you act like you know tons of stuff about how HIPS should be to be the best most secure hips.

Both positions contradict each other.

Anyway I don't know why you barged your way into this conversation, since I wasn't even directing my remark at you.

If you actually read the thread you would know exactly what "technical detail" I was referring to. It has nothing to do with being a "true expert" or not. I would hope the title "true experts" is much harder to get that just that....


{QUOTE->
For the record, I´ve read quite a lot about the methods that malware may use to infect a system, so I do know why it´s important to guard certain system areas. <-QUOTE}

No need to be defensive. I'm sure you have by the standards of ordinary people.

{QUOTE->
And I´m also aware of the fact that probably all these HIPS can be bypassed, I never claimed they are bulletproof. <-QUOTE}

Never said you didn't.....

Hi Kris,

Before I migrate completely to SafeSpace, there are some questions I'd like to ask.

1. Low privileges. I notice that SafeSpace offers the option to launch applications with reduced privileges. What is the benefit - or point - of low privileges, since the applications will be isolated anyway?

2. File virtualization. Does SafeSpace remove all untrusted files when I purge SafeSpace? If yes, is there any method of selecting which files I want to survive a purge and permanently remain on my drive? Lastly, is there an easy way to check where isolated applications have generated what untrusted files in which folders?

3. Registry virtualization. Is there a method to select what registry changes I want to keep, or to make fully accessible to isolated applications?

Thanks.

Hi Solcroft.

Thank you for your interest in SafeSpace.

{QUOTE-> 1. Low privileges. I notice that SafeSpace offers the option to launch applications with reduced privileges. What is the benefit - or point - of low privileges, since the applications will be isolated anyway? <-QUOTE}

Isolation protects against interaction with system components, such as service and process manipulation, driver installations, etc. There are however other administrative tasks which are not blocked by this, such as reboot privileges, and tampering with the system time. Removing administrative rights further protects the system from unknown exploits requiring administrative rights.

{QUOTE-> 2. File virtualization. Does SafeSpace remove all untrusted files when I purge SafeSpace? If yes, is there any method of selecting which files I want to survive a purge and permanently remain on my drive? Lastly, is there an easy way to check where isolated applications have generated what untrusted files in which folders? <-QUOTE}

In the Privacy page of the console, you will see that some directories are marked as Virtual. These are the directories (and subdirectories) which are cleansed when a purge takes place. Typically, Virtual folders should be used for non-private areas of the disk, such as Program Files and Windows.

Any other directory is Private by default, meaning that existing files cannot be opened, but any new files created will be tagged. These tagged files can only be opened inside SafeSpace. Tagged files are not removed when you purge. The same goes for any Read Only or Full Control folder.

All tagged files are identified by a SafeSpace logo (on vista), or a red border (on XP). There is currently no functionality to perform a search for these files, but a future version will include a tagged file browser.

{QUOTE-> 3. Registry virtualization. Is there a method to select what registry changes I want to keep, or to make fully accessible to isolated applications? <-QUOTE}

In this version, all Registry changes are virtualized. A future release will introduce the ability to exclude certain registry keys, but this is something you cannot do at present. Do you have a specific use case for why you need to do this?

Best regards,

Kris.

{QUOTE-> There are however other administrative tasks which are not blocked by this, such as reboot privileges, and tampering with the system time. Removing administrative rights further protects the system from unknown exploits requiring administrative rights. <-QUOTE}
Ah yes... forgot about those. No sandbox I know of currently blocks system time changes, so this sounds like a nice touch.

One last question: is it possible to mark entire drives as Virtual, for times when I need an isolated application to leave NO traces whatsoever on my computer?

Thanks for the swift reply.

Yes. In the Privacy page, you can add an entire drive. Just browse to and select the drive root in the folder explorer and click Add.

Hello all.

We have identified and resolved an issue which caused the TotalCommander GUI to display incorrectly. This issue was reported by a couple of users on Wilders. I apologise for not responding by PM, as I had to remove a lot of messages.

This fix will be available in the next release, coming soon.

Best regards,

Kris.

{QUOTE-> Yes. In the Privacy page, you can add an entire drive. Just browse to and select the drive root in the folder explorer and click Add. <-QUOTE}
Thanks Kris.

{QUOTE-> Hello all.

We have identified and resolved an issue which caused the TotalCommander GUI to display incorrectly. This issue was reported by a couple of users on Wilders. I apologise for not responding by PM, as I had to remove a lot of messages.

This fix will be available in the next release, coming soon.

Best regards,

Kris. <-QUOTE}

Thanks for the info Kris. Looking forward to the next release :thumb:

Hi Kris,

Some feedback on your program which I hope will be useful. After some toying around with SafeSpace, I've decided to not migrate to it completely; the reason being that I cannot set SafeSpace to prevent all changes to all drives, while at the same time keeping the files I need.

To perhaps make it clearer, I want to block program A from making any changes at all to my computer. To do so, I set all my local drives to Virtual, and run program A isolated. However, I use program A to produce a useful file that I want to keep. This doesn't seem to be possible.

Another small niggle is that: it seems that I can right-click on any program and select Enable SafeSpace Protection to run the program isolated. There are two behaviors about this that bugs me. First, there is no way to quickly run a program for that one time only without multiple clicks. I need to enable protection, run the program, and turn off protection when I'm done. In contrast, Sandboxie offers a quick Run Sandboxed option. Also, when one uses the context menu to enable protection, there seems to be no way of changing whether programs run with normal or reduced privileges. Secondly, programs and shortcuts that I use Enable SafeSpace Protection on do not appear in the Applications page of the main SafeSpace console, which means there is no easy method of centrally keeping track of what programs do or do not run in SafeSpace.

Third, the red border is extremely visually obstrusive for me. I realize one can select different colors, but I would prefer the options to: turn it off, make the border smaller, reduce its translucency, or, best of all, switch to a non-obstrusive indicator like the ones used by Sandboxie and GeSWall.

On the plus side, SafeSpace does offer strong protection, as it defeats just about every piece of malware I throw at it – especially when low privileges is used. It's a technically sound program, but not flexible enough for me.

Lastly, I would appreciate it if the need for the .NET framework is removed, as it means an additional 50MB download and a lengthy installation process for me. It's not a killer issue, but would greatly increase my willingness to re-try SafeSpace in the future.

Hi Solcroft.

Thank you for this great feedback. All of your comments have been taken onboard. I would like to offer you a few ideas for the current version:

{QUOTE-> I want to block program A from making any changes at all to my computer. To do so, I set all my local drives to Virtual, and run program A isolated. However, I use program A to produce a useful file that I want to keep. This doesn't seem to be possible. <-QUOTE}

You *can* set all drives to virtual, and exclude a single folder as Full Control. If you have the option in this application to save the file to a certain folder, maybe this would be acceptable?

I do accept that this may not fit your needs. We are already working new features to improve visibility of the virtual filesystem.

{QUOTE-> First, there is no way to quickly run a program for that one time only without multiple clicks. I need to enable protection, run the program, and turn off protection when I'm done. In contrast, Sandboxie offers a quick Run Sandboxed option.Also, when one uses the context menu to enable protection, there seems to be no way of changing whether programs run with normal or reduced privileges. Secondly, programs and shortcuts that I use Enable SafeSpace Protection on do not appear in the Applications page of the main SafeSpace console, which means there is no easy method of centrally keeping track of what programs do or do not run in SafeSpace. <-QUOTE}

If you add an application to the Applications list, and then disable the 'SafeSpace Protected' option, it will not automatically launch protected, but it will still appear in the shortcut menu under 'Quick launch in SafeSpace'. Thus allowing you to 'occasionally' run an application in SafeSpace, directly from the shortcut menu, and keep track of these applications.

Again, we are working on new features to extend the level of control over application use.

{QUOTE-> Third, the red border is extremely visually obstrusive for me. I realize one can select different colors, but I would prefer the options to: turn it off, make the border smaller, reduce its translucency, or, best of all, switch to a non-obstrusive indicator like the ones used by Sandboxie and GeSWall. <-QUOTE}

The border control is managed exclusively by a process called 'waveframer.exe'. If you stop this process from auto running (using msconfig, for example), then no protected applications will be bordered. This does not affect any other functionality in SafeSpace.

We will be introducing more granular control over borders and icon overlays in a future version.

Once again, many thanks for this constructive feedback. I appreciate the time you spent evaluating our product, and I hope we can meet your expectations in a future verison.

Best regards,

Kris.

Artificial Dynamics.

{QUOTE-> I'll refer to a previous post I made: <-QUOTE}
So, is it right to think of SafeSpace as a hybrid between "pure" policy-based sandboxes (GeSWall and Defensewall) and virtualization-based sandboxes (Sandboxie and Bufferzone)?
Thanks for the answer :)

Lucas1985,

As far as I understand the info, my conclusion is teh same.

On a scale DefenseWall would be purely policy based, GesWall uses a little bit of virtualisation also within Windows own policy mechanisme (redirects), SafeSpace Personal is a nice mix, Sandboxie would be on the far end of session virtualisation.

{QUOTE-> So, is it right to think of SafeSpace as a hybrid between "pure" policy-based sandboxes (GeSWall and Defensewall) and virtualization-based sandboxes (Sandboxie and Bufferzone)?
Thanks for the answer :) <-QUOTE}

Tidyup's answer can be found here.
http://www.wilderssecurity.com/showpost.php?p=1110958&postcount=58

Hi Kris

Firefox frequently crashes under LU account when entering letters into google search box on my PC.

btw when will the new version expected to be released?

I am trialling SafeSpace in one of my two computers,the weaker one to better understand its workings,i got rid of the software firewall and Threatfire to accomodate SS to leisure, still there are notable 80K spykes when the Config is open.
I like the GUI a lot,as also its way of working,but i have some difficulty to completely understand a few things,as for instance:

a-what kind of Applications are recommended to be shown in SafeSpace Apllications?

Why-if i put SeaMonkey over there i am unable to open it?
(Mozilla apps should be automatically taken care of?)

b- My waveframer.exe is working as seen from msconfig and task manager, and i chose a colour in Appearance,still cannot see any colour both in SeaMonkey and IE.


c-i already saw TidyUp reply about what to do with Returnil, is there any incompatibility with PowerShadow?
Using any such virtualization program can hinder Safespace?
Or does it add to the general security?

{QUOTE-> Hi Kris

Firefox frequently crashes under LU account when entering letters into google search box on my PC.

btw when will the new version expected to be released? <-QUOTE}

Hi Dogma. I've sent you a PM requesting a log file.

The new version should hopefully be available on Download.com tomorrow.

Best regards,

Kris.

Hello poirot.

{QUOTE-> here are notable 80K spykes when the Config is open. <-QUOTE}

The SafeSpace console is built upon .Net 2.0. However, the console is only required when you wish to configure SafeSpace. It is not required for day to day use, and most of the general functions are available in the notification bar menu.

{QUOTE-> a-what kind of Applications are recommended to be shown in SafeSpace Apllications? <-QUOTE}

The Applications list should be populated with any applications which are exposed to the internet and either display or introduce internet content, for example web browsers, instant messaging clients, Peer to Peer, etc.

{QUOTE-> Why-if i put SeaMonkey over there i am unable to open it?
(Mozilla apps should be automatically taken care of?) <-QUOTE}

I have tested SeaMonkey, and could not find any issues. I will send you a PM with some instruction on how to generate a debug log so I can investigate this further.

{QUOTE-> b- My waveframer.exe is working as seen from msconfig and task manager, and i chose a colour in Appearance,still cannot see any colour both in SeaMonkey and IE. <-QUOTE}

Can you check the Home page of the SafeSpace console to verify that they are running inside SafeSpace?

{QUOTE-> c-i already saw TidyUp reply about what to do with Returnil, is there any incompatibility with PowerShadow?
Using any such virtualization program can hinder Safespace?
Or does it add to the general security? <-QUOTE}

I have tested PowerShadow, and there seem to be no compatibility issues.

Best regards,

Kris.