I know some here use Sandboxie or something similar. I have not tried such applications, and do not have the knowledge to do much trouble shooting on a computer.

Accordingly, I am wondering if such applications are prone to problems with access to sites or other problems.

I have felt that KIS is all I need, especially since I am a safe surfer.

Thanks,
Jerry

-{ Quote: "I know some here use Sandboxie or something similar. I have not tried such applications, and do not have the knowledge to do much trouble shooting on a computer.

Accordingly, I am wondering if such applications are prone to problems with access to sites or other problems.

I have felt that KIS is all I need, especially since I am a safe surfer.

Thanks,
Jerry" }-

I've been running Sanboxie for quite a while with no issues. Also excellent help is available on their forum.

Likewise, cannot think of a single issue with Sandboxie and have been running it for several months now. I should perhaps say that I only use it for web browsing, I do not install programs in it to test, nor play with malware in it.

I use it extensively online myself. I often get myself infected when I clean up client pc... It keeps saving me expanding rear-end... Without performance loss...

They released a new version on the 11th. I'm just testing the upgrade since yesterday. So far it's an improvement at all level on an already great product!

Go for it!

-{ Quote: "

I have felt that KIS is all I need, especially since I am a safe surfer.

Thanks,
Jerry" }-

Here I wrote an article on safe web surfing for all you safe surfers!
You can check it out here: http://www.hermes-computers.ca/index.php?pid=46

Not to frighten you but I see hostile Iframe on an enormous numbers of web sites. I must be spending half my working time helping people clean them up... nasty!

-{ Quote: "...I only use it for web browsing....." }-
Ditto.
I find it fairly intuitive as well. Don't have to make a hobby out of it to benefit from it's efficacy.
System impact is minimal.
Tzuk (the developer) is very active in it's continued evolution.

Digressing a bit here if I may, but one of my primary reasons for liking this software (enough to register), is it's convenience, aside from all the security benefits (and they are substantial).
Before SandboxIE, I was constantly turning cookies on/off (depending on site visiting), as well as Java, JavaScripting, etc. Made me crazy.
OK, I'm at Wilders, cookies on. Browsing elsewhere, cookies off. Other trusted sites, damn, they're not rendering correctly, Java/JavaScript on.
Constantly clicking permission stuff depending where on the web I was.
At the end of sessions, I was constantly reviewing, subsequently selecting/deleting cookies, as well as clearing history, etc.
Ahhhh....With SandboxIE, I find the browsing experience much more relaxed.
Cookies, Java, JavaScripting, all ON.
Browsing done, close browser, EVERYTHING gone.
Simplistic approach. I like simple.

Speaking of exploding malware within sandboxie for fun... Anyone here experienced with it that way?

-{ Quote: "Speaking of exploding malware within sandboxie for fun... Anyone here experienced with it that way?" }-
It's not much fun at all when the malware invariably succeeds in doing exactly NOTHING. No alerts, no cascade of popups telling you how Sandboxie just defended your computer against the LATEST ZERO-DAY 100% UNDETECTABLE TROJAN, no anything at all. Just... poof. Boring.

Hahaha... Darn there goes my next hobby idea!:)

Many thanks, All for the comments.

If I understand it, Sandboxie is primarily for surfing. If I want to download a program I would not do it through the sandbox.

I don't bank on-line, but would that go through the sandbox or would there be a problem of access and completing whatever business one would do?

Regards,
Jerry

-{ Quote: "Many thanks, All for the comments.

If I understand it, Sandboxie is primarily for surfing. If I want to download a program I would not do it through the sandbox.

I don't bank on-line, but would that go through the sandbox or would there be a problem of access and completing whatever business one would do?

Regards,
Jerry" }-
Not at all! We bank all the time. I was so impressed with it I coughed up $25 after I used it for less than a day. The free version is about the same, however, it is my understanding you'll eventually get nagged.

You can download anything using Sandboxie and then recover it later. I've only played a little with the new version, but it seems to ask you immediately if you want to recover the file after downloading it. You can also set it up to recover files, bookmarks, etc without interaction. I can't comment on the banking, but the site should work like normal.

I've used version 2.86 and now 3.01 and I really feel safer with SBIE. It's also been very stable on my machine. Some of us have access blocked to My Documents when an app is sanboxed. This keeps whatever app you are running from accessing possible private files in My Documents. When you download it, make sure to go through the tutorial to get a feel for how things work.

cheers,
innerpeace

Thanks, again.
The tutorial is a good suggestion. Like a few others I usually don't read the directions until I have problems.

I have not installed it yet, but it does look very interesting. I'll see if there are more comments, but so far no downside has been mentioned. I would have thought it would slow down surfing a lot. Evidently not.

Regards,
Jerry

-{ Quote: "I don't bank on-line, but would that go through the sandbox or would there be a problem of access and completing whatever business one would do?

Regards,
Jerry" }-
Go to your banking site with a "cleared" SandBox, carry out your banking/on-line transactions and then clear the contents before visiting any other sites.

Never had a problem with SB; lightweight, stable, and does not slow down browsing even on dial-up. Highly recommended.

-{ Quote: "It's not much fun at all when the malware invariably succeeds in doing exactly NOTHING. No alerts, no cascade of popups telling you how Sandboxie just defended your computer against the LATEST ZERO-DAY 100% UNDETECTABLE TROJAN, no anything at all. Just... poof. Boring." }-
ROFL :)

@JerryM : registered user too; $20 = good deal for the unlocked version.
Concur with all comments : a little gem. :)
Couple of things:
_Adobe PDF Reader will freeze a sandboxed FF session ( at least for me it does): ie open a PDF in the sandboxed browser = massive slowdown/freeze, and may need reboot. Use Foxit or other PDF reader in the session or just recover the file to wherever and read outside the s-box: scan it first if not sure of source ( even then...)

_ A mal in the sandbox can execute and may be able to read from your HD files and send out through the browser. The said mal as a rule cannot escape the box to install: vanishes when sandbox deleted.
There was one thread some where where one identified trojan: Prueba ?, escaped the sandbox. Not sure it was confirmed: Tzuk addressed the problem afaik.
Kernel level drivers cannot be installed via the box which is another solid layer.

_ your regular "anti" real time tools are able to scan the sandbox as per any file system and pick up nasties if they arrive.

FF in sandboxie = rock solid.

_Yes banking, purchasing etc is fine: just launch a fresh browser session after deleteing the default box contents = clean session.

**Any mal already on your box will still be able to run: ie Keylogger will still catch typing.

Default set-up is fine to start: fine tune as you go along and learn.
Learn how to Erase the default box contents rather than just delete.
Get it. You'll like it.

There are discussion here re other Sandbox/Hips hybrids: DefenceWall, GesWall : all good tools. Sandboxie just great oob.
:thumb:

Am I the only one who has found that it slows down the initial log on ? only by a second or so - but irritating nonetheless. I'm sure that I read somewhere that
extra time to log on was quite normal as Sandboxie has to set up its virtual environment ? Normal surfing thereafter.

I should add I only tried to use it with Firefox. I didn't even think to use it with IE ( I'm not that brave) Perhaps it really works best with IE and is less necessary with Firefox Opera etc ?

@Longview
LOL yes possibly even more important with IE : MicrosftIE = sIEve ;)
With FF = WALL.

I do have (FF has issues) problems with some sites: my supposedly security conscious bank for &*#%'s sake thinks IE is better than FF.
USe the: IEView addon: https://addons.mozilla.org/en-US/firefox/addon/35 while sandboxed with FF and sandboxie will open sandboxed instance of IE.

The latest release of sandboxie has had some config changes: the right click extensions from the control applet no longer have "Launch IE" as option, just "launch Browser" which starts default browser ( FF for me) Any other browser session (ie non default) requires a separate shortcut.

-{ Quote: "@Longview
LOL yes possibly even more important with IE : MicrosftIE = sIEve ;)
With FF = WALL.

I do have (FF has issues) problems with some sites: my supposedly security conscious bank for &*#%'s sake thinks IE is better than FF.
" }-

I know... I see this with all large institutions and businesses. Far too many IT managers are now Pen Pushers instead of engineers. They attend All Microsoft conventions getting programed by marketing hype and are much too busy looking for a freebie hand out from Microsoft to have time to think for themselves. Being addicted to a misguided "Risk Averse Decision making" turned upside down...

Perhaps they should remain focused on Technical expertise skills instead of a poor mix of tech and Business skills, and stop trying to please CFO's as they currently preach. Perhaps more intelligent technical decisions would be made..

Personally I think they standardized themselves into a pit!
The rule of thumb is the less technically savvy you are at any level the more likely you are to stay with Microsoft being ignorant of the alternatives and being afraid of thinking outside the box...


Forgive my rant!

While true malware can run while it is in the sandbox you can protect your data directories so they can't be accessed from the sandbox. Also malware can't start services or install drivers.

@JeryM
-{ Quote: "_ A mal in the sandbox can execute and may be able to read from your HD files and send out through the browser. " }-

-{ Quote: "While true malware can run while it is in the sandbox you can protect your data directories so they can't be accessed from the sandbox. Also malware can't start services or install drivers." }-
Pete is on the money.
Default is very good, needs some adjustments to block access to data files etc
Config entries can be fine tuned per user.

Thanks a bunch. You folks have provided a great deal of information. I really appreciate the help. :thumb:
I haven't installed it yet, and want to go through the tutorial.
I use FF all the time unless a site requires IE.

Thanks again, and have a great day.:thumb:

Regards,
Jerry

-{ Quote: "Learn how to Erase the default box contents rather than just delete." }-
Hi Longboard, what does this mean? Are you talking about going into the contents and deleting individual files? If so, why?

innerpeace

-{ Quote: "While true malware can run while it is in the sandbox you can protect your data directories so they can't be accessed from the sandbox. Also malware can't start services or install drivers." }-

True! Even if some mischief enters in, it's trapped or confined, and confinement translates into two options, keep or dispose. Thats the benefit which SandboxIE offers and it's a very intelligent & wise concept that WORKS!

@Innerpeace:

http://sandboxie.com/phpbb/viewtopic.php?t=1954&highlight=eraser
http://sandboxie.com/phpbb/viewtopic.php?t=650&highlight=eraser

Search at sandboxie forums. Essentially 'delete' vs 'erase' with 3rd party tools.

There are a couple of Config entries and Reg changes referenced at the forums to invoke true erase options with Eraser and s-delete from sysinternals.

I tend to do this manually as per the first reference above: just peace of mind.
Eraser takes about 1-3 minutes to wipe the sandbox on a 1 pass wipe after a long browser session with downloading. Would take longer if set to higher integer wipes.
Regards.

*** if you want to check this out, use Eraser v5.7 which for me is very stable and read the forums carefully before trying v5.8+**8
http://www.heidi.ie/eraser/download.php
http://bbs.heidi.ie/index.php

-{ Quote: "True! Even if some mischief enters in, it's trapped or confined, and confinement translates into two options, keep or dispose. Thats the benefit which SandboxIE offers and it's a very intelligent & wise concept that WORKS!" }-

I read somewhere that a few Trojans did bypass or broke through the Sandbox somehow. From my perspective where one succeeds others will too...

-{ Quote: "@Innerpeace:

http://sandboxie.com/phpbb/viewtopic.php?t=1954&highlight=eraser
http://sandboxie.com/phpbb/viewtopic.php?t=650&highlight=eraser

Search at sandboxie forums. Essentially 'delete' vs 'erase' with 3rd party tools.

There are a couple of Config entries and Reg changes referenced at the forums to invoke true erase options with Eraser and s-delete from sysinternals.

I tend to do this manually as per the first reference above: just peace of mind.
Eraser takes about 1-3 minutes to wipe the sandbox on a 1 pass wipe after a long browser session with downloading. Would take longer if set to higher integer wipes.
Regards.

*** if you want to check this out, use Eraser v5.7 which for me is very stable and read the forums carefully before trying v5.8+**8
http://www.heidi.ie/eraser/download.php
http://bbs.heidi.ie/index.php" }-

This is the ultra paranoid mode. One has to have physical access to your Hard Disk or sandbox and use third party recovery utilities for it to matter. Deleting the sandbox this way is only relevant if you are trying to hide what you do with your computer Ie during browsing. However by deleting the content (the regular way) malware cant "resurrect" itself so it's safe anyways...

-{ Quote: "This is the ultra paranoid mode." }-
Says who? : You implying something? : Where? : Who me? :o ;D
You are correct.
I just tend to use Eraser and/or CC or s-delete to actually 'wipe' whatever I can whenever I can: files, folders, cache, VMs, e-mails, docs, photos, vids whatever : keeps kludge to a minimum.
Applying this to sandboxie is just an extension of my usual practice
Regards

-{ Quote: "
Applying this to sandboxie is just an extension of my usual practice
Regards" }-

It is actually wise to do so if you are to hand off your machine to someone, and there are multiple scenarios where this could prove to be more than just an intelligent thing to do... I just find it to be a lot of work ;D

Reading this thread got me interested in trying out Sandboxie, which I have now installed. Interesting app for sure... I actually removed my AV for now, and put in ThreatFire instead. Performance is a hair better now in general. I'm not sure if I can actually do without the AV for good, but I think there's a fair chance I might be able to. Browsing is covered now, and the only time I really want to scan a file is when I download an executable in p2p. So we'll see how it goes... might just put Avira back on and use it on-demand only...

Kerodo,

Make sure you install NoScript add on for Firefox. It will really help...
AV's are good for scanning downloads but if you don't click on attachments you are probably safe with Threatfire as it will pickup executable trying to run giving you the chance to nip it in the bud, but it will do little for hostile web sites with scripts modifying browser elements and other such behaviors.

-{ Quote: "but it will do little for hostile web sites with scripts modifying browser elements and other such behaviors." }-
Threatfire works fine against drive-by too :)

-{ Quote: "Threatfire works fine against drive-by too :)" }-

Have you ever tested it? What kind of Site based script can it protect against?

-{ Quote: "Have you ever tested it? What kind of Site based script can it protect against?" }-
Solcroft has tested Threatfire against malware and exploits with great success. Actually, dryve-bys are easy to catch for a behaviour blocker: a spoofed executable dropped in the browser cache which tries to hijack the browser's process to initiate outbound connection and deliver the payload.

Behaviour blockers are weak against rogue apps, macro viruses and time bombs. I'm not sure how they perform against file infectors and some worms.

-{ Quote: "Solcroft has tested Threatfire against malware and exploits with great success. Actually, dryve-bys are easy to catch for a behaviour blocker: a spoofed executable dropped in the browser cache which tries to hijack the browser's process to initiate outbound connection and deliver the payload.

Behaviour blockers are weak against rogue apps, macro viruses and time bombs. I'm not sure how they perform against file infectors and some worms." }-

Yes you are right. The reference I was making was not of the executable types but server cross scripting exploiting browser based vulnerabilities.

No script is annoying since it blocks all script indiscriminately until one authorized it to run which can be tedious. However it is the only means to protect effectively against such. I cant see how Threatfire or any other process scopes could be effective to protect against these unless an executable is dropped or activated.

Yes, NoScript is the only solution against XSS. Unfortunately, anti-malware apps can't do anything since nothing is dropped to the local filesystem. All the action occurs inside the browser.
Some discusion on XSS (http://www.wilderssecurity.com/showthread.php?t=174195)

-{ Quote: "Yes, NoScript is the only solution against XSS. Unfortunately, anti-malware apps can't do anything since nothing is dropped to the local filesystem. All the action occurs inside the browser.
Some discusion on XSS (http://www.wilderssecurity.com/showthread.php?t=174195)" }-


Thanks, real good read! :) Just confirmed what I already new but with more details... weew that Helio like to write!

Thanks guys, so far so good with Sandboxie and TF.. I will have another go at NoScript also, haven't used it for a while....

@ Longboard, thanks for clarifying 'erasing' files for me. Thanks for the links too. I am the only user of my computer so I'm not worried about file recovery. I also don't have anything to hide that's considered too bad :shifty: . I also use a virtualization program when going 'bad' places. I do value my privacy nonetheless so I may look into erasing with at least cc.

Thanks,
innerpeace

Perhaps a dumb question, but does Sandboxie also work with Newsleecher for example?

I'm still trying to understand how Sanboxie actually works (haven't installed it yet though), but it's not 'sinking in'. I use NOD32 as a AV and I have a MVP Hosts file. I use some Anti-Spyware tools from time to time, but I definitely am interested in other (easy-to-use preferably) tools to keep all malware etc out.

Are there any good tutorials or manuals regarding Sandboxie? Does it work alongside AV-scanners?

-{ Quote: "Perhaps a dumb question, but does Sandboxie also work with Newsleecher for example?

I'm still trying to understand how Sanboxie actually works (haven't installed it yet though), but it's not 'sinking in'. I use NOD32 as a AV and I have a MVP Hosts file. I use some Anti-Spyware tools from time to time, but I definitely am interested in other (easy-to-use preferably) tools to keep all malware etc out.

Are there any good tutorials or manuals regarding Sandboxie? Does it work alongside AV-scanners?" }-

Hey Body... Visiting the product web site and reading helps... :D

My personal experience with it is very positive. All my security tools work perfectly with it. It's practically flawless!

Here is the info you may need if: http://www.sandboxie.com/index.php?HelpTopics