I tried Sandboxie last week and didn't care for the long start ups it gave me on Internet Explorer and Firefox. Well I downloaded the newer version today and both IE and FF open up 10 times quicker. I have been surfing the internet and downloading this that and the other thing for years. And not 1 infection for atleast 5 years. I am currently behind a fully stealth 2Wire Gateway DSL Modem and I am also using the Online Armor(full) and NOD32 3.0. My question is do you think Sandboxie is really worth the extra processes it creates? If you have a good firewall and good av then why use Sandboxie? On the other hand why use a firewall and an av if you have Sandbxie? Let me know what you peeps think.

SandBoxie in my experience is very quick. I would look at the rest of your pc to the cause of this, could be the reason Sandboxie is slow. The software is free and no excuse not to use it. It's one of the great free softwares. The protection is huge for something so small. It like the power of 5 softwares in 1 as it works in a unique way. Alot security software is heading this way so get used to it.

I never said it was slow. Read my post. I said the last version of Sandboxie made FF open slow but the new version of Sandboxie it opens up very quickly.

Hi, I think it comes down to what your comfortable with. I would probably be comfortable with running Sandboxie and OA2. If I were to go anywhere risky, I would enable Returnil's Session Lock to virtualize my C: partition. I'm still using an AV because I have a license to it and everything is running fast enough for me.

IMHO, sandbox and virtualization programs are more important than any real-time blacklist scanner. I think next would be a usable HIPS program and then blacklist scannner which would be used for checking downloads. It's a setup that would work with my habits and limited knowledge.

innerpeace

It depends on your surfing habits, including what you download. If you surf harmless sites, then it is probably not necessary, especially given the security you already have. However, I see it as "why not?" It does little to slow me down so I have been using it. Think about it: if something happens while surfing in the sandbox, you can flush it all down the virtual toilet ;D Also, I would not let those extra processes bother you in the least.

Ok but I download stuff like wallpapers, Windowblinds skins, Game patches, Nvidia drivers. I always download everything into My Briefcase. Now when I use Firefox Sandboxed those files I downloaded aren't there unless I recover them. Its kind of a pain in the ass to do this on a daily basis.

-{ Quote: "Ok but I download stuff like wallpapers, Windowblinds skins, Game patches, Nvidia drivers. I always download everything into My Briefcase. Now when I use Firefox Sandboxed those files I downloaded aren't there unless I recover them. Its kind of a pain in the ass to do this on a daily basis." }-
With the latest version add My Briefcase to the quick recovery setting.

Also check in Immediate Recovery that it's ticked to allow.

SB gui - Sandbox - Default - Sandbox Settings.
197984

-{ Quote: "Ok but I download stuff like wallpapers, Windowblinds skins, Game patches, Nvidia drivers. " }-

In addition to Franklin's advice, this (http://www.wilderssecurity.com/showpost.php?p=1181910&postcount=41) is a good post that may apply to your situation, especially since you could be downloading some risky software.

-{ Quote: "In addition to Franklin's advice, this (http://www.wilderssecurity.com/showpost.php?p=1181910&postcount=41) is a good post that may apply to your situation, especially since you could be downloading some risky software." }-
Like I said. Read My post. I have been doing this for years and NOT 1 INFECTION. So along comes Sandboxie and everyone is using it. What did we do before. Do what we were doing. Using a firewall and av.

See I am also a gamer and like to keep my system trimmed. Sandboxie is always using 2 processes and 5 when using it with FF.

-{ Quote: "See I am also a gamer and like to keep my system trimmed. Sandboxie is always using 2 processes and 5 when using it with FF." }-
You surf while your gaming? Also, if you were worried about keeping your system trimmed, you would use something like K-meleon instead of Firefox. According to task manager, none of Sandboxie's processes are using CPU time. I'm also using it with Firefox.

FWIW, I have Sandboxie service set to start manually when I open my browser. Before I changed my setup, I would quit browsing, delete the sandbox, exit Sandboxie Control and then stop Sandboxie's service or any other service I didn't need before I began gaming. I game offline though.

How can you surf when you game? Thats impossible. When i mean game I mean game. WOW,COD4,BF2,BF2142,Halo,TF2,Timeshift,Q4,QWars and many others. I will surf for awhile then close out FF and then crank up COD4 and go to town. Everyone is pushing Sandboxie but I still don't see the point if you are using a firewall with HIPS and a good av. Also common sense plays a big roll. I always scan whatever I download before executing it also. Including Nvidia drivers.

i would say SBIE is just an extra layer but a very good layer at that.

i ditched resident AV and others,so my browser is much faster.

If i go really dodgy then Returnil as extra protection,so basically my testsnapshot is windows firewall + SBIE .

On demand: SAS and Cureit.

-{ Quote: "Hi, I think it comes down to what your comfortable with. I would probably be comfortable with running Sandboxie and OA2. If I were to go anywhere risky, I would enable Returnil's Session Lock to virtualize my C: partition. I'm still using an AV because I have a license to it and everything is running fast enough for me.

IMHO, sandbox and virtualization programs are more important than any real-time blacklist scanner. I think next would be a usable HIPS program and then blacklist scannner which would be used for checking downloads. It's a setup that would work with my habits and limited knowledge.

innerpeace" }-

total agree on that. lets say in will be very unwize surf the net with out SB...this AV most of the time came to be useless to 0 days attack...never count on them and also i dont use AV for more than 1 year ...

cheers

Well its hard to understand your grammar but what I think your trying to say is that you would not surf the internet without Sandboxie. So what if you download a zip file or and exe file? Sure its trapped in the sand box but how do you know if that file contains a virus before you open it up. Sandboxie is not a virus scan. So having an anti virus is more important to me then trapping things into a temporary virtual folder then dumping out the folder. Sandboxie is a good concept but not a solution for an anti virus.

Continuing your example, you scan the zip/exe file and it comes up clean. You execute it and you become infected. So, there are two choices: trapping things into a temporary virtual folder or scanning things with an (incomplete) blacklist. Both approaches can be defeated.

-{ Quote: "Everyone is pushing Sandboxie but I still don't see the point if you are using a firewall with HIPS and a good av. Also common sense plays a big roll. I always scan whatever I download before executing it also. Including Nvidia drivers." }-

No one is trying to push the product on you, or at least no one should be, but it is not a bad idea to be open to new possibilities for securing your pc. The antivirus imo and I'm sure in the opinion of many others is becoming increasingly inefficient (due to huge definition - and growing - databases) and increasingly ineffective (due to their difficulty in detecting zero-day threats). The idea I got from a few members is to disable the web access detection of my av and use Sandboxie for surfing along with a HIPS and firewall to compliment it.

The antivirus has for so many years been considered the "must have" security utility all pc users should have, forming the primary component of their security profile. I don't know about others, but I'm now seeing it as a secondary product, with the sandbox, firewall, and HIPS playing a more important role than the av.

I tried going with just the virtual route but I was too paranoid on whether I had picked up anything or not even though it could just be wiped with a reboot or with sandboxie, just emptying the sandbox. I fell better with an av going along with virtualization.

-{ Quote: "Well its hard to understand your grammar but what I think your trying to say is that you would not surf the internet without Sandboxie. So what if you download a zip file or and exe file? Sure its trapped in the sand box but how do you know if that file contains a virus before you open it up. Sandboxie is not a virus scan. So having an anti virus is more important to me then trapping things into a temporary virtual folder then dumping out the folder. Sandboxie is a good concept but not a solution for an anti virus." }-


You do realise that you can scan what you want to while it's still in your sandbox with your onboard tools as well as a service such as Virus Total ?

Ok I understand Sandboxie is the wave of the future. But let me stress me point again. I have been using a good av and good firewall for over 5 years or so and never 1 infection. I am currently using NOD32 3.0 and Comodo 3.0. It makes sense that you can sandbox a zip file then scan it with NOD32. The file may come up clean but actaully be dirty. Now if its dirty then its still trapped in the sandbox. Does that about sum it up?

-{ Quote: " I fell better with an av going along with virtualization." }-

So do I. I might be minimizing the importance the av plays but certainly I still see it as a nice supplementary security tool.

Is it really required,? No. Is it a great addition that pays back 10 fold over the cost? Yes.;)

-{ Quote: "Is it really required,? No. Is it a grat addition that pays back 10 fold over the cost? Yes.;)" }-
Well said.

Hi, I hope you don't think I'm pushing Sandboxie on anyone. I'm very enthusiastic and like it myself and I would encourage everyone to have a look at what sandbox's have to offer. Like I said in another thread. I'm all about isolating my internet facing applications.

I understand what your saying about being clean for x amount of years while running traditional security programs. Common sense plays a huge roll in that. I only have one more point that may or may not be relevant. A sandbox can make up for a lapse in keeping your programs up to date. It's hard to keep everything updated all the time and if an exploit is making it's rounds, a sandbox should help if you anti-whatever doesn't have a definition yet.

I just thought of something else which solidified my belief in sandboxing/virtualization. I was cleaning my relatives computer by using different scanners. 2 of them didn't find anything, 1 of them found 2 confirmed trojans and a FP and two more scanners had a few FP's each. I spent a lot of time uploading the files to VT and also had a few checked by labs to confirm if they were safe or not. I wonder what the scanners may have missed :-\ .

The only thing that needs constant updating is NOD32 which is done automatically. SuperAntiSpyware which I only use on demand I check every other day for updates and Spybot only comes out with updates on Wed.

Sorry I wasn't clear. By keeping programs up to date, I mostly meant Java, Flash, QuickTime, Media Players, Browsers etc. I manually update everything. If I wasn't running a sandbox and my Java wasn't up to date and I went to a site that was hosting an exploit and my av missed it, then I could be in trouble. I guess my firewall would alert to an outbound. I really don't know.

In my mind, running a sandbox would make the Java exploit less of a threat because it's limited in what it could do and will be gone when I empty the sandbox. Plus I have the sandbox set to block access to D: and E: partitions where my data is stored so that a possible malware in the sandbox couldn't look at (steal) my data. At least this is the way I think it's all supposed to work.

Cheers,
innerpeace

Ok well innerpeace I installed it again and now I am running Firefox and Internet Explorer sandboxed. The concept is good but I download alot of stuff like wallpapers and things. So every time I am done browsing I need to recovery those things. Anyway of making those recovered items be automatic?

Seems to me if you run your programs Sandboxed, especially the browser, you could use NOD32 like i do to scan potential hidden-ware and keep it confined, not only that but what happens when NOD32 misses something or it's specially targeted to close, then where are you?

IMO yes sandboxIE is as necessary as a virtual like Power Shadow or Returnil. I keep everything shadowed when the need is required because it can be easily entered on-the-fly and stop any time-consuming disaster or data loss BEFORE IT can happen.

But i also realize that my situation as a researcher is unique and very unlike others, i have multiple options or configurations from which to determine are best security. For instance DEEP FREEZE + Anti-Executable + EQS + SuRun = LUA is probably the better one of them all IMHO.

But as a common user i would at the very least use a Returnil or SandboxIE to suppliment any AV because they are too easily targetted plus cannot possibly keep pace with new released viruses, and all it takes is just one to bring a system to breaking point or render it disabled.

What about adding Sandboxie to the web browser selection in NOD32?

-{ Quote: "Anyway of making those recovered items be automatic?" }-

I think this will help. The first screenshot shows the setting in SBIE under 'Quick recovery'. Just add the relevant folder you usually download to.

The second screenshot shows the setting in SBIE under 'Quick recovery'.

The third screenshot shows the dialog box after you download a file into the sandbox.

It's not 'automatic' but at least the dialog appears immediately after the file has finished downloading. If you choose 'Close' then you will get prompted again after you delete the sandbox.

Hope this helps.

muf

I already know that thank you anyways. Its just I wish you could recover things automatically but then again that would defeat the purpose of the sandbox I think.

Hi Dieselman. When it's set up like muf showed, you would just have to click the recover button to recover the downloaded file. The screen will pop-up automatically when a download finishes. I'm not sure if there is another way or not. You could also make something like an openfilepath to a location, but that is something that you would need to look at very carefully. If that doesn't work, take a look at the other sandbox type programs. Maybe something else would fit a little better.

Cheers

Blah. I solved my problems. Uninstalled Sandboxie. I cannot be bothered when I download things everyday from Wincustomize and Nvidia. I gave Sandboxie a 48 hour test drive and returned it to the lot.