-{ Quote: "So while some newer approaches have lessened the likelihood that recovery from malware via image restoration will be required, the general need to have this option available has, I believe, increased for other reasons.

Blue" }-

ABSOLUTELY!

And that is a very welcome transition or break from the past for lack of better terms that a vast majority of users can finally expect, thanks in whole to today's more advanced developments against malware.

It's comforting indeed to make use of quality time for "other reasons". ;)

-{ Quote: "Hi Innerpeace - Speaking of Returnil, I haven't fired it up in a while since I installed SBIE, and decided to turn it on yesterday. After I activated session lock, everything works OK but I hear this tick...tick...tick...tick... from the computer while its on. Do you have any idea what that is, I don't recall hearing that in the past. Of course the ticking is gone when I'm not using Returnil. :)" }-
I don't use Returnil that ofter either, but iirc, when I first turn on Session Lock, I did hear a faint hard drive activity sound. It sounded like ticking and this was with or without Sandboxie. I'm talking about the free version 1.7.0.7502 and not the newer version which has the option to use the disk cache.

Even with the free version I'm using, I think I remember reading that it still uses the hard disk to perform it's magic and doesn't solely rely on memory. Hopefully someone will jump in here and confirm this.

-{ Quote: "Hi cortez. What program are you running that you have to reboot? You realize that you don't need to reboot with Sandboxie, you only need to Delete the contents of the sandbox." }-

Hello innerpease:

I use Firefox with SandboxIE and am dared to visit some "ferocious" sites from fellow neighborhood internet "daredevils". They are amazed that an internet session can withstand dozens of attacks with out freezing up or melting down (Avast is truly amazing at isolating these threats). I have become a local hero of sorts for introducing SandboxIE to them (we are sort of "backwater surfers" and thus not really up to date on the available mal ware protection now current (restoring an image was considered the best anti-mal ware solution).

They now realize the extreme utility of SandboxIE. They ordinarily re-image a small "internet only" partition of 3 to 5 gigs which restores in only minutes (these partitions are for surfing only and not downloading), but now this practice has been made obsolete as SandboxIE works so good for their adventurous ventures into the net.

On some of my own expeditions I get frequently pelted by mal ware, and as I multi boot I am wary that not rebooting in addition to emptying the sandbox container may injure my other OS partitions.

It probably is overkill but this method sooths my anxieties and I sleep better.

On this disk I have 4 XP partitions and 1 data partition and want to avoid restoring any of them. I guess my paranoia gets the best of me: two XP's are hidden and two are not.

-{ Quote: "I use Firefox with SandboxIE and am dared to visit some "ferocious" sites from fellow neighborhood internet "daredevils". They are amazed that an internet session can withstand dozens of attacks with out freezing up or melting down (Avast is truly amazing at isolating these threats). I have become a local hero of sorts for introducing SandboxIE to them (we are sort of "backwater surfers" and thus not really up to date on the available mal ware protection now current (restoring an image was considered the best anti-mal ware solution).

They now realize the extreme utility of SandboxIE. They ordinarily re-image a small "internet only" partition of 3 to 5 gigs which restores in only minutes (these partitions are for surfing only and not downloading), but now this practice has been made obsolete as SandboxIE works so good for their adventurous ventures into the net.

On some of my own expeditions I get frequently pelted by mal ware, and as I multi boot I am wary that not rebooting in addition to emptying the sandbox container may injure my other OS partitions.

It probably is overkill but this method sooths my anxieties and I sleep better.

On this disk I have 4 XP partitions and 1 data partition and want to avoid restoring any of them. I guess my paranoia gets the best of me: two XP's are hidden and two are not." }-
Hi Cortez,

I certainly can relate to anxieties ;). The best way to deal with them is through knowledge. In Sandboxie's settings you can prevent/block access to other partitions. The settings can be found in Sandboxie Control - Sandbox - DefaultBox (or whatever you named your sandbox) - Sandbox Settings - Resource Access - File Access - Blocked Access and then add all the partitions, files and folders that you want. This should prevent anything from getting in your other partitions. Just remember that you can't download anything to them. What I do is download a file to my desktop and then scan it thoroughly and then move it to wherever I please. You can also use a shredder application to delete the contents of the sandbox rather than the normal delete.

This has been mentioned before, but if your going to visit the dark side and you are not going to run a full blown virtualization app., then you might consider a light virtualization app. When I do 'risky' surfing, I use Returnil's Session Lock to virtualize my C: or System partition. I rely on Sandboxie to protect my other partitions with the setting I mentioned above. With Returnil, a reboot is necessary to clean any changes. The also have a free version and the new one should be out very soon.

It's also very important to keep your installed programs up to date. Most malware are exploiting known vulnerabilities. You can check out the link in my sig to see if any of the common programs you are running are vulnerable.

As far as rebooting with Sandboxie, it is not necessary. I'm not a malware expert, but I think that some malware may install after a reboot. Someone would have to confirm this though.

I hope this helps,
innerpeace

-{ Quote: "I don't use Returnil that ofter either, but iirc, when I first turn on Session Lock, I did hear a faint hard drive activity sound. It sounded like ticking and this was with or without Sandboxie. I'm talking about the free version 1.7.0.7502 and not the newer version which has the option to use the disk cache.

Even with the free version I'm using, I think I remember reading that it still uses the hard disk to perform it's magic and doesn't solely rely on memory. Hopefully someone will jump in here and confirm this." }-
OK thanks for the info. As long as I'm not the only one hearing it. ;)

This is my point with Sandboxie. I tried it again and its a hell of alot lighter then SafeSpace. But when Firefox updates or an extension updates those updates never occur if the browser is sandboxed. You need to unsandbox your browser then update what needs to be updated then resandbox your browser. The only point I see in Sandboxie is to use it on demand when you go to the dark side.

-{ Quote: "This is my point with Sandboxie. I tried it again and its a hell of alot lighter then SafeSpace. But when Firefox updates or an extension updates those updates never occur if the browser is sandboxed. You need to unsandbox your browser then update what needs to be updated then resandbox your browser. The only point I see in Sandboxie is to use it on demand when you go to the dark side." }-
I don't see any need to have to unsandbox your browser? ::)
http://www.sandboxie.com/index.php?ResourceAccess#file

BLAH!

So much configuring. I tried Sandboie like i said and Flasgot and No Sript had an update. I installed the updates and when I closed and FF they where applied. Then after emptying the Sandbox those 2 updates along with new bookmarks where gone.

-{ Quote: "So much configuring. I tried Sandboie like i said and Flasgot and No Sript had an update. I installed the updates and when I closed and FF they where applied. Then after emptying the Sandbox those 2 updates along with new bookmarks where gone." }-


Well that isn't the fault of Sandboxie. Naturally if you do an update in the sandbox it will be gone. You need to update outside the sandbox.

Sandboxie can also be set up to save bookmarks. It's not the fault of the software if it isn't used properly

-{ Quote: "So much configuring. I tried Sandboie like i said and Flasgot and No Sript had an update. I installed the updates and when I closed and FF they where applied. Then after emptying the Sandbox those 2 updates along with new bookmarks where gone." }-
It is not that much configuring and you only have to do it once. I got some help here and in the SB forum to configure, and then saved inifile in another partition. Hope this helps:

http://sandboxie.com/phpbb/viewtopic.php?t=2803&highlight=tepe2
http://www.wilderssecurity.com/showthread.php?t=198464

Very True.

SandboxIE is not a HIPS (requiring extensive configuring) but a formidable containment program that restricts file actions based on first, it's default rules, then other rules as you add them then thats all, simply Set & Forget, nothing more required untill new rules are discovered.

So don't be put off, just follow the excellent advice above on instructions and SandboxIE forums and you'll be just fine.

-{ Quote: " You need to update outside the sandbox. Sandboxie can also be set up to save bookmarks. It's not the fault of the software if it isn't used properly" }-

I had the hardest time figuring this out--tricky at first--, but now can have the best of both worlds.

It's good to remember that you download those extension files too. Then scan it if you like or send to virustotal etc. If everything is ok then recovery it and close internet connection. Then open firefox (unsandboxed) and install/update extension.

-{ Quote: "It's good to remember that you download those extension files too. Then scan it if you like or send to virustotal etc. If everything is ok then recovery it and close internet connection. Then open firefox (unsandboxed) and install/update extension." }-

MikeNAS; Thanks for the info.

This has been a dam good thread---without it I would be in the dark concerning Sandboxie and other applications which can protect my, and many of my classmates and friends from enjoying the internet without paranoia.

Now I often start on page 59 instead of page 1 knowing that if it contained something worth downloading I could test it for threats and if it was infected --no matter!!! Sandboxie will be able to handle it.

I know that this may not be the place to get info on worthwhile 'dangerous' sites but I'm all ears!!

I'll be grateful for any sites thrown my way (I think other would be as well!!)

-{ Quote: "
I'll be grateful for any sites thrown my way (I think other would be as well!!)" }-

Your requests for underbelly websites has been absolutely nil !!! I was hoping for some bones thrown your way so I can pilfer them!!

I am not totally surprised as this is a security site and one would expect circumspection on the part of users.

I'm sure if there was the possibility of anonymous posting you would be inundated with the most ghastly and nasty sites to visit. I know that there is an innate need to turn on one's friends to these type of web pages.

They do make for easy conversations and e-mails. Just remember to always be sandboxed (and scan, of course all e-mail [use only throw away addresses as your real address should be a guarded secret ]) and you should be fine.

I get them all the time and have regretted getting on some of theses sites as they ( the contents) are often not easy to forget and have caused some terrible nightmares on occasions.

my understanding is that posting such sites is not allowed on Wilders ? and that
and such posts would be removed ?

-{ Quote: "my understanding is that posting such sites is not allowed on Wilders ? and that
and such posts would be removed ?" }-

That is correct.

So there should be no such posts, please.

Pete

-{ Quote: "It is not that much configuring and you only have to do it once. I got some help here and in the SB forum to configure, and then saved inifile in another partition. Hope this helps:

http://sandboxie.com/phpbb/viewtopic.php?t=2803&highlight=tepe2
http://www.wilderssecurity.com/showthread.php?t=198464" }-

Does this also work when FF itself requires an update?
Which files in the profile need to be added to ensure an update installed sandboxed is actually saved to HD?

I thought that IE-SPYAD and MVPS host + other host files was a place to find numerous obscure websites.

-{ Quote: "Does this also work when FF itself requires an update?
Which files in the profile need to be added to ensure an update installed sandboxed is actually saved to HD?" }-


If you go to "start" and then "run" and type the following:

firefox.exe -ProfileManager

you will be able to move the firefox profile to another drive or partition. This will
allow updates and changes to add ons to occur while using DeepFreeze6 or Returnil so I assume that it will work with Sandboxie. worth a try anyway.

Before playing around you might want to take an image of C: and or take a copy of your current Firefox Profile

-{ Quote: "If you go to "start" and then "run" and type the following:

firefox.exe -ProfileManager

you will be able to move the firefox profile to another drive or partition. This will
allow updates and changes to add ons to occur while using DeepFreeze6 or Returnil so I assume that it will work with Sandboxie. worth a try anyway.

Before playing around you might want to take an image of C: and or take a copy of your current Firefox Profile" }-
Maybe I misunderstand, but I have a FF SBIE shortcut on my desktop and an FF regular shortcut. If FF wants to update while I'm in Sandboxie, I click later. Then I click off line. Then I click the FF shortcut that isn't sandboxed and when FF loads I do the update. Then the update is on the HD and SBIE.

No -It is probably me who doesn't understand. I don't use Sandboxie. If I was not able to update FF or NoScript, or CSlite, or Adblock plus then and there I would not be interested

-{ Quote: "No -It is probably me who doesn't understand. I don't use Sandboxie. If I was not able to update FF or NoScript, or CSlite, or Adblock plus then and there I would not be interested" }-
I could do the update in SBIE, but as soon as I logged off I would lose it. That's why I use it, so if I get infected in SBIE, I can lose the infection when I log off. I could save it by changing a configuration, but the update would only be in the sandboxed FF unless I was able to recover it. My way is faster.

OpenFilePath=firefox.exe,*\bookmark*
OpenFilePath=firefox.exe,D:\Mozilla\Firefox\Profiles\Newprofile\xxxxxxby.default\prefs.js
OpenFilePath=firefox.exe,*\history.dat
OpenFilePath=firefox.exe,*\patterns*

I believe updates for bookmarks, NoScript etc work with this configuration. But Im not sure for program updates. I dont know where the program updates are stored, but it should be easy to add that folder too. I cannot remember if I was running FF sandboxed or not the last time it updated. I will try to notice next time.

If any FF updates are done outside the sandbox the contents of the sandbox need to be deleted so Sandboxie recaches FF's settings with the updates included.

Doesn't take much to update or add bookmarks outside the sandbox and I personally prefer to do it this way rather than open file paths.

-{ Quote: "If any FF updates are done outside the sandbox the contents of the sandbox need to be deleted so Sandboxie recaches FF's settings with the updates included.

Doesn't take much to update or add bookmarks outside the sandbox and I personally prefer to do it this way rather than open file paths." }-

So basically you're saying to update FF outside the Sandbox?

No, I'm saying that's what I do rather than open file paths.

Up to the user to work out which way he prefers.

XP SP3 is now pre-obsolete given that SBIE renders it so.

Many threads and posts on Wilders ask the ridiculous, i.e.: is XP SP3 ready for prime time?, and similar questions ( is it buggy?, how buggy?, is it buggy with 'this' particular application?, or 'that' particular application?, and for how long should I wait before using it, ect., ect...).

SBIE makes XP immortal--period don't worry about XP SP3, or XP SP4 or even updates--SBIE is the fountain of youth for XP and it will be around forever!!! Enjoy,enjoy!!

Then the masked hero (SBIE) rides off into the aurora Borealis sunset in triumph.;D

-{ Quote: "XP SP3 is now pre-obsolete given that SBIE renders it so.

Many threads and posts on Wilders ask the ridiculous, i.e.: is XP SP3 ready for prime time?, and similar questions ( is it buggy?, how buggy?, is it buggy with 'this' particular application?, or 'that' particular application?, and for how long should I wait before using it, ect., ect...).

SBIE makes XP immortal--period don't worry about XP SP3, or XP SP4 or even updates--SBIE is the fountain of youth for XP and it will be around forever!!! Enjoy,enjoy!!

Then the masked hero (SBIE) rides off into the aurora Borealis sunset in triumph.;D" }-

Yea with SBIE your XP stay young forever !! ;D

-{ Quote: "SBIE makes XP immortal--period don't worry about XP SP3, or XP SP4 or even updates--SBIE is the fountain of youth for XP and it will be around forever!!! Enjoy,enjoy!! " }-

-{ Quote: "Yea with SBIE your XP stay young forever !!" }-

I'm sorry, but I don't quite understand what you're meaning...???

-{ Quote: "I'm sorry, but I don't quite understand what you're meaning...???" }-

The comment was in regards to surfing and getting nuked by malware.

With SBIE (and of course good firewall and antivirus/antispy ware) XP has the potential to remain a viable OS well into the future, even after microsoft stops critical updates ect. since SBIE and anti malware applications will essentially plug the holes that microsoft will no longer plug.

I believe that software companies (free or otherwise) will continue to plug XP indefinitely as the demand is very strong to keeping XP alive by very enthusiastic users.

As long as SBIE allows quick recovery from malware havoc, XP could continue indefinitely as long as the internet remains more or less the same.

The post was meant to be a quasi-tongue in-cheek statement as we all know that humans are very resourceful and a vulnerability to SBIE could render it moot (I don' think this will happen for many years to come [if at all]) or if something better comes along.

-{ Quote: "

....I believe that software companies (free or otherwise) will continue to plug XP indefinitely as the demand is very strong to keeping XP alive by very enthusiastic users.

As long as SBIE allows quick recovery from malware havoc, XP could continue indefinitely as long as the internet remains more or less the same." }-

I am very pleased with XP PRO and it does everything I want it to do and much more. I am sure that SandboxIE will prolong the life of XP PRO---No doubt about it.

-{ Quote: "I am very pleased with XP PRO and it does everything I want it to do and much more. I am sure that SandboxIE will prolong the life of XP PRO---No doubt about it." }-
My only concern reminds me of my last computer which used Win98. It's still humming away, but as XP came on the scene, there was less and less software still compatible with W98, until now there's just about none. So if you can't buy and upgrade you're almost forced to move up to the new OS.

I don't use either Sandboxie or Returnil. I tried Returnil when it was a 'Giveaway of the Day' freebie but am far from impressed.

My experience with it lasted a couple of days and reminded me of the movie 'Ground Hog Day'.

I've never tried Sandboxie. I too surf the web, d/l most anything. My Eset/Nod AV program, Win Patrol, Spywareblaster and Windows XP firewall are pretty much all I use except for weekly cleanups with Spybot.

-{ Quote: "I don't use either Sandboxie or Returnil. I tried Returnil when it was a 'Giveaway of the Day' freebie but am far from impressed.

My experience with it lasted a couple of days and reminded me of the movie 'Ground Hog Day'.

I've never tried Sandboxie. I too surf the web, d/l most anything. My Eset/Nod AV program, Win Patrol, Spywareblaster and Windows XP firewall are pretty much all I use except for weekly cleanups with Spybot." }-

What were your problems with Returnil ?

Interesting - I too would be interested to know what was wrong with Returnil.
I use Returnil, Deepfreeze, Shadow Protect on a number of machines just in case anything bad ever did get on - which it hasn't. I tried Sandboxie but couldn't see any "real" additional benefit. I certainly wouldn't want to go back to all those av, patrol, spyware, bot type programs. In the 90's yes with win 98 but not in the Naughties - no way.

-{ Quote: "The comment was in regards to surfing and getting nuked by malware.

With SBIE (and of course good firewall and antivirus/antispy ware) XP has the potential to remain a viable OS well into the future, even after microsoft stops critical updates ect. since SBIE and anti malware applications will essentially plug the holes that microsoft will no longer plug.

I believe that software companies (free or otherwise) will continue to plug XP indefinitely as the demand is very strong to keeping XP alive by very enthusiastic users.

" }-

I stand in 110% agreement and am pleased to learn more are following suit in spite of recent Vista jumpers.

Security vendors and their new innovations plus improvements are IMHO at an all time apex and still climbing making any patches of M$ (present or future for XP) look like nothing but cheap bandaids.

In fact Safety Vendors are pretty much well far ahead of that curve anyway from even any future exploits that might be devised, theres no question about it.

It's an exciting time to run an XP system, mine happens to be Pro SP2 (Stop!) no more patches period and certainly no SP3, who needs them? The general uneducated public of course who rely mostly on Norton's, McAfee and the usual on-the-shelf security AV's your local Staple's or Wally World peddles. Repair shops need their business and will have them. LoL

Back OT. SandboxIE continues to climb as other popular vendors are doing and keeping pace and i look for this to continue as some or any compromise is discovered then dealt with by tzuk. Same goes for Ilya, Coldmoon, etc and others who have their finger squarely on the pulse of their respective specialized products that have pinned malware writers to the wall where they belong due to such superior defense strategies.

Go SandboxIE!!

WOW thats quite a statement,but Easter your always that positive about security and in particular about your own arsenal of goodies,but don't underestimate the other side,these guys are well educated and talented programmers,at least equal to the anti malware writers,i even suppose that there is secretly a mutual respect in each other accomplishments !
I expect there be will no winner in the end,it will be a continuous ratrace until mankind is declared extinct. amen ;D

I'm not at all pessimistic though !

completely agree. I wouldn't give up my arsenal of goodies no matter what anyone says. I don't underestimate the other side - it wouldn't be fair to judge anyone with whom I have never had any contact. I like the bit about "secretly a mutual respect" - I've often wondered if in fact they all work in the same office ?

-{ Quote: "WOW thats quite a statement,but Easter your always that positive about security and in particular about your own arsenal of goodies,but don't underestimate the other side,these guys are well educated and talented programmers,at least equal to the anti malware writers,i even suppose that there is secretly a mutual respect in each other accomplishments !
I expect there be will no winner in the end,it will be a continuous ratrace until mankind is declared extinct. amen ;D

I'm not at all pessimistic though !" }-

Hi Huupi

It's really not my arsenal but the chief architects of their respective crafts deserve all the praise, and although i surely din't underestimate the other side's coding skills for exploits and disruption abilities, i'm encouraged more than 3/4ths where things stood just one year ago, and i been in enough black hat and virus sites lurking to read their frustrations. The numbers ARE in the user's favor for a chance because of so many ways security vendors have taken pages straught from malware writers and have managed to turn it around against them more and more as time goes on, of that i have no doubt irregardless of public opinion magazine polls which revel to continue the policy of fear on PC users in an attempt to boost their own sales of propaganda.

The only real threat that remains a constant IMO and close race is with the AV vendors from what i gather, but malware writers are the ones scrambling for a new way in now because there quickly exhausting their alternatives, at least where concerns NT systems IMO.

Judge for yourself, are you better protected today more than you were just a year ago? And how high is that percentage grown from say 2 and 3 years back?

-{ Quote: "Judge for yourself, are you better protected today more than you were just a year ago? And how high is that percentage grown from say 2 and 3 years back?" }-
I've had the same protection for at least the last five years.

-{ Quote: "I've had the same protection for at least the last five years." }-

Like myself and others were safe surfers, but in my relentless research for new dirty crafts those like myself need to be on special guard against anything new or destructive, RETURNIL is a great buffer for such duties.

And i will in addition also agree that the latest doesn't and always won't equate to be the better then it's predessor, i found that out too many times, one being SSM which i would never thought i would turn from eventually, but did.

-{ Quote: "Hi Huupi

It's really not my arsenal but the chief architects of their respective crafts deserve all the praise, and although i surely din't underestimate the other side's coding skills for exploits and disruption abilities, i'm encouraged more than 3/4ths where things stood just one year ago, and i been in enough black hat and virus sites lurking to read their frustrations. The numbers ARE in the user's favor for a chance because of so many ways security vendors have taken pages straught from malware writers and have managed to turn it around against them more and more as time goes on, of that i have no doubt irregardless of public opinion magazine polls which revel to continue the policy of fear on PC users in an attempt to boost their own sales of propaganda.

The only real threat that remains a constant IMO and close race is with the AV vendors from what i gather, but malware writers are the ones scrambling for a new way in now because there quickly exhausting their alternatives, at least where concerns NT systems IMO.

Judge for yourself, are you better protected today more than you were just a year ago? And how high is that percentage grown from say 2 and 3 years back?" }-

Easter,I hope your right in your prediction that the blackhat community is already losing ground and the anti malware vendors are marching on to a complete defeat of their enemies,and then at last we can live in a free,friendly,honest and happy WWW without worries. Easter you are dreamer,it would never happen,it has everything to do ultimatily with our MINDS,our morals,our ethics,which are sadly dominated by greed,anger,stupidity etc.,so these ratrace will never end,by this i mean : exploiting holes>filling holes..................exploiting holes>filling holes,and this will never end.
And don't forget that ever more people earn their living from this virtual world,growing economical and financial interests in these,no the baddies and the goodies let each other never die,its not in their common interest,so to speak,but afterall i hope your right,must admit against all odds ! ;)

BTW if your prediction comes true then you have to look for another hobby !! lol

It's a very simple method of mathmatics and computer machine coding. Once ALL the ingredients have been identified/inventoried and examined, then it's just a matter of making changes to them, problem enters because Windows NT System is deliberately by design been fashioned to contain entirely way too many files, extensions, supports & functions to adequately address them all in any reasonable amount of earth time, try years.

So untill the core kernel system is gone a complete overhaul like is been tried with Vista, theres always going to be some point of compromise that can be acted on, for good or bad, and we know all too well the bad is relentless in their pursuit of learning new ways to disrupt it's normal functioning and why there is a MONSTER market of security developers be they commercial and independent.

So dream it's not, reality it's also not, at least untill computer engineers at $M one day decide to lock out intrusions and if they did that then a huge world PC security market would go out of business, so you decide the answer.

-{ Quote: "It's a very simple method of mathmatics and computer machine coding. Once ALL the ingredients have been identified/inventoried and examined, then it's just a matter of making changes to them, problem enters because Windows NT System is deliberately by design been fashioned to contain entirely way too many files, extensions, supports & functions to adequately address them all in any reasonable amount of earth time, try years.

So untill the core kernel system is gone a complete overhaul like is been tried with Vista, theres always going to be some point of compromise that can be acted on, for good or bad, and we know all too well the bad is relentless in their pursuit of learning new ways to disrupt it's normal functioning and why there is a MONSTER market of security developers be they commercial and independent.

So dream it's not, reality it's also not, at least untill computer engineers at $M one day decide to lock out intrusions and if they did that then a huge world PC security market would go out of business, so you decide the answer." }-

not trying to be philosophical,but for me its all too obvious that money will reign until last of our species vanish.So any mankinds undertaking had/have the color of greediness,should the computerworld any different ? i don't think so.The security part of the cyberworld maintains itself,and have no illusions about that,because anybody participating in there simply get paid,be it the good guy or bad guy,its in all their interest that the War continue to no end.So Easter stop dreaming and realise that there are smart good guys and smart bad guys,but they all love the money !! ;)

Who's dreaming? Thats an embred fact of our society that drives both these forces, good and bad, and those are the facts.

What you're missing in my comments is that right now the security world is on top of them and now they have to play catchup, thats all, and thats no dream, its a concrete fact as things now stand. LoL

-{ Quote: "Who's dreaming? Thats an embred fact of our society that drives both these forces, good and bad, and those are the facts.

What you're missing in my comments is that right now the security world is on top of them and now they have to play catchup, thats all, and thats no dream, its a concrete fact as things now stand. LoL" }-

Easter,i fear that mods will stop this chat,so a last comment.

In your own words you repeat my staments,thats weird :( ,what i try to make clear is that there wil be no winner.

As for the fact that the baddies has to catch for now,its just a snapshot in time,the other day the positions will change,and so the battle continue,i have no illusions about it because competition is ''hardwired'' in mankind !! ;)

-{ Quote: "...It will rival Imaging in importance since it is most likely to make imaging/restoring a hard drive due to failure rather than to infection due to male ware.
" }-

I will have to amend the statement that SandboxIE will "supplant" imaging software (to repair malware meltdowns), as maleware meltdowns will not happen often any more. How wrong I was!

If you have kids and grandkids who use SandboxIE, the chances are that they will not familiarize themselves with how to correctly download files and a meltdown due to maleware is inevitable. The partition had to be restored with TI 10. They go on-line sandboxed only when an adult is around, but "complete" supervision is not a reality.

This situation seems to be futile as they admit that some "friends" have it on their laptops!!!

I consider SandboxIE as ordinarily configured, for adults only (I would not know how to configure it for youngsters).

It seems that Pandora's box has been opened and there is no way to keep young ones from the greasy side of the net.

It should be easier for you to force your browser always sandboxed and close all recovery paths. it can be done from within SBIE control,otherwise edit SBIE.ini.

Much simpler aproach is Returnil , to set it always in shadowmode and hide the icons on the desktop and in systemtray,after the kids leave for mom,then restore it to your preferred setup.

So from i deduce in those statements, which of course are laced with factual regards by the way, kids are in the group of easy malware targets, then come the adults who just can't wait to invite openly a codec to glimpse a still or moving film of the naked human body for gratification, and so on and so forth.

Yeah, the lanes are wide open for those habits i agree and they probably will be the lead recipients of adding new entries to the parent's or their own systems unless of course they choose to shield themselves enough to make it a safer show.

Let's face it, PC Internet users fall into several different categories, it's just that some of us (in these circles anyways) cannot live without real clever challenges as motivation for bragging rights to our respective security-ware, at least that's been my chief purpose as well as passing on my experience and hopefully accurate enough suggestions to the unwary who are simple but unsuspecting of what they might have to cope with one day.

SandboxIE is one in a dozen or more of those nice strategies that can be depended on to if nothing else lessen the potential for a disruption down the road due to a malware attack of some sort that their AS/AV just might not be prepared to capture at the time.

-{ Quote: "

Much simpler aproach is Returnil , to set it always in shadowmode and hide the icons on the desktop and in systemtray,after the kids leave for mom,then restore it to your preferred setup." }-
Exactly. Returnil is the App of choice for the Grandchild trojan. Just turn it on before you let them on the computer and reboot when they go home. If you don't tell them what returnil is they won't know enough to mess with it. ;D

Could someone explain why I might prefer Sandboxie to Returnil then ? I tend to be lazy and don't like having to play with lots of options. I did try Sandboxie and got the impression that it was originally designed to protect those using IE. Certainly it didn't work out of the box with Firefox (I accept that it can be forced to work). If something nastie did get on my pc it would be gone at reboot. Using Sandboxie would provide better ( how much better ?) protection in that the nastie would be contained but in practice is the extra protection really all that great ? put me down as a Grandchild trojan if you will but I can't see what I'm missing by using Returnil, deepfreeze, or Shadow Defender rather than Sanboxie.

-{ Quote: "I can't see what I'm missing by using Returnil, deepfreeze, or Shadow Defender rather than Sanboxie." }-
Well Sandboxie can be configured to stop all outbounds which suits me fine as I have a hardware firewall for inbounds.

boils down to preference.IMO has nothing to do which is better,right out of the box Returnil just works,after install there is almost nothing to configure.
Sandboxie is either simple and just as effective but has more options to setup to your liking,but both are good to go. ;)

yes SBIE can setup to exlude browser(or complete processgroup) in denying anything to connect,should be done in the SBIE ini file,by way of closing all paths,except for processgroup,a beautyfull option given us by Wraithdu.

-{ Quote: "Could someone explain why I might prefer Sandboxie to Returnil then ? I tend to be lazy and don't like having to play with lots of options. I did try Sandboxie and got the impression that it was originally designed to protect those using IE. Certainly it didn't work out of the box with Firefox (I accept that it can be forced to work). If something nastie did get on my pc it would be gone at reboot. Using Sandboxie would provide better ( how much better ?) protection in that the nastie would be contained but in practice is the extra protection really all that great ? put me down as a Grandchild trojan if you will but I can't see what I'm missing by using Returnil, deepfreeze, or Shadow Defender rather than Sanboxie." }-

I use both. You can do something in the sandbox and it stays until you delete it, as opposed to losing it to reboot. I had no trouble getting Firefox to run Sandboxed. I use SD/Returnil for specific tasks, but it isn't practical for me to have them on all the time, hence I like Sandboxe for it's real time protection. I run browsers, and Outlook sandboxed.

-{ Quote: "
They go on-line sandboxed only when an adult is around, but "complete" supervision is not a reality.

This situation seems to be futile as they admit that some "friends" have it on their laptops!!! " }-

Since they can already get on SBIE on their friend's box simply cut them off at home (please tell them to avoid 'greasy' sites---they won't listen but at least you warned them). Have a partition for your own SBIE, passworded with a password that they will not find a sticky on.

May I suggest your ZIP code: first as the mail sees it, i.e. 12345 then simply reverse it's second part, i.e. 54321. The total password will be1234554321 and it is almost impossible to forget!!!

For other partitions or programs, variations are easy to come up with, i. e. 12345abc54321 ect.

Even if you forget it one time it is easy to permutate the password until you are let in.

-{ Quote: "
If you have kids and grandkids who use SandboxIE, the chances are that they will not familiarize themselves with how to correctly download files and a meltdown due to maleware is inevitable. The partition had to be restored with TI 10." }-
My grand child requested that I try to find out what type of infection it was that caused SandboxIE's "desktop cycling" "meltdown". Perhaps some one can recognize it. Google did not reveal anything like it.

I was using Norton's Security Suite on this particular SandboxIE partition when the malware meltdown occurred (I use AVAST on my other SandboxIE partition, and it always catches the maleware [so far] ).

The malware caused something I never encountered before: the desktop continuously appeared then dis-appeared. This happened about every 7-9 seconds in which during the 7-9 seconds that the desktop was "on" I could open programs (as long as they could do so in 7-9 seconds). Once a program or plug-in was "on" it remained on and worked normally).

If no program was opened the desktop, it simply went away with no way to get it back (I tried for over 5 hours to repair this problem).

I un-installed SandboxIE (and tried the restored function and all other things I could think of) during these 7 second intervals, but the desktop continued to cycle on and off.

I wonder what kind of male ware it was ( I suspect that it infected the registry where "users" [maybe the "fast switching" function?). Any ideas?

Did norton detect anything or did it just happen after opening the file unboxed?

-{ Quote: "
I wonder what kind of male ware it was ( I suspect that it infected the registry where "users" [maybe the "fast switching" function?). Any ideas?" }-

It seems like a Trojan of some sort. There are so many of them but you could start looking for them at http:www.megasecurity.org/files_all.html .

It could relate to the icon refresh rate and or folder - icon cache size limits.

See lines 2, 121 and 157 left columns at the link below.
Kellys Tips and Tricks (http://www.kellys-korner-xp.com/xp_tweaks.htm)

Beto:

I was told there were no notification or warning before the file was opened (funny as there usually is some sort of notice).

CircleGirl:

A site that is terrifying as one could actually see the different types of Trojans and their targets. I believe that malicious code was introduced into the registry causing the loop which caused the desktop cycling after opening the file unboxed from SandboxIE.

See Franklin's registry site reference. As he suggested there are keys that make for good candidates to infiltrate to insert looping code. Thanks ---cortez

Franklin:

"Kellys Tips and Tricks" is a treasure chest for all things dealing with the registry. It looks like it will supply me with many days of reading and learning (which I truly welcome).

I noticed that you use "Returnil" as well as SandboxIE, so I tried it out and it seems to be as easy to configure as SandboxIE and "interneting" is as good as ever! Thanks for the important info (and the inspiration to try Returnil)---cortez

Ever since I used Sandboxie, never once did I get my system infected.
I've set it up to auto-delete all data once I close my default browser.
I've accidentally downloaded SpySheriff (and its variants) on numerous occasions, but it was deleted by Sandboxie.

I love the way you have total control over which applications you can sandbox. All of my applications that use internet access are all sandboxed, except for some anti-malware programs.

Is there a shelf life when using returnil w/ SB? I have been using both for browsing for 2 months solid now.

I had to do a major tune up-- defragg 2 times (that is two times more than usual), use different cleaners, get rid of some limited user accounts,-- to finally get SB and returnil to get back on tract and speed firefox up again.

This makes me think that there is a self life of about 2 months before firefox gets slowed downed when using both SB and returnil together.

-{ Quote: "Is there a shelf life when using returnil w/ SB? I have been using both for browsing for 2 months solid now.

I had to do a major tune up-- defragg 2 times (that is two times more than usual), use different cleaners, get rid of some limited user accounts,-- to finally get SB and returnil to get back on tract and speed firefox up again.

This makes me think that there is a self life of about 2 months before firefox gets slowed downed when using both SB and returnil together." }-

Thats the way how you configered Returnil to save session data to disk C: ? or other partition or other drive.Save to disk wil always cause fragmentation,IMO its better to save to another part. or other drive to keep fragment. low on system part.

-{ Quote: "Thats the way how you configered Returnil to save session data to disk C: ? or other partition or other drive.Save to disk wil always cause fragmentation,IMO its better to save to another part. or other drive to keep fragment. low on system part." }-

Your solution makes sense and from here on out all downloads will now go to the data partition directly.

Even though I needed to give my SB/returnil partition a tune up due to a slowing down of firefox it has not failed me so far and I am impressed with the two fisted defense of these excellent malware fighters.

-{ Quote: "... All of my applications that use internet access are all sandboxed, except for some anti-malware programs." }-

That's where adding returnil will cover all bases.

They definitely work well together on most setups.

XP Activation Problems using SandboxIE (???):

Two of my SandboxIE partitions have asked for Re-Activation over the internet before allowing me to boot up XP!!

These are the only times a Re-Activation request has ever occurred on a Pre-Activated XP installation of any sort (this includes Images from TI10 and "copy partition" operations from DD10!!

Am I crying wolf and unjustifiably ascribing fault to SandboxIE??

On these partitions I did not have any "calling home" blocking applications ( I believed that I did not need them as a reboot would return the partition back to it's already activated state).

I now realize that I have used these partitions with SandboxIE disabled at times to save data and thus prone to being subjected to Microsoft's "Call Home" strategy. These partitions now have XP Antispy (freeware) which tells Microsoft that Activation has occurred and is up to date.

I hope that this puts an end to this Activation problem as I dread calling Microsoft's "Activation Center" and dealing with the overwhelming entering of numbers to reactivate (and the often long waiting period to talk to a real person).

I think that 4 activations in any 2 to 3 month period requires a telephonic Re-Activation (correct me if I am wrong on this point).

I have now left these 2 partitions always active, SandboxIE wise and merely drag and drop any "data" to a data partition to check for malware ( in Windows Explorer).

I hope this is the solution and Microsoft is not randomly seeking internet Re- Activation with XP (some have suggested that this is now a reality).

SandboxIE and Windows steady state= High Maintenance:

It seems that Window's "Steady state" may have some benefits for Microsoft updates ect. , and possibly the ability to install applications the need to reboot to install ( a great and much needed function), but is otherwise clumsy, needing multiple reboots ( and long ones at that).

I found it easier to use SandboxIE easier to use ( turning it on and off much easier and much faster) that using Sandboxie with Window's Steady State together.

SandboxIE still has a very small footprint:

202780

With both SandboxIE and Window's Steady State on:

202781

Wow!! a bigger footprint than SamdboxIE andf Returnil both on !!

Ultimately it depends on one's usage and needs (time wise/ footprint wise) to determines if it is a good candidate for one's particular set up.

I resolved the problem by having separate and dedicated partitions for SandboxIE alone, Returnil and SandboxIE, and SandboxIE and "Window's Steady State" as the best solution for my needs.

-{ Quote: "
I resolved the problem by having separate and dedicated partitions for SandboxIE alone, Returnil and SandboxIE, and SandboxIE and "Window's Steady State" as the best solution for my needs." }-

I have both SBIE and returnil on separate partitions also but today have encountered the first SBIE malfunction. SBIE would not allow Firefox to be sandboxied--it just let the hard drive LED blink but no Firefox. I reinstalled SBIE but still nothing.

Then I upgraded but still nothing!!! Finally I emptied the newest SBIE container and Firefox booted up and has since worked fine.

I have been comparing returnil and SBIE and they both have worked perfectly against malware. The biggest difference is the large returnil footprint which SBIE does not have.

Overall SBIE has been superior ( in regards to being able to operate on a small partition) until this hang up today. I checked the partition and no malware was present, so I think that IF I had emptied the container it would have worked OK.

But since this is after the fact I can't be certain. So whatever happened to cause SBIE to not boot up it still protected the partition (and my other partitions went un-effected), so I would say that SBIE has been exceptional in it's ability to protect against malware --even with this snafu.