Sandboxie has worked great for me these last few months and no real problems using Firefox in "protected mode". It is as if I have been blind to the many strange and bizarre sites of the internet due to fear of male ware.

I am absolutely blown away with the freedom Sandboxie has afforded me knowing that all will be well upon reboot. One of the best internet utility/anti-male ware applications in my experience.

It is a real time potential time saver for sure much: much faster than restoring an image.

It will rival Imaging in importance since it is most likely to make imaging/restoring a hard drive due to failure rather than to infection due to male ware.

I am certainly going to let family/friends know of this great "product" as it has been working great.

-{ Quote: "~snip~

I am absolutely blown away with the freedom Sandboxie has afforded me knowing that all will be well upon reboot. One of the best internet utility/anti-male ware applications in my experience.

~snip~
" }-
I share your feelings about the freedom that Sandboxie affords one. It gives me that warm and fuzzy feeling while surfing around. I'm all about isolating internet facing applications :thumb: .

Also, you don't have to reboot in order to delete the contents of the sandbox. It can be set to automatically delete the contents when closing a sandboxed program or you can do it manually.

FWIW: Sandboxie's price is raising a little March 5th, grab the paid version soon ;).

Is the licence a lifetime one?

Yes, Of course.

You are a very perceptive user. I don't relish risking potential serious incident but i sandboxed ran ROBOTDOG as well as VIRIIE and other very destructive malwares and the returns were nill, that is to say they either would not run at all or they just popped up some giddish looking box with scrambled text and that was the extent of their approach.

So in essence and untill or unless compromised in some way, SANDBOXIE is a very protective application as-is. Since most destructive or disruptive malware would need to activate itself in the normal form of executable, most HIPS and especially Anti-Executable for one would have aborted them before they even had a chance to show anything.

For me this is still touch and go, but aside from some forced intrusional code being cleverly craftd enough to evade containment, SnadboxIE stands pretty well on it's own merits/capability IMO.

And opinions or other facts to the reverse in dispute?

I've tried Sandboxie several times now and could never really get on with it. It didn't automatically recognize Firefox ( was able to force it though). the main issue for me though was the delay when I first logged on. On a very old machine with on 512 of memory the first time I would log on it would take an extra 5 seconds.

As people keep raving about Sandboxie I keep thinking I should try again on a newer machine BUT as I already run Returnil, or deepfreeze is there really any benefit ? Is anyone using both ? and why ? I should add that I have never seen a virus nor suffered from malware nor had my identity stollen. Given the lack of any attacks would it still make sense to install Sandboxie on top of DeepFreeze ?

-{ Quote: "the first time I would log on it would take an extra 5 seconds." }-

I'm sorry, but do you realise how ridiculous that statement sounds? 5 seconds extra! Oh dear, that's like an eternity. I mean in 5 seconds you could stand up and sit down again. All that time wasted. Get a grip please! Now if you had said it takes an extra 1 minute or two and slows down your browsing to a crawl then I could understand where you are coming from. But take a step back and think about it. 5 seconds. Oh, and by the time you've taken a step back the 5 seconds would have passed...

muf

@LongView:

I use both Sandboxie and returnil. The main use of sandboxie is to protect my surfing. I normally have returnil disabled. Only when going to really "dark side" sites, or when I'm installing some software I don't know so well where it came from, I enable Returnil.

So Sandboxie for surfing, Returnil for software, tests, etc, and sometimes as an extra layer (may be overkill, but better safe than sorry, I run some other software sandboxed sometimes, when it's suspicious)

As for the 5 seconds, I use the unregistered version, and it displays a popup the first time a sandboxed application run each session, telling I must wait 5 seconds if I want to continue using the unregistered version. After that I can close that popup and start surfing. I don't mind it. The protection and peace of mind it gives me is well worth that 5 seconds.

I'm seriosly thinking about registering though, it's a great app!

-{ Quote: "I'm sorry, but do you realise how ridiculous that statement sounds? 5 seconds extra! Oh dear, that's like an eternity. I mean in 5 seconds you could stand up and sit down again. All that time wasted. Get a grip please! Now if you had said it takes an extra 1 minute or two and slows down your browsing to a crawl then I could understand where you are coming from. But take a step back and think about it. 5 seconds. Oh, and by the time you've taken a step back the 5 seconds would have passed...

muf" }-

I think you have missed my point ? If I felt that I needed the protection then I agree 5 seconds is nothing. If I don't need the protection because I'm running Returnil or Deepfreeze then why would I want to slow things down ? even by 5 seconds.

So let's just leave the question as " if using Deepfreeze or Returnil is Sandboxie still of value ?" and cut out the smart arse responses.

-{ Quote: "@LongView:

I use both Sandboxie and returnil. The main use of sandboxie is to protect my surfing. I normally have returnil disabled. " }-


Thanks - perhaps that's the difference ? I run with Reurnil on except when updating and wouldn't know how to find the darkside on a sunny day.

It maybe was a smart arse response. But you made a point that it took an extra 5 seconds. You appeared to be being a little petty and that's why I commented accordingly. Now you have expanded on what you were getting at I apologise for my comments. Personally, I feel it would still be beneficial to run something like Returnil as this would provide a 'safety net'. Even though it appears that Sandboxie is impervious to current known malware it doesn't mean that someone won't find a way round it in the future. I would never rely on one application as my protection. Layered protection has been recommended many times and I still feel it is the best way to go.

muf

-{ Quote: " I would never rely on one application as my protection. Layered protection has been recommended many times and I still feel it is the best way to go." }-


I agree with this, a layered defense is the way to go and SandBoxie would be a valuable part of it. Although i've just recently started using SandBoxie again, I wouldn't go surfing without it. It adds excellent protection to my already strong defense. ;D

I agree with Longview. I tried Sandboxie and although the new version starts up quicker I just dont get it. I surf all sites and I mean all. I download everything and never 1 infection.

-{ Quote: "It maybe was a smart arse response. But you made a point that it took an extra 5 seconds. You appeared to be being a little petty and that's why I commented accordingly. Now you have expanded on what you were getting at I apologise for my comments. Personally, I feel it would still be beneficial to run something like Returnil as this would provide a 'safety net'. Even though it appears that Sandboxie is impervious to current known malware it doesn't mean that someone won't find a way round it in the future. I would never rely on one application as my protection. Layered protection has been recommended many times and I still feel it is the best way to go.
muf" }-

Thanks - I'm changing machines in the next few weeks and will give Sandboxie and SafeSpace a go. Surfing has to be the most likely way for me to get contaminated.

The combination of DEEP FREEZE virtualized by RETURNIL should i would assume ward off any MBR makware attempts as i understand it, considering Returnil has been corrected & rechanged to address this type risk from a ROBOTDOG or any other MBR infector such as KillDisk, Sector Editor, etc.

That type of malware for me still raises enough reason for caution & IMO remains a very real risk if ever released in abundance enough to threaten by a laced web page of some sort or even bundled to freeware or lest we forget the common drive-by which again falls into the redirected laced webpage category.

I just picked-up on this thread and never heard of SandboxIE, so now I'm anxious to give it a go. Some here have also mentioned Returnil. Can anyone outline the basic differences in their operations?

-{ Quote: "The combination of DEEP FREEZE virtualized by RETURNIL should i would assume ward off any MBR makware attempts as i understand it, considering Returnil has been corrected & rechanged to address this type risk from a ROBOTDOG or any other MBR infector such as KillDisk, Sector Editor, etc." }-
System recovery software do not try to restrict the action of programs in any way, only attempting to undo all changes upon reboot. The Robodog vulnerability may have been fixed for now, but as long as malware are allowed to run on the same physical machine as the recovery software, and with equal privileges, there'll always be a way to penetrate and defeat the recovery mechanism.

Is it the case then that Robodog can not penetrate and defeat Sandboxie ?
or is the argument that by using both Sandboxie and Returnil or deepfreeze or...
that hopefully one of them will stop it?

Also what does Robodog do ? If it messes up a machine to the point where a fresh image is all that is needed ( ok with hard drive prep) then I'm not too worried. the sort of malware that would concern me would be undetectable i.e I would have no idea that it was there.

-{ Quote: "System recovery software do not try to restrict the action of programs in any way, only attempting to undo all changes upon reboot. The Robodog vulnerability may have been fixed for now, but as long as malware are allowed to run on the same physical machine as the recovery software, and with equal privileges, there'll always be a way to penetrate and defeat the recovery mechanism." }-


Truer words were never said.

We don't know just far they aim to take it, but it's a fact $M and all it's silly permissions have left an even bigger gaping hole in XP then 98/Me used to suffer from. One can understand from a feature point-of-view or perspective that MS intends to expand useage to include additional users and even prevent those OTHER users from tampering with normal Admin settings, but looks to me like they left out a whole flurry from the security aspect of things.

By the way, does anyone know if at least in XP Pro restrictions can also be password protected on either a per setting basis or overall?

Thanks and very vital subject to discuss on.

-{ Quote: "We don't know just far they aim to take it, but it's a fact $M and all it's silly permissions have left an even bigger gaping hole in XP then 98/Me used to suffer from." }-
Your irrational Microsoft bashing is irrelevent here. The fact is as long as you choose to run your computer with an administrator account, programs will be able to do anything they want. It's your computer, and it has to be able to be used as you please; that's simple logic.

Of course, should this not be what you actually want, a limited user account will stop Robodog, and most other malware.

-{ Quote: "I just picked-up on this thread and never heard of SandboxIE, so now I'm anxious to give it a go. Some here have also mentioned Returnil. Can anyone outline the basic differences in their operations?" }-

Aaron - for a quick outline of the basic principles have a look at this link kindly posted by Coldmoon (of Returnil) in the software forum a couple of weeks ago.

http://wiki.castlecops.com/Lists_of_freeware_virtualization

HTH.

The only problem I have with Sandboxie is running it on a Limited User Account. The sandboxed web browser wouldn't open. But now that I am using SuRun I can get it to open by granting it administrator rights. But by granting the Sandboxed web browser administrator rights, aren't I defeating the purpose of running LUA to begin with.

-{ Quote: "Aaron - for a quick outline of the basic principles have a look at this link kindly posted by Coldmoon (of Returnil) in the software forum a couple of weeks ago.

http://wiki.castlecops.com/Lists_of_freeware_virtualization

HTH." }-
:thumb:

-{ Quote: "Your irrational Microsoft bashing is irrelevent here." }-

Thats only an opinion of course, but the term "irrational MS bashing" also translates to being negligent, as many millions of others also relate to. There is of course no intentions to make apologies nor either withtrack from the truth of all of it. And there are reasons for these limitations which i will briefly point out.

Back OT: SandboxIE and any other sandboxes & even virtualizers are vital time/ISP service saving programs, since the system itself is inherently flawed and was designed to be at the start in order to intoduce opportunities for developers to create and open businesses to address these and other limitations of internal elements of $M O/S's that present a real risk to the license holder of these O/S's.

It's called business expansion.

I wouldn't surf without my Sandboxie, when a videoclip site wants to download a .exe just to view the clip. It can be dangerious, I feel relief in knowing that when I close the browser the Contents of the sandbox folder just disappears.

I wouldn't pretend to understand the delicate technicalities that go into constructing a sandbox as finely and on the order of SandboxIE, and for that matter virtual systems, but they definitively hold a distinct advantage in containments and protections from anything.

If there is a weakness and all softwares have some, at least this one is swifty corrected.

I would say the exact same thing applies to another great program called DEFENSEWALL, it's interesting to experience for ourselves these new technological advancements in security.

-{ Quote: "ndboxes & even virtualizers are vital time/ISP service saving programs, since the system itself is inherently flawed and was designed to be at the start in order to intoduce opportunities for developers to create and open businesses to address these and other limitations of internal elements of $M O/S's that present a real risk to the license holder of these O/S's.

It's called business expansion." }-
That's your opinion, but what I'd suggest is taking some time to study the basics, and learn what Robodog actually does and what OS "weaknesses" it exploits. It may be easy to convince yourself as such, but people who play with technical tools aren't always as technically inclined as they'd like to believe.

-{ Quote: "Yes, Of course." }-
Thanks.

-{ Quote: "Also what does Robodog do ?" }-
It steals passwords.

-{ Quote: "I agree with Longview. I tried Sandboxie and although the new version starts up quicker I just dont get it. I surf all sites and I mean all. I download everything and never 1 infection." }-
Never say never. ;)

-{ Quote: "It steals passwords." }-
I think not. It defeats instant recovery software.

It defeats instant recovery software to survive the reboot, then it's a PSW trojan. solcroft can explain this better.

-{ Quote: "It defeats instant recovery software to survive the reboot, then it's a PSW trojan. solcroft can explain this better." }-
Robodog itself is a downloader trojan. It installs an autostart component that survives recovery, and downloads password stealer trojans the next time the system reboots. Now if the system enters "freeze" mode again, the password stealers are frozen onto the system, automatically restored at each reboot.

-{ Quote: "That's your opinion, but what I'd suggest is taking some time to study the basics, and learn what Robodog actually does and what OS "weaknesses" it exploits. It may be easy to convince yourself as such, but people who play with technical tools aren't always as technically inclined as they'd like to believe." }-

What a chip on the shoulder today. Sorry but i can't be led to cater to such useless ping pong leading only to unproductive criticisms.

Let's try to stay focused on the actual techologies plus it's not so becoming to suggest "play" when it comes to technical tools.

They are not for play but for study, examination, research and results. I don't have to convince myself of anything having long been involved in these matters for many years likely before many even plugged one in, so if i am in some error to details of a relatively new malware it would more reasonable to assist rather than make light at someone who is just first come into contact with a coded malware.

I don't think i will ever fully understand the purpose of why some of us are always taken to task negatively when suggesting some presumptive evidence not meant to claim as real fact but merely brought out for others perhaps better informed to clarify with their own details by results.

-{ Quote: "Robodog itself is a downloader trojan. It installs an autostart component that survives recovery, and downloads password stealer trojans the next time the system reboots. Now if the system enters "freeze" mode again, the password stealers are frozen onto the system, automatically restored at each reboot." }-
Crystal clear, thanks solcroft :)

And again, SafeSpace defeats robo-puppy.;)

trjam,
Don't forget that this is a cat and mouse game. Someday, sandboxes (Sandboxie, GeSWall, Defensewall, SafeSpace, etc) will leak. It's better to run LUA.

-{ Quote: "And again, SafeSpace defeats robo-puppy.;)" }-
The reason why sandboxes are safer in general is because, short of bugs, they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself. Instant recovery software, on the other hand, do not have this design and programs are allowed to do whatever they want. They're likelier to get compromised, but on the other hand allow for greater functionality within the "isolated" environment.

-{ Quote: "The reason why sandboxes are safer in general is because, short of bugs, they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself. Instant recovery software, on the other hand, do not have this design and programs are allowed to do whatever they want. They're likelier to get compromised, but on the other hand allow for greater functionality within the "isolated" environment." }-

Thanks "they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself" That is the bit that I had not seen mentioned before. I still feel that although "They're likelier to get compromised" is true the probability of either event is not as great as is sometimes feared.

That's why they're called sandboxes: a child's play area (the sandbox environment) and an omnipresent guard (sandbox driver).
You can achieve the same with Returnil, Deep Freeze and the likes by using LUA. Applications and malware can't fiddle with the ISR driver if they're running with limited privileges. This way, an ISR application becomes a "bullet-proof" system-wide sandbox.

Last hole in Sandboxie was fixed a week ago,thanks to member Rasheed to bring it in public.Tzuk fixed it imediately !

If you wont really safe,let alone your browser the right to connect,in this way defeating any other stuff trying to connect,including keyloggers.

usefull if you do online banking.

-{ Quote: "I've tried Sandboxie several times now and could never really get on with it. It didn't automatically recognize Firefox ( was able to force it though). the main issue for me though was the delay when I first logged on. On a very old machine with on 512 of memory the first time I would log on it would take an extra 5 seconds." }-

You could use a memory manager to free up some unreleased memory... Works wonder on systems with low RAM count.

I use smartRAM a small utility bundled free in Advanced Windows care 2 from Iobit You can downloaded it here (http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2086_4-10407614&ontId=2086&spi=d487b058e4b2957fbf93783259096752&lop=link&ltype=dl_dlnow&pid=10407614&mfgId=6271865&merId=6271865&destUrl=http%3A%2F%2Fwww.download.com%2F3001-2086_4-10800738.html%3Fspi%3Dd487b058e4b2957fbf93783259096752%26part%3Ddl-AdvancedW)

@ Long View, I mostly use Sandboxie for daily use and Returnil on demand. When Returnil is protecting my C:/ partition from changes, Sandboxie is set to Block Access to my D: and E: partitions. It can also be set to Block Access to My Documents or where ever you keep you important data. If something would happen to sneak it's way into the sandbox while I'm browsing, access to my data should be blocked. I hope that made sense.

innerpeace

-{ Quote: "trjam,
Don't forget that this is a cat and mouse game. Someday, sandboxes (Sandboxie, GeSWall, Defensewall, SafeSpace, etc) will leak. It's better to run LUA." }-
I understand Lucas. But isnt SafeSpace basically doing this as far as web facing applications.

A simple bug/vulnerability in the kernel driver(s) and the gate to infection may be open.

Lucas,

Vista is really strong with its UAC (LUA in quiet) and IE in protected mode. Even downloaded have an extra security block on them.

On XP LUA is not really a very friendly option. The advantage of DW and GW is that downloaded files also inherit the untrusted status. I think this is better than sandboxing with virtualisation sandboxes. As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce).

Regards Kees

you see licas what you may me go and do.;)

-{ Quote: "Aaron - for a quick outline of the basic principles have a look at this link kindly posted by Coldmoon (of Returnil) in the software forum a couple of weeks ago.

http://wiki.castlecops.com/Lists_of_freeware_virtualization

HTH." }-

I actually wrote the material on that link, so you are welcome as well.

-{ Quote: "you see lucas what you may me go and do.;)" }-;)
thanks

-{ Quote: " As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce).

Regards Kees" }-

Normally, yes that is correct, with Sandboxie. However you still do have the option to right click the file and run it sandboxed if you chose.

Pete

-{ Quote: "I actually wrote the material on that link, so you are welcome as well." }-

Thanks LUSHER. First read it when Coldmoon mentioned it on a thread. I was just starting to get interested in virtualisation, particularly Sandboxie and Returnil. I was (I think) in the same position that Aaron is now and wanted a basic inkling into the differences. I found it was very helpful and helped me get a basic grasp of what it is all about. Appreciated.

Very well written Lusher. It gave me a good quick insight into virtualization.

-{ Quote: "As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce). " }-

Hi Kees.

If you download a file from within SafeSpace to your desktop (for example), it is tagged to ensure that when it is next opened or run, it runs back inside SafeSpace again. These tagged files are clearly visible by a red border surrounding them.

The net effect is that you can still download whatever you want and keep it stored with your other private and trusted files, without having to worry about what is lurking inside it, and without having to manage your files any differently.

Best regards,

Kris.

Artificial Dynamics.

-{ Quote: "That's why they're called sandboxes: a child's play area (the sandbox environment) and an omnipresent guard (sandbox driver).
You can achieve the same with Returnil, Deep Freeze and the likes by using LUA. Applications and malware can't fiddle with the ISR driver if they're running with limited privileges. This way, an ISR application becomes a "bullet-proof" system-wide sandbox." }-

So please let me get this straight as i understand it.

Robotdog for example would work to remove the "hooks" of DEEP FREEZE or some other ISR, but running under LUA it would not be able to displace those drivers/hooks? What about from userland? The same? I mean either way if ROBOTDOG for example could not elevate itself to Admin then for all practical purposes it can do no harm since it has not the proper privileges to carry out it's purpose.

-{ Quote: "Robotdog for example would work to remove the "hooks" of DEEP FREEZE or some other ISR, but running under LUA it would not be able to displace those drivers/hooks? " }-


easter, LUA with SRP is freakin' awesome. you could probably get away with using only an AV with LUA with SRP and still be in almost total safety! best of all it doesn't bog down your system with lot's of apps.

You got it right EASTER :)

Thanks greatly for all your inputs, nothing is more disappointing and disconcerting then to experience disruption by a foulware by some chance it's only mission is to create maximum disruption of a PAID software and rob a user of their internet service in the effort they would need to affect a repair.

You guys rock the house with your wit and knowledge on these matters, thanks.

-{ Quote: "easter, LUA with SRP is freakin' awesome. you could probably get away with using only an AV with LUA with SRP and still be in almost total safety! best of all it doesn't bog down your system with lot's of apps." }-
Sorry to intrude, but I can't figure out what LUA is, and SRP as well. Will you please help me on that? Thanks;D

LUA (http://www.mechbgon.com/build/Limited.html)

SRP (http://www.mechbgon.com/srp/)

-{ Quote: "LUA (http://www.mechbgon.com/build/Limited.html)

SRP (http://www.mechbgon.com/srp/)" }-
Hey, Thanks! ;D

Freud would have loved sandboxie as it reveals (worldwide) all the varied perversions from the almost unlimited sex preferences to the materialistic obsessions that are sexual alternatives. I can picture him glued to his computer (protected by sanboxie) spending all of his time relishing humankind's confirmation of his theories.

-{ Quote: "Freud would have loved sandboxie as it reveals (worldwide) all the varied perversions from the almost unlimited sex preferences to the materialistic obsessions that are sexual alternatives. I can picture him glued to his computer (protected by sanboxie) spending all of his time relishing humankind's confirmation of his theories." }-

Holy crap man... try reading science fiction or something! :D or you might develop some type of umbilical fixation in your old age... Me I took up smoking Cuban cigars :dry:

-{ Quote: "Freud would have loved sandboxie as it reveals (worldwide) all the varied perversions from the almost unlimited sex preferences to the materialistic obsessions that are sexual alternatives. I can picture him glued to his computer (protected by sanboxie) spending all of his time relishing humankind's confirmation of his theories." }-
What would he think if he was able to delete a trojan while using Sandboxie while his C drive was locked in Returnil? :argh:

-{ Quote: "Freud would have loved sandboxie as it reveals (worldwide) all the varied perversions from the almost unlimited sex preferences to the materialistic obsessions that are sexual alternatives. I can picture him glued to his computer (protected by sanboxie) spending all of his time relishing humankind's confirmation of his theories." }-

If I took too much time thinking about what my clients do with their computer before they call me to fix the issues they have... I might make a career change! I think I would barf I could see the content of that sandboxie cache... in the event it still existed after a user session of course.

-{ Quote: "Holy crap man... try reading science fiction or something! :D or you might develop some type of umbilical fixation in your old age... Me I took up smoking Cuban cigars :dry:" }-

And Freud should said this H.C. quote is quite revealing about the real nature of this guy. lol 8)

-{ Quote: "Holy crap man... try reading science fiction or something! :D or you might develop some type of umbilical fixation in your old age... Me I took up smoking Cuban cigars :dry:" }-

I should have put in a grin icon to indicate the post was tongue-in-cheek. Your assessment was right on target nonetheless.

Freud's theories are intellectual mal ware and I wish there was a sandboxie for the mind to turn on before I read a book, that way I can avoid being infected by persistent absurdities put forth by the likes of Freud. His ideas have infected much of 20th century thought and it seems only now are they fading somewhat.

For me I think I'll take up feeding alley cats as the newer trash cans with lids make it harder for them to eat a decent meal.;D

-{ Quote: "As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce).
" }-

Even when running under a limited account?? I'm running XP Pro, one account admin (only used for MS updates and program installs/uninstalls) two limited acounts and one power user account. Simple file sharing is disabled which allows me to set granular restrictions to any folder I want, including critical folders such as c:\Windows and all sub folders plus several others. These have only: "read & execute" "list folder contents" & "read" rights administered to them on the limited accounts, including power user (though this account has a few escalated priviliges on some non-system folders).

So if I'm running sandboxie and set a file outside it under one of these limited accounts, how could it gain higher priviliges than those of the account? Is it because the sandboxie driver is at administrative level?

-{ Quote: "Holy crap man... try reading science fiction or something! :D or you might develop some type of umbilical fixation in your old age... Me I took up smoking Cuban cigars :dry:" }-

Cuban Cigars????? I'm jealous. They're banned here in the States, unless you know where to look, which I don't.

I'm wondering about this Robotdog. With Sandboxie working and Faronics AE running. Between the two, I doubt Robotdog has a prayer without user help. I don't think AE would even let it start.

-{ Quote: "Cuban Cigars????? I'm jealous. They're banned here in the States, unless you know where to look, which I don't.
" }-

You can get them from Canadian mail order shops... or in any Canadian Cigar shop, But price is steep. To get cheap Cubans I have to go to Havana... Otherwise I settle for some decent Honduras made Grand Habanos #3 and Grand Habanos Corojos # 5 that I have to order from the United States otherwise I get burned real hard by our good Canadian Dealers and the tax man... (Best Alternative I know to a Mid Grade Cuban cigar and available right in the USA real cheap!).

If ya want ta know here is my fave: http://www.stccigars.net/habano.php
for a strong full bodied puff http://www.stccigars.net/corojo.php

Try and let me know! :)

Don,t smoke guys! atleast over here at Wilders.:)

-{ Quote: "Don,t smoke guys! atleast over here at Wilders.:)" }-
Yes... wildly of topic! ::)

Getting back to SandboxIE, would you guys please address the following:

My wife uses her WinXP laptop for email and online banking. Her laptop has a wireless internet connection to our DSL gateway (which provides a hardwae firewall). Would SandboxIE be enough protection? ...if not, what else is necessary and why?

PS. Forgot to mention that her browser is IE.

-{ Quote: "Getting back to SandboxIE, would you guys please address the following:

My wife uses her WinXP laptop for email and online banking. Her laptop has a wireless internet connection to our DSL gateway (which provides a hardwae firewall). Would SandboxIE be enough protection? ...if not, what else is necessary and why?

PS. Forgot to mention that her browser is IE." }-

Simply put... No!

If you want to download anything into your pc out of the sandbox you should also have an av, and I would go with a HIPS as well...

-{ Quote: "Getting back to SandboxIE, would you guys please address the following:

My wife uses her WinXP laptop for email and online banking. Her laptop has a wireless internet connection to our DSL gateway (which provides a hardwae firewall). Would SandboxIE be enough protection? ...if not, what else is necessary and why?

PS. Forgot to mention that her browser is IE." }-

This is the human element. My wife doesn't want to be bothered. I've put Sandboxie on her computer. She rarely uses it even though all she has to do is click that icon which sits right under the MSIE icon on the desktop. She has good antivirus which, fortunately updates or it would never be current.

I've downloaded Returnil to her desktop, but she doesn't want it installed "right now." She trusts her AV, hardware firewall and Windows firewall, which might be enough. Her problem is, on the two occasions she's been infected with malware (from graphics arts sites she frequents), it's because she downloaded a thing and when something popped up warning her, she just clicked without reading the warning.

I remember one. She asked, "What's this mean?" By the time I got the 4 or 5 steps to her computer she'd clicked okay, so I never knew what 'IT' was except that it took a reformat and reinstallation of Windows, using the DELL CD to get rid of 'IT.' She still hasn't learned.

If your wife will use Sandboxie, and scan files with a good AV, or even two (one on demand), that might be enough.

-{ Quote: "This is the human element. My wife doesn't want to be bothered. I've put Sandboxie on her computer. She rarely uses it even though all she has to do is click that icon which sits right under the MSIE icon on the desktop. She has good antivirus which, fortunately updates or it would never be current.

I've downloaded Returnil to her desktop, but she doesn't want it installed "right now." She trusts her AV, hardware firewall and Windows firewall, which might be enough. Her problem is, on the two occasions she's been infected with malware (from graphics arts sites she frequents), it's because she downloaded a thing and when something popped up warning her, she just clicked without reading the warning.

I remember one. She asked, "What's this mean?" By the time I got the 4 or 5 steps to her computer she'd clicked okay, so I never knew what 'IT' was except that it took a reformat and reinstallation of Windows, using the DELL CD to get rid of 'IT.' She still hasn't learned.

If your wife will use Sandboxie, and scan files with a good AV, or even two (one on demand), that might be enough." }-
Chuck, are you sure we are not married to the same woman? ;) .......your description sounds just like the way my wife uses the internet and I have also been asked to help her after she has clicked on somethings she shouldn't have (usually an email attachement)!

Chances are she won't use anything that isn't completely automatic (transparent) in operation - so I guess that answers my original question, but now I have to determine the best security solution for her. :-\

With the paid version, there is nothing to click. Just force all the browsers into the sandbox.

Also if you are careful about what you download, you can get by using Sandboxie without an AV. Even after removing a file from the sandbox, you can right click it and open it sandboxed.

Only if you download really flakey stuff would you be much at risk.

Pete

True Peter but if you only download trusted stuff from trusted sites such as Nvidia drivers then you dont need Sandboxie. Sandboxie cannot tell you that something is a virus unless you scan it first. I have never had any viruses or spyware in over 5 years and I download things everyday. I use NOD32 to scan everything.

-{ Quote: "This is the human element. My wife doesn't want to be bothered. I've put Sandboxie on her computer. She rarely uses it even though all she has to do is click that icon which sits right under the MSIE icon on the desktop. She has good antivirus which, fortunately updates or it would never be current.

I've downloaded Returnil to her desktop, but she doesn't want it installed "right now." She trusts her AV, hardware firewall and Windows firewall, which might be enough. Her problem is, on the two occasions she's been infected with malware (from graphics arts sites she frequents), it's because she downloaded a thing and when something popped up warning her, she just clicked without reading the warning.

I remember one. She asked, "What's this mean?" By the time I got the 4 or 5 steps to her computer she'd clicked okay, so I never knew what 'IT' was except that it took a reformat and reinstallation of Windows, using the DELL CD to get rid of 'IT.' She still hasn't learned.

If your wife will use Sandboxie, and scan files with a good AV, or even two (one on demand), that might be enough." }-
I think this is a case for tough love. Tell her that if she does the above again it will be up to her to fix it. Maybe if she has to stare at the screen with no clue of what to do and no computer for a few days, she will be careful. Of course I don't know where you'll be eating dinner. ;D

Or do what I did with my wife/boss.
Smile and tell her you don't know as much about this stuff as you thought you did and she should not rely on you to fix it because it may never work again!
Then duck.
Hugger

-{ Quote: "True Peter but if you only download trusted stuff from trusted sites such as Nvidia drivers then you dont need Sandboxie. Sandboxie cannot tell you that something is a virus unless you scan it first. I have never had any viruses or spyware in over 5 years and I download things everyday. I use NOD32 to scan everything." }-

First if I don't really know or trust the site, I assume suspicious. But if I still want to try, then I go to the VM machine, and there I can try it, and see what it does, with no risk. Does away the load of an AV. Has worked so far.

-{ Quote: "True Peter but if you only download trusted stuff from trusted sites such as Nvidia drivers then you dont need Sandboxie. Sandboxie cannot tell you that something is a virus unless you scan it first. I have never had any viruses or spyware in over 5 years and I download things everyday. I use NOD32 to scan everything." }-

Actually most issues nowadays have little to do with downloads users do... It's the drive by download via XSS and IFrame injectors that are used to modify browsers and use the browsers built in interpreter that are the high risks... Sandboxie allows you to recover nicely from those in the advent you get hit... Besides if it happens more than likely you would not eve know about it in many cases...

-{ Quote: "Or do what I did with my wife/boss.
Smile and tell her you don't know as much about this stuff as you thought you did and she should not rely on you to fix it because it may never work again!
Then duck.
Hugger" }-

Wow... I should try that one... (Great way to save on Viagra!) ;D

-{ Quote: "but if you only download trusted stuff from trusted sites such as Nvidia drivers then you dont need Sandboxie." }-
Sandboxie is not for downloaders, because when you put things outside the sandbox you're at your own mercy. Sandboxie is the right tool to protect against drive-by downloads which may happen on casual browsing (even on trusted sites)

-{ Quote: "Sandboxie is not for downloaders, because when you put things outside the sandbox you're at your own mercy. Sandboxie is the right tool to protect against drive-by downloads which may happen on casual browsing (even on trusted sites)" }-
Well honestly speaking that has never happened at all to me and I surf EVERYTHING. I tried Sandboxie for a week and since I download ateast 5 things a day, recovering everything I downloaded was gettting old. I download WindowBlind skins,Wallpapers,Nvidia drivers. I never download some program from some site I have never been to. I also never just click,click,click. If you are infected how can Sandboxie tell you that? It cant but all you do is empty the box correct? Everyone just seems to me to have gone overboard with protection. Sandboxie,DefenseWall,Safespace. Its all too much for me and seems like paranoia. Ok maybe Sandboxie might save by butt one day but how would I know that if it never gets outside the sandbox.

Why would you want to know if you were "infected" in a surfing session with SBIE?
The point of sandboxes is browse to your heart's content, then delete the virtual container and done. You begin clean and you finish clean.

I already do surf till my hearts content..............and never 1 infection.

What browser do you use Dieselman?

-{ Quote: "What browser do you use Dieselman?" }-
Firefox with adblock and no script. I have Comodo 3.0 and NOD32 3.0. And yes I surf porn.

-{ Quote: "Firefox with adblock and no script. I have Comodo 3.0 and NOD32 3.0. And yes I surf porn." }-
I am 52, I surf coupons for Depends.:-[

-{ Quote: "I already do surf till my hearts content..............and never 1 infection." }-
Great, but
-{ Quote: "Firefox with adblock and no script. I have Comodo 3.0 and NOD32 3.0. And yes I surf porn." }-
NoScript requires a fair involvement from the user. And Comodo 3? You'll have to deal with HIPS and firewalls pop-ups.
The concept behind sandboxes is simplicity = strong protection, no pop-ups, almost zero configuration, no FPs.

-{ Quote: "Great, but

NoScript requires a fair involvement from the user. And Comodo 3? You'll have to deal with HIPS and firewalls pop-ups.
The concept behind sandboxes is simplicity = strong protection, no pop-ups, almost zero configuration, no FPs." }-
I don't get any pop ups unless I am installing something. If you merely put the firewall and D+ in training mode for a week the switch it back you will be fine. Comodo just sits there like NOD32 till it finds something.

-{ Quote: "Actually most issues nowadays have little to do with downloads users do... It's the drive by download via XSS and IFrame injectors that are used to modify browsers and use the browsers built in interpreter that are the high risks... Sandboxie allows you to recover nicely from those in the advent you get hit... Besides if it happens more than likely you would not eve know about it in many cases..." }-
A site I visit everyday was bit yesterday. http://www.askwoody.com/newscomments.php?newsid=1949 It's fixed now, but this serves as an example that even your normal daily sites can't be 100% trusted. I'm glad to have Sandboxie on board.

-{ Quote: "A site I visit everyday was bit yesterday. http://www.askwoody.com/newscomments.php?newsid=1949 It's fixed now, but this serves as an example that even your normal daily sites can't be 100% trusted. I'm glad to have Sandboxie on board." }-

Hello Innerpeace,

I make noise about it on my site, I blab about it in wilders.. and boy do I get flack for it... (Apparently I'm a fear mongering for doing it. :o )

Just goes to show, the risks are real, and it's really not the "Obvious" site that will bite most users. The problem is most are so poorly secured that it would take a really poorly written hack for them to ever notice anything taking place...

I don't see how SandboxIE can prevent my wife from getting infected if she opens an email attachment with a virus! :-\

-{ Quote: "I make noise about it on my site, I blab about it in wilders.. and boy do I get flack for it... (Apparently I'm a fear mongering for doing it. :o )

Just goes to show, the risks are real, and it's really not the "Obvious" site that will bite most users. The problem is most are so poorly secured that it would take a really poorly written hack for them to ever notice anything taking place..." }-
For the "Obvious" sites, I turn on Returnil's protection :P. Seriously though, as much as I like Sandboxie, it's just as important to keep everything up to date. The malware would need a vulnerability of some kind to do it's damage. That's also why I check once or twice a month with Secunia's Software Inspector to make sure my broswer, Java, Flash, media players etc. are all up to date.

-{ Quote: "I don't see how SandboxIE can prevent my wife from getting infected if she opens an email attachment with a virus! :-\" }-
Hi Aaron, If you start a program within Sandboxie, anything that happens during that session should stay in the sandbox. If she however decides to recover the attachment to your real computer and open or runs it, then it's game over if the attachment is infected. That is why it's important to scan everything you download and then recover from the sandbox. If the file is under 10MB, you could also upload it to VirusTotal or Jotti to be scanned by multiple scanners. I hope this makes sense.

-{ Quote: "I don't see how SandboxIE can prevent my wife from getting infected if she opens an email attachment with a virus! :-\" }-
I agree. Then I guess the only thing to do is Sandbox your entire pc. Not. I was only Sandboxing my IE and FF.

-{ Quote: "Hi Aaron, If you start a program within Sandboxie, anything that happens during that session should stay in the sandbox. If she however decides to recover the attachment to your real computer and open or runs it, then it's game over if the attachment is infected. That is why it's important to scan everything you download and then recover from the sandbox. If the file is under 10MB, you could also upload it to VirusTotal or Jotti to be scanned by multiple scanners. I hope this makes sense." }-
Thanks innerpeace, and that does make very good sense to me, but we are talking about my wife here! :P

As I responded to Chuck, any and all security programs that I install on her laptop will have to work transparently (without the need for her intervention) or it simply will not get done! :-\

-{ Quote: "I already do surf till my hearts content..............and never 1 infection." }-

I see Sandboxie as an insurance policy. Maybe I'll never need it to rescue me, but I know it gives me a much better chance of avoiding infiltration of malware if I come in contact with it while surfing. Of course I'll never give up in the foreseeable future my firewall and HIPS as two of my security workhorses, but Sandboxie has relegated my revered NOD32 to on-demand scanning duty only, except for email downloads; it now plays second-fiddle to Sandboxie. It wasn't long ago I balked at the thought of using a sandbox to surf, but when you just sit back and think in simplest terms what it does to protect you while surfing, it is rather phenomenal to realize it completely isolates your surfing activity from your physical drive. Your machine for all intents and purposes is basically untouchable from malicious activity that could occur while surfing or opening attachments!

I suppose someday someone will figure out how to defeat the sandbox, but for now it remains imo virtually unparalleled.

A thought, and I'm not sure whether this would work or not. What about Faronics AE, or some other anti executable?

Once it's in place, it's very transparent - until you try to open something, or something tries to open itself, that isn't trusted. Don't know if it would be applicable in Aaron Here's case.

-{ Quote: "Hi Aaron, If you start a program within Sandboxie, anything that happens during that session should stay in the sandbox. If she however decides to recover the attachment to your real computer and open or runs it, then it's game over if the attachment is infected. That is why it's important to scan everything you download and then recover from the sandbox. If the file is under 10MB, you could also upload it to VirusTotal or Jotti to be scanned by multiple scanners. I hope this makes sense." }-

All good pointers!

SandboxIE makes it like starting all over again with yet another invisible shield, HIPS being my other. I am so new to sandboxes but they are not so unlike the Virtual protection i been used to but then again they are.

I took a tip from (Thanks) MikeNAS and applied the registry blocks and then fire up a vbs script file that writes to the registry and sure enough, no dice! I could even let my HIPS "allow" it and it hit a brick wall. SandboxIE is one cool app that i think i've found a new respect for. Add a virtualizer and such and i dunno, maybe even use that SuRun app to run as LimitedUser if possible in this combo, and it's a dead lock of security IMO.

If Aaron's wife doesn't install software, AE is a very good solution.
-{ Quote: "I don't get any pop ups unless I am installing something. If you merely put the firewall and D+ in training mode for a week the switch it back you will be fine. Comodo just sits there like NOD32 till it finds something." }-
So, you let training mode to build your ruleset for you? That's not the proper way of using a classical HIPS and rule-based firewall.
Also, how do you know that the thing you're installing is clean? That's the issue you brought here with SBIE.

-{ Quote: "Thanks innerpeace, and that does make very good sense to me, but we are talking about my wife here! :P

As I responded to Chuck, any and all security programs that I install on her laptop will have to work transparently (without the need for her intervention) or it simply will not get done! :-\" }-
Your welcome! I understand what your saying. You could take a look at DefenseWall or GeSWall. Other's have mentioned they are wife proof LOL. I haven't used either, but I'm guessing the attachment would be tagged as untrusted automatically.

You might also consider setting up a Limited User Account on her computer. I'm trying desperately to talk my sis and her family into setting up all of them as Limited Users. What's funny is my oldest niece keeps asking me about it. I think I'm wearing them down ;D.

-{ Quote: "~snip~

It wasn't long ago I balked at the thought of using a sandbox to surf, but when you just sit back and think in simplest terms what it does to protect you while surfing, it is rather phenomenal to realize it completely isolates your surfing activity from your physical drive. Your machine for all intents and purposes is basically untouchable from malicious activity that could occur while surfing or opening attachments!

~snip~" }-
I totally agree with what you have said. I was very intimidated by Sandboxie because it was considered an 'advanced security application'. I started with Power Shadow and experimented with it to understand what it did. I then tried Sandboxie and after I understood what it did, I was hooked. It simply isolates your internet facing applications from the rest of your system. Whatever runs in the sandbox, stays in the sandbox.

-{ Quote: "If Aaron's wife doesn't install software, AE is a very good solution.

So, you let training mode to build your ruleset for you? That's not the proper way of using a classical HIPS and rule-based firewall.
Also, how do you know that the thing you're installing is clean? That's the issue you brought here with SBIE." }-
The reason for training mode is so you do not get pop ups like mad.I am also a gamer and most games will lock up the first time you play it with any firewall. I have used Zone Alarm,Outpost,Online Armor,Kerio, L-n-S and Comodo. They all have a training mode to lesson pop ups. Then after the firewall learns everything you can edit you rules. Its better then having to 3 finger salute out of the game just to find out your firewall was giving you an alert that could have been prevented by simple using training mode. I made a post about this in the Comodo forums and Melih made it a sticky.

-{ Quote: "I agree with Longview. I tried Sandboxie and although the new version starts up quicker I just dont get it. I surf all sites and I mean all. I download everything and never 1 infection." }-

If you're saying what I think, with experience you can surf everywhere and not run into problems, you just have to know how to do it, been there...

I've been surfing the Net since it started and in 20 years I've had maybe only one problem I couldn't handle and needed to reinstall Windows.

Now is this the way for people to handle security for themselves, no not really, all I'm saying is you can surf the net without a sandbox, or heaps of malware apps if you are experienced.

Now if we are talking about the business side of computing, I wouldn't mess around, and have something more in place, but for my home box all I surf the Net with is FF with NoScript and Avira PE...

-{ Quote: "I totally agree with what you have said. I was very intimidated by Sandboxie because it was considered an 'advanced security application'. I started with Power Shadow and experimented with it to understand what it did. I then tried Sandboxie and after I understood what it did, I was hooked. It simply isolates your internet facing applications from the rest of your system. Whatever runs in the sandbox, stays in the sandbox." }-

Sandboxie is quite complex in its underlying coding but to make easy to use for us users is a compliment to Tzuk.

-{ Quote: "Sandboxie is quite complex in its underlying coding but to make easy to use for us users is a compliment to Tzuk." }-

Couldn't have said it better.

Tzuk is done a brilliant job with it thats for sure, let's hope it stays that way. He's sure seeing to it that it does.

-{ Quote: "For the "Obvious" sites, I turn on Returnil's protection :P. Seriously though, as much as I like Sandboxie, it's just as important to keep everything up to date. The malware would need a vulnerability of some kind to do it's damage. That's also why I check once or twice a month with Secunia's Software Inspector to make sure my broswer, Java, Flash, media players etc. are all up to date." }-

Actually all most users really need to browse safely is Firefox w/NoScripts installed... However it does require a little thinking in deciding which scripts should be allowed or not. But it knows how to detect many XSS type exploits...

As for the Secunia, you should download and install their new application, instead of doing the monthly web scan. It is also free and it is more thorough especially if you select it to show the hard to remove vulnerability option. Another thing about it worthy of mention, is that it's also working realtime, so as you install new programs it picks up if it's one with a known vulnerability or in the background if there is one already installed that suddenly gets listed as having vulnerabilities... Very nice tool indeed!

Here is the link to their "Full Application" scanner it's called PSI Scanner:
https://psi.secunia.com/

-{ Quote: "A thought, and I'm not sure whether this would work or not. What about Faronics AE, or some other anti executable?

Once it's in place, it's very transparent - until you try to open something, or something tries to open itself, that isn't trusted. Don't know if it would be applicable in Aaron Here's case." }-So an AE wouldn't stop her from opening safe email attachements? ....and if the attachment contains malware, does the AE stop it from being installed (or would the AE allow it to install but prevent it from running)? ???

-{ Quote: "So an AE wouldn't stop her from opening safe email attachements? ....and if the attachment contains malware, does the AE stop it from being installed (or would the AE allow it to install but prevent it from running)? ???" }-

I don't know. I'm hoping somebody more knowledgable about anti executables can answer. It seems to me it could be configured to allow the opening of an email, but if there was something attached, that part couldn't open.

Don't trust what I've just said though. I'm brand new to anti-executables. I'm certain I saw some tests somewhere here on Faronics, where it allowed an email to open but refused an .exe or some other 'dot' something IN the email from installing.

-{ Quote: "So an AE wouldn't stop her from opening safe email attachements? ....and if the attachment contains malware, does the AE stop it from being installed (or would the AE allow it to install but prevent it from running)? ???" }-

AE with security on high and all protections enabled should not allow any excutables reguardless of their extension at all.(EXE,SYS,BAT,ETC) I haven't used AE for a while but what I recall, with AE enabled, all exe's that were not present durring install, will be stopped dead in their tracks.

With copy protection on, it will not even let executables to download.

-{ Quote: "So an AE wouldn't stop her from opening safe email attachements? ....and if the attachment contains malware, does the AE stop it from being installed (or would the AE allow it to install but prevent it from running)? ???" }-
See here (http://www.urs2.net/rsj/computing/tests/Anti-Exec/index.html) :)

-{ Quote: "See here (http://www.urs2.net/rsj/computing/tests/Anti-Exec/index.html) :)" }-Thanks Lucas, that was quite informative, but I still have a couple of email attachment related questions:

1. My wife often receives email containing documents (*.doc, *.pdf, *.txt), sometimes (but not always) within a zip or rar attachment. She also often receives photos (*.jpg) as email attachments. Would AE deny opening any of these (assuming they are 'clean')?

2. Can you (or anyone here) address the likelihood of false positive instances using AE?

-{ Quote: "Thanks Lucas, that was quite informative, but I still have a couple of email attachment related questions:

1. My wife often receives email containing documents (*.doc, *.pdf, *.txt), sometimes (but not always) within a zip or rar attachment. She also often receives photos (*.jpg) as email attachments. Would AE deny opening any of these (assuming they are 'clean')?

2. Can you (or anyone here) address the likelihood of false positive instances using AE?" }-

1- No
2- No FP because AF is not signature based.

-{ Quote: "1- No
2- No FP because AF is not signature based." }-
Thanks aigle. The more I learn about AE, the more I'm inclined to believe it's the best single security solution for the way my wife uses her PC. It seems that once I install AE (and set it up) my wife won't have to concern herself with signature downloads, rebooting, flushing a sandbox, or anything else, other than her usual email/internet activities! ....or am I missing something?

Is there any other similar product that might even be better than Faronics AE in this respect?

-{ Quote: "Firefox with adblock and no script. I have Comodo 3.0 and NOD32 3.0. And yes I surf porn." }-
And who told you to do that.....Satan? :lurking:

Any HIPS like EQS, SSM, NG can be configured to make rules for all application on ur system, then disconnect the user interface( silent mode/ locked mode) and it will be similar though not exactly same( EQS is free and SSM has free version too). But u need time to make rules.

ProSecurity has a good wizard to make rules automatically but not sure if it has a silent( no pop up) mode or not. It has a free version too though a bit outdated but it must be OK.

-{ Quote: "
1. My wife often receives email containing documents (*.doc, *.pdf, *.txt), sometimes (but not always) within a zip or rar attachment. She also often receives photos (*.jpg) as email attachments. Would AE deny opening any of these (assuming they are 'clean')?" }-
AE won't interfere with data filetypes. AE will block data filetypes only if:

they have double extension (i.e .JPG.EXE) and the final extension is of executable nature (disguised executable)
they have a data file extension (i.e. .DOC) but they contain executable code (the MZ magic byte for example)

AE won't protect your wife against:

script malware, because AE only works with executables (compiled code). Not big deal, because script malware isn't common nowadays and it's relatively easy to setup a security policy against them
exploits, because AE doesn't intercept shellcode. However, since almost all exploits try to put a new executable (trojan downloader/dropper) in your system, AE will BLOCK the outcome of almost all exploits. See the WMF example.

-{ Quote: "2. Can you (or anyone here) address the likelihood of false positive instances using AE? " }-
There are no FPs with AE. AE is like a guest list of executables (SYS drivers, DLL libraries, EXE apps, SCR screensavers, COM apps and so on). Anything that isn't included in that list is banned (whitelisting). OTOH, an AV is like a criminal list, anything that isn't included in that database is assumed to be good (blacklisting)

AE is really good, strong and quiet on a stable machine (i.e. you setup it once and no new programs are installed/downloaded/updated afterwards)

Can,t srcip malware be avoided by simply turning off windows scripting host?

Yes, but you may need to run scripts (I do). Also, you still have to deal with macro viruses (another "non-issue")

Get rid of the wife-keep the pc.
Enjoy the day.
Hugger

LOL ;D

-{ Quote: "AE won't interfere with data filetypes. AE will block data filetypes only if:

they have double extension (i.e .JPG.EXE) and the final extension is of executable nature (disguised executable)
they have a data file extension (i.e. .DOC) but they contain executable code (the MZ magic byte for example)

AE won't protect your wife against:

script malware, because AE only works with executables (compiled code). Not big deal, because script malware isn't common nowadays and it's relatively easy to setup a security policy against them
exploits, because AE doesn't intercept shellcode. However, since almost all exploits try to put a new executable (trojan downloader/dropper) in your system, AE will BLOCK the outcome of almost all exploits. See the WMF example.


There are no FPs with AE. AE is like a guest list of executables (SYS drivers, DLL libraries, EXE apps, SCR screensavers, COM apps and so on). Anything that isn't included in that list is banned (whitelisting). OTOH, an AV is like a criminal list, anything that isn't included in that database is assumed to be good (blacklisting)

AE is really good, strong and quiet on a stable machine (i.e. you setup it once and no new programs are installed/downloaded/updated afterwards)" }- Lucas, thanks for all of your constructive help in this matter. It's most appreciated.

Btw, I don't think my wife would object if I changed her browser from IE7 to FF2 as long as I retain her current home page ...would doing that result in more security browsing? ...and if so, why?

-{ Quote: " You could take a look at DefenseWall or GeSWall. Other's have mentioned they are wife proof LOL. " }-

Still going strong here with Defensewall on the wife's PC!! 20 days in and still not a peep from it or the wife about it :D

-{ Quote: "Btw, I don't think my wife would object if I changed her browser from IE7 to FF2 as long as I retain her current home page ...would doing that result in more security browsing? ...and if so, why?" }-
Firefox w/Adblock Plus (http://adblockplus.org/en/) is a sound choice. Firefox isn't as targeted as IE, has a better security record and the ABP (http://easylist.adblockplus.org/) add-on will kick the ads, which are a known (http://www.wilderssecurity.com/showthread.php?t=176263) source (http://www.wilderssecurity.com/showthread.php?t=173405) of (http://www.wilderssecurity.com/showthread.php?t=172559) malware (http://www.wilderssecurity.com/showthread.php?t=169840).
Another useful measure would be disabling autorun on removable drives (Tweak UI (http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx))

-{ Quote: "Firefox w/Adblock Plus (http://adblockplus.org/en/) is a sound choice. Firefox isn't as targeted as IE, has a better security record and the ABP (http://easylist.adblockplus.org/) add-on will kick the ads, which are a known (http://www.wilderssecurity.com/showthread.php?t=176263) source (http://www.wilderssecurity.com/showthread.php?t=173405) of (http://www.wilderssecurity.com/showthread.php?t=172559) malware (http://www.wilderssecurity.com/showthread.php?t=169840).
Another useful measure would be disabling autorun on removable drives (Tweak UI (http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx))" }-
Thanks again for the FF & ABP suggestion, but what's the reason for disabling autorun? ???

-{ Quote: "but what's the reason for disabling autorun? ???" }-

Was also curious so found something here (http://afterlight.110mb.com/2007/06/30/worms-and-usb-flash-drives-gang-up-disable-auto-run/) on that. Thanks lucas!

-{ Quote: "Was also curious so found something here (http://afterlight.110mb.com/2007/06/30/worms-and-usb-flash-drives-gang-up-disable-auto-run/) on that. Thanks lucas!" }-Well I don't think I can sell that one to wifey. She often receives CDs from our family with photos on it and if autoplay is diabled she would have to use My Computer (Windows Explorer) to open them! :-\

If the autorun.inf calls an executable, AE will block it. The problem lies if it calls a script.
You'll have to make a trade-off between security and comfort for your wife :)

-{ Quote: "If the autorun.inf calls an executable, AE will block it. The problem lies if it calls a script.
You'll have to make a trade-off between security and comfort for your wife :)" }-
Guess who wins that contest? Wifey's laptop is getting Faronics AE and Firefox (with recommended Add-ons). I'll be back if she gives me any guff. ;)

Remember to disable automatic updates for Windows and applications. They won't work with AE enabled.
Also, read AE's help file to learn how to manage it (incase you need to disable it to install/update something or if you want to uninstall AE)
After that, AE is truely "set it and forget it" :)

-{ Quote: "Remember to disable automatic updates for Windows and applications. They won't work with AE enabled.
Also, read AE's help file to learn how to manage it (incase you need to disable it to install/update something or if you want to uninstall AE)
After that, AE is truely "set it and forget it" :)" }-:thumb:

PS to the OP: I'm truly sorry for hijacking your SandboxIE thread. :-[

Getting back to Sandboxie, several posters suggested to run it together with Returnil (maybe not always but when trying software or going to the dark side). Does that mean you run Returnil and inside returnil open your browser that is sandboxed?

-{ Quote: "Does that mean you run Returnil and inside returnil open your browser that is sandboxed?" }-
Right :)

Glad to see we are back on subject at last. "Sandboxie" ;D

does the K meleon browser not work inside sandboxie? or is it just me
can some one confirm?

-{ Quote: "does the K meleon browser not work inside sandboxie? or is it just me
can some one confirm?" }-
If convenient you could post any issues at Sandboxie's forum.

No need to register.
SB's Forum (http://sandboxie.com/phpbb/)

-{ Quote: "does the K meleon browser not work inside sandboxie? or is it just me
can some one confirm?" }-
Hi, I didn't have a problem when briefly trying it, but Chuck57 did. Check out posts 62-64 on this page (http://www.wilderssecurity.com/showthread.php?t=198870&page=3). I would also do what Fanklin suggests.

-{ Quote: "does the K meleon browser not work inside sandboxie? or is it just me
can some one confirm?" }-

I had a problem after upgrading Kmeleon from 1.1.3 to 1.1.4. It wouldn't work for me in Sandboxie. I went back to Kmeleon 1.1.4 and tried all the suggestions in the posts in the thread innerpeace linked to. Still no luck, so I'm once again back to Kmeleon 1.1.3 and all works fine. Fortunately, I have the .exe for 1.1.3 saved on my other hard drive.

In fact, I'm running Firefox 3 Beta 3 now more than Kmeleon and loving it even more than Kmeleon. On my computer, FF 3 is noticably faster and working very well in Sandboxie.

I finally tried SandboxIE and what a wonderful underbelly it is. It is as if using SandboxIE has turned me from a Santa Clause believing child to a fully aware adult. I am like a child in a candy shop. I think I am now addicted to the Internet.

SandboxIE should be made aware to all people who use the World Wide Web. With out it they are sure to get their computers hosed by infections very quickly. Some of these weird -but very interesting- sites seem to be nothing but traps for passing on infections--SandboxIE is the new penicillin for these death traps.

Thanks to this Forum I was made aware that it existed.

-{ Quote: "I finally tried SandboxIE and what a wonderful underbelly it is. It is as if using SandboxIE has turned me from a Santa Clause believing child to a fully aware adult. I am like a child in a candy shop. I think I am now addicted to the Internet.

SandboxIE should be made aware to all people who use the World Wide Web. With out it they are sure to get their computers hosed by infections very quickly. Some of these weird -but very interesting- sites seem to be nothing but traps for passing on infections--SandboxIE is the new penicillin for these death traps.

Thanks to this Forum I was made aware that it existed." }-
Pretty cool huh? 8) . I know how you feel. I like the idea of anything I do online being trapped in a 'box' so I can delete it automatically or manually.

Your right about the sites being setup with the intent of infecting users. There usually looking for the 'low hanging fruit' or in other words, users who are running older versions of software that have vulnerabilities. That's why it's important to keep up to date.

Cheers

No offense, but isn´t this like the most stupid topic title ever? What the hell is this guy talking about? :blink:

-{ Quote: "No offense, but isn´t this like the most stupid topic title ever? What the hell is this guy talking about? :blink:" }-

He means he sees everything you do when you use sandboxie... :wacko: metaphorically of course!
So if you weren't paranoid enough as it is... this will help improve things a bit!

-{ Quote: "No offense, but isn´t this like the most stupid topic title ever? What the hell is this guy talking about? :blink:" }-

Yes I know what you mean

Maybe "What the butler saw"? or maybe "What the boy was too frightened to see because he was only twelve and hadn't grown up to be a butler yet and his mum might catch him and send him to bed early for being "A very naughty boy!"

Newest K-Meleon working fine here with Sandboxie. Maybe the problem isn't Sandboxie. There some other options too. GhostWall needs Loopback rule if you like to use sandboxed browser and so on.

-{ Quote: "No offense, but isn´t this like the most stupid topic title ever? What the hell is this guy talking about? :blink:" }-

No offense taken. Most stupid topic ever? For those of us who do not know how to protect ourselves from internet infection, knowledge about SandboxIE is far from stupid but in fact a real eye opener as it protects better than any firewall I have used or any Anti Virus program I have ever used.

This allows us to go where we want on the world wide web without fear and thus experience a whole new world.

Knowledge of SandboxIE is not stupid but is knowledge that is quite powerful.

In fact it is a very easy program to use even for the newbie.

From my limited experience it it seems that SandboxIE can replace complicated firewalls and anti virus software. In fact it is a very easy program to use even for the newbie.

This is a statement that cannot be made about many firewalls and anti virus programs, which cannot protect like SandboxIE does.

A look at this forum only proves the difficulties of these.

in theory SBIE should be sufficient but if it fail,where are you then ?

To trust on only one is bit stupid,SBIE can fail and we are just human so we make mistakes.

If you take file out of the Sandbox,how do you know that its not malicious.

I would'nt trust SBIE or whatever as my only protection.

-{ Quote: "in theory SBIE should be sufficient but if it fail,where are you then ?

To trust on only one is bit stupid,SBIE can fail and we are just human so we make mistakes.

If you take file out of the Sandbox,how do you know that its not malicious.

I would'nt trust SBIE or whatever as my only protection." }-

Thank you. I have been waiting for somebody to make a comment like I said. I use Comodo 3.0 and NOD32. I tried Sandboxie and its more of a pain to then anything. I download things everyday so I would be constantly recovering files out of the sandbox which got tiresome. I have been surfing the web for over 5 years using a firewall and a good av and never one infection. I have always been able to " see the under belly of the net" just fine. So I agree 100% that what can sandboxie do for you if you recovery a file and its a virus or spyware. Then thats when you do need a n av or anti spyware of some sort. Sandboxie should not be used to replace an anti virus but can compliment one. Sandboxie cannot tell you if something is a virus plain and simple.

-{ Quote: "in theory SBIE should be sufficient but if it fail,where are you then ?

" }-

that is why everyone should have multiple security layers covering all areas.

If my sandboxie happens to fail then my hips would prevent any malware from installing

-{ Quote: "Thank you. I have been waiting for somebody to make a comment like I said. I use Comodo 3.0 and NOD32. I tried Sandboxie and its more of a pain to then anything. I download things everyday so I would be constantly recovering files out of the sandbox which got tiresome. I have been surfing the web for over 5 years using a firewall and a good av and never one infection. I have always been able to " see the under belly of the net" just fine. So I agree 100% that what can sandboxie do for you if you recovery a file and its a virus or spyware. Then thats when you do need a n av or anti spyware of some sort. Sandboxie should not be used to replace an anti virus but can compliment one. Sandboxie cannot tell you if something is a virus plain and simple." }-
Am I right in assuming then that if you want to remove a file from Sandboxie, you should scan it first with your AV (NOD32)? :)

-{ Quote: "Am I right in assuming then that if you want to remove a file from Sandboxie, you should scan it first with your AV (NOD32)? :)" }-


That is what I do. ;D
My AV,AS and if it is not to large of a file, Virus Total.

-{ Quote: "Am I right in assuming then that if you want to remove a file from Sandboxie, you should scan it first with your AV (NOD32)? :)" }-

1- If u have downloaded the file urself and trust it, why to scan it?

2- And if u have a real time AV, it will catch it even inside the sandbox.

-{ Quote: "1- If u have downloaded the file urself and trust it, why to scan it?

2- And if u have a real time AV, it will catch it even inside the sandbox." }-
This is true. Just making the point in response to Dieselman's statement. Thanks :)

-{ Quote: "1- If u have downloaded the file urself and trust it, why to scan it?" }-
Because, as has been demonstrated countless times, we all know how reliable a random person's opinion of a random file's trustworthiness is.

-{ Quote: "1- If u have downloaded the file urself and trust it, why to scan it?

2- And if u have a real time AV, it will catch it even inside the sandbox." }-

1) in reality not every downloaded file is trusted beforehand so to scan it is IMO good practice[virustotaal,jotti]

2) if signatures are up to date,what about zero days exploits ? Hips better suited.

I can feel with the O sub P that ditching realtime stuff has advantages,but trust only one app. goes to far IMO. I did it too but i keep Boclean and ondemand Cureit and SAS.
And if going realy dodgy i protect the whole lot with Returnil.

FYI over at Sandboxie forums some guys there using only Sandboxie as their sole protection. Hmmm. ???

-{ Quote: "FYI over at Sandboxie forums some guys there using only Sandboxie as their sole protection. Hmmm. ???" }-
It's actually possible - but of course you need to look at how you're going to use your computer. A sandbox isolates everything, good or bad. It can't tell whether what it isolates is actually benign or malicious, but that's absolutely no problem if you don't intend to ever let anything out of isolation. It's ideal for someone who never or rarely installs new programs, and only downloads those from reputable sites like download.com or straight from the vendor.

-{ Quote: "Because, as has been demonstrated countless times, we all know how reliable a random person's opinion of a random file's trustworthiness is." }-
In that case I doubt that scanners will benefit him for long.

Hi,

The real danger of surfing Net with SandBoxIE is, IMO, the user deliberately or knowingly allows a file recovered from sandbox, but

What if the file accidentally leaks out (some say SBIE's anti leak function is not that 100% foolproof), what other remedies does user have ?

I am thinking these: Put SBIE in DW, anything leaks out there is treated as UNTRUSTED by DW (restricted right), if it can not execute, it can not infect.

If, only if DW fails here, user's AV on-access-scanner should pick up something, or other HIPS should too.

If they unfortunately do not react/act on this, user's behaviour blocker, in theory , will alert user too. In the very unlikely situation, if all these fail, user's virtualization app, such as DeepFreeze, or Shadow Defender etc will finally protect user, of course, if user has done this surfing in shadowed(freeze) mode.

Would this layered defense system be an ideal one ?

-{ Quote: "
Would this layered defense system be an ideal one ?" }-

No - it would be what I call Michelin Man - walking around on a hot day with multiple layers of clothing. what sort of surfing habits could possibly justify such excess ? It would be bad enough if success could be guaranteed but even with so many layers infection is still possible. I can see that some may prefer Sandboxie, whilst others feel more secure with a real time AV and yet others opt for HIPS but to just load on layer after layer is just madness as far as I'm concerned - sorry far from ideal.

-{ Quote: "Am I right in assuming then that if you want to remove a file from Sandboxie, you should scan it first with your AV (NOD32)? :)" }-
Yes. I scan all files before opening them. Even Nvidia drivers.

-{ Quote: "No - it would be what I call Michelin Man - walking around on a hot day with multiple layers of clothing. what sort of surfing habits could possibly justify such excess ? It would be bad enough if success could be guaranteed but even with so many layers infection is still possible. I can see that some may prefer Sandboxie, whilst others feel more secure with a real time AV and yet others opt for HIPS but to just load on layer after layer is just madness as far as I'm concerned - sorry far from ideal." }-
Agreed. Look at the Security Set up post. There are people running 5 layers of protection. Thats dumb in my opinion and overly paranoid. What are people so affraid of? So whats the worse thing that can happen if you get a virus. Reinstall Windows. Like all of us haven't done that before. No protection is 100% effective. Mainly it comes down to common sense.

-{ Quote: "There are people running 5 layers of protection." }-
I can have tons of security layers (http://www.wilderssecurity.com/showpost.php?p=1192974&postcount=4) without using security software. Also, I can have zero security layers (unpatched machine without hardening, security software, 3rd-party software, etc) and still stay clean. The number of layers means nothing.
-{ Quote: "So whats the worse thing that can happen if you get a virus. Reinstall Windows." }-
Financial loss.
-{ Quote: "Mainly it comes down to common sense." }-
Agreed.

Hi,
Common sense , IMO, is essential, but you know, in some instances, may not that great enough.

My theory is, if your resource is sufficient, either Hardware wise or software wise (deep pocket to acquire applications), more layered system will not go wrong that much.

One single infection of any sort will make you feel so uneasy; re-installation is the simplest thing to do, but how about the data destroyed by virus, or got stolen by trojan, don't you worry ?

One ounce of prevention is better than ? I believe in Insurance for that raining day.

Take care.

-{ Quote: "So whats the worse thing that can happen if you get a virus. Reinstall Windows." }-

As lucas said, financial loss. Also identity theft.

muf

I have never ever been infected in over 5 years. I would rather enjoy my pc(desktop & laptop). I have downloading this and that and surfing this and that with no problems what so ever. I also never download or install anything I do not know. So many infections simply come from people going click happy and not taking the time to read what they are installing. Sticking to the subject at hand and like I said I have always been able to see the underbelly of the net WithOut Sandboxie. Using NOD32 and Comodo I feel safe. I also have a good knowledge of what is always running on my pc.

-{ Quote: "As lucas said, financial loss. Also identity theft.

muf" }-
Come on now. How many times have you heard of this? Most identity theft is from people picking threw your trash. People are so paranoid. I check my checking account and credit card on a daily basis sometimes hourly basis. I know what I buy and what I have at all time. I shred all paper. Honestly speaking if somebody stole my credit card or bank account its not the end of the world. I still have a paycheck coming in. If you are the victim of identity theft most banks help you and you are not responsible for the charges. Find me a case of identity theft where the person lost everything they had. House,car,boat,money,every last penny they had. I have never heard of any cases like this.

-{ Quote: "My theory is, if your resource is sufficient, either Hardware wise or software wise (deep pocket to acquire applications), more layered system will not go wrong that much." }-
That is as silly as wearing a scuba diving mask, aqualungs, and wetsuit and taking a deep sea flashlight with you every time you step into the bathtub.

Is it wrong, per se? Absolutely not. :shifty:

-{ Quote: "As lucas said, financial loss. Also identity theft.

muf" }-

Which would take far much more time and agrravation to fix then just reinstalling windows.

A bit OT but restore a clean image is nicer then a complete reinstall.

Identity theft is something where SBIE comes in handy,cause you can set browser as the only one to connect,keyloggers can collect but can't phone home.Simply deleting the sandbox and your fresh again,no traces left !!

I always think of the car insurance analogy. You've got fire, theft, comprehensive, glass and collision insurance on your car/cars. So when was the last time your car caught fire, was stolen, had a rock break a window, or had an accident? probably either never or once or twice quite a while ago. But most of us have all that layered insurance. So security software is the same thing. ;D

For a home user to loose some intimate data,i agree its not the end of the world,reinstall,restore and your set. In general there's no financial loss cause the bank will compensate you.

But don't talk about big companies,hacked corporate networks with a downtime of even just a few hours cost big $$.

-{ Quote: " But most of us have all that layered insurance. So security software is the same thing. ;D" }-


That suggestion that because most people do such and such it must be ok concerns me. The first law of insurance is that you never insure something that you can afford to loose. yes there are insurance junkies just as there are security software junkies but that does not make mania a happy state. The ideal in both cases is to have as little ( insurance or security) as is required in the circumstances - otherwise you fall into the trap of paying 30% extra just in case your new Freezer fails with the first 5 years.

I don't go in for dangerous surfing but if I did Sandboxie or similar might be helpful but I can't see the sense in just loading one more layer after another.

Very OT but what to think about a worldwide powerloss[it can happen] in terms of human suffering and financial losses.

Alas but we ourself build this highly binaries dependent society so we have to take the losses if it happen.

At least if it happen i can't get to Wilders...not nice !!

If you know your app. very well and also the WWW you can get away with a very minimal approach or no approach at all.
If i understand member Lucas1985 right he surfs the WEB without any protection. Hmmmm ::)

-{ Quote: "That suggestion that because most people do such and such it must be ok concerns me. The first law of insurance is that you never insure something that you can afford to loose. yes there are insurance junkies just as there are security software junkies but that does not make mania a happy state. The ideal in both cases is to have as little ( insurance or security) as is required in the circumstances - otherwise you fall into the trap of paying 30% extra just in case your new Freezer fails with the first 5 years.

I don't go in for dangerous surfing but if I did Sandboxie or similar might be helpful but I can't see the sense in just loading one more layer after another." }-
I don't want to beat my insurance analogy to death but let me ammend it by saying insurance for what you perceive to be something that you can't afford to lose, as in the case of important files. I don't think a FW, AV, AS, SBxie and FDISR is over the top.:)

-{ Quote: "If i understand member Lucas1985 right he surfs the WEB without any protection. Hmmmm ::)" }-
Correct, on some machines I do not use any protection. Just a bit of integrity checking to see that all is well :)

198334

The bulk of infection sandboxie is good to defend against, is actually easily preventable by simply not activating executables one downloads prior to having them scanned by a good anti virus, the other important vector sandboxie is good against is related to web browser modification by hijackers or cross server scripts that exploit the web browsers... this can be easily done by using firefox and NoScript, with linkscanner Pro and SiteAdvisor from mcafee... (Which is actually the preferable protocol to use as you will more than likely use your web browser outside the sandbox at some point).

Sandboxie is a great tool, it works as intended but it has vulnerabilities in it's design in that it doesn't scan for malware prior to allowing something out of its protected environment, and only protects specific component that one selects prior to using them... It is not a substitute for even the lousiest firewall for example... As it would provide no protections against external port scanning and exploits... Basically it's nothing more than a strong box, leaving everything outside the box as vulnerable as it always was...

While sandboxie is a powerful self defense method, it is not one someone can use mindlessly and carelessly... as the end result will be ugly, if for examples one was to use it without backup protection and they managed to get infected the problem would be undetected until the system became unstable... This is an issue as I have seen computers with multiple infections that even when combined, actually exhibited few symptoms of infections... Meaning the infections could go undetected for a long time, thus increasing the risks for the rest of us as well.

Just a thought!

Before anything,key is to have sound images,if i hose my system in whatever way,a quick restore and i am back in business.

I give myself the luxury to ever slimming down toward a bare minium and see what happen,is there anything in it i don't like then FDISR or even ShadowProtect are in my arsenal.So in a way nothing can hurt !!

To pickup on some of the earlier posts on identity thefts...

I think many who never had a bad hit, have a tendency to minimize the risks, like some rich people who probably never lacked of anything, look at the poor, and make comments like "Let them get a job"... They simply do not understand something that is not happening to them, and trivialize the event, perhaps as a coping mechanism.

Identity theft is real, otherwise why would we be getting fishing emails almost daily from what looks like our banks, or from lookalike companies we often do business with?

It's real, some loose their credit rating, sometimes their homes as they suddenly become insolvent! with all the complicated implications this engenders...

This is no trivial matter...

I ask myself at least here on Wilders how many are really beaten up and suffered financial losses due to bad keylogger,i guess not that many. ;)

-{ Quote: "I ask myself at least here on Wilders how many are really beaten up and suffered financial losses due to bad keylogger,i guess not that many. ;)" }-


Identity theft can have such disastrous results that I feel the need to take preventive measures.
The number of victims may be small compared to the number of people that bank or shop online, but I would want to at least try to tip the odds in my favor.
Hugger

-{ Quote: "I ask myself at least here on Wilders how many are really beaten up and suffered financial losses due to bad keylogger,i guess not that many. ;)" }-
Agreed. Live life. Dont worry it.

-{ Quote: "Identity theft can have such disastrous results that I feel the need to take preventive measures.
The number of victims may be small compared to the number of people that bank or shop online, but I would want to at least try to tip the odds in my favor.
Hugger" }-

Intelligent Perspective indeed...
The other aspect which is rarely if ever discussed here is what is ones responsibility when our own technology is used to infect someone else's. I often try and raised the subject since I think many really do not give a poop if their own computers are infected to the gills with everything from spyware to rootkits...

They care not it seems that this also means that their own machine is actively working to infect as many as possible within the shortest time frame...

You have to consider that people use their computers many different ways. You have to properly identify your risk area. That is why there is no magic fix for everyone. But it is entirely possible that there can be a single fix for anyone. It's just that it may be a different single fix. For me, downloaded installations are easy. If you confine them to vendor or trusted sites, it is extremely rare to have a problem. (A/V or no A/V) I also have a separate computer for testing, if I choose to try something I am not sure about.

Dieselman identified his usage, his past history and his comfort zone. He gave Sandboxie a try and made a decision that he in fact did not require it. What is wrong with that?

A relative I sometimes help out is in import/export and gets about 200 emails a day. 80% of these are from China and other similar points. 80% have attachments. (Mostly proposals in Word form with an accompanying picture in jpg) I can't distinguish spam from real and have to literally at least look at everything. It is important to respond timely. I agree it is also important not to forward infected attachments. Competitors routinely try to bind you up with floods of junk, and I am not sure if they are actually getting anything or just happy to slow us down.

System crashes and screen bind ups that require a forced reboot cost me money. The problem for me is that the common solutions offered were just as likely to cause a crash or bind up, and simply left far too much 'uncaught'. Just the time spent scanning had an identifiable cost. Internet Explorer and Sandboxie fit the bill just nicely for me. Other than a hardware firewall, there is no other security ware installed. Our response time is improved, our down time is zero (literally), and profits are up. So there is a financial side to all of this.

:thumb: :thumb:

-{ Quote: " Internet Explorer and Sandboxie fit the bill just nicely for me. Other than a hardware firewall, there is no other security ware installed. Our response time is improved, our down time is zero (literally), and profits are up. So there is a financial side to all of this." }-
Fine, This entirely assumes that you "Know" an infected computer from another.
It also assumes that Internet Explorer and Sandboxie are perfect tools without fail... And that u trust them implicitly to provide 100 % effective protection... It also assumes you will never have to extract executables outside the sandbox as you would have no way of knowing if the executable is in fact safe to use...

In my opinion, too much faith in anything usually proves itself to have been unwise somewhere down the road...

-{ Quote: "Fine, This entirely assumes that you "Know" an infected computer from another.
It also assumes that Internet Explorer and Sandboxie are perfect tools without fail... And that u trust them implicitly to provide 100 % effective protection...

In my opinion, too much faith in anything usually proves itself to have been unwise somewhere down the road..." }-

If it work for him with this minor protection,then he is smart in sorting out the real dangers and take just the necessary measures

Its kinda like real smart coding,such as high quality applications in a very small packages.

Its like comparing an all mechanical robust Leica M camera with only bare basic functionality to an modern Japanese Digital with all the bell and whistles.

Its just a state of mind with differ probably from yours.

-{ Quote: "I ask myself at least here on Wilders how many are really beaten up and suffered financial losses due to bad keylogger,i guess not that many. ;)" }-
Hi,

If the loss of any sort can be measured and dealt with, then there are NO problems. In fact,

The REAL problems are the lingering worries and anxieties thru days and nights, just because you DO NOT know how much in quantity and how wide in scope you have lost and will be lost. The remedies are likely beyond any assistance of Medical professions.

Identity theft is not the end of the world. And yes people should enjoy their pc and not go OTT on security software and worrying. But with identity theft, it causes a major PITA to your life. It will affect your life and family, at least until you sort out all the problems through your bank and the police. You'll always have that feeling that one day something may pop through your letterbox that starts it all over again. Yes it's not the end of the world, but for the time it takes to solve it, it remains a bad time in your life. And has been pointed out already, takes a lot longer to resolve than simply reinstalling windows. All I'm saying is that is it worth going a bit OTT with your software protection to make sure it doesn't happen or take the chance with limited software and fall into the trap...

muf

By identity theft I assume that the main concern is with bank and credit card details ? If this is the case I would have thought that any one of a number of
password/identity programs would be the best solution - 8 digit or more master
password - safe only open when necessary and machine rebooted before banking.

Food is a good analogy... You need it, its really important and a necessity.
However over heating will cause obesity and obesity leads to type II diabetes and increases the risk of heart failures and strokes. Also the obese die younger than the average...

The moral of this story, is you should eat well, but intelligently and you should do the same with your security products consumptions!

-{ Quote: "The bulk of infection sandboxie is good to defend against, is actually easily preventable by simply not activating executables one downloads prior to having them scanned by a good anti virus" }- That is just an opinion. Others can think that using just a sandbox here might be more simpler.-{ Quote: "the other important vector sandboxie is good against is related to web browser modification by hijackers or cross server scripts that exploit the web browsers... this can be easily done by using firefox and NoScript, with linkscanner Pro and SiteAdvisor from mcafee... (Which is actually the preferable protocol to use as you will more than likely use your web browser outside the sandbox at some point). " }-If by cross server scripts u mean XSS , are us sure SBIE protectss against it? I think not.
-{ Quote: "
Sandboxie is a great tool, it works as intended but it has vulnerabilities in it's design in that it doesn't scan for malware prior to allowing something out of its protected environment, and only protects specific component that one selects prior to using them... It is not a substitute for even the lousiest firewall for example... " }-

Obviously one should not think even that a Sandbox is going to replace a FW.
-{ Quote: "
While sandboxie is a powerful self defense method, it is not one someone can use mindlessly and carelessly... " }-

That is true of any other security tool in exeistance.

-{ Quote: "That is just an opinion. Others can think that using just a sandbox here might be more simpler.If by cross server scripts u mean XSS , are us sure SBIE protectss against it? I think not." }-
Of course simply using a sandbox is by far the simplest protection... However I made my point in several posts on this issue before...
Sandboxie is a great tool, it works as intended but it has vulnerabilities in it's design in that it doesn't scan for malware prior to allowing something out of its protected environment, and only protects specific component that one selects prior to using them... It is not a substitute for even the lousiest firewall for example... As it would provide no protections against external port scanning and exploits... Basically it's nothing more than a strong box, leaving everything outside the box as vulnerable as it always was...

What could be added to this is that multiple applications on user systems have inherent vulnerabilities scanned for and exploited by hackers. Those are not covered in sanboxes. My point is simply that whatever sandboxie protects against there are open gaps that other tools are better suited to defend against.

As for XSS protections actually Not directly no... However by deleting the sandbox the modifications made to the browser or the system are erased and as such indirectly yes...

-{ Quote: "
Obviously one should not think even that a Sandbox is going to replace a FW.
" }-
That comment is a response to some who think this tool is the only security required...

Bank Of America and Capitol One will call me if there are suspicious activity on my accounts. Over Christmas time Bank Of America called me to be sure all the charges were mine. So I logged on and went over everything on the phone with the lady and all charges were legit. I check my accounts daily and no every transaction there is. I might suggest you all do the same rather then thinking some security software can keep you safe. Sandboxie cannot tell you if somebody is using your account.

-{ Quote: "Fine, This entirely assumes that you "Know" an infected computer from another.
It also assumes that Internet Explorer and Sandboxie are perfect tools without fail... And that u trust them implicitly to provide 100 % effective protection... It also assumes you will never have to extract executables outside the sandbox as you would have no way of knowing if the executable is in fact safe to use..." }-
I am not following you here; Couldn't you ask that at any time after you were through adding security products? I addressed executables in my previous post, what and why should be added to the setup?

-{ Quote: "
Sandboxie is a great tool, it works as intended but it has vulnerabilities in it's design in that it doesn't scan for malware prior to allowing something out of its protected environment" }- Come on. Not scanning files/ not acting as FW is not a vulnerability. It,s simply not its job.

-{ Quote: "
As for XSS protections actually Not directly no... However by deleting the sandbox the modifications made to the browser or the system are erased and as such indirectly yes..." }-

I don,t agree. XSS will trsafer ur data( passwords etc) during a browser sesssion, so for all practical purposes it,s No Protection at all.

-{ Quote: "Come on. Not scanning files/ not acting as FW is not a vulnerability. It,s simply not its job. " }-

Of course it isn't it's job... The point again relates wanting to use this tool by itself... That is my only concern and is why I am writing these posts.

-{ Quote: "
I don,t agree. XSS will trsafer ur data( passwords etc) during a browser sesssion, so for all practical purposes it,s No Protection at all." }-

XSS manifests in many ways, not only as a password stealing trojan. However I am not personally aware of such an event taking place without an executable being injected into the system first. Thus doing it would trigger a good HIPS or even a decent antivirus... Again a good argument not to use sandboxes by themselves...

Even so Firefox with No script would prohibit this behavior should it take place directly from within a browser intercept if in some way it broke the SSL encryption used on most secured sites to protect against this. Given this possibility Firefox w/Noscript again proves a superior protection than a sandbox by itself.

-{ Quote: "I am not following you here; Couldn't you ask that at any time after you were through adding security products? I addressed executables in my previous post, what and why should be added to the setup?" }-

I'm simply relating to the last comment in your post which states clearly that you chose to use only sandboxie with a firewall. and for performance reasons you are absolutely right... Nothing beats it.

My argument is that using a good HIPS with sandboxie is preferable. I like prevx because it encompasses all the basis... as in built in AV, AS, HIPS. all in one.

Again this is simply a personal preference, there are many good tools that cover many of the issues, most not stated here.

-{ Quote: "Sandboxie cannot tell you if somebody is using your account." }-
Neither your AV, HIPS or FW.
-{ Quote: "However I am not personally aware of such an event taking place without an executable being injected into the system first." }-
XSS events without involvement of the local filesystem (http://www.wilderssecurity.com/showthread.php?t=174195)

-{ Quote: "
XSS events without involvement of the local filesystem (http://www.wilderssecurity.com/showthread.php?t=174195)" }-

Thanks Lucas,

Well, this is again something that requires a script to be executed within the web browser, it also requires the web browser to have auto password input enabled.

Using Firefox with NoScript would have blocked the event, as the script would have to be authorized prior to it being able to perform the task. this would have allowed the user to easily identify the spoof. Since this is via a spoof site, there are multiple method to defend against such...

This is another reason I recommend on my site that users should use the following:

1- Firefox + Noscript ( Would have blocked the script from executing in the first place)
2 - Linkscanner Pro ( It would have pre scanned the site for XSS and weird scripts and issues a warning if not outright blocked it)
3 - McAfee Site Advisor (Would have issued a Red Flag as others might have already been hit and may have reported it already - or blocked it as well)
4 - Run the whole thing inside a sandbox

As these effectively combat those types of infections, one sort works as a failsafe for the other. I know it sounds rash, but it is effective nonetheless.

Sometimes when I visit sites and I'm unsure, I'll even open it in firebug to read the script first just to be safe... ( You can still read blocked scripts)
for those interested in learning about scripts: Http://www.getfirebug.com

If Firefox and Noscript does its job properly and I think it does then as far as XSS is concerned does Sandboxie add anything ?

-{ Quote: "If Firefox and Noscript does its job properly and I think it does then as far as XSS is concerned does Sandboxie add anything ?" }-

Well, I think the issue, is that your web browser is not the only applications you could run inside of a sandbox... I run winamp and some other tools. It is an awesome system against executables one downloads into the system...

I think though that the use of a sandbox alone is over rated given that there are many reasons why users would want to download and try applications on their computers... Its necessary for most to have a good av besides the tools I stated above as a result, besides the obvious risks associated with web browsers and their latent vulnerabilities... Even as they run within a sandbox.

-{ Quote: "Thanks Lucas,

Well, this is again something that requires a script to be executed within the web browser, it also requires the web browser to have auto password input enabled." }-
Not really. Crossing the boundaries of domain restrictions means that a site performing XSS can grab info from the cookies (example, the login credentials of forums or something more serious) without any auto-filler involved.
As you said, NoScript is the best (and only?) protection against these threats. A tight firewall ruleset (http://www.wilderssecurity.com/showthread.php?t=174415) helps against some types of XSS and common sense also helps (don't click on random links even if they are from reputable sites)
-{ Quote: "If Firefox and Noscript does its job properly and I think it does then as far as XSS is concerned does Sandboxie add anything ?" }-
In theory no. But you can make a mistake with NoScript and if remote code execution takes place, SBIE (or another sandbox) will contain the dropped files inside the container.

-{ Quote: "Of course it isn't it's job... The point again relates wanting to use this tool by itself... That is my only concern and is why I am writing these posts." }-

Personally I believe, some body can be quiet safe even with a single security application. All that matters is how u use ur PC. I don,t mind if some one feels him safe only with a single appication.
-{ Quote: "
XSS manifests in many ways, not only as a password stealing trojan. However I am not personally aware of such an event taking place without an executable being injected into the system first. " }-

As lucas posted. XSS can steal data without executing any thing (just by browser JS).

It,s not long ago when there was a POC posted by some memeber on ZoneAlarm site.

-{ Quote: "Not really. Crossing the boundaries of domain restrictions means that a site performing XSS can grab info from the cookies (example, the login credentials of forums or something more serious) without any auto-filler involved.
" }-
Yes but a script must be processed by the browser to extract the data and use it... that event must be interpreted by the browser, and as such easily blocked by Noscript. Given that the user does not authorize the script he is fine.

-{ Quote: "
As you said, NoScript is the best (and only?) protection against these threats. A tight firewall ruleset (http://www.wilderssecurity.com/showthread.php?t=174415) helps against some types of XSS and common sense also helps (don't click on random links even if they are from reputable sites)
" }-

Good advice!
Actually Linkscanner Pro does offer XSS protections, and it has a black list as do SiteAdvisor, they will protect you but with a bit of laag.

Just a passing remark, I had my first SQL Injection attack on my web site 2 days ago... Easily blocked, and now run rabbit run!
The point is that they are scanning for any vulnerabilities they can exploit...

-{ Quote: "Yes but a script must be processed by the browser to extract the data and use it... that event must be interpreted by the browser, and as such easily blocked by Noscript. Given that the user does not authorize the script he is fine." }-
Correct. If it doesn't execute (browser scripts, system scripts, macros, binaries/executables) it can't do any harm.
-{ Quote: "Actually Linkscanner Pro does offer XSS protections, and it has a black list as do SiteAdvisor, they will protect you but with a bit of laag." }-
The database of SiteAdvisor is pretty much obsolete (excepting the obvious crack/warez/porn sites). It's way behind the speed of the movements of the malware crocks.
I also doubt that Link Scanner will detect a simple redirect script on a trusted site if it doesn't involve remote code execution.
XSS open a whole new kind of threats, web-based threats (and multi-platform) which can be made very specific and target small subsets of populations. Most users still think of the threat of remote code execution (i.e. dropping/launching a new, unauthorized executable) when the next generation of threats is already present.

-{ Quote: "The point is that they are scanning for any vulnerabilities they can exploit..." }-
Hope that your hosting provider has a speedy patch policy and a stringent password policy at least.

-{ Quote: "
As lucas posted. XSS can steal data without executing any thing( just by browser JS).
" }-

Executed no... but Interpreted yes.
See no matter what the script is... It's a text file or a simple block of embedded text, we can refer to it as a script... the browser must interpret that text to understand what it is...

Each script must identify themselves to the browser for the browser to know what engine to feed it too, ie Java, VB, Ajax or flash and so on... This is where NoScript intercept the scripts, right at it's opening statement...

It's a wonderfully simple way to provide protection... isn't it? Nip it right in the bud... ;D

-{ Quote: "Hope that your hosting provider has a speedy patch policy and a stringent password policy at least." }-

A run tool that records all the injection attempts, and documents them as well as block them...

These bozos are gonna be famous! 8)

-{ Quote: "Correct. If it doesn't execute (browser scripts, system scripts, macros, binaries/executables) it can't do any harm.

The database of SiteAdvisor is pretty much obsolete (excepting the obvious crack/warez/porn sites). It's way behind the speed of the movements of the malware crocks.
I also doubt that Link Scanner will detect a simple redirect script on a trusted site if it doesn't involve remote code execution.
XSS open a whole new kind of threats, web-based threats (and multi-platform) which can be made very specific and target small subsets of populations. Most users still think of the threat of remote code execution (i.e. dropping/launching a new, unauthorized executable) when the next generation of threats is already present." }-

I have been wondering a bit about the laag behind Linkscanner Pro in detection rate... I find it misses roughly 40 % of the infected/Bad sites I visit.
Still it catches quite a few considering the nature of what it does...

Yup, Link Scanner is way ahead of the competition (simple databases like SiteAdvisor) but I don't know how many exploit sites it miss. I think that LS is a good tool for those who don't use NoScript or surf the web wildly.

-{ Quote: "

My argument is that using a good HIPS with sandboxie is preferable. " }-

I would totally agree. I run Sandboxie with Online Armor. I also set browsers and Email clients in Online Armor to run with lower rights. As backup I also run either SSM or Prosecurity. I don't run any scanning software.

Pete

-{ Quote: "I would totally agree. I run Sandboxie with Online Armor. I also set browsers and Email clients in Online Armor to run with lower rights. As backup I also run either SSM or Prosecurity. I don't run any scanning software.

Pete" }-

Hello Pete,
I guess you must be using virusttotal.com or jyoti to scan executables you need extracted from the sandbox?

-{ Quote: "Hello Pete,
I guess you must be using virusttotal.com or jyoti to scan executables you need extracted from the sandbox?" }-
So very true. How can you tell if something contains a virus when you recovery it from the Sandbox. I scan all files before opening or executing.

-{ Quote: "I would totally agree. I run Sandboxie with Online Armor. I also set browsers and Email clients in Online Armor to run with lower rights. As backup I also run either SSM or Prosecurity. I don't run any scanning software.

Pete" }-
I am using only CFP n GW.

I have to stop myself from adding TF to this set up. I am happy to cut it down to two only.

-{ Quote: "Hello Pete,
I guess you must be using virusttotal.com or jyoti to scan executables you need extracted from the sandbox?" }-

Depends on from where I get it. I just downloaded a new exe from the Prosecurity site. Didn't bother scanning. OTOH, yesterday, I downloaded a new program, that I got from a site I found by google. Scanned it on Kaspersky, Jotti, and then tried it first in my VM machine.

-{ Quote: "How can you tell if something contains a virus when you recovery it from the Sandbox. I scan all files before opening or executing." }-
Downloading WindowBlinds skins and wallpapers and Nvidia drivers at a rate of 5 per day is not "tons of stuff", it's milligrams. And it is not "The underbelly of the web" by any measure. If you want to scan it, then fine. But you are tearing up an entire program based on some perceived problem that has about as much likelihood of happening as hitting the lotto at exactly 2:00PM on Tuesday. I have downloaded many programs from trusted sites and vendors and never once had a problem. Am I saying to discard those things? No, of course not. But around here it is the Holy Grail - "OMG, how would you know?” How would you know even after scanning? Let me know when scanning an executable from a known trusted site or vendor site turns up a virus alert. And I will show you a false positive. Besides all of that, most 'normal' users are up to speed on the programs they enjoy and don't actually install 'tons of stuff' everyday.

It's web browsing and email attachments and zero day exploits where the problems are. And coincidentally are the primary strengths of Sandboxie.

-{ Quote: "Downloading WindowBlinds skins and wallpapers and Nvidia drivers at a rate of 5 per day is not "tons of stuff", it's milligrams. And it is not "The underbelly of the web" by any measure. If you want to scan it, then fine. But you are tearing up an entire program based on some perceived problem that has about as much likelihood of happening as hitting the lotto at exactly 2:00PM on Tuesday. I have downloaded many programs from trusted sites and vendors and never once had a problem. Am I saying to discard those things? No, of course not. But around here it is the Holy Grail - "OMG, how would you know?” How would you know even after scanning? Let me know when scanning an executable from a known trusted site or vendor site turns up a virus alert. And I will show you a false positive. Besides all of that, most 'normal' users are up to speed on the programs they enjoy and don't actually install 'tons of stuff' everyday.

It's web browsing and email attachments and zero day exploits where the problems are. And coincidentally are the primary strengths of Sandboxie." }-

Read my other posts. I use web based email which is safer then pop3. I also surf everything and download mp3's and torretns. Not one infection. I did download a Windowblinds skin about 6 years ago or so and it contained a virus. I got it from skinbase.org and not Wincustomize. I emailed skinbase and the next day they were flooded with complaints so they took the file down. Ever since I scan everyting no matter what it is. I was also using Mcafee back then and not NOD32 like I am now.

-{ Quote: "It's web browsing and email attachments and zero day exploits where the problems are. And coincidentally are the primary strengths of Sandboxie." }-
Not anymore. IE7 is, even out of the box, immune to many arbitrary code execution exploits. Even with a copy of IE6 + OE6 gone unpatched for six years, I have to do real work finding an exploit that works.

The shift has gone into social engineering, because exploits aren't working with much reliability anymore, even on systems with minimal security patches. Ecards, porn video codecs and rogue antispyware apps are all the rage these days.

-{ Quote: "Not anymore. IE7 is, even out of the box, immune to many arbitrary code execution exploits." }-
Agreed! I don't get into that as much for fear of the Fx thought police. I, and every company that I deal with, use IE. And every computer person on staff at those company's recco IE. I actually do not trust Microsoft as far as I could throw them and would probably use Opera, all things being equal. But with the addition of Sandboxie, I see no compelling reason to change.

-{ Quote: "I have to do real work finding an exploit that works." }-
The bad guys are releasing poor code, no doubt :D
It seems that the bad guys put too much work on the payload (surviving, snooping, networking, etc) than on coding good exploits. Then, they rely on exploit toolkits for the distribution of their masterpieces.
-{ Quote: "The shift has gone into social engineering, because exploits aren't working with much reliability anymore, even on systems with minimal security patches. Ecards, porn video codecs and rogue antispyware apps are all the rage these days." }-
And these are good news to security-savvy people, because avoiding the rogue codecs, the fake ads and the phony links/attachments protects you against a good amount of malware.

-{ Quote: "The bad guys are releasing poor code, no doubt :D
It seems that the bad guys put too much work on the payload (surviving, snooping, networking, etc) than on coding good exploits. Then, they rely on exploit toolkits for the distribution of their masterpieces." }-
There's always idiots and amateurs in every field. For the really dumb ones, you have to laugh because otherwise you'll cry. For instance, I once saw a Themida-repacked Hupigon variant where the user had apparently used a trial version of the packer, and the Themida splash screen reminding the user to buy the full version was prominently displayed when I tried to execute the trojan.

There's still good exploit code out there. Some VERY good ones that I have to spend weekends puzzling over how to decrypt. And even then, most of the poorly-obfuscated ones DO work when they're put against a vulnerable system (trust me, anyone with half a brain cell tests their stuff before releasing it), it's just that vulnerable systems are getting more and more rare.

-{ Quote: "There's always idiots and amateurs in every field. For the really dumb ones, you have to laugh because otherwise you'll cry. For instance, I once saw a Themida-repacked Hupigon variant where the user had apparently used a trial version of the packer, and the Themida splash screen reminding the user to buy the full version was prominently displayed when I tried to execute the trojan." }-
LOL
-{ Quote: "There's still good exploit code out there. Some VERY good ones that I have to spend weekends puzzling over how to decrypt. And even then, most of the poorly-obfuscated ones DO work when they're put against a vulnerable system (trust me, anyone with half a brain cell tests their stuff before releasing it), it's just that vulnerable systems are getting more and more rare." }-
Well, if the default ICF of XP SP2 meant the end of network worms, widespread adoption of automatic updates could spell the end of uber easy and high profit exploits.

Well i guess that on this battlefield there will be never a winner,its an ongoing struggle to stay ahead of newest findings in both camps and act accordingly,i am far of an expert on these matters but a litle human insight let me conclude so.

Otherwise if there were only good guys it should be a litle boring on this planet.

then no need for Wilders among others. :-[

-{ Quote: "LOL

Well, if the default ICF of XP SP2 meant the end of network worms, widespread adoption of automatic updates could spell the end of uber easy and high profit exploits." }-

There has been a sharp decline on my end since SP2 was released... I think in part due to the addition of the firewall, auto updates and now the Malicious Software Removal tool...

I saw a drop of almost 40 % in unrecoverable systems... Big difference!
That was a great and long awaited move on MS's part...

SandboxIE and XP SP3 play well together so far (about a week) and the Underbelly of the web has yet to way-lay this protected partition.

I use Avast and it seems to catch all mal ware fine inside SandboxIE. I consider this a definite plus as I know when an attack happens. After the session I know that I must Reboot ( "must" in my mind as it calms the nerves completely).

-{ Quote: "SandboxIE and XP SP3 play well together so far (about a week) and the Underbelly of the web has yet to way-lay this protected partition.

I use Avast and it seems to catch all mal ware fine inside SandboxIE. I consider this a definite plus as I know when an attack happens. After the session I know that I must Reboot ( "must" in my mind as it calms the nerves completely)." }-
Hi cortez. Good to hear that Sbie is working well with SP3. For now, I also run an anti-virus with Sbie because I like to know if something weird happens.

What program are you running that you have to reboot? You realize that you don't need to reboot with Sandboxie, you only need to Delete the contents of the sandbox.

-{ Quote: "You realize that you don't need to reboot with Sandboxie, you only need to Delete the contents of the sandbox." }-

I think thats another big reason SandboxIE goes over so well with many including myself.

It's almost like having a super HIPS only better because you can actually allow apps to run inside the sandbox, and just like HIPS choose to Terminate the running program then simply delete the contents as you mentioned, all this without the need for a full reboot.

Running apps in this artificial environment is a big plus, and if you choose to run SandboxIE with a quality HIPS and/or your favorite AV, or even fire up Returnil or another Virtual or even ISR, it's like adding additional levels of elevation whereas if something was to escape there are your other catch nets to intercept the attempt.

I dunno about you guys, but SandboxIE for me is really put a nice secure clamp on potential malicious files.

-{ Quote: "Running apps in this artificial environment is a big plus, and if you choose to run SandboxIE with a quality HIPS and/or your favorite AV, or even fire up Returnil or another Virtual or even ISR, it's like adding additional levels of elevation whereas if something was to escape there are your other catch nets to intercept the attempt.

I dunno about you guys, but SandboxIE for me is really put a nice secure clamp on potential malicious files." }-
Sandboxie is my safety net incase I forget to update a program or let down my guard at a site. I really need to start experimenting running without my real-time AV protection. I need to make sure that SBIE will only allow internet access to what .exe's I set and nothing else. I could also fire up Returnil like you said for extra protection.

I'm just really thankful to find something that protects me while online without solely relying on definitions.

Sure SBIE will,but i value SP more,cause for me it starts and ends with good reliable imaging. ;)

when I get the time I will try Sandboxie again but I agree with Huupi that Imaging is the foundation. If banking or using credit cards on line then a password and identity program makes sense but anything else is not anywhere near as important as having a number of good images.

Put another way there is no anti-virus, anti-spyware, hips, sandboxie ...... type program that I would use, either alone or in layers, in preference to an image.

an example,yesterday a good friend with everything on his huge one partition disk[system+personal data]mainly rare music from the sixties has a cooked his disk,everything lost,he is on the verge of jumping out of the window. lol
i always told him,backup,backup,backup,his useall answer, yes if i have the time,too busy now editing my music files.I even begged him at least to back up his music with a simple Karen Replicator but no ears to my advice !?!

The weirdest thing now he has everything on it in terms of modern security but no imaging/backup solution to fall back,and so it was the end of the story.8)

could have been worse - real music from the 40's and 50's ;D

Yes, me an oldy too,i like Pat Boone and old immortal Frank S.

Sadly Erik left Wilders but otherwise he would certainly make to us very clear why Imaging is first and foremost in computing. :'(

-{ Quote: "Sadly Erik left Wilders but otherwise he would certainly make to us very clear why Imaging is first and foremost in computing. :'(" }-I would hope that this would be so patently obvious to all that you wouldn't need someone to explicitly make the case, furthermore it is completely independent of the security issues or the focus of this thread, i.e.: Your PC contains material that you wish to retain
Some of that material is directly downloaded or prepared on the PC.
At some point, your HDD will succumb to failure. It could be hardware failure, software problem, malware, user error, etc., the cause is irrelevant. Due to the first two items on the list, you need some form of image/backup.As noted ad infinitum, imaging is a recovery solution. The recovery phase is oftentimes the most painful part of addressing a security breech, but security and recovery are two different things. Naturally, one can dispense with security all together and practice a pure recovery solution - but don't lose sight of the fact that this is intrinsically insecure even though there are approaches to mitigate the level of insecurity, which have also been covered in detail in many threads here.

Blue

-{ Quote: "I would hope that this would be so patently obvious to all that you wouldn't need someone to explicitly make the case, furthermore it is completely independent of the security issues or the focus of this thread,

" }-

I also would have hoped that this would be so patently obvious but my take on the situation is that it is very easy to get caught up in new security programs, to keep adding extra layers and to sometimes forget the basics.

Furthermore I don't see it as independent of security issues or the focus of this thread. Sandboxie is a fine program but I don't use it nor see it as necessary in any way to see the underbelly of the net. With passwords and other sensitive data protected my preference is to rely on DeepFreeze/Returnil etc with the fall back to Acronis or Shadow Protect. To me security is an attitude, an approach not a question of programs used at all.

-{ Quote: "I also would have hoped that this would be so patently obvious but my take on the situation is that it is very easy to get caught up in new security programs, to keep adding extra layers and to sometimes forget the basics." }-Very true.
-{ Quote: "Furthermore I don't see it as independent of security issues or the focus of this thread. Sandboxie is a fine program but I don't use it nor see it as necessary in any way to see the underbelly of the net. With passwords and other sensitive data protected my preference is to rely on DeepFreeze/Returnil etc with the fall back to Acronis or Shadow Protect. To me security is an attitude, an approach not a question of programs used at all." }-Let me clarify, regardless of how one approaches security (nothing, various lean approaches, somehow you've managed to install every product known to man and your PC still functions...), imaging/backup really is a very basic system requirement if there is any material resident on your PC that requires persistence beyond the immediate session. This PC could be disconnected from the net and located in a locked room to which only the single user of this machine has access, and imaging/backup is still a basic requirement.

There are aspects of imaging/backup, namely the recovery aspect, that allow it to be used to maintain system uptime and point-in-time system fidelity and this has very clear implications from a security perspective. However, that connection doesn't render an insecure state secure, nor do I believe that slapping on the latest collection of control/monitoring applications necessarily resolves an insecure condition.

You're quite correct - it's an attitude/approach, not a question of programs used.

Blue

Hey Blue, Very supprised at your remarks,to make a distinction between security and imaging.I think in case of imaging,the way you use it makes it a security app.or a protection against hardware failure or both. Imaging programs has no notion of bad code,but you can still kill this stuff by overwrite/restore with an previously made clean image.In this way it functions like a security program.Also with an ISR solution like FDISR initially meant to be an immediate restore after failure of the OS to diminish downtime in corporate environments,sure can also be used as a security solutions[by your definitions],a simple copy/update from a clean archive kills any nasty present on the system.[must admit there some very rare exceptions,as far as i,m aware off no MBR protection such as by imaging Solutions like SP etc.

For me imaging/security/recovery means,image only if you are dead sure that your image to make is absolutely clean.

So terms [definitions]like security and recovery are by no means internationally establised ISO standards so anyone may have his own criteria !!

-{ Quote: "Erik left Wilders" }-
Didn't know that. He will be missed.

-{ Quote: "Hey Blue, Very supprised at your remarks,to make a distinction between security and imaging." }-Huupi,

I'm not sure why you're surprised. It's a distinction that I made to Erik many times and the reason I made the distinction was to reinforce some specific nuances for future readers.
-{ Quote: "I think in case of imaging,the way you use it makes it a security app.or a protection against hardware failure or both. Imaging programs has no notion of bad code,but you can still kill this stuff by overwrite/restore with an previously made clean image.In this way it functions like a security program." }-Correct, but this is recovery, not security.

As I noted, pure recovery has security implications by returning a machine to a previously defined state. The nuance to appreciate is that depending on the approach towards usage that one takes (as basically noted by Long View), the image state can be either reasonably validated as malware free or not. The specific actions that discriminate between these two possibilities is whether or not the user incorporates downloaded content either intentionally or unintentionally into a reserved image or snapshot and the mechanisms that they use to insure the content is malware free.

Given what seems to occur to some users out there, keeping these nuances front and center seems appropriate. I'm not suggesting that this requires a multitude of scanners and the like, it could be as simple as restricting one's activity to sites that are generally accepted as good - although there are certainly instances in which even this discipline could fail you.
-{ Quote: "Also with an ISR solution like FDISR initially meant to be an immediate restore after failure of the OS to diminish downtime in corporate environments,sure can also be used as a security solutions[by your definitions],a simple copy/update from a clean archive kills any nasty present on the system.[must admit there some very rare exceptions,as far as i,m aware off no MBR protection such as by imaging Solutions like SP etc.

For me imaging/security/recovery means,image only if you are dead sure that your image to make is absolutely clean." }-Therein lies the implicit and extremely important detail since all that follows hinges on that key observation - the image must be absolutely clean - that is where the security component resides in imaging.
-{ Quote: "So terms [definitions] like security and recovery are by no means internationally establised ISO standards so anyone may have his own criteria !!" }-If you choose to equate security and recovery, by all means do so. However, I find it useful to distinguish between the two concepts.

Blue

-{ Quote: "Sandboxie is my safety net incase I forget to update a program or let down my guard at a site. I really need to start experimenting running without my real-time AV protection. I need to make sure that SBIE will only allow internet access to what .exe's I set and nothing else. I could also fire up Returnil like you said for extra protection.

I'm just really thankful to find something that protects me while online without solely relying on definitions." }-
Hi Innerpeace - Speaking of Returnil, I haven't fired it up in a while since I installed SBIE, and decided to turn it on yesterday. After I activated session lock, everything works OK but I hear this tick...tick...tick...tick... from the computer while its on. Do you have any idea what that is, I don't recall hearing that in the past. Of course the ticking is gone when I'm not using Returnil. :)

-{ Quote: "Hi Innerpeace - Speaking of Returnil, I haven't fired it up in a while since I installed SBIE, and decided to turn it on yesterday. After I activated session lock, everything works OK but I hear this tick...tick...tick...tick... from the computer while its on. Do you have any idea what that is, I don't recall hearing that in the past. Of course the ticking is gone when I'm not using Returnil. :)" }-

using Returnil sometimes together with SBIE,never heard any tick,tick.or is it due to my aging ears ? lol. :D

-{ Quote: "using Returnil sometimes together with SBIE,never heard any tick,tick.or is it due to my aging ears ? lol. :D" }-
Actually I didn't have SBIE on, but was running the Returnil alone. Maybe my computer has a bomb in it. ;D

I agree with Blue here, but it really is how you intend on using your programs. Restoring an image is really an ultra-fast way to reinstall Windows along with your program groups. You wouldn't call a reinstallation of Windows a 'Security' measure. (although I guess it could be - lol)

I think it's quite obvious here by now that the discussion indirectly focused on two entirely different aspects as well as the (different) programs that are critical to......

1) Preserving Your System/Data Safely via backups/ISR etc.

and/or

2) Managing application's activity locally via SandboxIE!

I'll leave the methods & implications of arranging/preserving data via backups or isr's to it's respective participants to that end.

As to SandboxIE, how a user realizes this type of security is also a very basic measure for improving their protection that does require some understanding of just what the vendor has provided in way of the app's settings.
In this case, SandboxIE affords additional lines of code that helps it's user/customer to better interact with it, their own system, and realize the results expected. Such as additional registry coverages that ordinarily might not come as default.

With respect to SandboxIE, i think we all can agree that it's quite simple & effective. You can see some similarities with virtual programs like Returnil and such but those coverages of course are more wide ranged in scope, enveloping the entire file system whereas SandboxIE offer users On-The-Fly sandboxing of individual executables locally or the entire browser and so forth, depending on user's preferences.

Frankly, SandboxIE and other sandboxes have something of an advantage in that like already mentioned earlier a few posts back, there is no need to reset or reboot the PC in order to dismiss it's contents, you can even choose use safe delete via Eraser for an example to fully wipe it's contents. Termination of any running executables is another advantage of it IMO in the case where someone realizes, oh oh, my AV/HIPS is flagging something as a potential risk.

Ease of use without the demand for a reboot is extremely beneficial and saves time.

I would also agree with Blue. We blur it because we sort of do things in concert but....

I when I play, I want to see how "secure" my system is really. However if I prove myself wrong, I use the image to "recover"

But the recovery can be unrelated to security. When I was testing Hardware Independent Restore, there were no security issues, but my computer sure wasn't in much of a useable state. Restoring the original image "recovered" my useable system.

So there is a big difference.

Pete

With the onset of today's newest inventions in computer security such as Sandboxes, Virtuals, ISR's, and HIPS.......so forth, IMO the neccesity to always have to reach for an image restore is drastically reduced if not eliminated entirely.

Even when i test malware, the only recovery needed here is the ISR archive OR duplicate/secondary snapshot which is 100% safe provided it's safely kept isolated. Now i call that real progress :thumb:

And that's only if, and a pretty big if, the other front line security apps would happen to become compromised or overstressed.

With so many prevention apps now available and a user only needing a select few for basic safe protection from forceful intrusions, the image backups are more and more on this end anyway becoming a relatively (welcome) but dormant resource; only needed in case of extreme emergency.

-{ Quote: "With the onset of today's newest inventions in computer security such as Sandboxes, Virtuals, ISR's, and HIPS.......so forth, IMO the neccesity to always have to reach for an image restore is drastically reduced if not eliminated entirely." }-I'll just explicitly add the qualifier that's implicit here - "....if not eliminated entirely as a result of a malware infection", to which I'd completely agree.

-{ Quote: "With so many prevention apps now available and a user only needing a select few for basic safe protection from forceful intrusions, the image backups are more and more on this end anyway becoming a relatively (welcome) but dormant resource; only needed in case of extreme emergency." }-I agree as it relates to malware problems.

However, and this is a bit off-topic, I do believe that the increasing usage of electronic media is all aspects of our daily lives, spanning personal photo libraries to online purchased music to all forms of personal data (banking, license keys, tax forms, etc.) which will never find their way to a hardcopy format means that basic protection of these personal electronic assets by imaging/backup is increasing significantly. So while some newer approaches have lessened the likelihood that recovery from malware via image restoration will be required, the general need to have this option available has, I believe, increased for other reasons.

Blue