Windows XP Home Edition system, IE 7.

I understand what Returnil basically does, but how would one prevent credit card data theft at an infected website, and other sensitive data ?

What kind of application/approach ? Specific recommendations ?

Sandboxie has a Resource Access feature (accessed from the Sandboxie Control tray icon under Sandbox Settings) that enables all access to selected folders and files to be blocked. However, as it only protects applications that are running in the sandbox, it doesn't provide system-wide protection. This feature is available in both the free and paid versions of Sandboxie.

As you are using Returnil, if you haven't done so already, upgrade to the latest version 2.01, which includes File Protection. This enables you to prevent read access to selected folders and files. Unlike Sandboxie this provides system-wide protection, but you have to temporarily disable file protection when you want to access a protected file or folder. As drive letters can be protected, this also provides a way of protecting non-system partitions. According to the Returnil web site, the File Protection feature is available in both the free and paid versions.

I have paid versions of both Sandboxie and Returnil and have never experienced any problems using them together. Sandboxie is a great browser protection utility and works just fine on top of Returnil.

You could also consider setting up a Software Restriction Policy. Depending on which Windows version you have, you may be able to use Windows to create a security policy. Alternatively, a policy-based HIPS such as DefenseWall or GeSWall may suit your requirements.

{QUOTE-> Windows XP Home Edition system, IE 7.

how would one prevent credit card data theft at an infected website
QUOTE]

Other than hoping whatever anti-phishing or signature based product you might use had been updated to the infection and blocked the site or the malicious code coming from it I'm not sure you could.

However if what the Website does is download something to your system to steal data rather than recording it when you input onto the site then both Returnil and Sandoxie as suggested by pegr can help.

Reurnil anti-executable might at least allow you to block execution. Sandboxie can be set to only allow applications you choose to launch in the sandbox and/or connect to the internet. So if you visit an infected site, it downloads a keylogger for example into the sanbox you should be able to prevent it from executing or phoning home.

Empty the sandbox or reboot with Returnil. All gone.

Again as already stated a classic HIPS type product will potentially alert you to malicious actions but only those executed by applications on your system or trying to get onto your system. If you choose to input personal data onto an infected web page then....

Cheers

keyscrambler may also be useful

I use Keyscrambler Premium and Zemana. But of course I use Returnil with Sandboxie.