Hi ppl I wonder if you could recommend me a good sandboxe program .. I already have running on-scan NOD32, BOCLEAN, Look'n'Stop (+proxomitron & firefox) .. and on-demand, once a month I run KAV on safe-mode .. I also have Microsoft AntiSpyware & AdAware .. everything running on Windows XP SP2 updated. Now I need a sandboxe program, but I would like one that is free cos i already have many programs

I tested PrevX but I didnt like it, it slowed down my pc

does the author of System Safety Monitor intends to turn it a shareware ? If so, then one less option for me :( Does it protect against process modification/registry dll injection/rootkit,driver,service installation/global hooks ?

Thanks in advance

-{ Quote: "does the author of System Safety Monitor intends to turn it a shareware ? If so, then one less option for me :( " }-It has been quite a while and he has NOT turned that into any type of pay ware. It is quite an impressive product and I've followed it for a long time. If 'free' and 'sandbox' is your concern, then that product is worth keeping!

you can check here (http://fileforum.betanews.com/detail/System_Safety_Monitor/1049832672/1)on SSM

SSM and ProcessGuard (http://www.diamondcs.com.au/processguard/) are really your only two options for a free sandbox/system firewall. PrevX is a different type of program and can't really be compared with SSM or ProcessGuard. From what we know the author of SSM has indicated that he was going to make a shareware version, but when that will be I don't know, and I'm not sure if there'll still be a free version but if you drop the author an email I'm sure he'll give you some info about that.

-{ Quote: "Does it protect against process modification/registry dll injection/rootkit,driver,service installation/global hooks ?" }-
ProcessGuard is the only program available that properly secures all of the above. There's a free version available for home users, although it doesn't have all of the features of the full version yet still provides some extremely powerful security (including controlling which programs can/can't run, and protecting applications from termination, modification, suspension, viewing, and other related process attacks). Both Jason and myself have spent nearly the last two years researching the Windows kernel and developing ProcessGuard fulltime, if that gives you any idea of how far ahead it is :). We've gotta say it's nice to be in contact with the SSM author - he's one of the few programmers that truly understands how difficult both the research and development can be

Best regards,
Wayne

Hi,

The only free sandboxes that i know are AbtrusionProtector, SSM, and also Winsonar.
ProcessGuard is not the more exhaustif sandbox, but surely the more powerfull.

There's a less well known product called Viguard (more famous in France because of some polemics).

***Infection System Prevention (with sandbox):

*ProcessGuard

*Viguard: http://www.viguard.com/en/prods_en.php

*AbtrusionProtector: http://www.abtrusion.com/

***Firewall Apllication (with integrity control):

*SystemSafetyMonitor

*Safe'nSec : with a virus scaner;more precise than SSM. http://www.star-force.com/computer_security/security.phtml?c=249&new_prod_red=ok/
(...)

***Intrusion System Prevention

*Prevx: http://www.prevx.com

I've submited these softs and some others to various attacks (dll injection, process termination...) and even for APIHooks(by a dev.'s friend).

And i have to admit that PG is the more efficient because it's very difficult to corrupt(perhaps by spoofing the MD5 integrity checker).

SSM is more vulnerable and does not impressed me.But have a good protection of the registry.

Viguard is actually tested by a friend.It's auto-protection is less efficient than the PG one.


Best Regards

-{ Quote: " Does it protect against process modification/registry dll injection/rootkit,driver,service installation/global hooks ?" }-I am afraid I do not understand what you mean by "registry dll injection". Is that a typo? Dll injection don't seem to have anything to do with registry. Do you mean you want protection from dll injections plus protection from unwanted changes to your registry?
-hojtsy-

Isn't Sandboxie only useable with IE? What if you use another browser type? I never touch IE.

-{ Quote: "Isn't Sandboxie only useable with IE? What if you use another browser type? I never touch IE." }-


I don't think HoLmEc means sandboxie. I think HoLmEc wants to know about sandbox program.

TPF has sandbox features that are very powerful, but not easy to figure out for the average user. Tiny did also, at one time, have TTT (Tiny Trojan Trap) which could be used along with any firewall, I wish they still had it available, it would be fun to experiment with it.

-{ Quote: "I am afraid I do not understand what you mean by "registry dll injection". Is that a typo? Dll injection don't seem to have anything to do with registry. Do you mean you want protection from dll injections plus protection from unwanted changes to your registry?
-hojtsy-" }-

From the ProcessGuard help file:

-{ Quote: "Block Registry DLL Injection

Programs can add their DLL to the list which is stored in this registry key. Once they have added their DLL it will be loaded by 95% of the programs you run on your computer. This leads to a possible attack whereby malicious software can put their DLL into a trusted program and do unwanted things. You should have this option enabled all the time since mostly malicious software uses it. Some spyware such as CoolWebSearch (CWS) use this technique to make it extremely hard to remove from your system." }-


Regards,
Jade :).