i'm trying Sandboxie (http://www.sandboxie.com) on my system to see how it runs.

it installed ok and runs with no noticable slowdowns

there is a little icon in the system tray - right click on it to launch your browser.

sandboxie works by creating a [virtual drive] folder - everything downloaded to disk goes in there. no changes are allowed to your real disk.

The advantage is that no virus, trojan or spyware downloading via the browser can install itself on your machine - so you can surf the net completely protected.

of course you can't download any files you want either or update bookmark files etc as they are lost at the end of a session. (but you can explore the sandboxie virtual drive and move files out - but of course they might contain malwear)

at the end of a session just delete the contents of the sandbox and terminate all sandboxed processes.

if anyone else is using sandboxie please feel free to add your experiences and thoughts to this thread.

Looks good!

Seems like it works with any browser. I was first under the impression that it only worked with IE because of Sandboxie.

Toploader,
I would use Sandboxie too, but Sandboxie doesn't work always. It depends on the configuration of your system.
IMO Sandboxie is developped in a specific environment and has never been tested in other environments.
If you have bad luck, it won't work with Firefox, unless you find a workaround to make it work.
A software that works like that isn't professional enough for me.
If I had to choose between Sandboxie and ShadowUser, I would vote for ShadowUser.
So I ditched Sandboxie because of that.

Another possibility is AntiMalware, which also works in a Virtual Safe Environment, but I still have to learn how this software works.

IMO softwares like Sandboxie, AntiMalware, ShadowUser, ... are much better than definition-based softwares, because they don't depend on what the bad guys do. They have a total different approach.
I'm just not sure they are the RIGHT solution and they have most probably their own specific disadvantages.
I prefer to wait for other not-definition-based solutions.
This opinion will cost you 2 eurocents. ;D

I'm not experiencing any speed decrease with Sandboxie.

This program is based more for Browsers than the entire computer system.

-{ Quote: "Looks good!

Seems like it works with any browser. I was first under the impression that it only worked with IE because of Sandboxie." }-

yes it is a little confusing Kye-U - perhaps it only worked with IE when first released? - so far it's working fine - i'm using it with firefox.

thanks for your 2 euro cents Erik ;D

i will check out shadowuser and antimalware too - cheers

-{ Quote: "I'm not experiencing any speed decrease with Sandboxie.

This program is based more for Browsers than the entire computer system." }-
If that was true, why did Firefox not work in Sandboxie on my computer and after reading the Sandboxie Forum, I wasn't the only one.
You have to find a workaround was their solution. I call that bungling. :)

-{ Quote: "If that was true, why did Firefox not work in Sandboxie on my computer and after reading the Sandboxie Forum, I wasn't the only one.
You have to find a workaround was their solution. I call that bungling. :)" }-
Well Sandboxie and Firefox have worked fine on my system for quite awhile.

-{ Quote: "Well Sandboxie and Firefox have worked fine on my system for quite awhile." }-

Mine too. Maybe the user is the one that is bungling?

-{ Quote: "Well Sandboxie and Firefox have worked fine on my system for quite awhile." }-
That was my point, some users don't have a problem and others have a problem.
MSIE + Sandboxie, worked fine on my computer, Firefox + Sandboxie didn't.

It wouldn't be the first time that some softwares conflict with other softwares, sometimes it even causes a BSOD and we all have a different combination of softwares.
I'm not going to change my configuration, like some users did in the Sandboxie Forum to make it work (Firefox + Sandboxie), just because of ONE software and I'm not going to spend hours to figure it out.

The software itself isn't important for me, it's the philosophy behind the software that interests me.
I like the philosophy behind Sandboxie, simply because it isn't based on definitions/heuristics.
I have just bad luck, that Sandboxie doesn't fit in my actual configuration.
Sandboxie won't be the last software with that philosophy and I'm sure that other softwares will be developped with another kind of philosophy, but not based on definitions/heuristics.
Everybody seems to believe in definition/heuristic-based unconditionally, I don't.
Each time I see a new AV/AS/AT/AK/... scanner, I sigh, because re-inventing the wheel over and over again,
isn't exactly what I'm waiting for and they are developped for only one reason : MONEY.

I don't expect that members read or agree with my posts, I'm here to see what happens in the security world.
New scanners don't interest me.
The trend of creating security suites, one after another, doesn't change anything, because they are all based on Firewalls and definition/heuristic-based scanners. They only meet the wish of less-knowledgeable users, who are tired of having so many security softwares on their computer. It amuses me, how these security suites are build, nothing but a compilation of softwares from different sources, that's why I call them Frankenstein security suites.
ProActive softwares are only developped for knowledgeable users, who know exactly what they are doing.

And of course I use these softwares, because there is nothing else and I have to protect my computer too, but that doesn't mean I have to be happy with them. :)

I certainly wouldn't be without ShadowUser. It's perhaps my favourite program. Surf the web, and upon reboot, all changes are gone ! <unless you make changes to Excluded Folders, or manually commit changes>

I finally got AntiMalware working, and seeing how it goes <only my first day with it>. I really like the concept behind the program. It seems a 'similar' concept to Sandboxie, except each program is treated individually by AM, and it's more automated than sandboxie.

Online Armor has quickly become a favourite of mine. And the upcoming version 1.2 promises to have many improvements to it. But I'd say my favourite part of it will always be the ability to completely uninstall anything that's installed while OA's been running (seeing as it tracks all changes made by installation programs and running programs).

Vikorr, what you stated about Online Armor is the reason that I purchased it. I wonder if anyone has tried it out, to see if will remove something. Also I have a question. Wouldn't you be able to surf with Sandboxie ,as with Shadow User?

Actually, when I was playing around with AM, trying to get it working, I tried to take a short cut (not rebooting after uninstalling AM, then installing AM again)...and AM played up, and the AM icon in Add/Remove Programs was missing...so I uninstalled AM through OA and everything was fine again - so yes, OA's uninstall feature works fine.

As for Sandboxie VS ShadowUser, for me there are a number of benefits to SU :
1. I have it running all the time (unless I'm installing, or changing settings that require registry changes) - so I don't have to remember to start it up before going online
2. It covers email as well (anything that's running at the time really)
3. SU doesn't have any compatibility issues that I've ever heard of
4. SU doesn't have any technical vulnerabilities that I know of

However, some may find Sandboxie more convenient because it doesn't effect their whole system (ie with sandboxie, you don't have to reboot to make changes).

Also, in the end, I think AntiMalwares sandbox program is a superior concept to sandboxie (but one that I would think is much harder to code correctly than sandboxie). Still sandboxie is free, and offers quite decent protection, so I don't mind the program at all.

heh, I'm thinking that the combination of SU/AM/OA would mean I don't need a realtime AV/AT/AS, whatever I was doing (installing, email, p2p, browsing etc)...just run the very occasional on demand scan. <AM claims by itself you don't need an AV, because untrusted programs can't effect trusted programs - but AM doesn't remove malware; SU basically eliminates spyware/trojan/worm infection while on the internet (but only after reboot); and OA tracks any manual installations and can uninstall (as well as it's other benefits/protections)

-{ Quote: "I finally got AntiMalware working, and seeing how it goes <only my first day with it>. I really like the concept behind the program. It seems a 'similar' concept to Sandboxie, except each program is treated individually by AM, and it's more automated than sandboxie. " }-
I'm not sure that my AntiMalware is working.

When I right click the AM-icon and I click on "Enable Protection", I get the window "AntiMalware Control Panel"
with "Protection disabled".
If I press the blue "Enable" nothing changes.
Is that normal ?

---------------

I can enter the "Virtual Safe Environment" (VSE), I can run programs inside VSE.
Is that enough or do I have to do something more than that ??

I ran Notepad in VSE and created a txt-file and saved it.
After leaving VSE, I expected that the txt-file would NOT exist, but the txt-file was there.
Is that normal ?

Maybe I should read and translate the manual first, but that will take alot more time. ;D

Hi Erik

-{ Quote: "When I right click the AM-icon and I click on "Enable Protection", I get the window "AntiMalware Control Panel"
with "Protection disabled".
If I press the blue "Enable" nothing changes.
Is that normal ?" }- No this is not normal. I take it that when your computer starts and the AM icon appears in the system tray, it is a red box with a big white X through it? That means it's not functioning. And when you click on Enable Protection, you should get a GUI with 3 tabs, including Summary, Trusted Programs, and Configuration.

One thing though, if you are using Prevx, or even just have it installed, AM has a terrible clash with it's drivers (Prevx Pro, and Prevx1 that I know of). I was not using Prevx at the time I installed AM, but only after I uninstalled Prevx1 did AM work properly.

Other than that, if you send an email to their support staff, they are most helpful. Although because they are in Israel the replies aren't always instantaneous (but rarely more than a day, and sometimes they'll reply a few times during the day if you are sending them multiple emails).

About the VSE, I've never tried it. Probably won't bother due to ShadowUser. It may be that VSE is simply a temporary buffer zone for the whole computer - ie.anything that is created in there (either by truste or untrusted programs) can't effect trusted programs once you come out of it...but that's only a guess. I'd ask them over at their forums maybe, or send them an email.

-{ Quote: "No this is not normal. I take it that when your computer starts and the AM icon appears in the system tray, it is a red box with a big white X through it? That means it's not functioning. And when you click on Enable Protection, you should get a GUI with 3 tabs, including Summary, Trusted Programs, and Configuration." }-
Many thanks for the info. Now I know for sure that AM isn't working properly on my computer and I have indeed a white X. I don't have PrevX though.
But don't you worry about it anymore, I will take care about this myself. :)

On the subject of Sandboxie.Been using it for several weeks and it works as stated.

Both IE,FF and Outlook run fine through sandboxie.Have tried the various trojan and virii tests found at Wilders and they are all contained by sandboxie.

I am quite impressed with SB so far but I still run ZAP,Winpatrol and my realtime AV with no conflicts.

Shame you can't get it working properly Erik as I agree,Sandboxie type software
-this is the future to combatting internet malaware.

-{ Quote: "
Shame you can't get it working properly Erik as I agree,Sandboxie type software
-this is the future to combatting internet malaware." }-
Well, I suppose, you're wrong, Franklin. When I was designed my DefenseWall HIPS I was thinking about some king of the temporary storage volume for the files, created by the untrusted applications. And I refused this way of the protection. For example, you just downloaded some very importan and interesting data and forgot to remove it from the virtual disk. This data will be lost! And what about the new created by the e-mail client files and folers? All the new mail will be lost. Also, this "protection" won't prevent you from being keylogged and rootkited.

Hmmm...with sandboxie, if IE, or Outlook is inside Sandboxie, isn't EVERYTHING (from IE/Outlook) written inside the sandbox ? I thought it was written into a virtual environment ? So if a rootkit tried to install...it would be inside the sandox, and when you closed it...goodbye rootkit ? <of course, I only read its description briefly, but that's what it seemed to be saying to me>

-{ Quote: "Hmmm...with sandboxie, if IE, or Outlook is inside Sandboxie, isn't EVERYTHING (from IE/Outlook) written inside the sandbox ? I thought it was written into a virtual environment ? So if a rootkit tried to install...it would be inside the sandox, and when you closed it...goodbye rootkit ? <of course, I only read its description briefly, but that's what it seemed to be saying to me>" }-

That`s the way I understood it too.

As you try to delete files within Sandbox and you have downloads you are warned as such.

OE works just fine here and I usually don't run OE through SB.Just saying that it runs fine if Sandboxed.

May I ask,have you tried Sandboxie yourself.

See this link - Sandboxie forum (http://sandboxie.com/phpbb/viewtopic.php?t=81)

Vikorr, what you have to say about your new approach to malware is quite interesting.

Sandboxie looks good and is free. Your three programs (AM, SU, and OA) seemed like overkill until you explained what they each did. Can you tell me how much Antimalware costs. I can't find it on Trustware's site.

Still, $110 for the other two means this is an expensive option. Did you get them to play nicely, or do they conflict? (They all seem to want to create a virtual space in which to quarantine anything from the web - how does this work when there are three such virtual spaces?)

I'm not exactly sure how much antimalware costs...I've just put a post over at their forums, so I should have some info for you in the next day or two.

They do have a trial version available for download (which I presume you have to pay for whenever it expires - but as you say, I can't find a price on their website either)...but AM also have a beta version, which is what I downloaded from their forum <I'm not sure if this is available to everyone - I originally signed up as a beta tester a while back, but never got AM working back then>

...heh, in case you haven't figured...this is only the 2nd day I've had AM on my computer, and I haven't yet got around to asking Trustware a number of questions about it (prefer to save them up, rather than pester them)

As for how SU/AM work together. In SU, I excluded AM's 'Virtual' folder, and also the folder to which AM was installed. So AM goes about happily doing it's thing without interference from SU. OA doesn't create any virtual images.

And yes, it's a fairly expensive option <thankfully I didn't pay for OA either as I beta tested it>

Btw, any of the programs I'm using are quite good by themselves...AM claims you don't need an AV with it, Mike Nash at OA is aiming to have OA eliminate the need for an AV (there's lots of improvements coming up for it), and SU by itself is also very safe....but the reason I'm using them together...I'm basically looking for a way to eliminate the need of realtime AV's, and those 3 together seem to cover all the bases I want :)

-{ Quote: "Hmmm...with sandboxie, if IE, or Outlook is inside Sandboxie, isn't EVERYTHING (from IE/Outlook) written inside the sandbox ? I thought it was written into a virtual environment ? So if a rootkit tried to install...it would be inside the sandox, and when you closed it...goodbye rootkit ? <of course, I only read its description briefly, but that's what it seemed to be saying to me>" }-
You see, there is one thing- if you able to get ring0 access you can do everything. The fact is that untill SB is seldom- it is the protection. But not for the long time.

-{ Quote: "I'm basically looking for a way to eliminate the need of realtime AV's" }-
Then join the beta-testing process here http://www.wilderssecurity.com/showthread.php?t=98240

-{ Quote: "Shame you can't get it working properly Erik as I agree,Sandboxie type software
-this is the future to combatting internet malaware." }-
Franklin,
Thanks for your sympathy, but don't worry about it.
It's very funny, that the softwares (AntiMalware, Sandboxie), I really like, don't work on my computer, while the ones, I don't like, are working fine. ;D

I did alot of installing/un-installing during the last 3 months and I think that the leftovers of all these softwares are causing my problems with AM and SB.
Vikorr already mentioned that PrevX was one of his problems and I had PrevX installed on my computer, maybe it wasn't removed completely or it could be another leftover of some other software, who knows.

I'm not in hurry and I'm not disappointed at all, that AM/SB doesn't work on my PC at this very moment.
This is temporary and I'm confident, I will fix it one day. I don't panic over softwares ;D
Meanwhile I like to read the experiences of other members with AM/SB and certainly ShadowUser (SU), because SU has the biggest sandbox LOL, maybe AM too, but AM is TOO NEW.
Sandboxie has the smallest sandbox and is usefull for certain programs, like MSIE, Firefox, ...

Definition/heuristic-based softwares do NOT have a future and I'm not going to repeat myself, I've explained this already in other posts.
Frankenstein Security Suites aren't any better than definition/heuristic-based softwares.
(H)IPS softwares are only developped for knowledgeable users and certainly not for the less-knowledgeable users, my favorite type of users.
So these softwares don't interest me, no matter how good they are.
Who ever developped a software like ProcessGuard, didn't understand anything about less-knowledgeable users, working in the real world.
ProcessGuard is a pure theoretical software, which isn't practical and requires too much knowledge.

So what is left ? AM, SB, SU and similar softwares, because they are userfriendly and not based on definitions/heuristics or (H)IPS.
Are these softwares THE future ? I'm not sure about that, but they are certainly smarter than the rest.
AM, SB and SU are based on the same philosophy, but I'm very sure that security people will ever develop softwares with another kind of philosophy and that's why I prefer to wait ... I'm not in a hurry.
I have some ideas on my own, but the trouble is that my knowledge about malwares is so poor, that I would make myself ridiculous and I know how people can be, especially in forums where nobody knows anybody.

Even at work I have troubles with my ideas, because they don't fit always in the traditional methods.
Many years ago I had a hard time at work and everybody laughed at me, because I claimed I found a way to eliminate the functions "Add - Edit - Delete", which are always used for updating any database in any software, even security softwares.
It was in a pub and our computer department likes to brainstorm, even when they are drunk, but I was nevertheless serious.
So I designed at home a new interface to update any database without having "Add - Edit - Delete" on the menu.
I could prove it only one time that it was possible, because my boss was also curious, but after that never again.
It was too new and people are afraid of new ideas, especially when they deviate from the traditional methods.
Since then, I like to be more carefully with telling people about my ideas.
It doesn't really matter, it's more a hobby for me to prove that things can be done in another way, if you think long enough about it. :)

-{ Quote: "
As for how SU/AM work together. In SU, I excluded AM's 'Virtual' folder, and also the folder to which AM was installed. So AM goes about happily doing it's thing without interference from SU. OA doesn't create any virtual images.

And yes, it's a fairly expensive option <thankfully I didn't pay for OA either as I beta tested it>

Btw, any of the programs I'm using are quite good by themselves...AM claims you don't need an AV with it, Mike Nash at OA is aiming to have OA eliminate the need for an AV (there's lots of improvements coming up for it), and SU by itself is also very safe....but the reason I'm using them together...I'm basically looking for a way to eliminate the need of realtime AV's, and those 3 together seem to cover all the bases I want :)" }-

Does that mean you have now dropped prev1 and Processguard for OA,SU and AM? What do you think you will be recommending next month?

As for doing without real time AVs, I predict that the key to doing that is not really dependent on software, but rather your level of paranoia.

Hi Ilya, I'm already trialing one type of sandbox product at the moment. I don't think two would be a good idea. I did notice that your concept seemed closer to AntiMalwares concept than the Sandboxie concept.

-------------------------------------------------------------------------

Ah, don't be so cynical Pollmaster, I spend more than time than should be needed, explaining to you things that shouldn't need to be explained. It seems you choose to see the cynical side of things - often without any background knowledge of what I'm doing or the reasoning behind it <and some that you just choose to ignore>...these things aren't particularly important unless someone wishes to make a hobby of attempting to pick faults with people.

Now you already know that I dropped Prevx1, because it's popups were annoying, and in it's current state it didn't actually provide much protection <though the protection level should change as they get closer to release>.

As for PG...

If you read back over the previous posts, I had actually wanted to try AM about 'a while back' <actually about 6 months ago>...unfortunately it never worked for me back then (which now seems likely because of Prevx)

But <just recently> when I was trying to get AM working, I uninstalled PG to see if that was causing the problem. And then, seeing as DiamondCS are bringing out and updated PG sometime soon <and AM should achieve much the same thing, maybe more>, I wasn't bothered reinstalling it yet...then I found out that when OA updates to 1.2 it will have lots of new goodies that will likely make PG obsolete for me...so there's another reason for me not to reinstall it yet.

I'm not at all certain of the effectiveness of AM <which should be clear enough in my posts>, though I know what they claim, and I like the concept. So I'm not sure how you can think a discussion on what I have on my system is a recommendation of anything.

-{ Quote: "As for doing without real time AVs, I predict that the key to doing that is not really dependent on software, but rather your level of paranoia." }-You really need to think about what you are saying before you attempt to go phishing with people....almost EVERYONE uses an AV. This sentence is saying everyone is paranoid (seeing as they choose to use realtime AV)

That said, I'll happilly admitt that I have some level of paranoia - with good reason...and the good reason is not 'because of past infections' :)

Vikorr,
Good reply. No further comments, because I wasn't criticized.
If you have some good or bad experiences with SU, AM or SB combined with any other software, I'm all ears and I'm not the only one, when I re-read this thread. :)

i agree Erik - exchanging good and bad experiences without critism is what these forums should be all about. no one is perfect we are all scrabbling around blindly in the dark (though one or two have torches) :)

-{ Quote: "
Ah, don't be so cynical Pollmaster, I spend more than time than should be needed, explaining to you things that shouldn't need to be explained. It seems you choose to see the cynical side of things - often without any background knowledge of what I'm doing or the reasoning behind it <and some that you just choose to ignore>...
" }-

Obviously, I don't know what you are doing or why, that's why I'm asking.
But thank you for answering.


-{ Quote: "
Now you already know that I dropped Prevx1, because it's popups were annoying, and in it's current state it didn't actually provide much protection <though the protection level should change as they get closer to release>.

As for PG...

If you read back over the previous posts, I had actually wanted to try AM about 'a while back' <actually about 6 months ago>...unfortunately it never worked for me back then (which now seems likely because of Prevx)

But <just recently> when I was trying to get AM working, I uninstalled PG to see if that was causing the problem. And then, seeing as DiamondCS are bringing out and updated PG sometime soon <and AM should achieve much the same thing, maybe more>, I wasn't bothered reinstalling it yet...then I found out that when OA updates to 1.2 it will have lots of new goodies that will likely make PG obsolete for me...so there's another reason for me not to reinstall it yet.

I'm not at all certain of the effectiveness of AM <which should be clear enough in my posts>, though I know what they claim, and I like the concept. So I'm not sure how you can think a discussion on what I have on my system is a recommendation of anything.
" }-

Like it or not, when someone says he runs x,y,z then follows up with a lengthy defense of why he is doing so - it is an implict (at least) recommendation.

My point is simple. You (and I and lots of people here ) seem to have an extremely high turnover with regards to security software. How certain are you(we) that you(we) are strengthening your(our) security as opposed to weakening it?

Right now when we go to any dangerous test site, at least 5-6 different whistles sound up, is there really that much room to be 'safer'?

Certainly, the evidence doesn't support that. All we have is conceptual models that might or might not hold up in the real world, because we don't understand the details.

It seems to me that what you are doing is ,

1. You see some new software that looks cool
2. You try to install it
3. If it conflicts with some older software already installed, uninstall the older one.
4. If it doesn't you keep it.
5. Go to step 1.

Okay so I'm cynical, but does this really ensure that your security is improving?


-{ Quote: "
You really need to think about what you are saying before you attempt to go phishing with people....almost EVERYONE uses an AV. This sentence is saying everyone is paranoid (seeing as they choose to use realtime AV)
" }-

You miss the point. I'm not talking just about AVs. The same thing can be said of ATs, AS, whatnot. It's all in risk assessement. And No, not EVERYBODY uses real time av. Lots of 'experts' don't.

-{ Quote: "
That said, I'll happilly admitt that I have some level of paranoia - with good reason...and the good reason is not 'because of past infections' :)" }-

Care to share the reasons, which make you at your level of paranoia? Do you work for the CIA?

Anyway I'm sure Vikorr will take this the wrong way, he always does.

I'm just tossing out a point to consider here, is all this shuffling and testing of new security software and replacing them with a new lineup every 3 months or so, really helping to increase security?

I know it's fun :)

-{ Quote: "Hi Ilya, I'm already trialing one type of sandbox product at the moment. I don't think two would be a good idea. I did notice that your concept seemed closer to AntiMalwares concept than the Sandboxie concept." }-
Yes, that is right. Simular to AM, but not the same. And, you know, there is bosh/VMWare/Virtual PC to test as many sanboxes as possible :) Use the force!

-{ Quote: "i agree Erik - exchanging good and bad experiences without critism is what these forums should be all about. :)" }-

I disagree. 'Critism' is exactly what we need. Too often disinformation and misinformation, half remembered and half understood 'facts' is accepted as gospel around here, because somebody looks like he knows what he is doing.

There is a line though, that I freely admit I cross occasionally due to bad judgement and poor command of the English language so it looks like I'm doing a personal attack.....

-{ Quote: "I disagree. 'Critism' is exactly what we need. Too often disinformation and misinformation, half remembered and half understood 'facts' is accepted as gospel around here, because somebody looks like he knows what he is doing.

There is a line though, that I freely admit I cross occasionally due to bad judgement and poor command of the English language so it looks like I'm doing a personal attack....." }-Informed technical critique is an important part of the on-going dialog here. Unfortunately, for the bulk of us and I lump myself in with this crew, our informed critique does consist mainly of personal and anecdotal experiences involving selected challenges and responses observed. Ultimately, we all place a fair level of trust in the vendors we choose, third party evaluations that we come across, and the experiences of others.

Objectively, if faced with a new application, what do I know? Well, after installation I will know: The feature list claimed by the vendor
Whether my surfing experience is impacted for better or for worse.
Whether there are significant conflicts between it and other continually running processes.
That it appears to respond in an observable manner to chance or purposeful challengesAlthough some of these items may seem like hard data, they are all fairly soft results. At the end of the day, I personally take a stance that, based on all I hear at this site, others, and my own understanding, that there are specific items that I should pay close attention to. It is how I deal with these items that is the issue. I do try to discern hard facts from anecdotal observation, which means ultimately I deal with few hard facts, but lots of anecdotal claims. I really don't even treat the vendors feature list as a hard fact. I'd prefer to be standing on firmer ground, but I fear that's not possible for the bulk of us.

Blue

-{ Quote: "I disagree. 'Critism' is exactly what we need. Too often disinformation and misinformation, half remembered and half understood 'facts' is accepted as gospel around here, because somebody looks like he knows what he is doing.

There is a line though, that I freely admit I cross occasionally due to bad judgement and poor command of the English language so it looks like I'm doing a personal attack....." }-

hi pollmaster - i've no problem with criticizing products or debating ideas and issues - it's personal criticism i was referring to - it's easy for one poster to make another look stupid or small by picking up on their lack of knowledge or insecurities. i've seen message boards where people spend all their time slagging each other off, making snide remarks, smug remarks, cheap shots and trying to score points instead of concentrating on reasoned argument and debate :)

-{ Quote: "Informed technical critique is an important part of the on-going dialog here. Unfortunately, for the bulk of us and I lump myself in with this crew, our informed critique does consist mainly of personal and anecdotal experiences involving selected challenges and responses observed. Ultimately, we all place a fair level of trust in the vendors we choose, third party evaluations that we come across, and the experiences of others.

Objectively, if faced with a new application, what do I know? Well, after installation I will know: The feature list claimed by the vendor
Whether my surfing experience is impacted for better or for worse.
Whether there are significant conflicts between it and other continually running processes.
That it appears to respond in an observable manner to chance or purposeful challengesAlthough some of these items may seem like hard data, they are all fairly soft results. At the end of the day, I personally take a stance that, based on all I hear at this site, others, and my own understanding, that there are specific items that I should pay close attention to. It is how I deal with these items that is the issue. I do try to discern hard facts from anecdotal observation, which means ultimately I deal with few hard facts, but lots of anecdotal claims. I really don't even treat the vendors feature list as a hard fact. I'd prefer to be standing on firmer ground, but I fear that's not possible for the bulk of us.

Blue" }-

Interesting point of view. ;)

if we are helpless (mostly) to handle the hard facts, what exactly drives our usage and purchasing behavior? If all we can do is to rely on anecodotal evidence , it seems futile to ever hope that we can make the right choice based on such incomplete and unscientific information. Even if we suceed it would be a matter of chance.

In fact, a cynic would say that if we are incapable of handling and appreciating hard facts, all that means is that whatever is in 'fashion' around here is a matter of marketing rather than reality.

That would be very sad.

Hello Pollmaster. Thank you for the reply. It clarifies some things.

-{ Quote: "There is a line though, that I freely admit I cross occasionally due to bad judgement and poor command of the English language so it looks like I'm doing a personal attack....." }- Fair enough. Unfortunately, often people will be talking software, and then you will talk people ie, you ignore the discussion about the software, and comment about the person, often with nothing constructive following the comment.

Personally, I think you would be a great help/benefit to the Wilders forum if you offered something constructive with all your posts…I think that’s a fair thing to ask, don’t you?

-{ Quote: "Obviously, I don't know what you are doing or why, that's why I'm asking.
But thank you for answering." }- Actually, no, you never asked ‘why’…and if your subsequent post was a clarifying post (?) then your original post never asked any of the questions you ask in your subsequent post either, nor raised any of the ‘issues’.

As for me taking things the wrong way…interesting thought…I notice two other people who thought you were criticising me. Seeing as you haven’t actually said so in your post…would you care to clarify whether or not you were criticising me, or phishing/baiting?

As for -{ Quote: "I disagree. 'Critism' is exactly what we need." }- If nothing constructive is offered after the ‘criticism’ then a lot is lost without almost nothing achieved.

Well fellas,I did ask a question.Have you tried Sandboxie and what do you think of it's abilities to contain malaware.

-{ Quote: "Hello Pollmaster. Thank you for the reply. It clarifies some things.

Fair enough. Unfortunately, often people will be talking software, and then you will talk people ie, you ignore the discussion about the software, and comment about the person, often with nothing constructive following the comment.

Personally, I think you would be a great help/benefit to the Wilders forum if you offered something constructive with all your posts…I think that’s a fair thing to ask, don’t you?
" }-

I'm sorry to hear you think my posts are not constructive (as opposed to yours?). I'm sure I will not comment on whatever you say in the future whether they are right or wrong. I hope this will make you happy.

And as for ignoring the discussion. Which one is it? Some people say I nitpick when i point out errors of facts as I have done many times with your posts.
Other people say there is no facts to nitpick.

In this case, no , I'm not talking specifics, there is very little specifics for me to comment on since you haven't mentioned any.

I think I have asked several fair questions, you can choose to answer them or not, whichever you think is more constructive to do, I await your response.

-{ Quote: "
Actually, no, you never asked ‘why’…and if your last post was a clarifying post (?) then your original post never asked any of the questions you ask in your subsequent post either, nor raised any of the ‘issues’.
" }-

Actually you are right. I didn't ask "why", "why" was the question *you* felt I should have asked. I was trying to be polite to the answer you gave that you thought I should have asked.

In fact, I didn't really need to know why you dropped PG or Prevx. My question was meant to be more general than that.

-{ Quote: "
As for me taking things the wrong way…interesting thought…I notice two other people who thought you were criticising me. Seeing as you haven’t actually said so in your post…would you care to clarify whether or not you were criticising me, or phishing/baiting?
" }-

Wow, 2 good choices you gave me. I was doing neither, but if you wanted to force me to choose, I would say the first.

Here's the question or critism if you prefer again.

Do you truly feel safer, with all this switching and changing of security software?

Thank you. That is a much better post :)

You are quite welcome to comment on whether or not you believe something I have said is right or wrong. If you point out that something I say is wrong, then I would hope that you will share your knowledge of what is correct.

(You do know that correcting people isn't what any of these posts were about?)

Do I feel safer with SU? Yes. Do I feel safer with OA? Yes. Do I feel safer with AM? (and not having PG)....I can't actually answer that question. I don't know if I'm safer with AM or not. If it works as Trustware says it does, then I would say yes <though I have a few questions about it too>...but still, there is a possibility that I am not.

I don't feel any less safe for having dropped Prevx1 - it was in report mode for most of it's 'protections' (the Prevx forum moderators informed me of that, but only after I asked...they let other people assume that it offered the same protection as Prevx Pro, only more intelligent).

For PG, the two things I really liked about it was the ability to block hooks and driver installation (I like the ability to prevent termination/modification to files, but it doesn't cover a great many files). I have yet to ask Trustware about untrusted programs that require drivers, I believe it blocks hooks <but another thing to ask Trustware>, and prevents modification of any trusted programs by untrusted programs.

-{ Quote: "Well fellas,I did ask a question.Have you tried Sandboxie and what do you think of it's abilities to contain malaware." }-
Franklin, Sanboxie works well on my system and does as it claims.

There's some reports that it doesn't work with Firefox, myself & other have no problems with that combination, I've had some problems with Opera. It works great with IE.

As for "abilities to contain malaware" ? I feel its 100% effective, like any other piece of software nothing is guaranteed.

Its well worth your time to test it out. If you don't like it I've found its best to uninstall it in SafeMode. :)

At the present time I am following Sandboxie and AntiMalware. I am not sure which I like or need. In some respects I like the idea of Sandboxie. It seems simple and if there is something that I am worried about opening ,I can open it in Sandboxie. I assume that also goes for E Mail. I allready have Process Guard. AntiMalware seems kind of like PG in as much as it knows the trusted stuff and won't let the bad stuff run. I have considered ShadowUser. I may be wrong but it seems you may have to do a lot of rebooting with it. My wife does a lot more with the computer than I do,such as ,digital photos,playing spades and E Mailing. With AntiMalware or Shadowuser ,can you just use the computer with those shut off?

Hi William

Peter says you don't need SU with FD ISR? but seeing as you're interested :) ...

With SU, you make an Excluded Folder entry for the folder in which your email is stored. That way your new email's are safe from vanishing upon reboot. The same goes for the Folder in which your wife stores her photo's...basically, you exclude your 'work' folders <anywhere where you save documents etc to>. I also exclude Folders where I have security programs that require updating.

The only difference playing windows games like spades etc with SU running, is your high score won't be saved after reboot. The game itself isn't effected in any way. But if you really do want to save high scores...Windows games like spades, freecell etc are stored in the C:\windows folder. I would highly recommend you NOT excluding this folder :) ...a work-around, would be for you to create a folder c:\games and Control-drag <hold down control whilst dragging> the game executables into that folder. Then make shortcuts for them to your desktop. Then exclude c:\games in SU.

Just remember though, even with Excluded Folders...you can still do a lot of rebooting...depending on your computer habits/likes/dislikes. Ie. if you like changing windoes settings a lot, then SU would require a lot of rebooting, and would probably get irritating after a while...but if you can set your computer up the way you like it, and don't do much installing...then SU is great.

With AntiMalware...it does not stop malware(untrusted programs) from installing or running...is disables their ability to modify trusted programs (anything on the computer when AM was installed). It prohibits other interactions between untrusted and trusted...but I'm not certain what yet. You are of course, able to make an untrusted program, trusted. So far, the only problem I have found with it is that Yahoo IM didn't like being made untrusted...but it's happy if any files created by it are made untrusted (which amounts to the same thing). My windows games etc aren't effected. They are all trusted. AM won't apply it's bufferzone rules to anything that was on your computer when it was installed.

-{ Quote: "Interesting point of view. ;)" }-An interesting interpretation of what I wrote I must say
-{ Quote: "if we are helpless (mostly) to handle the hard facts, what exactly drives our usage and purchasing behavior?" }-Did I say we were helpless to handle hard facts? I think not. I did note that we often do not deal in hard facts. Much of what we discuss doesn't really constitute fact. Product A running faster than Product B on my machine, under a given set of conditions would be an example of a fact. Product A is faster than Product B (no qualifiers attached) isn't a fact. The general case has not been demonstrated. It's an extrapolation of the casual observation which may or may not be true. If I have a sufficiently unique configuration the opposite could be more generally observed. That fact is, it is important to appreciate the difference between isolated observations and extrapolated generalities, unfortunately many miss that nuance.

Now, the preceeding doesn't mean that the anecdotal information regarding performance on my machine or your machine is worthless, but I do have to appreciate the dangers if I try to extrapolate to a more general situation. As more people weigh in, a clearer picture may develop or it could simply become even muddier. The same holds for performance testing. Many will claim product C is better than products D through F if it scores higher on a given challenge. In my mind that is soft information since the details of test protocols are typically only partially known to us and are certainly not generally applicable since they apply to a very contrived situation. Operationally, we do make some determination of the intrinsic value of the information based on past experience, consistency with our own observations, and the trust we place in whoever developed and executed the test.

-{ Quote: "If all we can do is to rely on anecodotal evidence , it seems futile to ever hope that we can make the right choice based on such incomplete and unscientific information. Even if we suceed it would be a matter of chance." }-There's nothing wrong with anecdotal information, I just see too many extrapolations beyond the scope of the original observation. Sometimes the overreach is plain, at other times it's not. However, one thing is clear - there is always a danger than the extrapolation is quite wrong.

-{ Quote: "In fact, a cynic would say that if we are incapable of handling and appreciating hard facts, all that means is that whatever is in 'fashion' around here is a matter of marketing rather than reality.

That would be very sad." }-You certainly have missed the point here. If there were hard facts available, I think everyone could certainly deal with them. My point is that, in more instances that you are seemingly willing to admit, the hard facts are not available to us. Further, since the usage and performance of many of the products discussed here is situational, hard facts in the context of general truths really don't exist. You seem ready to label me a cynic, I tend to feel that it's important to understand where solid understanding ends and opinion/impression/gut feeling/preference begins. Obviously, YMMV.

Blue

Thank you Vikorr. I have FDISR and I like the program, but I look at it as recovery system. I don't look at these others as a recovery program. My wife plays Yahoo spades. And sure doesn't want to loose her scores.

-{ Quote: "I have considered ShadowUser. I may be wrong but it seems you may have to do a lot of rebooting with it." }-

Simplicity is the big point of ShadowUser.
You can surf on the internet as long you want, without being carefully.
You can download and try any software and ditch it when you don't like it without any malware infection.
You can satisfy your curiosity on the internet without hurting your system.
A simple reboot removes every malware on your computer in 5 minutes.
That's what every internet user wants : simplicity, no annoying questions, freedom and speed.

Or do you like to run 10-15 incomplete scanners each day, which takes alot more than 5 minutes and the total scan time increases every day, while the reboot time remains the same.
After running all these scanners, you still don't know for sure if everything was removed : undiscovered malwares, incomplete definition databases, not detected by heuristics, updating too late, false positives, ...
SU doesn't have all these many problems.

ProcessGuard safe ? If you are knowledgeable enough to answer YES or NO, maybe and what if you don't have that knowledge ?
One wrong YES or NO and your computer is infected or doesn't work properly.

I have many reasons to vote for SU and I don't see any hard proof that SU isn't working properly either. The rest are stories without background.
As long I don't really need SU, I won't buy it, but SU will be the very first security software, I will pay for.

William...sorry I thought you meant windows spades. I'm not certain about Yahoo spades, but 'if' her high score is stored on their server, then SU won't effect it at all (but if it's not stored on yahoo's server, you just find the folder where it's stored, and exclude that folder...so long as it's not a windows/system folder or c:\)

Ok , here is my question. Sandboxie vs Shadowuser. Why can't Sandboxie be used the same as Shadowuser. From what I have read I could surf the web or download a program and then remove the sandbox and it is all gone. Where is the differense? Don't get me wrong. I'm not saying the programs are the same. It just looks to me like I can accomplish the same thing with either one. If not please explain.

As far as I can see there's no reason that sandboxie can't be used for the same purpose that SU is used.

The major differences would be in reliability (I know SU's security won't be compromised -not completely certain about Sandboxie), conflicts (none with SU), and functionality (SU is automatic and global, but requires reboots for certain things vs SB's local management of IE, which allows changes to windows settings without a reboot)

Ie in some ways Sandboxie is more convenient than SU, and it's free...and in someways SU is more convenient than Sandboxie (esp if you don't install much, or play with your settings much), and is more solid - but also expensive.

Btw, I don't know if you saw the post, but AM is free (you just have to sign up to their forum). Also, I just ran this test on it (post 24) http://www.wilderssecurity.com/showthread.php?t=98653&page=2

Help guys! I have downloaded Sandboxie but Online Armor won't let it open IE or Firefox . If I shut off OA then they will open. How do I get OA to behave itself?

Haven't seen any posts about this problem at the official Online Armor forums. It might be worthwhile putting a post there about it.

http://www.tallemu.com/forum/

What has happened to Sandboxie? Can't get to their web site or Forum.

hi William seems to be ok now

Sure is. I had tried since last night. I guess their server was down. Still haven't found out how to get Online Armor to behave. I have posted at OA Forum and Sandboxie Forum.

I have been using sandboxie for the last 3-4 days, and its a nice program. I have two issues with it:


I use a Compaq Presario laptop. When I use firefox in Sandboxie, the scroller on my touchpad stops functioning.
I tried to visit some nasty websites to see if sandboxie was as effective as it claims to be. Prevx, Antivir PE and MSAS didnt detect anything in realtime on these sites. BUT, when I was cleaning the sandbox, Antivir detected 5-6 viruses/trojans. Is it so that Antivir cant provide realtime protection to programs running in the sandbox?


Are these things normal? Comment!

Thanks

-{ Quote: "I have been using sandboxie for the last 3-4 days, and its a nice program. I have two issues with it:


I use a Compaq Presario laptop. When I use firefox in Sandboxie, the scroller on my touchpad stops functioning.
I tried to visit some nasty websites to see if sandboxie was as effective as it claims to be. Prevx, Antivir PE and MSAS didnt detect anything in realtime on these sites. BUT, when I was cleaning the sandbox, Antivir detected 5-6 viruses/trojans. Is it so that Antivir cant provide realtime protection to programs running in the sandbox?


Are these things normal? Comment!

Thanks" }-
Waiting for an answer!!

abhi mittal,
You could post your question at the Sandboxie Forum. The author of Sandboxie lives there.
http://www.sandboxie.com/phpbb/
Never bet on one horse :)