Question to the Sanboxie Pro

[Antarctica]

I am putting together a PC for my daughter and this is the setup I have so far

L"n"S paid
Antivir free
SSM paid

I was wondering if it would be a good idea to add Sanboxie or DefenseWall?

Thanks for comments

[Peter2150]

Quote:

Originally Posted by Antarctica

I am putting together a PC for my daughter and this is the setup I have so far

L"n"S paid
Antivir free
SSM paid

I was wondering if it would be a good idea to add Sanboxie or DefenseWall?

Thanks for comments

I would test it on her PC, and if it works well then yes. I like it because it isolates what happens on the internet, but it is still easy to recover downloaded files, if you want, and also it is easy to make everything go away. No reboots needed.

I have trialed Defensewall twice, and just don't like it. Didn't have any feel of what was going on.

Pete

PS. If you pay the modest fee for registering Sandboxie, then all the browsers can be set to open automatically sandboxed.

[Franklin]

With Sandboxie, the desktop shortcut "Run the default browser under Sandboxie" can be renamed to your browser then change the icon to suit, usually by navigating to your browsers installation folder in program files.

Set this way another user probably wouldn't even notice they were browsing through the sandbox, until they can't find that saved pic or download that is.

[Antarctica]

Thanks to both of you for replies.
Pete, when you say "no reboots needed" it means just closing the browsers and everything is gone?

[Jarmo P]

Everything is gone after you delete the sandbox contents.
That could be after many days of use or if desired after every browsing session.
Your choice.

[Antarctica]

Quote:

Originally Posted by Jarmo P

Everything is gone after you delete the sandbox contents.

Sounds good, I will give it a try.
Thanks again

[ErikAlbert]

Quote:

Originally Posted by Jarmo P

Everything is gone after you delete the sandbox contents.
That could be after many days of use or if desired after every browsing session.
Your choice.

Is their no way to delete the sandbox contents AUTOMATICALLY ? Some kind of setting ?

[Jarmo P]

Yes, you can set the cleaning up options so that after each use the contents are cleaned. That means I think before Sandboxie control is closed before reboot or exited manually from systray by you.
I have not tried that myself but I think that just closing a sandboxed browser will not erase all that content.

[ErikAlbert]

Quote:

Originally Posted by Jarmo P

Yes, you can set the cleaning up options so that after each use the contents are cleaned. That means I think before Sandboxie control is closed before reboot.
I have not tried that myself but I think that just closing a sandboxed browser will not erase all that content.

Thanks

[Franklin]

GUI-configuration-sandbox settings-set auto cleanup options.

I just set CCleaner to clean it every now and then under custom folders.

But that's not really needed either after a restart with Powershadow.

[Jo Ann]

When using SandboxIE, it would seem to me that there might be specific items in the sandbox you wish to retain rather than deleting everything in the sandbox.

Can sandboxed items be selectively deleted/retained ...how does this work?

[Jarmo P]

Some items like bookmarks can be had in synchro with your real browser install with IE and Firefox.
Other things you have to explore the sandbox contents and manually copy them from that virtual folder to your real system. Something like for instance you run a bit torrent client inside a a sandbox and then want to keep what you have downloaded.
It is very easy to do that.

[Jo Ann]

Do emails also wind up in the sandbox?

[ErikAlbert]

Quote:

Originally Posted by Franklin

But that's not really needed either after a restart with Powershadow.

Same here with a frozen snapshot, but I would use Sandboxie to protect my computer between two reboots.
I assume that Sandboxie stops the installation/execution of these malicious objects, stored in the sandbox.
What is not installed, won't hurt me during the period between two reboots.
Everything that bypasses the sandbox (nothing is perfect) and infects my computer will be removed during reboot anyway.

[Jarmo P]

Jo Ann, i have personally reverted from my isp emails to using gmail, but yes, I have Mozilla Thunderbird also in Sandboxie and get copied all the spam I still get there also to my real system.
So yes, emails are also retained i think with thunderbird and outlook express. It is an option that Ronen has made to exclude the virtual thing for a user convinience, same as the bookmark exclusion. Both can be denied too.
I do wish that not much more exclusions are made to sandboxie virtualization.
It is quite nice to run as it is without any need for new features.

[aigle]

Quote:

Originally Posted by ErikAlbert

Same here with a frozen snapshot, but I would use Sandboxie to protect my computer between two reboots.
I assume that Sandboxie stops the installation/execution of these malicious objects, stored in the sandbox.
What is not installed, won't hurt me during the period between two reboots.

No it will allow the installation of software/ malware, only the difference is that malware will be deleted( all related files, registry etc) when u will empty the sandbox. There is no need for Sandboxie with frozen snapshot. It does not stop the malware, just isolates. A policy restriction software like GeSWall, DefenceWall might be the option though as they actually stop execution of malware.

[Peter2150]

Quote:

Originally Posted by aigle

No it will allow the installation of software/ malware, only the difference is that malware will be deleted( all related files, registry etc) when u will empty the sandbox. There is no need for Sandboxie with frozen snapshot. It does not stop the malware, just isolates. A policy restriction software like GeSWall, DefenceWall might be the option though as they actually stop execution of malware.

Not totally. I tried installing KAV in the sandbox and the installation failed. I also tried with Online Armor, and it installed but couldn't start. I also installed Cryptosuite in the sandbox and it ran, but I couldn't access files outside the sandbox.

[aigle]

Quote:

Originally Posted by Peter2150

Not totally. I tried installing KAV in the sandbox and the installation failed. I also tried with Online Armor, and it installed but couldn't start. I also installed Cryptosuite in the sandbox and it ran, but I couldn't access files outside the sandbox.

I think it does not allow rootkits, kernel drivers etc to be installed that is understodd.
Try a simple software, say a download manager, or a simple( on-kernel based) keylogger and u will that it will be installed and will run fine.
Infact it,s a feature of Sandboxie that u can install nw software inside sandbox.

[Franklin]

From Sandboxies FAQs.
http://www.sandboxie.com/index.php?F...AskedQuestions

Quote:

How does Sandboxie protect me, technically?

Sandboxie extends the operating system (OS) with sandboxing capabilities by blending into it. Applications can never access hardware such as disk storage directly, they have to ask the OS to do it for them. Since Sandboxie integrates into the OS, it can do what it does without risk of being circumvented.

The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports. For some more information on this, please see SandboxHierarchy.

Sandboxie also takes measures to prevent programs executing inside the sandbox from hijacking non-sandboxed programs and using them as a vehicle to operate outside the sandbox.

Sandboxie also prevents programs executing inside the sandbox from loading drivers directly. It also prevents programs from asking a central system component, known as the Service Control Manager, to load drivers on their behalf. In this way, drivers, and more importantly, rootkits, cannot be installed by a sandboxed program.

[ErikAlbert]

Quote:

Originally Posted by aigle

No it will allow the installation of software/ malware, only the difference is that malware will be deleted( all related files, registry etc) when u will empty the sandbox. There is no need for Sandboxie with frozen snapshot. It does not stop the malware, just isolates. A policy restriction software like GeSWall, DefenceWall might be the option though as they actually stop execution of malware.

Sandboxie's feature to install softwares is something I don't need and it seems only to work for little softwares. A frozen snapshot has no limits to install softwares.
If Sandboxie doesn't stop the execution of malware, even when the installation is isolated, it's worthless to me.
I don't care about the installation, I care about the execution, the worst part of malware.

I need softwares that prevent (installation) and execution of malware, like Anti-Executable.
From what I read DefenseWall also stops the execution of malware in untrusted applications, so that's a good one too.
What else is there ? No scanners, no Powershadow and no HIPS please.

[aigle]

Quote:

Originally Posted by ErikAlbert

Sandboxie's feature to install softwares is something I don't need and it seems only to work for little softwares. A frozen snapshot has no limits to install softwares.
If Sandboxie doesn't stop the execution of malware, even when the installation is isolated, it's worthless to me.
I don't care about the installation, I care about the execution, the worst part of malware.

Hi Eric! I think u can read it all in the post#19 by Franklin.
It does stop the malware but not like AE.

[ErikAlbert]

Quote:

Originally Posted by aigle

Hi Eric! I think u can read it all in the post#19 by Franklin.
It does stop the malware but not like AE.

OK. Sandboxie back on the list.
So I have this up to now :
1. Firewall of Straw + Router
2. Anti-Executable
3. DefenseWall
4. Sandboxie #Firefox# (Thunderbird doesn't need Sandboxie)
5. FDISR's frozen snapshot, to clean what passed through 1, 2, 3 and 4.

[Franklin]

1-Soft FW mainly for outbound as I have a FW router. First line of defense

2-Sandboxie second line

3-Powershadow third line

4-Ghost images fourth line

5-A coupla spare hard drives with clones of the original ready to hook up and boot as masters fifth line

Nothings got past Sandboxie as yet and I use the FF add on Stumbleupon, which can take me anywhere on the net.

Quote:

Originally Posted by ErikAlbert

2. Anti-Executable

That one is a really intelligent and practical choice and brings back good memories of when i first tried it out. It really did lock down most all executables and was relentless at sealing your system tightly closed from those nice surprises of something hidden in the background suddenly springing to life to jar the blazes out of your nerves and all that.

Is this a recent choice of yours and even if not, how do you find it? Are you completely satisfied of it's ability and do you regard it as foolproof for the most part if not entirely?

[simmikie]

Quote:

Originally Posted by Jarmo P

Yes, you can set the cleaning up options so that after each use the contents are cleaned. That means I think before Sandboxie control is closed before reboot or exited manually from systray by you.
I have not tried that myself but I think that just closing a sandboxed browser will not erase all that content.

it not only cleans it automatically after each browsing session, it will allow you to save whatever you downloaded and want to save before the cleaning.

a really nice feature i just began using a few days ago. cleans out all of the internet rubbish, and leaves SAS with absolutely nothing to do!


Mike