DropMyRights VS Sandboxie?

I have heard that there are now websites that can do nasty things if I merely visit them or click on one of their links.

I would never knowingly visit malware infested sites. My endocrine system is out of ardor with respect to porn. I never mess with cracked programs. I only yank people's chains if I'm somewhere safe, such as here at Wilder's. Even so, I do surf around a lot because I'm a software try-out junkie plus excessively nosey.

Ergo, even if I am a safe-hexer, I am quite capable of doing something dumb enough to get myself in trouble. Therefore, I am considering two programs that I *think* will enable me to surf in potentially dangerous waters & still be reasonably safe. The programs are (1) Sandboxie, and (2) DropMyRights.

I seek information about these two programs, and will appreciate any help that you might care to offer.

FYI- I run XP SP2. My main "real-time-monitoring" security apps are DrWeb, Kerio 2.1.5, System Safety Monitor, & A-squared.

BACKGROUND #1- I tried Sandboxie & liked it a lot. It ran smooth as silk on my system, and seemed to be affording good protection. {I say "seemed to be" because I don't know any dangerous sites to test it, and (even if I did) I am not very brave about doing such things.}

My one grumble with Sandboxie was that its processes used quite a bit of RAM & VM. Moreover, it insisted on running those processes even when I wasn't using Sandboxie. That is, when I disabled Sandboxie's processes (I used Autoruns to disable them), Sandboxie wouldn't work even if I reactivated those processes. To get Sandboxie to work again, I had to have Autoruns reactivate all of Sandboxie's processes, & then do a restart.

Ergo, in my OPINION, Sandboxie is rather cumbersome & heavy to use if I want to activate its processes for on-demand use only.

QUESTION #1- Is there an easy way to activate Sandboxie's processes only on-demand, without having to go through a rather cumbersome re-activation/restart?

BACKGROUND #2- I am now using DropMyRights (DMR) whenever I surf. DMR seems to have no overhead at all. Once DMR executes, it keeps nothing in RAM or VM. AFAIK, DMR simply executes a script to drop my status to that of a limited user. Having done so, DMR leaves the scene -- unlike Sandboxie, which keeps all its processes running the whole time I am surfing.

QUESTION #2- Am I at least ~90% as well protected when surfing under DMR as I am when surfing under Sandboxie? If not, can you please explain?

FOLLOW-ON REQUEST- If you know of a small-footprint program that is (1) safer than DMR & (2) easier to use on-demand than Sandboxie & (3) will give pretty good protection while I surf, please let me know of it.

 

Have you tried disabling this option in Sandboxie?

 

I use GesWall, it is free, automatically does sansboxing of browsers etc.
Uses 11 MB Ram, 5 MB VM.
No significant conflicts on my system.
Support is good even it is free.

 

@aigle- That program *seemingly* flopped when tested Yonder.

@dah145- I THINK I tried that. However, thanks for the hint. I shall check it out.

 

Ya, u must do this.

 

Dont know if youve considered this, basically same sort of thing as Drop my Rights

http://www.runsafe.com/

 

bellgamin, i can tell you after running a crapload of tests that geswall is a better product than many of the programs that "passed" yonders "tests". this thing has withstood everything i threw at it, even the dreaded killdisk (when other programs failed causing my MBR to become corrupted). geswall totally protects any attempts to wreck the registry but allows programs to create files on the HD. these files are "marked" and cant' wreck any damage. i highly recommend you give it a try.

 

Hmmm. I'm running my K-Mel in Sandboxie currently (with a bunch-o layers open) and total mem (private bytes) of the 4 running processes is 3.7 Mb.
(XP Pro here)
One of the things I've liked about Sandboxie is it's light resource requirements.

 

@Bob D- I agree with you that Sandboxie is *relatively* light. However, Sandboxie insists on loading into memory with every startup, even if I have no intention of needing it until hours later. I do webmastering first thing every day, and that task needs several fairly heavy programs open at once. Therefore, I try to avoid any deadweight from unnecessary programs while I am doing that task.

@Huwge- RunSafe looks verrry interesting. As you said, it does about the same job as DMR. However, it looks a LOT easier to use. RunSafe's drag-and-drop is a big plus. I will recommend it to my friends who have balked at using DMR because of disliking its configuration needs. THANKS for calling RunSafe to my attention.

@Anyone- I do hope someone will comment as to the differences in protection between DMR & Sandboxie while surfing the net. Unless the difference is significant, DMR seems like a superb tool at basically zero impact on my computer's resources.

 

The main hangup i had when trying out these virtualisation applications is that my 'other' apps could not run inside them. For example, i use Ad Blocking apps and they just don't run in SandboxIE. So i ended up with all the popups, ads, banners etc. It kind of defeated the object really. I mean yeah sure you can clear the cache and everything that you have in your 'session' is gone, but at the expense of not being able to block the things i didn't want? No thanks. And if something manages to 'break out'. Well, what then?

muf

 

As I understand it, DMR eliminates (O.K., reduces) vulnerabilities of running as admin. Per Michael Howard's blog (DMR's developer) discussing malware (specifically variation of the Bagle/Beagle worm):

Sandboxing, however, offers much more complete protection. In theory, NOTHING can get out of the sandbox unless allowed/manually moved.
Subsequently, you should be able to browse with wanton abandon, resting assured that you are virtually bulletproof.
P.S. Regarding DMR. Someone here was posting recently (forget who) claiming that DMR was either ineffective or vulnerable. Sorry cannot recall specifics.

@Bellgamin: What sort of mem usage r u seeing?

 

One of the problem with DropMyRights is that though the browser is run with limited rights, every other app on your system is not. So if the malware gets on your computer through the browser by being downloaded, run through javascript, etc. Then your computer is very vulnerable since the malware has administrative rights, and can manipulate the processes that also have administration rights.

Sandboxie on the other hand, prevents the browser, and anything launched by the browser from writing any data to the disk. this prevents almost all malware from doing any harm to your disk, including stuff like killdisk, and any other malware. Once you delete the sandbox, it is gone, end of case.

Also, in regards to the processes of Sandxoie, only one service runs in the backround, and it uses very little RAM on my pc. However, you can always set it to start up manually, then go to services.msc and start the process. Sandboxie will work then.

Alphalutra1

 

It was a pitty that the tester put programmes with different ways of protection to same test bed. That only gives me an idea of his understanding of these software.
Remember the more strict sandboxing u do, the more functionality u loose. GeSwall is istall and forget. U never need right clicking or drag and drop type of stuff. Run ur computer as u do run routinely and every thing is automatically configured/ protected.

If u try it against some malware u will feel it gives u enough security. After all u are not going to put an Atomic Bomb on ur PC!

 

bellgamin,

You can always set the Sandboxie service to manual and start it when you want to use it (via services.msc or via a reg file). This way you have protection when you need it and it doesn't use any memory or cpu cycles when you don't need or want to run it.

 

Dear bellgamin,
What account do you use, limited user or administrative?
DropMyRights simply restrict the (dangerous) rights of IE and others when you run an admin acocunt. If you log in as a limited user, you don't really need it.
Other similar products like this are RunSafe.

Sandboxie does more than DropMyRights. It isolates your product. Any change made from your product can be discarded (you may select what to keep, eg your favourites).

Thus the safety of sandboxie is larger than DropMyRights.

Note that it holds true only if they can do what they claim. All products have holes and malware writers can always find ways to bypass the protection. A mlaware can break out of the sandbox. Similar things can happen to DropMyRights. Only real tests can prove how safe these products are.

 

Just for information, PsExec works in a similar way to DropMyRights, i.e. you create an appropriate shortcut. PsExec also works on Windows 2000 whereas DropMyRights doesn't. On a Win 2000 computer, I got it to work for all internet programs except Opera which threw up an error. Similarly, Amust-1 Defender 2.0 works on XP and 2000. Although it's primarily designed for IE and Outlook Express, you can create shortcuts to your other internet applications. Again, I couldn't get it to work with Opera.

psexec http://www.sysinternals.com/utilities/psexec.html
Amust http://www.amustsoft.com/1-defender/

 

Runsafe .....or.....

better still Defensewall spring to mind as similar apps

 

Yes since some applications are not sandboxing programs, so it may give false impressions on novices.

But think wisely. Just try not to interpret information directly and read wisely. You can make use of the given info to make a right choice.

 

U are right. Tests are not totally useless though.

 

Quite true, but considering (on my puter anyway) mem usage on startup (b4 sandboxie is utilized) is <1.5 Mb. I consider it insignificant, almost not worth mentioning.
Even when I launch my browser within Sandboxie, mem grows to only an additional 2.2 Mb.
I consider it the lightest, yet most effective piece of security software in my arsenal.
(My backup AV on-demand Bitdefender free eats 24Mb, yet does NOTHING for me in real time!)

 

I'm currently doing tests with DropMyRights, tests with the main types of malwares (spywares, trojans, worms, keyloggers and rootkits). I'll publish it to a site I'm building, but since I am the worst webmaster ever , it'll take me a while to achieve it...

So I think I'll post a link to the spyware tests when it is ready (tests with and without DMR against 6 or 7 widespread spywares/hijackers), I hope for the end of this week/beginning of next week, and will release other tests links later .

Cheers,

nicM

 

Ohhhh YES! Hurry up & do it.

 

How about testing Sandboxie as well?
It's more powerful than DropMyRights.

 

Well, if I can find time to do it once tests with DMR are finished, why not; but I can't test Sandboxie and DMR together, such a process would take too much time (computer restore after each test, reboots, etc).

And honestly I do not think the site will be ready soon, the first web host I used to begin was not good, and I have to rebuild it from scratch elsewhere .

nicM

 

Caught this discussion late.

The thing with sandboxie being heavy...for me running on startup it takes 6megs of ram. This is not heavy at all.

I am running sandboxie with dropmyrights and the only lag i get is with the preloading of dropmyrights prior to the browser/ mail app launching. My web speed seems to also be the same as when running without.

I dont think you can really compare the two since sanboxie also is protecting against things like infected cookies, ect.