Has anyone used Sandboxie for large installs like games?

If you run returnil alongside altiris then yes all virtual layers created while returnil is active will be gone upon reboot. If you want to keep them you'll have to export them to a safe location and then import them when you want to use them again. If you're just installing genuine software then theres no need to run returnil imo, altiris can handle it just fine by itself. If you're installing some dodgy software that you're not sure about then definitely use returnil as altiris isn't really designed for security.

 

xheffalumpx,

I'm looking to do the EXACT SAME thing...

By the way, is your post at
https://www.wilderssecurity.com/showthread.php?t=205140

a method to achieve this objective? I noticed you posted that thread after this one...





About Altiris & It's Security:

it seems like, as Farmerlee stated, altiris is not a secure virtualization tool for installing *Higher Risk installs you want to try out.
http://forums.altiris.com/messageview.aspx?catid=28&threadid=50702&enterthread=y



Ok. Altiris's spokesperson implied that they might be coming out with a "more secure" version of Altiris, hopefully they'll come out with it soon.



Or what about now:

Has any new programs come out that is capable of installing large games "Safely" since this last post?

 

Not really, but Comodo is working on a new ISR software, but it's still in BETA, it's called "Comodo DiskShield"
If games require a reboot during installation, most virtual ISR-software can't handle this.
FirstDefense-ISR RESCUE, ShadowUser, Drive Vaccine, Baseline Shield, RollbackRx, ... maybe.

Maybe you can create a dual boot system, two partitions with each an OS, one for serious work, one for gaming and messing around with other softwares. This is until now my favorite solution, if I ever need it.

VMware, Virtualbox, ... maybe, if they can handle the graphic part.

 

I find this type of application very intriguing and I am going to look into this...

I've actually always dreamed of the possibility of this dual boot system, but I always thought that the only way to make sure 99.99% that Partition System A will *NOT be able to affect Partition System B, is that if you *Physically isolate them. (Ex: Use 2 different computers, or use one computer with 2 hard disks and unplug each hard disk OS you want seperated). This was according to some "Fry's electronics technician" and this was long before I found Wilderssecurity.


You mentioned that a good solution to my objective is to create a *dual boot system with two partitions. And this brings up a questions I've always wondered about:


If I use your solution, is it possible that I can have (2) different OS / Systems running on the same computer that are *COMPLETELY separate from each other? (Without having to physically remove hard drives each time etc)


For example,

Let's say I have (2) different OS systems // Partitions

1. Windows XP Normal Standard Use:
*This is my OS where I will conduct my activities in the cleanest manner (No installation of risky programs etc)
*I'll use this account as my main account
*This account should be clean because of good computing habits

2.Windows XP Higher Risk Usage
*More risky practices
*Where there is a good chance and possibility that THIS OS can get infected with malware


Is it possible for me to create a setup where I can run system #2 as "carelessly" as I want, and it will *NOT be able to compromise system setup #1?


If so, how do I create this setup? (Which Programs do I need? Is there a Guide? etc etc)

 

I offered this solution as a possibility and I would do it this way, if I ever need it.
If you ask me HOW TO DO IT, I can't help you, because my technical knowledge is very poor. I only have IDEAS, but I always have to ask Wilders how to accomplish these ideas.
So I suggest that you start a new thread, where you ask members how to create a dual boot system and how to install each partition.
I'm 100% sure there are members at Wilders who already have accomplished this and they will advise you in detail how to do this.
Personally I will follow that thread too, because I'm also interested in the future.
At this moment I have already a solution, but the software is terminated and is not available anymore. Although I'm not in a hurry, I'm also interested in how to create a dual boot system somewhere in the future.

 

That's a good idea, and I'll work on this soon... but is it even possible to do the following: ?

Because a lot of people say that viruses/mal-ware can in fact *bypass separate partitions and dual boots

Ex: Post #4: http://www.sysopt.com/forum/showthread.php?p=1406556#post1406556

 

Possible, but I would never use my second partition to play with malware. I would use it to test legitimate applications, because I won't have FDISR (= 8 test environments with an OS) anymore to do this.
You can configure the OS in each partition the way you want.

In theory malware can do anything and it's the users job to be prepared for the worst scenario, when something happens.
As long the malware only infects your harddisks, you can get rid of it, if you are prepared.
Once rootkits are going to infect other hardware components, like motherboard, VGA card, RAM, ... you are in much deeper problems, including me.

 

First, malware cannot just "do anything", it's not magic. Second, regarding hardware rootkits - there's plenty of real threats to be concerned about, let's stay grounded on topics approaching reality.

Blue

 

I work theoretically, not practical.

 

OK, then theoretically malware cannot just "do anything" either. With respect to the practical, yea, we know.

Blue

 

That doesn't matter to me what a malware can do or can't do, but they can do alot more than 10 years back and who knows what in the future.

 

I dont have much interest in gaming as yet; ( unless you count distrohopping )
But,
Any use for:
VMWare Thin App ( ex thinstall)
http://www.vmware.com/whatsnew/thinstall.html
Mojopac
http://www.mojopac.com/portal/content/hellomojo.jsp
Mokafive : this might be a bit over complex.
http://www.mokafive.com/

You have made a fairly complex solution for your gaming.

Oops missed this post:
https://www.wilderssecurity.com/showpost.php?p=1259031&postcount=31

Unfortunately the tears for fdisr are all moot now:
Go Virtual, use firewall , HIPS etc or Returnil or such in a VM.
Have a base ...
That will expand your options...a lot..

 

Returnil is certainly not an option in my book, because it can't handle all softwares. I wonder why users keep on recommending Returnil as a tool for testing softwares. Returnil is only good to keep your system unchanged without testing softwares.
If you solve a problem, do it right from the beginning and don't ignore the problems, that will show up later and in case of Returnil, there is no doubt and it has been proved.

 

Thanks E-A:

I am aware of the "limitations" of Returnil, SD etc and it appears so are xheffalumpx and connect4.

I was responding to the OP's explorations as noted:

and then expended by connect4 in post #27

Use the different tools: mix'n'match..

Get Games set-up and base setup in different VMs w/wo Returnil or snapshots: w/wo unspecified security arsenal..on a thumb drive in a VM ??


As you pointed out there may be issues with Graphics in VMs.
Not sure about graphics and thinstall/VMWareThinApp.
AFAICS, there is as yet no evidence that mals can break out of a VM.
Some POC may be around that can go VM to VM and propagate through virtual server systems. I realise that a mal could be active in a VM.

A corrupted base OS could lead to a broken VM .

The mention of "other options" was a gambit for Xheffalumpx and connect4 to follow up on if they wished.
Regards.

 

Thanks for the links Longboard.





So these are all Program Virtualization programs? If I use these programs and virtulize my "high risk applications / games",

Is this 99.99% effective virutalization security? Which means that, If I run those high risk games / applications through these programs, will my c:\ still be protected?

Can I install games / applications through the use of these programs?

 

Hmmm....

it looks like MojoPac is *Not secure regarding malware.


quote taken from http://www.everythingusb.com/mojopac.html

"Fourth, MojoPac does NOT totally isolate the host PC from the guest programs. For example, I attempted to use WindowBlinds, a shareware theming utility within MojoPac. All seemed fine, until I switched back to the host environment and saw that my windows were changed in color. If this can happen, I lay serious doubt as to how well the host PC would be protected against malware installations."



Am I missing something here Longboard?

How will these programs help me install games *safely and cleanly, if they aren't malware secure?

 

You could run high risk software quite easily inside a virtual machine. However most (if not all) 3d games will not work in a virtual machine as 3d support is extremely poor at the moment.
Most of these apps are not designed for security, they're designed to run legit apps safely and easily (and by safe i mean preventing conflicts and crashes etc...).

 

They work well for installing legit games safely and cleanly. Personally i use altiris svs which works well for installing my games and apps.
For games of a dodgy origin you'll have to look for some other solution if you want to be able to run them while keeping the host secure.

 

Probably not
That is a nice review btw: good link.

AS per farmerlee:

That's prolly it in a nutshell.
The new releases of VMWorkstation are likely to have 3D support in Windows ( I think already exists in VMFusion on macs )
https://www.wilderssecurity.com/showthread.php?t=211045
Parrallells in macs support 3d rendering.


I haven't used any of the above (Mojo, Moka, Thinstall) for a while
Thinstall might be worth a go: free trial: but if I read correctly the purchase price is $5000

Interestingly, another option may be the FDISR Server Rescue
http://www.horizondatasys.com/305029.ihtml
This gives many options ( not as good as original FDISR Pro)specifically able to create a snapshot to boot to which can be configured as required and an "archive" snapshot stored wherever. You can copy/update back and forth from snapshots and archives. The booted snapshot runs as per the base system: native speed and functions ie Graphics, I/O, discwrites, connection speed etc..

AFAICR there has not specifically been a problem with base system corruption that has not been recoverable with FDISR options, but not absolutely sure.
Not absolutely invulnerable.
Combination of this tool with an image utility for ultimate recovery may help achieve what you want ??

There may be (are) options to create more than one "archive" file for recovery if required ie keep several snapshot (more than initially apparent ) configs set-up for availability in archives.
The full capabilities of FDISR Server has yet to be explored.

This would require some discipline and care.
I suspect that even in the present cut-down form FDISR Server will have many uses not initially apparent, and if HDS has not screwed with it too much, it has a cast iron reputation amongst users in previous incarnations ; $300

There are IIRC options for multi boot systems that do not "see" other partitions but I have never explored the "security" of such.

Sorry that's about it from me for this quest I think

EDIT:
Just one more thing that may be of help
SVS used to have a nice tool called PROTECT a secure extension of virtual session layers:
http://www.cookfamily.org/randy/blog/item/5
now not available but in development maybe:
http://forums.altiris.com/messageview.aspx?catid=28&threadid=50702&enterthread=y
as already posted.

 

I´ve used SBIE to install some game demo´s ( like FIFA 2007/2008 ) and to my surprised it worked well.

 

Hi, sorry for the delay in replying; I've been abroad on assignment for the past couple of months! The link given above by connect4 is my followup progress which has achieved what I wanted. I've managed to install and run a couple of games with it namely Sins of a Solar Empire and Unreal Tournament - not had time to try many other games but this method has worked for me so far whereas Sandboxie did not.

I'm not aware of additional security articles so unable to comment on that I'm afraid. For me personally the Altiris setup with a baseline freeze app seems to be working well and not causing any problems thus far. I'd consider myself an above average internet user and gamer in the sense I try out a fair bit of applications (temporary) and games (temporary and purchased - installed for short periods of time) and surf the web a fair bit.