Please allow me just one Sandboxie question...

...is it secure enough for online banking, because in January I will do some online banking, but I'm not sure if is my Sandboxie with all kinds of restrictions and configurations that I put into secure enough?
If Sandboxie is not enough or if it is useless recommend me some other product this is my first time with online banking attempt now in january, so I'm asking for your help.
Thank you in advance.

 

I'm not sure if Sandboxie alone would be a good idea or not,
maybe someone with more (Sandboxie) experience will answer that for you.
Personally I bank,shop and do other sensitive things online now for years with
zero problems/intrusions/infections/breeches with DefenseWall Personal Firewall and Shadow Defender.
On a side note I also visit some very seedy areas of the net (rebooting in between sessions of course)

 

Thank you for your answer, personally from my experience DefenseWall alone is more than enough for secure online banking. I have 2 computers (one doesn't have anything connected or common with the other), on one computer is DefenseWall on the other computer is Sandboxie.
Although my Sandboxie is tightly configured against keyloggers and everything else, I'm still scared of using Sandboxie for online banking.

How good/secure is Shadow Defender for online banking??

But I wonder what kinds of these very seedy websites you visit (you can send me via PM)...

 

If your home pc is free of viruses, then all you have to do is navigate directly to your bank's webpage and log on. You don't need any special sandboxing or HIPS software.

 

You write:

So I think that there is no reason to be scared of using Sandboxie for online banking.

Just take care that your sandbox is empty when starting the banking transaction and navigate directly to the website of your bank (as already mentioned by wat0114).

I use Sandboxie too for my online banking without any security problems until now. (I have additionally Norton Internet Security but I assume that even without it the use of Sandboxie would be sufficiently safe.)

If you are very, very scared you could also create a special sandbox, used exclusively for your online banking.* But I think (like wat0114) that under the above mentioned circumstances (tightly configured standard sandbox, empty sandbox when starting online banking etc.) this is not necessary.
_________
*) You can find here instructions for creating a sandbox with special security:
http://imageshack.us/photo/my-images/17/sbiebankingtm2.gif/

It is a guide in the form of pictures (after clicking on the first picture they change after some seconds) - so it will be understandable even if you do not know German.
(source: Subset, http://www.rokop-security.de/index.php?s=&showtopic=18150&view=findpost&p=262701)

 

SandboxIE is excellent for banking, just make sure that you use it correctly, that is, deleting the sandbox before and after each financial site that you go to.

http://www.sandboxie.com/index.php?DetectingKeyLoggers#defend

Acadia

 

CWS, I agree with everybody's advice, the only thing that I ll add, do banking using a browser without addons if possible or with only a few (well known only). A infected addon can hijack the browser to send out information.

Bo

 

i second Bo; use a addon-less browser inside a brand new sandbox, since addons are the weak point of the browser security.

 

Obviously when you connect to the Internet in Shadow Mode any information sent from your pc or that you input could go out as normal during that session. So if you were somehow to reveal a password online that would still be useable to the hacker when you were in an ordinary unshadowed session.
Anyone please correct me if I am wrong.
I think your browser sandboxed in Sandboxie in conjunction with Shadow Defender (in Shadow Mode) is a good way to go
Don't login to bank or whatever until this is in place
Delete Sandbox contents straight after banking transaction then reboot straight away to return to before Shadowed Shadow Defender session.

I would maybe look at adding Keyscrambler...the benefit of it being, that you cannot be keylogged entering passwords even if a keylogger happened to be on your system.

best wishes

Patrick (ex Shadow Defender mod)



Shadow Defender on it's own

 

Yes, adding KeyScrambler provides excellent protection against keyloggers, but the Personal (free) version only works with IE and Firefox. The Pro (paid) version would be required for Chrome, Opera and other browsers.

TS

 

Personally i do my online banking non sandboxed. Whats the point ? If you are sure your computer is clean, whats going to happen ? The banks secure site is hacked and you get infected
If you are already infected with a info stealing trojan, how can sandboxie help ?
I use Trusteer Rapport, which will not run sandboxed. So even if i was infected, hopefully all my data is still unreadable

Prey tell, if it's interesting. If it's of a personal nature, keep it to yourself

 

Sorry,but Keyscrambler is next to useless against most banking malware. KS does nothing to protect against form-grabbing, clipboard and screenshot logging. Where KS does help is in protecting applications such as Truecrypt, but it certainly doesn't offer a comprehensive solution against modern day banking malware. I'd suggest using something such as Trusteer Rapport or WSA for comprehensive protection.

 

I have to admit guys, I'm very confused by your responses there are so many of them, and quite different. but I have to admit that my brother did online banking with zero protection (except firewall) and nothing happened, so why I should be worry about so much?
Well, you can call Panicus, but from my experience with internet I always want to have triple security approach and of course be cautious.

 

Big thank you for these links and this configuration for online banking in this thread inside your link, but how do I save configuration in Sandboxie, every time I uninstall Sandboxie and than reinstall it I save the configuration in Sandboxie.ini file as it asks me to save configuration, but I always need every time, when I uninstall and reinstall Sandboxie, to configurate from scratch, also how do I save this configuration for online banking and where?

 

The instructions are for you to create a dedicated sandbox for banking.

Myself, I don't have one of those because 1) I don't do banking on line and 2) my everyday sandbox works pretty much like the one in the example.

Bo

 

Hello CoolWebSearch.

I've been using Sandboxie free with Keyscrambler free for a couple of years and have (to my knowledge) avoided any malware infection.
Lately, I added MBAM PRO and believe I'm even more secure when visiting bank sites.

My OS is XP and my browser is IE8.

If you are a customer of Bank Of America, they offer Trusteer Rapport for free. I believe some other financial institutions do as well.
-But-
Be aware that Trusteer does not work with Sandboxie.

Good luck, and safe surfing.

 

+1 Patrick, this is what I do. For me it is best to configure sandboxie to always delete sandbox contents once all sandboxed processes have been terminated.

I use Comodo Free Firewall, Avast free AV, KeyScrambler Premium, MBAM full version, plus Sandboxie off course for app virtualization and SD for system-wide virtualization. They all work very well with each other.

 

Well, I have no special experience with uninstalling and reinstalling Sandboxie. When you simply update to a newer version of Sandboxie you need not uninstall the older one. When installing the new version you have the option to keep your settings and configuration, and if you choose this option you can immediately continue with Sandboxie as before the update - all your settings still exist.

If for some reason you want to uninstall Sandboxie (completely) but keep your settings - yes, then I would say that it is the right way when you save the sandboxie.ini file (and then copy it in the place where the standard ini-file is). If you have to configurate from scratch, something seems to work wrong in your case.

If you prefer to have a special configuration for online banking it will be useful (even necessary) that you make an own sandbox for online banking. After creating it and making its configuration (see below) all should be stored (automatically) in the sandboxie.ini.

You will find the sandboxie.ini in C:\Windows and when opening it (e.g. with the Editor) you will see a list of entries for [DefaultBox] followed by the entries for all the other sandboxes you may have created, for example [BankingSandbox] (if this is the name you have chosen for it).

But you need not save or enter there anything manually (as it was in older versions of Sandboxie). It is made automatically if you configure the sandbox by double-clicking the tray icon of Sandboxie and then chosing "Sandbox" ---> [name of the sandbox] ---> "Sandbox Settings".

You can see it with pictures here:
http://www.sandboxie.com/index.php?SandboxSettings

 

Hi, Peter. here is the thing, whenever new version of Sandboxie appears I rather and always uninstall old version of Sandboxie and re-install new and fresh version of Sandboxie, just in case.
Sandboxie always asks me to save configuration and I do, but I still didn't know how to load that same saved configuration, so I had to configure everything from scratch.

 

If you save the .ini file of your setup, you can replace the "new" .ini file with your saved one...then go to the "configure" tab and click on "reload configuration".

That should do it.

(It's been a while since I last had to do this so I'm sure one of the resident experts will be able to correct anything if I misspoke.)

Also, if you've saved the configuration when preparing to uninstall by answering the prompt, it may be as simple as just clicking "reload configuration" without dragging the saved .ini file into the Sandboxie folder to replace the new one.

 

I just did it everything you said and it worked, thanks a lot.
Thanks to you and everybody else here.

 

My pleasure.

 

That's a useful advice.

Fine that it works now.

But anyway, to my mind this is not necessary:

Of course you can do it if you feel better this way. But I never experienced problems (and I never heard from others experiencing problems) when simply installing the new version above the old one (of course chosing the option to keep the configuration).

Just to be sure, sometimes after an installation I take a look at the configuration to see if all settings indeed remained the same. And this always happened.

 

Sandboxie is always used on the premise that your computer is clean and it's there to protect you on the web.
Online banking is perhaps only 'secured' by SBIE if you stopped/cleaned a previous sandboxed browsing session, as already mentioned.
It can also help to remove any traces from banking sessions by cleaning the sandbox of course.
I don't see SBIE as a tool to secure my PC more during online banking but to keep it clean while doing other internet stuff.

And updating SBIE while keeping the config has indeed never gone wrong. Not on XP, Vista or Win7, always flawless.