Returnil + Sandboxie VS. Limited Account

Hi all,
I wasn't sure where to post this topic, so I hope this section is appropriate.

I have a few questions:

1. I have an administrator account using Sandboxie to surf the web (default browser is firefox). On exit, I have sandboxie empty the sandbox. When I want to trial a software/install unknown software, I right click the returnil icon by the clock and click enable. This pops up a balloon stating that my c: partition is protected and changes will be lost upon reboot.

Is this the idea setup?

Or should I create a limited user account (where sandboxie doesn't work). Does returnil work in a limited account?

I'm running Vista Home Premium SP1

2. My other question has to do with returnil. If I right click on the icon by the clock and hit enable, am I fully protected? Meaning will all changes from the point I hit enable be erased once i reboot my laptop?

Is there another way I'm supposed to be doing this? When I click show program I see there is a session lock and a system protection. i am confused as to what these both are.

Doe system protection being on enable the session lock to be turned on (and this is what protects my laptop?).

If someone could explain the differences (or maybe they work together?) between session lock and system protection, I'd truly appreciate it.

 

Hi Kevin523,

RVS is protecting your System Partition so any changes made or attempted while protection is on will be lost at reboot.

The System Protection and Session Lock are the same thing. The only difference is that Session Lock is valid for the current boot session only. This means that when you are using SL and then restart your computer, protection will be off. The GUI is programed to show the difference by displaying "Session Lock" in the System Protection mode section while using SL rather than ON so the user is aware that it is SL and protection is not set to always be on.

I hope the answer above helped to clarify this

Mike

 

Thanks also for the clarification between protection enabled and session lock.

Although I've only had this on my PC for a few days I'm sufficiently impressed to be buying a license when this one runs out.

 

So no one knows about my other question? The one whether using a limited/restricted/standard account without sandboxie vs. admin with sandboxie?

Keep in mind when I use the admin acount with sandboxie, I made it so that only firefox can access the internet, that the sandbox is emptied when I close my browser, and I am not allowing programs in the sandbox to access my private/sensitive files and folders.

If someone could answer that question I'd a ppreciate it.

 

I would have to say you would be just as safe with the sandboxie/admin as you would the other way. There is always the chance something could bust out of your sandbox but there is also the chance that something could get around the restrictions on your Limited account. With the sandbox, though, you are dumping out the trash everytime you shut it down where the other way it is still sitting on your system but just can't run because of the restrictions....boot into admin mode tho to do some maintenance and that baddie sitting there could all of a sudden spring to life.

 

Thanks for the information.

I think I'm pretty secure. I use PC Tools Threatfire, PC Tools Antivirus (it's really improved significantly in version 4, faster scans and from what I have heard, better detection rates). I'm using Sandboxie to browse the web, but only allowing firefox to access the internet in that sandbox. I also have it set to empty everything when I close firefox. I think the feature to restrict access to folders/files from programs inside the sandbox is a great feature as well.

I'm also using SUPERAntispyware Pro (lifetime license) and a-squared malware scanner (free, on demand version).

I think I'll stick with the admin account, unless someone can offer up some evidence as to why a limited account might be better.

Oh, and I use vista sp1 built in firewall but block incoming connections.

 

Are you using SUPERAntispyware Pro for real time protection? If so, it might be a little overkill if your running Threatfire. A good AV, Threatfire and Sandboxie should be plenty, especially if your browsing with Firefox. You can always scan downloads with SAS and A-squared on-demand.

I would seriously think about changing up your AV. Avira or Avast free versions are good. If you download stuff and recover them out of the sandbox, I wouldn't trust PC Tools AV to scan the download.

Oh, and make sure you keep your important programs up to date. Things like Windows, browsers, java, flash, etc. are constantly being updated to patch vulnerabilities. The link in my signature can do an online scan to make sure some of the more important programs are up to date as far as security goes.

Good luck,
innerpeace