Sandboxie 2.60 issues

I had to reinstall the latest version because it slowly ended up freezing my machine. I don't know whether this is an inherent problem of this version or because or incompatibility issues.

After reinstalling and rebooting things are back to normal. Poor box, it was so stressed.

Running here (software stuff):

1. AntiVir
2. Win Defender
3. Ad-Aware

In the previous version I was using Avast instead and other utilities and never had an issue.

So my toss would be between the last version being buggy or Sandboxie and AntiVir are kind of an unhappy marriage.

Any ideas?

Otherwise I was thinking of swapping to these other free alternatives:

1. Fortres Virtual Sandbox 1.0

http://www.fortresgrand.com/products/free/vsb_free.htm)


2. GeSwall. I read some users having problems with it.


3. VMware.

http://www.vmware.com/


4. QEMU.

http://fabrice.bellard.free.fr/qemu/about.html


5. Microsoft Virtual PC

http://www.microsoft.com/windows/virtualpc/default.mspx


6. Xen.

http://www.xensource.com/xen/downloads/index.html


7. OpenVZ. Unfortunately only for Linux boxes.

http://openvz.org/


8. Parallels Not free though.

http://www.parallels.com/


9. DiscoverStation. As above.

http://userful.com/products/discoverstation


10. And others mentioned in Wikipedia:

http://en.wikipedia.org/wiki/Comparison_of_Application_Virtual_Machines

http://en.wikipedia.org/wiki/Comparison_of_virtual_machines



Which free product would you recommend me?


I'll probably shoot for Virtual PC but I'd like to hear your opinions first.


Cheers.

 

Hi, folks: A good and reliable freeware is very hard to come by nownadays. If you ever got stuck w/ these freewares, why not to invest some $$$ for a foolproof(so far is) app called DeepFreeze standard version(for workstations up 10). I have been using it for 3 weeks. I gain more confidence each time I use it. It is probably the ONLYONE app in its catagory still immune to malware attack. The newest version is 6.0.20.1523. You owe yourself a mouse click. Good luck.

 

I know but Virtual PC is Microsoft owned and it can't go bad as it comes from the mother source.

I also read excellent reports on VMware.

DeepFreeze doesn't even come close to some of the programs I mentioned.


Cheers.

 

Hi, folks: I respect your opinion, however, by looking at your defence lineup, you are very weak in the area of spyware and trojan protection, even your antivirus app is not a top-notched. and Do you have a firewall(softwall)? All these things factor in, believe me , you do need an app with DF's calibre to protect you. Why not pay DF's web site a visit, and make up your mind from there?

 

Wow! Slow down

(1) Router + (2) Limited + (3) Fully Patched XP SP2 + (4) Not surfing either porn, crack, warez and other *&^% sites that plague the Internet today (basically here has finished the real protection for any Win machine)+ (5) XP FW (in the process of installing either Kerio 2.1.5 or a-Wall though, just thinking about it) + (6) Firefox + (7) SpywareBlaster + ( 8 ) rest of software-junk you want to toss in.

I'll most likely install a free virtualization software and stop counting. That's it. I need no more. Call it "minimalistic smart approach" and not "a bloated dopey one".

I'm just slow in making decisions as I don't want to stress my machine with a series of installation & uninstallation processes.

 

Right now, I'm playing with this combination : Anti-Executable installed in a frozen snapshot (FirstDefense-ISR).

The combination is based on two quotes :

1. From the "Anti-Executable Manual" :

2. From the "FirstDefense-ISR Help" :

I still have a "Router + Firewall Look'n'Stop" and removed all my AV/AS/AT/AK-scanners and other security softwares and my computer is clean in 90 seconds.
I'm not paranoid, I'm lazy.

 

Hi, folks: Erik, AE is highly recommended by DF people, it is an excellent companion to any app utilizing freeze/thaw cycle. Do you think it is a MUST HAVE app? And do you have to uninstall AE each time a new program is been installed? I just wonder that should I jump on the wagon that offer a deep discount(it has been mentioned on this forum by one of the GMs)?

 

You don't have to uninstall AE, you deactivate it.
Another quote from the Anti-Executable Manual :

Anti-Executable is not a problem in this combination.
The frozen snapshot is a problem, it doesn't accept ANY changes (good or bad).
Of course both softwares allow exclusions. The more exclusions you have, the more vulnerable becomes your system.
I'm trying to figure out how to make it more flexible and liveable.

 

Who says so? Wishful thinking with your own enthusiastic choices can be excused, but unsubstantiated statements of this type are pretty meaningless.

 

Hi, folks: any post I made IS strickly my OWN opinion, you do not have to swallow it! I did not seek your approval nor disapproval, therefore pls show a bit respect towards others' 2-cents opinions, to dress down others IS NOT a good protocol call at all. BTW, I notice that you are a user of ShadowUser.

 

I think you are confusing opinions and facts: "DeepFreeze standard version(for workstations up 10). I have been using it for 3 weeks. It is probably the ONLYONE app in its catagory still immune to malware attack." Quote from Perman.

If you say you prefer DF to anything else, be my guest, I don't give a stuff about it. But if you say DF is the "ONLYONE app" in its category still immune to malware attack, I'm telling you that's not an opinion and if I ask you what makes you say such a thing it is not lack of respect, I'm just curious.

Yes I do have ShadowUser, and honestly it's just a program I have chosen for my own reasons. If you think my rebuke towards your statement had something to do with this, then I should think no further comments are necessary.

 

ShadowUser, DeepFreeze, FirstDefense-ISR, ... does it really matter what software you use.
They all put your system partition back in a healthy state, only the software has a differett name and the used method is different, but the final result is the same.

What I like about Anti-Executable is the WHITELIST, based on MY COMPUTER.
A general white-list based on all softwares world-wide would be too big and makes an update as good as impossible.

All scanners and several other softwares are based on BLACKLISTS.
Blacklists are based on what bad guys do, the most unreliable source you can get.
A blacklist can never be sufficient, because the bad guys keep on making new malwares and researchers have to discover these malwares first before they can blacklist them. It's a hopeless neverending job and the bad guys are getting better and better. The bad guys know that too and that's why they keep on creating new ones everyday.

Whitelists are based on what good guys do, the most reliable source you can get. Anything what isn't whitelisted is bad and won't be executed. That is alot better than blacklists.
Is Anti-Executable perfect ? No, it isn't, because it doesn't cover at least two things :
1. Non-executable malwares are not covered.
2. Exploits are not covered, because they abuse legitimate executables to do their evil job.
3. ... (only experts can complete the list, I'm not an expert in anything).
That's why I needed something else to kill these threats : a frozen snapshot.
A frozen snapshot doesn't allow ANY change on my system partition [C:] and only a simple reboot is required to clean all the bad objects completely in just 90 seconds.
I still need Anti-Executable, because it will stop the execution of most threats during the period between reboots. A frozen snapshot doesn't stop the execution, it only removes them completely after reboot.

Now let's talk about the good changes, because a frozen snapshot REMOVES also the good changes completely.
1. Personal Data
If you create a new personal file or you download a file and you do this in a frozen snapshot, all your personal and downloaded files are GONE, after the first reboot, unless you exclude the folder "Documents and Settings", but I didn't like the idea of having my personal data stored on the system partition [C:] and I moved all my data to second internal harddisk : data partition [D:].
So a frozen snapshot isn't a problem anymore for personal data, which are after all the most important changes.

2. Software Updates
In a frozen snapshot any automatic "Windows Update" and any definition update of any scanner will be gone after the next reboot. At first sight, this sounds 'very frightening' and 'very dangerous' and it's true that any scanner without definition updates will be useless immediately, everybody knows that.
BUT, if a frozen snapshot removes all threats, I don't need scanners anymore and it doesn't matter anymore if they get their daily definition updates or not.
So I removed all my scanners, because my frozen snapshot removes all bad changes, even the threats that aren't removed by scanners. No change is no change. Period.

I turned OFF Automatic Windows Update as well and I can't use "Windows Update" either, because any update is gone after reboot. Are these updates important, if nothing changes on my system partition and everything is working fine ?
There are also other methods to update Windows, like downloading and installing the patches.

People will most probably ask me : "How can you be sure that a frozen snapshot removed everything ?"
I don't know for sure, I just trust Anti-Executable and FirstDefense-ISR until the opposite is PROVEN.
I also have questions for these people :
- "How can you be sure that your scanners removed everything ?"
- "How many scanners do you need to remove everything ?"
- "How long does it take to run all your scanners, faster than 90 seconds ?"
I can go on and on and I don't want a verbal fight about this either.

I'm just looking for another kind of security setup that uses a minimum of security softwares.
Whatever the disadvantages are, this is quite a simple security setup and worth to think and talk about.

 

I hate scanners such av, as etc etc what a waste of computer resources, although they are invaluble to normal users.
Although I do have a few licenses for various software I dont like them installed in my main 'light' system or running in a virtual machine environment (VMWare) with a light XP os and firefox at full speed, or with varied oses. If I do use something then its a tool that takes seconds to a few minutes and the time for me to look at Message Hooks, Processes, Startups, Services, Drivers etc etc and much more fun than selecting full scan.

I'd recommend vmsurfing and take a look at VMware, I cannot talk about Virtual PC as I dont know it, I'm just looking at the free stuff at the moment.
FirstDefenseISR I really like also and then a good image.
I'd run/test them all in a vm then they wont be installed on your productive system until you deside which one you like or works best for you and your level of knowledge.

Going back to Sandboxie problems, have you tried their forums, submitted your problems.

 

What is non-executable malware? I don't understand what you mean.

Is this really true? I don't know enough about exploits to answer. However, I thought the exploits still need to run their own code which would be stopped by an anti-executable software. An example is the wmf exploit which would be stopped by AE.

I'll quote from this post: https://www.wilderssecurity.com/showpost.php?p=536454&postcount=33

It seems to me than a programme that blocks exe's has got it pretty much covered.

 

I'm not an expert in malware or internet.
It's not the first time I'm talking about Anti-Executable at Wilders and in those threads, other members told me that
non-executable malwares really exists. No examples were mentioned. I don't even know if it is true and how many of them exist.

Executables that are abused by exploits, seems also to be real, but not in large numbers.

It also seems to me that Anti-Executable will block 99% of executable malwares, but I'm not sure of it and I can't say it's wrong or right, I'm not the expert.

 

Then there is Microsofts Shared Computer Tookit.

Trying out sandboxie and if I play a movie with power dvd I see the video but no sound. do I need to add the sound card to sandboxie?

 

Basically malware that is in the form of a malicious script which is processed by a validated executable. I don't know if this is a good example for the present case, but a malicious Excel macro would conceptually fit the bill.

Blue

 

Hm, i am using also Sandboxie 2.6 and i have _NO_ slowdown of my system. Wouldn't it be better, as you are a satisfied SB user, to find out what causes this slowdown? I love this little tool, low memory and does what is has to do in an excellent way..

 

Does executable include scripts?

Well true, i guess, if say program x that reads images has a vulnerability, you feed it some image file designed to exploit that inject code/buffer overflow and take over it and make program x do bad things. At least that was what some guys here were talking about, doing bad stuff like deleting files and stuff.

But most likely if it really needs to do something it will need to call some other exe, i mean you can't make a image viewer phone home, not easily anyway given the constrains.

I always thought that was why anti-exe was effective against wmf exploits, you didn't catch the exploit per se, but when the exploit inevitably used the taken over program to start some other exe, you noticed and stopped it...

I'm probably wrong on most of this btw.

 

Are far as I know, no.

Blue

 

Thanks for the comments.
I don't think these non-executables and exploits will be a big problem.

Anti-Executable protects me against the execution of most malwares.
If some malwares get through Anti-Executable, my frozen snapshot will remove them anyway within 4 or 8 hours.
If my frozen snapshot gets infected, I copy/update a clean archived snapshot to a new snapshot, freeze it and I have a new CLEAN frozen snapshot to work with.

 

I agree. Perman's comments are worded like pronouncements from Mt. Olympus rather than opinions. However, I'm pretty sure he didn't intend it to sound that way.

I am running Sandboxie 2.60 with K-meleon. So far it works great, with no discernible slow-down.

 

controler said :

Excellent suggestion.
You may need the hive cleanup and then make a space for working in but once your away you'll have a very good way of keeping the machine clean and it is free.

 

Hi, folks: Thanks for your understanding. I think(IMO) this forum has one purpose among many others, is to encourage viewers to post their views and opinions ( of course sometimes theirs may be regarded as statements by some others). If each time their 2 cents' postings are subjected to some others's amusement(not abusement) then they(including me) will be shy from doing so next time around. Posing here is to exchange views and SHOULD NOT have such a fear/worry at all, of course my opinion.

 

Meriadoc

ZOverlord wrote much info on the Toolkit over @ DSLR

It uses lots of script. I didn't like the fact you can only tie a few security programs directly to its interface but I did find while you are using it real time before reboot and everything is gone, most security software still work & I found this with Vm also. With Vm I used the toolkit they had and allowed drag and drop and also the tie between say BoClean and the VM.
Yes you need the User Hive cleanup tool for sure.
There is nothing wrong with using say the MS toolkit along with a program like sandboxie so you still have the browser seperated along with your e-mail program.

DA

I don't know we should be using the word executable. I think any program that sends commands to the CPU would be a better. I mean look at an exe or script. it is just a file with a bunch of commands. script has a starting and ending point and full of commands in between.

controler