Sandboxie: Basic 5 min. refresher course plz

I've been using SandboxIE (obviously not the payed one) since it I think first came protecting besides IE also Firefox. The clean install never have caused any problems for me. Perhaps some are wary about the order of the hooks/drivers of various security software installs. I can't tell any knowledge about that.

On Sandboxie 4.04 as in all the previous versions the box "in the future, check for updates without asking" is unticked. So I do get sometimes, maybe once a month or less when the windows is started, a reminder to check if a new version is available. And I never get a mention that a newer version is available.

Getting the license I noticed that my TinyWall was blocking Sandboxie and I did not bother at the time to make a rule for it, just made TW allow all outgoing and afterwards I did put TW back to 2 way protection. I don't think Sandboxie needs internet access to operate at all for normal operations. That checking for updates and getting a license being exceptions.

 

As I stated previously, in 4.05.12, this box is checked, and it is stuck that way. Must be a change in the beta.

I sure have clicked on it. And wouldn't you think that clicking on "Never" would cause the check to disappear from the "In the future, check for updates without asking" setting? That's what would make sense to me.

To be honest, I forgot this setting was there, Bo, because I never got prompted, and I went for a long time with 3.76 before finally upgrading to 4.05. So I'm not sure what to make of all this. Maybe nothing.

 

I don't understand neither why the setting doesn't remain unticked but it doesnt bother me as long as clicking on "Never" does what is supposed to.

http://www.sandboxie.com/index.php?HelpMenu#updates

Bo

 

Nice tips

 

If you are a payed version user you might use the notification below. I normally run Firefox, Chrome (and Internet Explorer) inside their own sandboxes, separate of each other.

However if you usually also run them or other multiple programs inside say for instance DefaultBox, as a reminder you might like it shown on the windows taskbar tiles to be able easier notice that multiple applications are sandboxed inside a one sandbox:

Tick checkbox DefaultBox settings->Appearance->Show sandbox name in window title.

 

One thing that is good to do. When you have your programs forced to run sandboxed. And you go update the program or change its settings.

Don't close the Sandboxie warning popup that you are running it unsandboxed !

I for example went to change some Firefox NoScript extension settings and forgot it was unsandboxed, because of closing that warning popup. And having got used to running it always sandboxed. Easy sort of thing to forget. I sort of hope and think no harm was done.

 

This is an old thread but there are so many SBIE threads I'm reluctant to start yet another

...so my question: I'm experimenting with Firefox using NoScript plugin all sandboxed and since I use the automatically delete contents when the program closes, I of course wanted to find a way to retain NoScript's settings that are made while FF is sandboxed. What I came up with is under: Resource access->File acces-> Direct access-> Firefox.exe is..%AppData%\Mozilla\Firefox\Profiles\5pix5ocg.default\

this is working fine as I don't lose changes made in NoScript after the sandbox is deleted. Does anyone use this and is it a reasonable way to achieve the goal or is there a better, safer method?

*EDIT*

ahhh...even more granular: %AppData%\Mozilla\Firefox\Profiles\5pix5ocg.default\prefs.js

 

Hey Wat, I prefer to save nothing and I mean nothing except bookmarks and downloads while sandboxed. In your case, if you want to save NoScript settings while sandboxed, you are better off applying Direct file access to "prefs.js" instead of the entire profile folder. You ll find this file inside your profile folder.

Bo

 

Hi Bo,

yep, that is what I did (I edited my post earlier to indicate the restriction prefs.js) I just hate the thought of losing all the NoScript settings every time the browser is closed. I'm not overly concerned about direct access to prefs.js anyway. I've got SRP to block unauthorized executables, including .dll, and then Noscript i consider to be the main line of defence as well.

Thanks!

 

I see the edit now, missed it earlier. prefs.js is where many addons keep their settings. Not all though. I am never changing settings so I prefer not to allow access to it. In one sentence, this is what NoScript has meant to me, I never seen anything that looks like malware doing its thing while browsing, ever since I started using NoScript. Not once in almost five years.

I ll tell you about three settings that I change from default that make pages look nicer and clean. You might want to change them yourself. In Embeddings, I untick "Show placeholder icon" and tick "Collapse blocked objects". I also disable "Show message about blocked scripts" in Notifications. Make things look a lot nicer.

Bo

 

It's fantastic against malicious scripts, as well as unnecessary harmless ones, and I'm not surprised you haven't seen malware with it I can't believe so many in this forum are unable to grasp how important it is to control js in the browser as a means of avoiding attacks, especially those continuing with XP, instead focusing only on anti-executable and HIPS in general. I'm trying hard to get the point across in some threads but no luck. Oh well, not much can be done about it

Thanks Bo, will try those out.

 

And sometimes malware is there even if we don't see it. There has been times when NoScript has helped me out even though I did not see any signs of malware. I wrote about this a few days ago at the Sandboxie forum, I ll copy and paste here what I wrote then.

"I am going to tell you a little story. There is a Colombian site that I visit on a daily basis. A little over three years ago, the site was hacked (Clickjacking attack). It remained that way for almost a month, I didn't stop going there even though I knew that there were problems with the site. At the time, I was still using real time antivirus, the AV never said nothing but NoScript warned me that the site was under attack. Thanks to NoScript I became aware of the problem and thanks to SBIE my system remained intact."

Bo

 

Good story and a great example of how NoScript stopped the clickjacking dead in its tracks

The malicious iFrame is, to the best of my limited knowledge, usually hidden in the webpage, and without any scripting control an infection can take place in literally milliseconds of a victim navigating to it.

 

I typically don't want that, but I noticed something interesting today. I run usually my browsers in a separate sandbox. and all sandboxes made to delete after program exit.

This time I had FF and Chrome in the same sandbox and was wondering why the Noscript settings don't start with my usual one. Instead it had Allow scripts Globally. I sometimes do that when tired of pushing with NoScript. Usually after that I always restart my browser.

So this time NS kept its previous session settings because of the Chrome browser inside the same sandbox and so Firefox content was not deleted after program exit. Another example that running all programs in their own sandbox is the safest thing to do.

EDIT
My normal NS settings are the paranoid ones. I block everything in Embeddings, also "Apply these restrictions to trusted sites too" is checked. Even if I allowed all scrips globally some objects would be blocked. Firefox is my privacy browser.

 

I do too Jarmo but I don't apply the restrictions to trusted sites because for all practical purposes, I don't use a whitelist.

Bo