Sandboxie VS VirtualBox...

Thanks Bo, we're in agreement here, though I don't have your facility with configuration! The most tricky part I've found is functionality (or lack thereof) in various plugins for Word which takes time to identify.

The apps I do are: Acrobat, Chrome, Copernic, Explorer++, FF, Google Earth and Picasa, IE11, Outlook, Excel & Word 2010, Nitro, Password Safe and TrueCrypt, Skype.

Adding WMP & Explorer seems like a good plan, and can I check what you do for the USBDrives profile? From what I understand from another thread, this is ForcedFolders on the USB drive letters, and block internet access, yes?

 

I think its a good idea to Force WMP to run sandboxed since it can be exploited and its always trying to have access to the internet. So in my WMP sandbox, I block All programs from having access to the net and only allow WMP to run. I only use WMP to open WMV files but I like forcing the program since its part of Windows. And that way, I keep it intact.

I don't Force Windows Explorer and you shouldn't either. If you try to do that, Sandboxie is gonna give you a message telling you that its not a good idea to do so. But I have a sandbox designed for Windows Explorer. I basically use the sandboxed explorer to open anything that I download that is a picture or seems to be a picture. Sometimes I also use it to run files that I am not sure what they might be. To make running the sandboxed explorer easier, I create a sandboxed shortcut and place it in the task bar.

For USB drives, I set the sandbox to delete on closing, enable Drop Rights, allow only a few programs to run and block internet access. In my W7, adding two letters in Forced folders is enough to cover my USB drives. In XP, I only have to add one and I am all set.

Bo

 

This is important for you deBoetie, what is the problem you are having using this plugins and which plugins are this? I don't have Office in my W7 but if they can be installed in XP where I have it, I ll do it and check them out to see if I can find something.

Bo

 

Yeah, makes sense... I wish I understood the tech better honestly, so I could fully trust it. Then again, that goes without saying for everyone who is not a programmer, developer, researcher, etc!

Also, if you don't mind of course, with your current config, have you ever had any issues with viruses and all that that encompasses?

 

Me, I trust Sandboxie from day one but I think it is reasonable that most people only trust the program after using it for a while and after seeing what it does for you. In my personal case, the "Before Sandboxie Bo" was a totally different user than the Bo after discovering the program.

Six years ago, before Sandboxie, I used to get infected once or twice a year. No matter what, it always happened. But then one day, I got infected by a rootkit (my last infection) and for the first time ever, I didn't look for someone to clean the mess. I did it myself, I had no idea what I was doing and the rootkit was gone today and back tomorrow and I made cleaning the infection a game. A game that was gonna be over when the rootkit was gone for good. It took me about two weeks and believe it or not, I had fun cleaning the infection.

In a way, that rootkit is a friend of mine because after getting rid of it, I started to look around for protection against rootkits. And thats how I discovered Sandboxie. And all of the sudden, I had next to SBIE, a hundred other programs, many claiming to protect against a million viruses and they were the best ever, that's what they said.

Sandboxie was the exception. It didn't claim nothing. I took a look at it, read about it a little and what I read at the Sandboxie website made sense to me. I have very good instincts and didn't take long for me to realize that Sandboxie was what I was looking for.

In fact, in my journey to Sandboxie, I didn't try 100 programs. Of all the programs that I had in front of my face after cleaning the rootkit, Sandboxie was the second and last program that I tried. For me, it was immediate, right after installing it, I just knew it was gonna work. And it has.

You can make learning Sandboxie easy or hard. I think the easy way is taking your time learning the program. Try learning something new every day as you use SBIE. Thats what I do, that's how I learn and continue to learn about Sandboxie. If you continuously use the program, after a while, things will start making sense. When I started using Sandboxie, all I wanted to know on day one was how to recover files, save bookmarks, delete the sandbox and how my antivirus interacted with SBIE. Thats all I knew and cared to know on day one.

A couple of weeks later, I started making one or two changes to settings to see the effect this restrictions caused in programs that run in the sandbox. I enjoyed learning Sandboxie doing it like that. I see too many people making changes right after installing SBIE and don't even know what they doing and then start getting errors and complain about Sandboxie.

Paranoid, this is getting too long, I ll finish up here. I suggest, if you are going to use Sandboxie, you should start by sandboxing something that is easy to sandbox, like your browser, PDF reader, email client, then later, do torrents.

Bo

 

Good post Bo

 

Thanks Jarmo. Is funny how I turned something bad (a rootkit infection) into something really good (discovering SBIE). And then made the wise decision to use the program. Discovering SBIE don't mean nothing if I had not decided to use it. I enjoy using computers and the internet like it should be, thanks to Sandboxie.

Bo

 

Things you can do with Sandboxie:

• Force your browsers to run sandboxed
• Automatically delete the contents of sandbox on close
• Restrict Internet & Start/Run Access of your programs
• Block files and folders from having access to programs running in the sandbox
• Drop rights from Administrators and Power User groups
• Recover contents out of sandbox before deleting sandbox
• Run each program in it's own sandbox (e.g. media players,PDF readers,etc.)
• Install programs in sandbox ( Note: limitations of Sandboxie)

Things you can do with VirtualBox:

• Install programs for testing (including those requiring a reboot) before committing to real system.
• Creating and restoring virtual snapshots
• Install different Operating systems to try
• Share folders between the host OS and the guest OS

 

Just started using VirtualBox and LOVE it!

There I have on a Windows Ultimate 64 SP1 host Office 2013 Pro Plus SP1 and Acrobat Pro running smoothly on a Windows Ultimate 64 SP1 guest. About to try seamless mode but from what things look now it looks mighty fine. EDIT: And YES Seamless Mode is truly fun and with flying speeds, Office 2013, Acorbat Pro, Photoshop, Illustrator and what not, all working smoothly, for someone trying this the FIRST time ever this has a HUGE "wow" effect on me.

Did use VirtualBox since I heave read that sandboxing Office 2013 and possibly Acrobat Pro won't work at all or not good. Also I do not under no circumstance want to install these on the host, so there you go, sorted, finally.

All other things, email (Thunderbird), browsing (Firefox), p2p (uTorrent) and coding (Aptana) I do mostly with portable (those who are available portable) apps and then have them sandboxed and this seems to also work real fine with Sandboxie. Slap on Cobian Backup and backup the corresponding folders for the portable apps for good measure. (Just recently it took me days to get my accumulated bookmarks.json back with 4 years of bookmarks and tags, feared the worst at first since they would simply not restore to a new Firefox profile, but in the end I got that to work as well, so learned that lesson the hard way and now keeping regular backups, at least of the portable apps.)

After a couple of days of reading and trying out various set ups this seems to work real smooth. Not sure if you get me but knowing that those M$ and Adobe apps won't sit on the host any more is a huge benefit for my soul and I guess the host's registry etc as well.

Totally relaxed now and can finally do my work with peace of mind.

To sum up, the bigger M$ and Adobe installs and all that require a restart or run as service go into VirtualBox and for all other ones I try to use Sandboxie as much as I can. Works fine for me.

Warm fuzzy feeling.

 

As much as I love sbie, I would choose VBox since it is an entire OS.

 

@frank7 - thanks for pointing out seamless mode. I never tried it before and must say that I really like it.

 

Application Sandboxes: A pen-tester’s perspective

 

I would not test risky apps in Sandboxie. Before running apps "sandboxed" I always make sure that it´s most likely not malware. For malware testing I would choose a true virtual machine. But to clarify, I´m quite confident that Sandboxie is able to contain even the nastiest of malware, but why take the risk.

 

Sandboxie has a motto "Trust no Program". I guess that this can be applied to Sandboxie itself also... and virtual machine too...

 

In my view, the reasons for not using Sandboxie for testing malware are very simple. For one, Sandboxie was not designed for testing malware. Sandboxie was created to be used in the everyday normal usage of a computer. Also, a lot of malware is aware when its been run under Sandboxie, to fool the user, malware doesn't do its thing when run sandboxed.

But why doesn't malware do its thing when run sandboxed under SBIE? I think the answer is simple: because either it wont run, do nothing or install. The simple fact that most malware wont even try to do anything while being run under Sandboxie, tells me that most malware writers know that Sandboxies sandbox can not be breached.

Bo

 

Acadia

 

May wish to review post #37.

 

You are rehashing something old (one year old now) that means nothing to me. Five years from now, it still going to mean nothing. The only thing that you are doing by bringing it up again is making the paranoid even more paranoid. Anyway, take a look here and look for any threads during the past year of anyone using Sandboxie reporting an infection. If you find one, let us know. And Brian, people not reporting infections it is meaningful.

http://forums.sandboxie.com/phpBB3/

Bo

 

I don't use Sandboxie and I'm not infected, ze.

 

You want to know why I like Sandboxie so much. I tell you why. I use my computers as they were originally designated to be used. That right there is a good reason to use SBIE. Sandboxie never bothers me with anything. If I want to run a file or a program, I just click on it and it runs sandboxed automatically. And no matter what I execute, as long as its done in the sandbox, my system remains intact. Can it be any better than that?

I don't waste time running scans, it doesn't slow down nothing, I don't even have to look for a colored border or hash marks to know that I am running sandboxed. I just know that I am running sandboxed. How do I know that I am running sandboxed all the time? Aja. I know I am running sandboxed all the time because I dont play god trying to figure out if a file or a program is malware or not. All I do is follow Sandboxies motto and "Trust no program".

Trust no program means to me to treat all files and programs the same way. So I run all files and programs sandboxed automatically.Thats what I do and it works. This has worked so well for me that I do the same with NoScript. So I trust no site either. No white listing more than a handful of sites. For me, using both of this little programs as I do makes my internet and computers experience a thousand times safer and more enjoyable.

Bo

 

Bo - I take it once you setup one program you set them all up? In that its easy enough at one point to do what you've done with your PC?

 

Whenever I setup a sandbox, I try to achieve a balance between security and usability. I restrict as much as I can but without giving up usability. The result is a comfortable and safe sandbox. I hardly ever get any unexpected SBIE messages, that is because I set my sandboxes correctly, according to the program or purpose that the sandbox was created for.

After a while, setting up your sandboxes is done naturally. Like nothing, you just get used to doing it. Like for example, you know that your PDF reader doesn't have to have internet access to work correctly, so in your PDF sandbox, you don't allow any programs to connect out. And you also set it up so only the PDF reader starts and runs.

I try to isolate programs as much as I can. So the more that I separate programs from each other by running programs in their own sandbox, the better.

Bo

 

@bo elam

I know Bo, I know. I just wanted to point out that there's no absolute Holy Grail in security software that has to be in everyone's setup. Even without using certain tool one can still be free of malware infection. It's all up to the users' preferences in the end actually. You like Sandboxie, myself prefer GesWall/DefenseWall/AppGuard approach, then there are people who are more comfortable with CHIPS, LV, EMET, etc. I do admit that in the length of one year that I used Sandboxie in the past it really did its job excellently. But even when I dropped it I am still as good as before. To be very honest, no matter how strong a security software is, I wouldn't call it as non-breachable. And that also applies to the security software that I like. I dunno, perhaps I'm being too pessimistic or something.

And here I am derailing thread topic, just like I usually am. Sorry for that.

 

GrafZ, one of the reasons we humans are taught Achilles story when we are kids is because of the moral behind the story. I know everything and everyone has its heel, OK. The point that I was making is that if Sandboxie was not a good product is obvious that we would have people everyday reporting infections.

I go to the SBIE forum everyday and you just dont see that. I mean, it just doesn't happen as it does in most forums for most security products. When years go by and people don't report infections it tells about the effectiveness of using SBIE, that is something that really means something.

Bo

 

Fair enough, I also don't remember hearing AG bypassed IRL scenarios. I still wouldn't call it non-breachable though. Having faith just isn't my style.

Aaaaanyway, it seems that the option to test programs in another hardware is not that popular. That's actually the safest option if applicable.