That's why I said most. Can't believe I forgot about AX64, I use that SBIE and VBox to test new software.
How can it get system profile if in sandbox? What use is the system profile to adware? Open candy main problem is scanning the computer
I also use SBIE for testing apps, but for extensive testing you need a virtual machine of course. I never felt comfortable with tools like Returnil and Shadow Defender because I don't know if they can also protect against advanced malware. With SBIE you know you're safe because of the restrictions (low rights + virtualization), that's of course also the reason why some apps won't work inside the sandbox.
I like using Sandboxie for testing browsers, video players, extensions and plugins. I also use Sandboxie for installing applications that I dont want to keep in the computer, applications that I rarely use. I install this applications sandboxed when I have a need for them and immediately after I am done using them, I delete the sandbox. Thats what I do in W7 for programs like Flash, WinRar, HJSplit or any plugins or extension that I don't care keeping in the PC but once in a while I require to use. If I like to see the effect in the rest of the system of some program after being installed in the computer, then I use Shadow defender. I have also used for that purpose, Toolwiz Time freeze and Wondershares Time freeze. All of this programs have always worked well for me. I also use Light virtualization for installing temporarily HMP and Malwarebytes. You are supposed to untick Drop Rights in order to install programs in a sandbox. Something like a plugin will install sandboxed even with Drop Rights ticked but for example, a video player will not. Bo
@ bo elam Yes, that setting is disabled. And like I said before, a lot of apps will work inside the sandbox, but it also depends on how "deeply" they want to integrate into the system. About tools like Toolwiz Time freeze, I will check it out, but if I'm correct they will not stop malware during the session, so there is some risk involved. And if the malware is real advanced (like a rootkit) a reboot might not even cure the infection, if I'm correct.
And they scan your computer to get system profiles to give you tailored offers, or it could be more than that. Application sandboxes and system virtualization apps can't prevent the adware to collect informations about you.
Some of you are using Sbie to testing new apps so I want to ask you what about this: - some tested apps need to do very different actions in system and our security apps which work in real-time (AV or others kinds HIPS/blockers/monitors) usualy detect such action so we make rules to see what would be the next - some tested apps need to make connection to the internet from different reasons and firewalls try to catch it - sometime we want to check/compare what changes are done in system (files, registry, BHOs, etc.) so...going to conclusion... - testing in sandbox (especially with restricted rights) we can't see all possible actions (sometimes dangerous or unwanted) what can be false and useless...what do you think? - what about others interactions (e.g. rules of security apps)...they are still exist outside sandbox or they are removed just after closing sandbox session?
@ ichito Normally, HIPS can still alert about apps that are running sandboxed, so you will still know if they behave suspicious or not. Of course SBIE will block dangerous actions anyway, even if you allow them via HIPS. And the cool thing is that apps can not modify the file system and registry. I suppose light virtualization apps like Shadow Defender work the same, the only difference is that they will not stop certain "dangerous" things like starting a driver and code injection.
True, because 1) Sandboxie doesn't allow driver installation 2) Some malware alter their behavior on purpose if they detect Sandboxie.
@ichito. I think for testing programs, programs like Shadow defender or Toolwiz Time freeze work better than Sandboxie. You cant tell the effect of the new installation in the system when you test programs in Sandboxie. Regarding installing programs, what I find Sandboxie great for is for installing programs or plugin that I don't want to install in my system and only need to use them for the moment. To me, that's a great purpose for using Sandboxie and I take full advantage of that. I mentioned in my earlier post in this thread some of the programs that I install sandboxed that way. Another program that can be used that way is Java. I don't use Java at all but people who rarely use Java but need to use it sometimes, could install and use Java that way too. That way Java doesn't have to be installed in the computer. No need to update it or anything. Installing malware in Sandboxie. Sandboxie is not designed for testing malware. Since malware writers know malware can not escape the sandbox, they design malware to not do its thing when it detects its being run sandboxed. I think, people who want to test malware should use something else. I personally don't have any program making rules or anything when installing something sandboxed. The reason is because I don't have anything for security other than Sandboxie. I basically run all files and programs in my computers sandboxed and forget about it. Files in my computers run sandboxed until the day they get deleted and since I don't test or play with malware, combining programs like Sandboxie and Shadow defender for testing programs or for installing programs temporarily, works great for me. Bo
Virtual Machines such as VirtualBox work well for testing apps before you install into real system even when they require a reboot. A quicker and easier way would be something like Shadow Defender or Returnil as long as the app doesn't need to reboot after install. Toolwiz Time Machine (TTM) which includes the Time Freeze option has the capability to keep installs after reboot or remove the app upon reboot. One major drawback is the cache keeps increasing in size and you lose your snapshots. Unfortunately I can't recommend TTM because of this drawback. NOTE: Would recommended to increase default cache size upon install of this program if you decide to use it. Cache increases at a fast rate when using this program. Sandboxie works well for testing apps, but is somewhat limited in what programs it's able to install as mentioned in post. Still though a great program to consider for what it can do. Of course one can make a backup (should be doing anyway) copy of OS and then install app, then restore. (full,incremental,differential backups etc.) I would still recommend scanning any new app for viruses before installing even though scanners are not 100% accurate in their results.
@ bo elam I agree that apps like Shadow Defender are great if you want to know if apps are compatible. But unlike Sandboxie, it will not protect you from malware, so you still need to rely on other security tools. Also, if it's some advanced rootkit that you're dealing with, a reboot will not cure the infection. So for extensive testing I would choose virtual machines.
I am sure you are right, Rasheed. Personally, I don't play with malware or test malware. And really don't test many programs. I usually install the same programs all the time either in Sandboxie or Shadow defender and for the most part, the reason for me for installing programs under SBIE/SD is so I don't keep their installation in my computers. For that, SD and SBIE works great for me. Bo
Thanks all for reply and explanation...my deliberations (most hypoteticaly) was around problem - what will happen with rules made by security apps while testing new/unknown/danger files using sandbox aplications...they are still exist in those security apps or they are removed automaticly from them. If we have second option...that would be not only a bit dangerous...we could have sometime a seroius problem.
Hi Ichito. I think, now I get what you were asking before. Since your security program is running outside the sandbox, rules made by the Security program remain after you delete the sandbox. Sandboxie doesn't interfere with the security program. Bo
Of course those rules will not be removed automatically. I believe SpyShelter has a "clean rules" option for apps that are no longer installed.
