To all Sandboxie fans, please explain

yes you got my point
risk yes indeed

 

Here is my take on this as a Sandboxie fan.I use sandboxie as my web protection for all surfing,even trusted sites. If I choose to save something, I can recover it and run it for as long as I like under the control of sanboxie. I can scan it with scanners of choice or upload its files to VT.If its not a required reboot soft,I can fire up SD or Returnil install it to see how it it runs,before committing to any real changes to the drive.In the end the final decisions is based on the user.

 

when Geswall free give that pop up to the pro offer,you can select not to ask you again and it will No longer bother you.BTW your Avatar reminds me of a Game I had when I was a Kid, I think it was called Simon.

 

If you want even more protection, you can always do what I do and run a VM (in my case VirtualBox) inside of Sandboxie ... works quite smoothly and I have an older system.

Acadia

 

jmonge, you are forgetting about the "force program" and/or "force folder" features. Just set and forget, mama and papa won't be able to harm their computer (assuming they won't recover anything malicious from the sandbox, but they don't even have to know there is a sandbox)

 

As I understand it, even if you designate a folder or folders for "quick recovery" and are notified by Sandboxie at the end of a download that a file might be recovered to one of those folders (outside the sandbox), you do not have to do that right then. The file remains sandboxed and you can virus check the file (within the Sandbox C:\Sandbox) before you make a decision as to whether to keep it or not. If your virus checker wants to send it to a virus vault you could choose "ignore" and delete the Sandbox contents right then or at the end of the "session"
right click your tray icon at the "session" end, choose your Sandbox
choose "quick recovery" or "delete contents"

Although I do not know all the "ins and outs" of Sandboxie like an expert I have shown quite a few people that are not really "computer literate" how to use it for browsing etc in 10 minutes.

 

yes you got a good point but mama will get upset if papa delete the sandbox along goes her important pictures she got from the messenger that grandson send her to keep and it was deleted when the apps that were sandbox were actually closed

 

This has an easy solution. I'll make it short, since I don't want to hijack Kees's thread:

Set the sandbox to DON'T DELETE files after programs are closed. They are safely contained. Now, instead of doing the normal cleanup we all must do periodically because our parents|girlfriends|friends|etc get infected, you just have to review the contents in the sandbox, and delete what's useless. 5 minutes and you're all set to enjoy a beer with your father.

 

Saving items out of the sandbox has never been a problem for me, but I guess that depends on the usage. I can still ForceProcess or ForceFolder doc and jpg etc type items. If it is executables, a lot of that is the user. Seems to me that at some point most people do make a decision on the programs that are going to populate the computer, and install less and less new programs. At least for me, I pretty much have the same programs for years now, Microsoft Word - Paint Shop Pro etc etc.

Users develop a 'feeling' for Sandboxie directly because of Tzuk in my opinion. I mean, he actually reads and answers posts lol. Seriously, I have never seen a developer that allowed so much interaction, particularily with Feature Requests. You begin to feel you are part of a team I guess, and the FanBoyItis begins to set in.

One thing that I don't see addressed very much when comparing to Defense Wall is; What state is your system and files in, if you decide to uninstall DW after a period of time and try something new? I mean, if the comparison is going to hinge on installations of executables to the permanant system, I think that's a fair point.

 

I get the following error "SBIE2314" (= Iexplore.exe being cancelled) while accessing my mailbox through Windows Live Messenger.

How do I work around this?

 

This is what I thought when I selected "not to ask again" but pop-ups came up after a few weeks...
I wonder why...

 

Kees...
First, I'm going to acknowledge that I'm not as computer-sophisticated as you. So you may very well find lots to criticize with my response. That's okay; it's how I learn.

When I can keep things simple and effective, then I'm happy. I've been using Sandboxie for close to a year now and, thus far, it's met that criteria. Regarding your above comments, I DO flush the SBIE toilet 90% of the time after each browsing session. For the remaining 10% of the time when I'm interested in keeping something, I download it into one of several "test" sandboxes that I've set up. I keep those programs in their respective sandboxes for weeks and weeks (sometimes even months) while I play around with them. I also figure that if they originally contained zero-day exploits, then after several weeks my AV and antispyware programs will have their detection signatures updated and will alert me if any of my sandboxed programs are contaminated.

So, if I decide after several weeks that I want to permanently keep a sandboxed program, and my AV and antispyware scans keep coming up clean, then I recover the program to my hard drive.

 

Kees, with all due respect, did you really think you would get one definitive answer. I mean you could have posted about any single product and why people use it, and the same range of thoughts would still be here. In another thread, you ranked it 3rd behind DefenseWall and Prevx Edge, which I agree with. But third aint so damn bad in this day if you ask me.

 

People use Sandboxie in combination with Defensewall / Prevx Edge / Shadow Defender or Returnil, it doesn't have to be ranked ... it's a great addition to your system security.

 

Good point.

 

agree

 

now kees, there is a dark side of SB to. With Vista, when you uninstall SB when you go to delte the Sandbox folder on the C: Drive, I have seen on numerous occasions where it tells me the file is to large to delete. This folder is suppose to be empty but..................

 

For me, using Sandboxie is a no brainer. It simply isolates my internet facing applications from my system. Now I can click on any links without fear and open that .pdf knowing that it can do no harm. I can still run as admin yet control my 'risky' internet programs. I delete the sandbox when I'm done and it is if that session never happened.

As far as removing a download from the sandbox, I scan all files removed with Avira, MBAM, SAS and/or upload them to VirusTotal or Jotti. And of course I also download from known sites. It's a system that seems to work well for me.

 

I do to but for now I found a work around for this exact thing. Read my post here https://www.wilderssecurity.com/showthread.php?t=229090

 

@Kees

You have no doubt seen recurring themes with those who use SandboxIE. It is simple and efficient.

There are many ways to do anything. Virtual Machines are full blown, but not always needed. I use vmWare when needed, but often I just need a quick look as to what a new utility is installing. SandboxIE is much quicker for that purpose. But not necessarily better.

Most infections probably come from emails or the browser. There are again many methods of securing your computer from the interent, and not one of them with the exception of possibly a LUA setup, will ensure absolute control. I prefer to use SandboxIE on all my browsers. It is not the only method I employ of safeguarding my system, but it does make a good front-line of defense that requires very little in way of maintainance, and only a tiny bit more of initial setup. Once you have your setup complete, saving the .ini makes it portable. Convenient.

Many great points have been presented here already on both sides of the coin, so I will present you with a sample of usage.

I support many users. Family, friends and peeps who bring all thier problems to me. I am always looking for methods of protection, but with a catch. I look for methods that I would employ, but that also would be simple enough for those of 'lesser' experience to also employ, and more importantly, use and comprehend. The comprehension part is the hard one. I have tried so many different tools that I cannot even remember what I have and have not tried anymore. I would say 95% of the time, the 'users' just cannot handle the tool.

Now, with more public knowledge of different attacks/exploits, 'users' are more inclined to listen and learn a little. There is still a fine line of giving them a tool they can use, and one that makes them glaze over within minutes. Fortunately, SandboxIE is one of those unique tools.

It offers me great protection because I lock down the sandboxes in a specific way, and it also helps the 'users' to understand what this does and why it is being done. There are no prompts to answer, no performance hits, other than a very very slight bit of lag when loading a page. And the latest version that is almost imperceptible.

I now set people up with an AV, maybe Cyberhawk or Threatfire, depending on thier comfort level. Sometimes they can user PCTools firewall, other times it is straight up windows firewall or bust. Only a very few have ever shown the interest of using something like OA or Outpost(older versions). They just don't want to learn it. I don't blame them, they have other interests. These tools require some kind of user interaction, eventually. And that is where the problem lies. How they answer the prompts.

In my desire to have a tool that minimizes prompts, SandboxIE has become one of my most highly regarded. It is so much easier to explain to them that the browser can be exploited, so steps should be taken. I inform them that from now on, whatever they do with IE or FF, will be 'seperate' from the real OS. My rules state so. Only a few allowed apps are allowed network access within the browser sandbox. They can understand this.

The best way for them to understand has been to install something like FF, and then let them start it up in SB before starting for real. They then setup a few customizations etc. Then I have them start FF in the real OS. The are confused at first because they have to setup to customizations again. But then I show them how to clear the sandbox contents, and it is like a light has been lit. The get it. They can see, there is the real FF, and then the FF that runs in a sandbox. They even get what a sandbox is, and why it is useful.

Once they can see the difference, I explain what can happen if they download something, and then run it outside the sandbox. Since they can now visualize the difference, another lights comes one, where than can start to piece together running a virus or something outside the sandbox versus inside.

I employ ohter methods and tools for them, and for myself. It is a neat and clean package. The best part, should they have problems, I am using the exact same thing. It is easy to help them help themselves because I use it too, and can explain it very well.

These 'users' are not going to use Geswall. Or a virtual machine. Or pretty much anything that really requires them to learn something in-depth enough to understand. They just aren't.

So what say you? Disregard the fact that you are knowledgable enough to use a tool that might provide a much higher level of safety. Put youself in the shoes that don't know those kind of things. Would SandboxIE be easy enough for you, offering enough protection?

I can tell you, time and time again, basic users can wrap themselves around this great program, learn something in the process, and have a much safer experience for it.

Regards.

Sul.

 

Interesting. Thanks. I may actually decide to buy Shadow Defender. Running a second process at startup with the purpose of autosaving Returnil doesn't appeal much to me.

 

Ahh, to bad someone sees through mu teasing

For me a file virtualisation is not an option. My wife buys music for her hobby (music for spinning, steps, aerobics classes). So every security option has to deal with Digital Rights Management. DefenseWall is the only one who worked out of the box. The fun thing was in getting GeSWall to work with DRM, I now am able to use Malware Defender to contain my internet facing aps (Mom of 75 is a happy defensewall user now, so easy is it to use). Back bone of my defense is now LUA + SRP on XP Pro, with Malware Defender as a tighter than tight limitation on my internet facing aps (only allowing specified registry keys to acces, directories to access, no suspicious behavior allowed, a few limited processes allowed to start)

Happy new year CerXes

 

Sul,

My mom of 75 (yes seventy five) picked up internet after my father died five yeras ago, so definitely not an experienced PC user.

She uses DefenseWall. The only thing she has learned was:
a) use the red button before doing internet based purchases/banking
b) when I want to install a program:
- right click on the file
- scan with A2 Malware FREE (because A2 is available in Dutch, she does not speak or read English)
- set status to TRUSTED (she remembers, because it sounds like 'zet status trusteh", meaning set status to sleep
- execute/install

She only installs updates of (paid) mind/puzzle games, she communicated via internet with grand children and plays on-line bridge/cards)

Besides a Hardware FW, I have no other security software running on her PC, only image plus data backup to external harddisk. I changed browser to Iron Portable (also in available in Dutch), not for security reason, but because it is light and fast.

I do not believe that a policy sandbox is difficult to use (at least DefenseWall). It is the easiest security product available.

Cheers Kees

 

I think SBIE is a great programs and Ronen one of the best developers around.

Only there is al lot of 'fan' speak regarding SBIE (which is also the case for SAS and to a lesser degre MBAM)

You now when at new years day Tom, the hangover Cat is kicking at the back side of your eye balls, you sometimes feel the need to get a little mean.

It is over now