Anyone tips on integration settings of Virtual PC or Sandbox settings? Combo launches surprisingly fast on a dual core pentium with 3GB RAM, after the trial period SBIE will problably wait for a few seconds.
Disabled as much standard components as possible (IE, WMP, OutlookExpress, etc) Intergration settings: Hibernate, not using the "undo virtual disk option" to purge changes (sandboxie does this faster/easier), not alloweing access to data drives, assigned 768 MB to virtual RAM Sandboxie settings: - Drop rights - allow only Chrome to start - allow only Chrome internet access - Block access to (other) virtual (data) disks Sandboxie Control (Remote) is visual as icon on the host First launch of XP Mode launches the Virtual PC and (thx Bo) in future five seconds SBIE free delay, consequtive launches from hibernated Virtual PC take less than 2 seconds.
Sampei, you might not know, the free version allows you to use separate sandboxes for your programs. You just cant use more than one at the same time. If I was you, I would create a new sandbox, name it Thunderbird and allow Firefox, Thunderbird and perhaps your PDF reader to run in that sandbox. And the DefaultBox, use it for browsing, not email. Remember, isolation works better when you separate programs in their own sandbox. You ll be safer if you do that. Sandboxie control>Sandbox>Create new sandbox Bo
Edit: disabled integration settings to increase colours from 16 bit to 32 bit (apparently this only works when disabling integration settings).
Edit replaced Chrome for K-Meleon. Due to hardware virtualization, chrome does not display text as crispy as K-Meleon.
No we are talking XP-mode, meaning the guest will be vulnerable due to end of life of XP, but Windows 7 host should be protected from guest OS: a) no integration (on data level) b) changed NAT shared to Bridge mode (selecting the name of the adaptor) Precautions on Guest a) hardened it with gpedit, XP-mode is a XP Professional (SRP default deny, etc) b) adding Sandboxie Free (running the application in XP as anonymous User)
Nice thing about XP-mode is that it runs within a virtual machine and it is very easy to make a backup of your Virtual PC XP-mode image by killing vpc and copying all files to a sage location. So decided to play with it again. Installed Gupzilla and flashplayer, deinstalled/disabled all other programs/services to reduce size of the XP-Mode VM image. Added Software Restriction control (default deny) and run Gupzilla and Flash as basic user. Next added the registry tweak to get embedded updates until 2019. Seems to work, I would not do this on main XP, but in VM trashing the guest is part of the fun and without consequences.
Gupzilla 14/17 on security, total score 86/100 Settings altered - open startpage as home page, startpage as search engine - disabled all address bar options - disabled Java - enabled XSS - disable saving history - disabled downloads by selecting an alternative download manager without specifying one - enabled use defined location for download - allow storing cookies/delete them on close/vlock 3rd party cookies - javascript, don't allow access clipboard, open/close windows - disabled send referrer header, enabled do not track - enable tracking protection/ad-block/flash click to play - disables application extensions The default setting look rather odd. Running without SBIE, flash & gupzilla run as basic user with default deny as SRP and enabled the EPSMode trick through registry to get updates of embedded. Since Embedded is XP Pro without WFP, I disabled WFP (I thrash the VM when ready playing with it anyway). GesWall ruleset for GupZilla in XP-mode (should work for XP also)