Sandboxie technical tests and other technical topics discussion thread

Yes, DW is a very nice program. For me, Sandboxie is number one but if someone don't like SBIE or is looking for an alternative, there is DW. If I was using DW instead of SBIE, I would probably be doing my security pretty much the same way than I am doing it now. I see more similarities between the programs than not.

I think a major difference between SBIE and DW is what they do with files downloaded or created via sandboxed or untrusted applications. With Sandboxie, they all go into the sandbox, after its deleted you might or might not save a few files. With DW, files go where they normally go but if their status in not changed to trusted, they remain sandboxed/untrusted/isolated and cant do nothing to your system, etc. Theres really no difference.

Bo

 

In terms of the level of protection, there's no difference. In terms of how the two mechanisms work, there's a world of difference between: (1) files being downloaded into a virtual container, isolated from the real file system; (2) files being downloaded into their usual location on the real file system then marked as untrusted and restricted.

Just as with DefenseWall, AppGuard also downloads files to the real file system where they are automatically guarded and restricted. It is restriction within the real file system rather than isolation and containment within a separate environment that is the key difference between AppGuard and DefenseWall on the one hand, and a program like Sandboxie that uses a virtual container on the other.

It is likely that former DefenseWall users who have moved from 32-bit to 64-bit systems willl have chosen AppGuard to replace DefenseWall, because AppGuard provides similar functionality. The reason we see Wilders members using Sandboxie alongside AppGuard or DefenseWall is because Sandboxie is a fundamentally different type of program. I don't think many Wilders members on 32-bit systems would choose to use AppGuard and DefenseWall together though, because they are too similar in their mode of operation to add any benefit.

For people who believe the term sandboxing should apply to restriction as well as isolation, it's probably best to refer to AppGuard and DefenseWall as policy restriction type sandboxes and Sandboxie as an isolation container type sandbox, or something similar.

 

Fully agreed. I'm a 100% thinking the same as you pegr, actually that's what I did when migrating from x86 to x64.

 

Thats not what you ll find at the Sandboxie forum. I, as many other Sandboxie users stopped using DW either to avoid conflicts or after realizing that there was nothing to gain by using two sandboxing programs at the same time. I did it for both reasons but in my particular case, more so to avoid potential conflicts.

Bo

 

There can always be conflicts between two programs or even just between particular releases of programs, but that doesn't alter the substance of what I said. I can't explain things any more clearly than I already have, so I've nothing further to add to what I've already said.

 

OK, so someone correct me if I am wrong here, because I so often am and that statement is not false humility, still consider myself learning after all these years. Isn't DW only 32-bit? On a modern pc desktop computer that makes this all a mute point, the only choice is Sandboxie. Not that DW wasn't an excellent, even near perfect, program in its day, but for most folks with modern pcs it just does not apply anymore. OK, so slam me, where am I wrong here, always desperate to learn.
Acadia

 

Yes it is. DW is only for 32-bit OS although it can be still used on modern PC as long they have a x86 OS running.

 

You said that DefenseWall and Sandboxie are fundamentally different type of program and that makes it OK to run them along each other. IMO, that is a bad idea. Read this quote.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=5&t=11967

Bo.

 

I haven't used nether DW nor GesWall, and even AppGurad so can't say anything for sure. But from what I've read so far, it seems they're not simple policy restriction HIPS. For me policy restriction HIPS includes Comodo Defense+ and Online Armor's HIPS, but don't include BufferZone. OTOH policy restriction sandbox includes Chromium sandbox, Android or iOS sandbox, etc. While what he or you said is true of false is depends on his or your definition of sandbox, still it not means any definition will be okay, firstly those definition should be useful, and if it is more intuitive, its better.

Let me talk on narrow/strict definition rather than broader one as broad def can include too many things.
We don't call Toolwiz TF as sandbox, but call it as virtualization software. We don't call Comodo Timemachine as sandbox, but call it as rollback software.
From those, maybe we can conclude the concept of sandbox have to include closed system which completely included by and can't affect real system (unless specifically allowed).
But maybe many of us don't regard VM as sandbox. So sandbox have to always share or have common or at least similar environment with real system.

If DW and/or GW meets those condition they can be called as sandbox, just my 2 cents.

 

That makes sense and at least will work for me as I always move executables to desktop when I test them (often need internet connection and start/run as they are installer).
I'll evaluate and will test that to see merit/demerit. Thanks for your suggestion.

Yup, as I said before, it's not serious problem for me. It's just potential FYI.

 

Sandboxie is not the only alternative to DefenseWall. As I've already said, for anybody looking to replace DefenseWall with another policy restriction program, AppGuard is a perfectly viable alternative.

Both AppGuard and Defensewall are similar in that they make changes to the real file system whereas Sandboxie isolates change within a virtual container. All three offer similar levels of protection and there is no need to run more than one of them to be protected, but it is not redundant to consider to adding some kind of virtualization to run alongside a policy restriction program as part of defense in depth, or even just for software testing.

With both AppGuard and DefenseWall, downloaded executables will reside in their usual location within the real file system. With both programs, malicious executables will be restricted from causing any harm because they will not be in a trusted status. However, it may be considered undesirable to have dormant malware left lying around, even if it can't cause any harm. In order to remove it, it has first be detected then removed, which for the average user may mean scanning with an anti-malware program.

Unlike AppGuard or DefenseWall, with Sandboxie no detection of badness is required to remove malicious executables from the sandbox. All that is required for perfect remediation is to empty the sandbox. This illustrates the difference between rights restriction and virtualization.

With policy restriction programs, "sandboxing" consists of separating applications into two groups. Untrusted applications run inside the "sandbox" and trusted applications run outside the "sandbox". Separation into two groups on the basis of trust is fundamental to both AppGuard and DefenseWall. This kind of "sandbox" is very different from a Sandboxie sandbox where the sandbox is a virtual container used to isolate change.

Because virtualization on its own doesn't constitute security, application rights restriction is also needed. Sandboxie has a rich set of policy restriction features, beyond what is needed to enforce the boundaries of the sandbox and prevent breaches. It is therefore perfectly feasible to just use Sandboxie and nothing else, and not get infected.

Unlike AppGuard or DefenseWall's policy restriction, which operates system-wide, Sandboxie's policy restriction only applies to applications running inside the sandbox, so a separate policy restriction program may still be considered desirable. There isn't a problem using AppGuard alongside Sandboxie and some Wilders members are using this combination on both 32-bit and 64-bit systems.

What it comes down to is that there are many different ways to secure PCs. In the end, much of it is a matter of personal preference in relation to the kind of approach a person prefers and what works well on their system.

 

One person's view, that's all. If DefenseWall and Sandboxie conflict then obviously it's a no-brainer not to try and use them together, as it is with any two programs that don't work well together. However, there are a number of Wilders members successfully using AppGuard alongside Sandboxie without any problems.

 

JarmoP, you said:
"Actually AppGuard doesn't block programs from executing IF they start from System space (Program Files folders etc.). It does not have that kind of hips capability, like SbIE has in the restricted sandbox. Instead it does prevent programs running from User space (unnatural places for normal execution and needs then from user some input to make them execute if desired). AppGuard not having some kind of antiexec control, makes it in my opinion one of the programs not likely to cause conflicts with other security software."

What does that mean, JarmoP? Does that mean that AppGuard does not give the same level of protection as Sandboxie and DefenseWall do equally?

 

Yuki, you said:
"Well, Mozilla is to introduce sandbox to Fx is definitely good thing for its security and public interest, remember many people haven't ever heard of SBIE. If they finally bring Servo to desktop browser as well, it might be one of the securest browser.
I personally prefer to use already equiped native function rather than altering that by 3rd party product, so I will quit sandboxing Fx when it introduced its own sandbox and that have proven strong enough."

So, Yuki, why don't you think it's good for Sandboxie have over already sandboxed Mozilla Fitrefox, why is this altering so bad for both Sandboxie and Mozilla Firefox-is it because compatibility issues or security/protections issues (because running sandbox inside the sandbox weakens both Sandboxie's protection and Mozilla Firefox's own native sandbox protection (or just one of them?)?)?
Where is the catch, Yuki?

 

If we are going to use the term "sandbox" to apply to both policy restriction and virtualization, the use of adjectives can be helpful when making comparisons. We can't talk about different types of sandbox as if they are all the same thing. The use of adjectives can help to make the usage clear where the difference matters.

For example, the authors of the following article refer to Type A and Type B sandboxes: -

http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/

 

You should read what pegr wrote in the post #586 about system-wide policy. The protection is not exactly the same and both programs complement each other enough for me to run them together. To me AppGuard gives a very good overall system protection.

I have my browsers and other programs guarded all the time and this should be maybe considered something akin to forced program feature in Sandboxie. But not exactly. And notice that AppGuard guards user space execution if not blocking it, depending on the protection mode level. That is pretty good.

Sandboxie is to me stronger sandboxer. Kind of virtualizes say a browser session with the isolation. If a program wants to install to your system, you can with Sandboxie install it to a sandbox usually to test. Whereas using only AppGuard you would have to install it in real, as there is no guarded install concept.

Sandboxie does not have exactly the same kind of protection against user space execution like AG has. When I told AppGuard not having anti exec capabilities, I mean't you can't control program start application specific. Thats all. Because Sandboxie has that feature, even if somewhat limited, I sort of think SBIE can cause conflicts more easy with other security programs than AG can. But they both run really well together.

I won't answer more questions, so don't try to not get disapointed in not getting an answer. But hope the above helps, something you can also learn by yourself running both programs.

 

Salutations, Bo!


Follow-up on post #411

I install my new security set-up Dr. Web Security Space with Malwarebtyes Anti-Malware and did my Windows updates. About months ago! Additionally, I chance my Browser from CyberFox to Firefox with addons.
Before that know, I had no problems with Sandboxie. It seem that SandBoxie work for short period! Meaning a month or two at best.
After the new set-up it would not work period. My problem with Sandboxie is that it will never with other security software anti-viruses. So, the
choices is clear!

 

Do I said either good or bad? I just said it's matter of preference.
Short answer, as I'm not much interested in what you emphasized, sorry.

When a main product itself has certain function, the reason to replace it with 3rd party one would be this have more fascinating function for you, or more solid.
For me it can be applied to application whitelisting, I use SecureAPlus though also testing SRP.

But for SBIE, I found a way to get merits from both world, built-in sandbox and SBIE. It includes but never limited to force Download folder (actually includes much more, such as my custom). And also other security products cover what I loose by not to use SBIE for Chrome.
So I don't have strong reason to replace it by SBIE, not to mention currently sandboxing Chrome causes conflicts with Norton (it's not serious one, don't affects actual usage).

Also I won't immediately stop sandboxing Fx when they introduced built-in sandbox, first I have to see if it is strong enough and compatible with other products.

 

pegr, so what you mean is this if simplified?
http://i.imgur.com/GOg917d.png

 

Hi Moose, the best recommendation I can give you, I gave it to you in post 411. Follow what I said there and Sandboxie will play well in your PCs. I also recommend, once you find a setup that works with SBIE, stick to it. If you like Dr Webb, then try to use SBIE with Dr Webb after refreshing the PC and see what happens. But dont add a bunch of programs, if you do, the chances of SBIE working great diminish. The more programs you have messing with the sandbox, the less the chances of Sandboxie working great. Look at my personal experience, I never have problems with Sandboxie. None. That is no luck, it is so because I have nothing messing up with what Sandboxie does.

Most antiviruses work with Sandboxie, sometimes an update breaks compatibility with one but if you are using one that's popular, the problem gets top priority to be fixed. So, its best to use one of those or use one that has a good record working with Sandboxie. In my friends who listen to me about Sandboxie, I install MSE or recommend them to use Windows Defender. Even when someone has gotten a free license to a paid antivirus for purchasing a new computer, that's what I do. MSE has not had any kind of issue with Sandboxie since early 2010. Thats a pretty solid record of working great with Sandboxie. Also, sometimes when SBIE has a problem with an AV, it is not the AV itself the one that conflicts but an addon. Like the web guard or toolbar. So, the simpler the AV, the better, IMO.

Bo

 

Its not only one persons view, its also my view. But to you, my view dont count. The funny thing is that unlike you, I have the experience of using both programs to their full capabilities at the same time. On the surface, when I used DW and SBIE together, I never had any sign of a conflict. For me, both programs worked great together. It was a joy using both programs at the same time.

But I decided to pick one and use one to 1. Avoid potential conflicts that could surface at the worst of times and 2. Since I was using both programs to sandbox the same programs, it didn't make sense to use them together. But I get it, you cant understand that because you have never used SBIE to sandbox anything but a browser. About AppGuard. As far as I know, unlike DW, AG is not a sandboxing program.

Bo

 

Hi Pete, when I used an AV, Avira, Avast and MSE worked with no issue with SBIE. Bit defender and BullGuard were pretty messy with the sandbox though. When it was time to delete the sandbox, it made it take too long. I have tested ESET antivirus, it worked fine with SBIE.

Bo

 

I tested Nightly in W7 and XP, it worked fine with SBIE and three of the four extensions that I use.

Bo