Sandboxie technical tests and other technical topics discussion thread

Let's not make this personal, okay. Have a good Xmas!

 

Yep, agreed. Good Xmas for everybody!!!

 

Hmmm, interesting. Bo, knowing how you sandbox so many things, was BitDefender also sandboxed? I have no issue with BitDefender, BUT it is not sandboxed AND I also use the free version.
Thanks for the info,
Acadia

 

Hi Acadia, an AV is something that we should always install out of the sandbox and not run sandboxed. Its good to hear from you that BitDefender free works good along SBIE. It doesn't surprise me since its a simple AV and doesn't have the addons that their paid version have. Using the addons is what causes problems to some people. I remember, the known problem with the old versions of BD was caused by something called Active Virus Control. This setting had something to do with a behavior blocker or heuristics, I don't remember. The setting has been modified into something else and I believe, its also called something else.

I stopped using AV in Dec 2010, I tested BD probably around early 2010 or late 2009. I wanted badly to use that AV and tried and tried to make it work nicely with SBIE. But it was really messy. Applications took a long time to pop up in their sandbox when ran and the sandbox took 15 20 seconds to delete. I couldn't take that. I like my sandboxes to open and close fast, immediately, no delays. Then later, I tried BG but I got basically the same as with BD.

But I always thought that BD free should work with Sandboxie. It doesn't surprise me that its working good for you along Sandboxie.

Bo

 

Heh, if it ever became a question for me of choosing between the two, Sandboxie and BitDefenderFree, HELLO!, don't burn out your brain cells on this one.

The one thing that I do like about this free BitDefender thingie is that it warns me about unsafe sites even before any other program does, and these are sites that leave me scratching my head (false positives?), doesn't matter, I always redirect onward to other sites just to play it safe.

My all time favorite security saying: The weakest link in your system's security chain is that piece of FLESHWARE that sits between the chair and the keyboard!

Acadia

 

I was thinking about this, for example with BufferZone, which also uses virtualization, all installed files will end up on the real system, but they are all tracked and clearly marked. This can be handy to avoid user confusion. On the other hand, I still like SBIE's approach more, I like to keep all virtual files in one folder/container.

Interesting post, which explains it well.

 

Careful, not virtualization in Sandboxie whatsoever. Just file system isolation or container, you can read posts above about this matter.

 

OK, but what do you mean by "sandbox is altering another sandbox"?
Should I consider this good or bad thing?
And, BTW, Meryy Xmas.

 

I'm not sure if I can agree with system-wide protection thing:
The fact is with Sandboxie you can run everything inside sandbox, the entire Windows Explorer, than there is that option "run any program sandboxed", all applications, all exes, all dlls and everything else inside the sandbox, so not just applications (plus they can all be blocked by SBIE's policy restrictions), Pegr.
So, I disagree that Sandboxie cannot be considered system-wide protector-on default level it is not, but SBIE can be configured that way.

Can we say for sure that properly/super-tightly configured Sandboxie (on maximum level), properly/super-tightly configured AppGuard (Lockdown mode/on maximim level), DefenseWall (properly/super-tightly configured on maximum level) are equally good when it comes to security/protection level against all forms of malware, even the same number of exploits, as well as against the same same forms of exploits (except the method SBIE protects is entirely different from how DefenseWall and AppGuard both protect against malwares and exploits) is very different than -would you agree with me, Pegr?

For example, if Sandboxie cannot protect .dll, .sys malformations and all other malformations or exploits (which AppGuard, DefenseWall and SBIE can protect against), can your system be fully protected by AppGuard and DefenseWall?
I'm talking about dlls, sys and everything else that cannot be blocked by SBIE's configuration like kernel32.dll, win32k.sys and all other things that you cannot configure to block inside Sandboxie!
And, BTW, Merry Xmas.

 

Merry Christmas!! (sorry if your religion is not)

Well, I care more about other programs I'm running. I know you have simple setup, so while you don't experience issues, I might. But thanks for testing!

Sorry, I don't get it. What part of my statement are you referring?

 

I mean on this:
"I personally prefer to use already equipped native function rather than altering that by 3rd party product."

 

Okay, I meant e.g. firstly disable built-in sandbox and then wrap the browser by SBIE. Or e.g. don't use SRP or AppLocker, instead use 3rd party anti-executable such as NVT-ERP or SecureAPlus. List goes on...

 

So you suggest, I should rely on something like Sandboxie sandboxing web-browser (without sandbox), than using Sandboxie sandboxing already sandboxed web-browser, as well as rather use NVT ERP or Secure Plus than SRP or AppLocker?
I guess you rather personally rely on third-party software than configuring and protecting with native functions?

Jeez, I feel really said because on my Windows 8.1, I actually wanted to use AppLocker, and on Windows XP I wanted to download and use SRP-now, I don't know what to do anymore, because I don't know if SRP, AppLocker and web-browser's built-in sandbox are enough for security and protection, I mean I never download anything at all, this is from where my confusion comes from in the first place, I just hope if I finally decide what option to choose it will be the native function or the third party software application which protects the same things on computer; I don't know which approach is the right one, and which one is the wrong one, because I'm obsessed with security when it comes to this-I mean third party security applications evolve when it comes to security/protection, Windows 8.1 and Windows XP and all other Windows before Windows before 8.1 will not evolve when it comes to update regarding security and protection ( mean you cannot buy new system every single time, every year, every month just because this new Windows system is more secure than the previous one, this is where and why people rely on third-party anti-exploits, antivirus, anti-executables, sandboxes, HIPS, AppGuard and etc. because they always evolve in order to keep up with newer methods which protect against newer cyber-threats in the first place)-while third party security software applications to evolve.

I truly don't what's better for me anymore, the same dilemma I have with Sandboxie and Google Chrome (should I disable Chrome's built-in sandbox or not), and also between Sandboxie and Mozilla Firefox-future versions which will have built-in sandbox (should I disable Mozilla Firefox's sandbox or not), should I use SRP and AppLocker or not or use NVT, ExeRadar Pro, or SecureAPlus or not?

 

CWS, I believe you got that backwards. Yuki basically prefers using Chrome's native sandboxing rather than disabling it for SBIE. I would agree, why disable something clearly useful for potential compatibility issues?

 

Yes, I do agree. Any of these applications: AppGuard, DefenseWall, or Sandboxie, properly configured, provide very tight security. The key to using any of them is to ensure that all vulnerable applications, USB drive launches, etc, are forced to run sandboxed with the minimum privileges and access to the system they need to operate. You'd be very well protected with any of them. It comes down to personal choice and what works well for you.

Merry Xmas and Happy New Year to you too.

 

You're right, very thanks.
Well, for anti-executable I use SecureAPlus, though also using SRP (and found it don't make another inconvenience), this is because SAP have fascinating feature. SRP can't block driver, and though can block .dll, it's inconvenient. With SAP, the inconvenience gone. And while I allow admin to execute anything in SRP, still admin is restricted by SAP. Very well combo, I feel. (Woops, it's off topic...)

 

CWS, some people do it like me: Have Chrome sandboxied and forced to do that, it guarded by AppGuard and then also that "sandbox" of its own surely abled. Chrome's profile can't be protected/virtualized without SBIE.

Sandboxie might have some features in Chrome not working sometimes. I remember wanting to post a picture in here that I could only do with Firefox. Those are just minor inconviniences.

 

Yes, the simple setup of using Firefox with NoScript and sandboxing most programs and files that run in my computers, works real good (no malware no conflicts no stress).

Bo

 

I got good news for you, CWS. Regarding the new Firefox sandbox and Sandboxie, I tested Nightly in W7 and XP, the browser ran real well with no issues whatsoever with Sandboxie.

Bo

 

I chose disable Chrome's built-in sandbox, reason?
http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=20055#p105502

I trust Sandboxie above all, why? Because it's a security oriented solution and Chrome is not. Besides the built-in sandbox produces conflicts with Sandboxie making hard work for Curt (Invincea) to deal with them. Period.

 

For how long though when Mozilla starts having problems with conflicts or compatibility issues. Look at Chrome
as an example and the work Invincea has to do to solve issues.

 

Firefox.....is not Chrome. When the sandbox is released, I ll make a decision on whether to disable it or not. In the Nightly version that I tested, the sandbox can be disabled and it can be set to be more restricted than how it comes on default, I tested all settings that have been implemented to this point. And the result in 1 to 10, regarding SBIE....it was a solid 10.

Bo

 

Thank you, and I even like Chrome.

Wow, that is awesome if that continues to the release version.

Acadia

 

I hope so too, Acadia. In the Nightly version that I tested there is a setting in Firefox tools>Options>General where E10s is easily enabled or disabled.There is also a setting in about:config that supposedly does the same. When I tested that setting, it didn't work. But the setting is there so perhaps when Firefox with the sandbox gets released, through about:config will be the way to disable it. Hopefully, Mozilla leaves making the choice of using or not using the sandbox up to us, that would be in line with the Firefox way of doing things.

Bo

 

That's mandatory imao. If they don't leave as a user choice FF would lose many users.