The damage of fanboys advises

The mighty holy Sandboxie... ROFL.

@Kees1958: volkomen terecht.

 

While there's plenty of food for thought there...., I wouldn't say it's entirely correct....

Sandboxie is an extremely robust application and very simple approach. Most any user could benefit from using it, and there is no need to muck with a personalized configuration.

Applications that shower a user with pop-ups provide, IMHO, a user with a false sense that they are actively protecting themselves via the operational cues provided by forced interaction. Security measures should be quiet until a genuine and infrequent alert is needed. Exceptions are paid attention to, constant noise is not.

There is no magic nor magical healing options out there. There are solid options that work in many cases, and falter in some others.

The problem with many new applications is that they are embraced, their profile heightened, and then quickly discarded as a wave of attention deficit disorder seems to infect the assembled throng. It's really best if users try something out for a while - a few months to a year in my view - before embracing it as either the next great solution or the spawn of Satan. With that level of continuing usage and experience some informed comments can be made.

On data backup/recovery..., yes it is a good measure to provide backup security, but everyone should have it for the inevitable hardware failure. That's the real reason one should pursue a sound backup strategy. At some point the hardware will fail, it's only a question of when and whether you have valuable digital assets (music, personal photographs, purchased software via download only, etc.) that could be lost when that hardware fails.

Blue

 

Keep it English, al right?
I too agree that fanboys do too much damage. It can really be an annoyance if you see members recommend random applications just because they like it.
It's true that not everyone has the same knowledge or patience to understand how to really be safe on the net, but that doesn't mean people shouldn't try to teach them. It would be ridiculous if everyone would use the most advertised products, those with the fancy colours etc.
And that's exactly what will happen if no one takes the time to learn.

 

While I don't particularly care for the TRUE fanboys (the ones that regardless of testing and experience showing otherwise, shower products with praise and dismissing anything else even when they've never even used a different product), I don't think they are doing as much harm as stated....provided the user looks around a bit, these forums for example.

I also don't see all that much REAL fanboy-ish behavior at this particular website (meaning the type of behavior I stated above). What I DO see are many examples of well-meaning people trying to educate but nevertheless scaring users looking for a simple solution to security issues. There are sooo many tests done here with malware samples that bypass this and that and cause apocalypse-like damage.

It seems like every day a new thread shows up saying "Such and such bypasses (insert widely-hailed product here)! Or "How (insert product here) holds up against (insert apocalypse-causing malware sample here)". Inevitably, such a post is followed by 10 or more "Which HIPS protects me best?" or "Need a security setup" threads being created. I think more often than not we are not guilty of understating security, but overstating it. In other words, we scare the pants off the people coming in here.

What those new and less active members alike don't understand is that a good percentage of the stuff that gets tested here only show up on malware testing websites, not in P2P or even the "warez" websites. I have been to the darkest of the dark countless times over the years and still go there, and the absolute worst I ever have gotten were dialers, simple trojans, and rogueware. There has never been anything whatsoever a good AV and AS could not handle.

These "doomsday" malware samples are not a true threat imho, simply "lab creations" to more often than not boost egos, and sometimes to show what is possible and come up with preventative measures. The REAL threats come from phishing and software developers leaving holes in their products. Phishing we can prevent and educate others on, holes, we cannot.

 

I must say that I've found the majority of advice provided on this site to be very objective and thorough. It's rare to see somebody with a strong agenda. This is especially rare in the broad field of computer technology. If you want to see fanboys gone wild, try to get advice on a cpu/processor purchase, or god forbid a video card. Of course it never hurts to remind people - that we are dealing with the highest of stakes here. Some bad advice could potentially cost somebody alot of money. Wilders and those who tirelessly provide their expertise = two big thumbs up!

 

Oh, lighten up. Blue provided you with a translation... I won't criticize your English error either...

Aside from Frisian, Dutch is the closest language to English out there, no reason to get uptight about it.

 

This is an international forum and i think Kees has earned enough credits around here to trow in a foreign word here n there. If you can't cope with anythingh outside Redneck county then perhaps you should stick with more simple things.

 

People, please, this is gonna get shut down if it starts going down this road.

 

man i need some coffe i read alot today

 

Yeah, anyways, Kees certainly has a valid point although I don't agree with every nuance. Some people sincerely think they have the answer and want to help. I have very few answers and try to help by asking questions that help lead to a solution unless I (think I) have had direct experience with exactly what the poster asks about.

I think anyone that comes here for advice does well to seek an independent confirmation outside of Wilders on important matters but it is a hell of a useful place to get started with questions and lots of people who DO know what they talk about. But then again, maybe I'm just a Wilders fanboy.

 

I know i am

 

what the heck me too

 

I put it that every bit as bad as the 'fanboys' are the doom merchants citing security flaws in products based on either hypothetical POCs at some black-hat convention,or obscure malware that the average surfer is as likely to encounter as a martian.

With regards to SandboxIE I have no qualms in recommending it to even the least technical of users,with no additional configuration,simply because that user is by default protected against pretty much everything they're ever likely to encounter.Coupled with a good AV Mr.Average would have to be extraordinarily unlucky to get an infected system.Of course for that unlikely event a recent system image stored remotely negates any problems.That's why I always stick Macrium Reflect on client's systems and spend a whole 5 minutes explaining how to use it.

I'm not ashamed to be called a SBIE fanboy since IMO near total protection doesn't come simpler...
(Puts on tin hat ready for the missiles)

Simplicity has to be the key at all times since,strange as it is to the enthusiasts here most folks have no interest at all in the security of their pc and the intricacies of ensuring it.Of course where Kees is spot on is that any advice given has to be relevant to the specific user's needs.

 

If you look at my sig, you'll probably think that I'm a SBIE fanboy. Maybe I am, but I too was a newbie not so long ago.
I tried different products, until I found out that for me, the best was a properly configured SBIE (got infected once with default settings - usb worm), so I agree with Kees on this one.

I think, based on my behaviour, that when I advise SBIE, I do it because I know what it can do, and I like to pass on that knowledge, but I expect that the one who asks at least tries to learn. Nobody thaught me to use SBIE, I learned all by myself, reading, USING THE SEARCH FUNCTION, and at the end, when I had some doubts, asking. If someone is to lazy to care, I won't take the blame for any infections/vulnerabilities.

If the user really wants to know, I'm glad to answer any question, as I'm sure most of Wilders members will also be...

 

This is what is confusing to new users. A "properly configured" sandbox, and in bold no less. The new user thinks; "why isn't 'properly configured' set by default?" And then finds fault with the developer. In the usb case, a simple ForceFolder setting would have handled that worm. Is the developer supposed to ForceFolder the outside drives with default settings? Imagine the havoc worldwide with folks installing products, but not realizing they were installing into the sandbox. Then the new user begins a search to learn these "secrets", finds a ton of half/answers and comes away more confused than ever - and blames the default settings.

 

Good discussion, thanx

 

First off, I would like to thank everyone who has taken the time to provide a detailed thought out post.

Fanboy or not, sometimes people just get offended when confronted with a difference of opinion. Some miss a nuance of language translation, and some people just have to have the last word. To me the real damage of “fanboy advice” has been the reluctance of the most experienced, knowledgeable people to get involved in this forum anymore.

Kees, I really enjoy your posts because you are always trying something new and trying to balance protection with minimal impact to your PC.

As for me, I don’t need a lot of hand-holding. I can read the help file and I can use the search, but I still have a lot to learn.

Again thanks to the Wilders community, Consider me a Wilders fanboy.

 

Well get a load of this and coming from Sandboxie's No1 fanboy.

Even though the apps in my siggy are my mainstay security I'm gonna have to set up two old 40 gig drives, XP/Vista, with the only security being Paragon images that can restore the first track and mbr from an external drive.

In pursuit of my favourite pastime in testing malware there are far too many rogue installers that are now sandbox/vm/virtual aware and just won't run.

Some malware are even popping up messages telling you as such?

 

cool

 

@Franklin - Looks like malware is saying "We Surrender" I will send you a Suduku book.

 

Will give it a shot shortly.

Edit:
Ran the malware sample with just Returnil active which seemed to execute in Taskmanager for a split second then nothing, no warning messages or seemingly anything?

Gonna need to setup those unsecured hd installs to see what these type of malwares get up to.

 

While I have mentioned Sandboxie on more than one occasion and have it in my siggy, I don't think I fall in the fanboy category. I do admit to being lazy with mentions of and links to the Sandboxie site, the help and FAQ's and their forum. Now the "fanboys" can link directly to this post for essential links .

One thing I would like to mention is Sandboxie has come a long way this year with the program GUI and the help section of the their site. Things are easier than ever to configure. I would also advise anyone who installs any new software to look around the settings and options because that is a great way to learn about the software.

PS: My mother is online for the first time this week. Her security setup is Avast free, Sandboxie and Firefox with no add-ons. Returnil free is also on board when the grandkids show up. I'll let you know how it goes.

 

Actually that's a whole new interesting topic in itself there!

 

I'd be surprised if any malware 'realised' it was running with Returnil since it creates a clone of the 'real' system.I believe that VMs emulate a specific hardware setup regardless of the actual system therefore I presume that's how malware knows it's in a VM by looking for that particular hardware profile. I'm not sure how it knows it's in SandboxIE though,devious little fellows those malware.