Sandboxie

No thanks to no try? and i no mean insult as many seem to feel. sorry bad english. I just mean best way to try. when sandbox an app it contain all. you only recover files you want keep. ok? As i say hard explain. best to just try and test. Ok?

 

@timestand: Perhaps I read too much in your first response to Greg in the way of an implied insult and I apologize for promoting the negative interpretation of it. This in an international forum and I should know better than to take everyone's English at face value.

Of course, test and see what happens is a valid approach, but there are many here and at Tzuk's forum who have already done so and Greg can no doubt benefit from their input.

 

You know, this is the most asked question regarding Sandboxie. I understand why really, and have explained it many times. So, just for you, try this out
http://mrwoojoo.com/sbie/index.htm

not really just for you , but I figured why not.

Sul.

 

Well the tray icon isn't much to look at

Seriously though,in unashamedly fanboy fashion,I have to say this is one of the most impressive applications I've ever come across.It's light,quite user friendly and pretty much bulletproof when it comes to security.

 

I like tray icon. Also why poster want something bad about it. Funny man!

 

It's not too bad but it was the nearest I could get to a negative comment.

 

It appears that mrwoojo is down right now. I was going to check it out since I am a new user of sandboxie...maybe it will be up later. Thanks for the link though!

 

Opening fine here...

philby

 

Thanks Sul. That is some very useful info to share with others.

 

I have been running Sandboxie with zero issues for 3 years. I am so happy with it that I no longer use an anti-virus when I am surfing the Internet. There is no need to rely on a blacklist when you have a properly configured sandbox. Plus, my computer runs so much faster with no active AV installed.
I have had zero malware infections in 3 years, and I am a heavy surfer.

Partner Sandboxie with a good image program like ShadowProtect, Macrium, etc, and you should be good to go. For extra protection, you can also add a virtualizer like ShadowDefender or Returnil. Sandboxie and ShadowDefender run very well together.

As always, the strongest security is common sense.

 

Do you ever recover downloaded files?

 

Just speaking for myself, it would be a serious limitation if I couldn't make purchases on the internet. I've been selectively using credit cards, and now Paypal, for years with no security problems. If, after using Sandboxie for a while you feel it is worth supporting the work of the author, you could look into Paypal.

 

In the last 2 weeks I have started using Sandboxie the way you have for 3 years, and it's great hearing that you have had no infections. Even more confidence-building in this approach to security. And you are right, really fast.

Virtualization, system image, and common sense. Simple and safe, and probably the future of security as malware increases exponentially. (p.s. On re-reading this post, I feel it was maybe a little idealistic, since this method requires a common sense that evidently isn't common enough to make AVs unnecessary.)

 

Greg's point is important. I screen what I want to recover with an AV and with MBAM and then recover. I don't think that is being over-cautious. The sandbox is only a sandbox.

 

why screen before recover? you scared that malware will attack while you recover? Wrong. malware attack only when you run it not when move it. Ok?

 

Let me pose a question. If your AV is resident, monitoring all files being written to disc, is there then a need to scan manually again? Does the detection work better with a manual scan rather than the resident scan? If you are not sure, and rely on a virus definition update to be sure, should not you best wait for the next update, or the next after that, to really be sure?

Sul.

 

I know you are trying to help and all, but it was implied not that there was a scare of moving it, but just that on principle to scan before removing it from the sandbox and into the real system.

Sul.

 

Yes just clear that malware only attack when run it. So can move out of sandbox on real system and then only scan. Ok?

 

There's more than the one question
1. Re. the performance of the resident scan versus the manual, it's just that I'm not sure (=ignorant) about how the AV interacts with the sandbox contents in real time. Perhaps, as you point out, a manual scan may be redundant/overkill.

2. The point of the definition update would apply to the resident scan as well, wouldn't it?

3. I use MBAM on demand so I wouldn't think this step is unnecessary.

 

In my time using virus engines, playing with files that are infected, if the engine knows about the virus through its definitions, it normally screams at me if I even focus on the file. Downloading infected files was always caught right away. I don't recall every finding a virus through a manual scan if I used the resident scanner all the time. I am no expert, it very well could be better to do a manual scan, but it does seem a bit redundant.

In terms of how it acts within the sandbox, remember that when the file is written to disc, it is a real phyical location, so AV engines or anything like that will see it.

Yes, MBAM being manual only would be good. I like MBAM a lot. Having used lots of these type programs in the past, it makes Adaware and Spybot and the rest of the now ancient clones look like they weren't even in the same game. MBAM is quite possibly the best "one-stop-shop" tool to use on computers that seem to be full of garbage.

Just asking because I stopped using an AV some time ago due to questions I had such as that.

Sul.

 

Manual scans can be more comprehensive than real-time if your AV supports scanning within archives or packed executables.
That is usually disabled by default in real-time monitoring for optimal performance.

Also, uploading to VirusTotal is better than just scanning with one or two scanners.

 

See, this is the part that I'm really unsure about. I know it is real, but still within the active sandbox. That's why I do the manual scan after all sandboxed processes are terminated. (Could be pointless, but it doesn't cost me much in terms of time )

 

To OP.

You will notice that with all the responses you have received, and although it has veered off topic sometimes, and maybe got a little heated also, you STILL havn't received a negative report...!!!

Quite remarkable for any piece of software. There is no reason why you shouldn't find yourself of a similar mind after trying it. Might even persuade you to venture into the world of online purchasing.

If it does, please make Sandboxie your first purchase. It is well worth the peace of mind that it gives. I personally would not entertain using my Credit Card online without being sandboxed.

I have no connection with Sandboxie. This is purely from my experience of the program.

Regards

Ken

 

@kennyboy:

Quite so!!

My experience,as well.


rat

 

Yes, all the time. I scan downloaded files with MSE used on-demand only.
I have the real-time protection always turned off. I also use VirusTotal from time to time.