Returnil & sandboxie freeware

I can't answer your question as it goes beyond my level of knowledge on the matter. I believe that anything can be bypassed, one can only reduce the likelihood of such an unfortunate event to happen.

Virtualization and sandboxing have been a godsend for security as they are a very light and robust solutions for almost any contingency, allowing users to eliminate a whole range of antimalware applications. Having said this, I'm still running an AV resident on my fast machine, and on demand on the others.

 

Hi m00nbl00d. I don't know man I just don't see SBIE as just another
application. Using SBIE has changed my Internet experience so much
in such a positive way that makes me see SBIE differently than you,
but you right when you say that nothing is 100%. Thats why I use
MSE to scan files that I recover to my hard drive.
If you have never used SBIE for say...6 months, give it a try, you might
like it when you realize that nothing gets by and that all of the sudden
you dont have the urge or need for scans anymore.

Bo

 

This one program has been such a life saver for dummies like me. I cant believe not everybody is useing sbie, and tzuk is not our president.

 

Different strokes for different folks?
Be thankful that not everyone values Returnil and/or your personal favorite anti-malware strategy or all the vulnerabilities that have been found in SBIE and Returnil over the years would easily be surpassed in a matter of days or weeks, right?

 

I do understand what your saying, but these two apps working together maybe about as strong of a defense the average dummy can get their minds around to remain safe. I havent even heard of this combo being defeated yet.

 

Just a clarification, Returnil is not a drive snapshot technology like Rollback RX. It is a light virtualizer like Shadow Defender, which directs all writes to a sort of RAM/disk drive akin to a system wide sandboxie, which upon reboot cleanses all craps.

 

Originally Posted by acr1965
I thought I had read that there are web born password stealers (able to log key strokes, steal clipboard data, etc) that are not installed onto a pc but are on the web only- maybe some sort of cookie or 3rd party infected ad?

If so then how does a sandbox type program protect against that sort of threat?

Thanks for the reply. Also I hope someone can answer my original question in detail. Thanks.

 

thats what i'm trying to do [get defeated by virus/malware] but not as yet i've downloaded heaps of both and still its gone at reboot for all crapware

by the way i got sick of fixing friends computers so now once i've fixed them i force the browser through sandboxie and returnil is on then tell them to save to a different hd all are very happy including my mum

 

Never heard of such a problem.

Quite frankly,this combination is tough to beat.If you wanna search around looking, testing,etc of all the possible threats,have at it,because in the day to day in life's activities,you wont have an issue.

 

What does that tell you? Exactly what it wants to tell you.

Could it be a case that both are trusted and to accuse people of using both because you don't trust either is utter shite and you should be ashamed of yourself for coming out with those blubberings.

 

For years I've only surfed the Internet only in shadow mode (ShadowUser first and Shadow Defender later). After using for a while Sandboxie, I trust it so much that I'm hardly using Shadow Defender lately. I could very well use Sandboxie in shadow mode, but I think it's overkill.

A well configured Sandboxie installation could easily protect a computer against almost anything. An antivirus, resident or on demand is still the only way to identify malware if one wishes to download (and keep) suspicious stuff from the web.

 

The developer of Sandboxie on his website gave good advice once and I always follow it: whenever you decide to go to one of your financial institutions where you use a password, always close your browsing and start over, that way you clear out any keyloggers that you might have acquired since you started that particular surfing session. I always completely close and wipe out the sandbox before going anywhere that I use a password that is important to me. Using MacroExpress I created a macro that does all of this very quickly for me and uses only one keystroke. I am constantly popping in and out of Sandboxie but I do it so quickly that even someone like me, with little patience, has no problem.

Acadia

 

The Combo Returnil & Sandboxie offers a very Light and Tight Security setup for FREE!
It is among the Best Security options for users who no longer rely their security on Scanners.
I've suggested this Combo to many Friends and Relatives who have been malware-free for years!

 

well said

 

Does returnil allow microsoft updates or do you need to add that to exception?

 

Sorry?

My comment merely had to do that each person will make use of the combination they feel will protect them best.

The topic starter mentioned the combination he/she was using for quite some time and that has served his/her purposes well.

But, the same does not apply to everyone. Some will use Sandboxie along side some antimalware application, because they feel that's what will protect them better.

That's the only reason I mentioned that's what I see when people user be it Sandboxie and Returnil or some other combination. They use the combination, because they're well aware one isn't enough to protect them.

Otherwise, why not just Sandboxie or just Returnil, or just whatever anyone makes use of? Why do people make use of more than one layer? Perhaps, for them, one isn't just enough?

I see from your signature that you use Sandboxie, Returnil and drive image. Wouldn't that be because that's what you believe that's enough for you?

I never once mentioned those two apps aren't to be trusted, did I? No, I actually mentioned that Sandboxie is a great application, with a great developer behind. So, please, stop with the nonsense that I'm disdaining this or that application, because I am not.

The same way, users who use Sandboxie and Return, or similar approach cannot criticize those who believe antimalware apps will provide them an additional protection. Each user is different, and their needs different as well.

 

I have to agree with Osaban. Security through virtualization only works until you intentionally want to install something permanently. For that you need to disable the virtualization. What if that program you’re installing turns out to malicious? Of course you can say you're careful about what you install, but legitimate sites get hacked and there's constantly new spins on social engineering.

A previous post of mine on a similar topic:
https://www.wilderssecurity.com/showpost.php?p=1763439&postcount=9

 

What if you also use a decent imaging app.

What if you have several hard drives that you can clone from.

What if you have an instant rollback app.

What if you important data is kept on another partition and or backed up to an external and a reinstall is a minor inconvenience.

What if an update for your AV flags and deletes explorer.

What if Windows Updates wrecks your machine.

Does windows still drop an entry into prefetch for any samples run sandboxed?

Do any malware samples instigate a reboot which Returnil can't stop but is contained if run sandboxed.

Have I ever taken a sample out of the sandbox and accidently double clicked instead of dragging/dropping to a rar archive. Yep on a few occasions which is bound to happen after long hours and gigs of samples and will probably happen again.

I also use an XP VM where I run samples through Sandboxie while the VM is virtualised which is loaded into a ramdrive from an iso image at boot and the real system is virtualised as well.

Do you use backups. Why, don't you trust your other security measures?

Isn't it about using what suits your needs and to state that someone uses two security apps because they don't trust either is ridiculous.

Anyways I will state that using a combo of Sandboxie and Returnil used as per instructions will keep you far safer than any realtime AV or reliance on Windows patches.

 

I don't make use of backups to fight malware. I do it to prevent loosing important work. So, it's not a lack of confidence in the measures I've set.

I've never mentioned that an AV is better, nor worse. I only mentioned that some people prefer to make use of antimalware apps as well; there's a difference. It's their choice.

Every user needs to find the best balance between security and usability for them. And, if they find it in using antimalware applications as well, then so be it. Who am I to say they shouldn't.

 

Probably so, but I don't think anyone around here totally relies on either of those (or any single solution).

I agree. To each his or her own. If I don't have to play IT for them then it's none of my business.
And if I did personally rely on only these two apps for real-time security (not counting a firewall), I'd still use blacklisting. It would be nice to know that everything recovered and excluded is probably safe.

 

of course i don't keep all eggs in one basket
experience has taught me that hence i use 2 baskets

all my other programs are portable its lovely not updating and having no problems whatsoever
see link
https://www.wilderssecurity.com/showthread.php?t=276783

 

Hi kjdemuth,
You need to turn the virtualization (Virtual Mode) off before you can apply MS updates as RSS/RVS do not yet support selective registry changes. We may be getting closer to this however due to a new component project we are currently working on with technology that may allow it to be used this way.

Mike

 

i like to think of Shadow Defender as a Sandboxie for the whole computer.
i have Sandboxie but i find Shadow Defender easier to use.
i agree with you using both is overkill.

the advantage of Sandboxie is that you can exit the virtual world without a reboot but SD is way easier to use.
Sandboxie might be just a little bit safer in theory but i'll always go for something that requires no thinking.

they're both great apps, really.

 

This is the main advantage of Sandboxie - no reboots - which means no committing or forgetting to commit (with SD, I have occasionally lost info when I'm tired, and the problem is that I only discover that info hasn't been retained long after it happens).

A Shadow Defender type of application able to exit the shadow mode without a reboot would be the perfect solution, but obviously there must be some kind of insurmountable technical obstacle. Coldmoon (Returnil's moderator) once mentioned that the problem is related to the very architecture of Windows.

I agree, to surf anywhere without having to worry about what's going on with your computer, or for reckless surfers (my son's computer runs with Returnil passworded, no more infections ever since) SD and Returnil are unbeatable.

 

Wish more people would realize this!