Sandboxie VS VirtualBox...

My belief in SBIE is built on what I seen over the years do for me and others. Faith is believing in something that you can not prove to be true. And when I bring the "no infections being reported at the SBIE forum thing", that is something that can be proven. To prove it, all you have to do is go there and you ll see that you wont find people reporting getting infected. Thats not faith.

I can not say SBIE is non breachable but why does malware when sandboxed and being aware that it is sandboxed not try to install out of the sandbox? ...If it could, it would. Thats a tell tale sign about how effective malware writers know Sandboxie is in preventing malware from doing its thing. Otherwise, malware would try to install out of the sandbox when aware that's it is inside the sandbox.

Bo

 

It means nothing to you? Oh ok then, guess that proves that tester wrong...

Your evidence (which is more like faith) is entirely anecdotal and i worry that people reading your completely one sided praise of sandboxie will believe what you're writing is the truth

The fact is that tester DID compromise sandboxie with kernel exploits. Just because you've never been infected or because people have never posted about it on Sandboxie forums doesn't mean it's impenetrable

Your praise seems to be based mostly on assumptions and fallacies and as such doesn't belong in a serious discussion about security

 

Bromium sells security products. They compete with Invincea for customers. Why should I believe what they say about Sandboxie? According to you, my personal experience using the program means nothing. I don't trust Bromium but I know the positive impact that using Sandboxie has meant to me. Thats the story that I tell.

Their PDF and video makes it seem like if SBIE was useless and their users stupid. That is wrong and not true.

Bo

 

Hey jn2002dk, I forgot something. Lies always catch up with the liar, they never go away. I have been talking about Sandboxie for a little over five years, if I was telling lies, I would have been blown away by them already.

And please, don't worry, people can tell when someone is lying about something, enthusiasm is not something that can be faked and my enthusiasm for SBIE is catchy. On your own, you figure out why that is so.

Bo

 

But how do you know?
On one hand we have someone professional who has tested and apparently bypassed sandboxie, on the other hand we have you who claim it's almost perfect based solely on your own anecdotal evidence

What i'm missing here is hard evidence to support your claim or to refute the Bromium report. You disregard it but you don't explain why other than implying they're biased. If that's the case then why did they score the Chrome sandbox better? Wouldn't they thrash all sandboxing equally to get you to buy their product?

Being enthusiastic about software is fine but if you consistently praise it without having any evidence to support it it's borderline astro turfing in my opinion

 

Well, to me you seem to be astro turfing based on your posts here and on the sandboxie forums

Also, once again you're being fallacious. In fact, i'd say the bromium report DID catch up to you by proving it's pretty easy to bypass sandboxie yet you just dismiss the report with no facts to support your case

 

The comment by user Der Moloch in Sandboxie thread Application Sandboxes: A pen-tester’s perspective sums things up pretty well, IMHO, except that I'm not anti-antivirus.

 

Yes, they have a pretty good reason to be biased but this is also why I disregard what Bromium says. Bypassing Sandboxie is done in laboratory conditions. Why should I care about something that it is not affecting SBIE users in the real world? More than one year after their PDF came out, none of what they said is affecting Sandboxie users. And five years from now, its likely that this will remain the same.

You seem to be reading all I have said about this matter, then you know that that has been my point. jn2002dk, reports like the one done by Bromium make people nervous for no reason, I refuse to be paranoid due to something (the PDF) that the chances of having any effect on me and others using SBIE is about zero.

I don't have to prove how good Sandboxie is, Sandboxies record over the years speaks for itself, you claiming that Sandboxie is useless is the one that has to prove something. Real world proof, jn2002dk, Where is it?

Professional? You call the guy in the Bromium video professional? He seems to me more like a clown, cracking jokes about SBIE and SBIE users. Do you think it was professional of him to portray SBIE users with the caricature of a man with his head in the ground? Thats not professional,

If that's what he thinks of people who use Sandboxie, I can only imagine what his opinion is of people who only use antiviruses. I dont know if you are Bromium or not but doing that sort of him doesn't help to get more sales. It is disgusting and offensive.

Like I said earlier, Sandboxies record speaks for itself. But why do I tell my story. Telling about my experience using Sandboxie is my personal way of giving something back to the program.

Before Sandboxie I used to get infected once or twice a year every year. That came to an end when I started using Sandboxie. Whether you like it or not, the program works. Why is that so hard for you to understand?

The burden of proof is on you. You claim that Sandboxie can be easily bypassed. You, post here solid proof of real world infections that are infecting Sandboxie users TODAY. I know none.

Bo

 

You're plowing a lone furrow here Bo. No-one backing you up (not that you need it) on this subject.

We have slightly different view om the Bromium tests I think but the fundamental principle is the same.

My view is they are likely technically correct but who cares if we don't see it ITW. Why would we, with the gaping holes in everyday products like Acrobat Reader, Flash, Java an IE to keep the malware writers busy.

If you want the maximum chance of success, why waste your time with SBIE when the programs your target audience actually use ares so inviting.

For those quaking in their boots about the Bromium 'revelations', if true, ask yourselves this. What is more likely - an ITW SBIE breach or your favourite blacklister missing an ITW sample?

Here's a clue. No documented SBIE ITW breach I've heard of in the 5 + plus years I've used it against the hundreds of samples that evade the top tier AV products every day. On balance for those with at least some understanding of SBIE it's a no brainer.

Nothing is perfect but a well configured SBIE set-up is as good as is currently available for me.

Cheers

 

Nice post Chris. I think you and I agree more than what you think.

Bo

 

No, actually you made the initial claim in this thread so the burden of proof falls on you. Yet another fallacy from you

Here is a fact - Sandboxie can not prevent a kernel level exploit. Such an exploit can and will bypass it

Is Sandboxie useless? Absolutely not. It has a lot of uses and can be a good layer to have but that's a far cry from praising it as the be all, end all security software

Also, i'd like to know how you can say with 100% certainty that you've never been infected since using Sandboxie? I don't know any security experts who would make such a bold claim

 

This

That's a fair assessment of sandboxie

 

Kernel level exploits are not very frequent - at least those that we know about. Sandboxie can't protect against them, neither can any other software that is run on vulnerable system. Only solution is to patch the system that is vulnerable.

 

jn2002dk, this is what Tzuk said about Sandboxie and kernel mode exploits. Please read numeral 2.

http://forums.sandboxie.com/phpBB3/viewtopic.php?p=75473&sid=a9cf26ce8082451b1a9a94d7f1dece80

I read every post that gets posted at the Sandboxie forum. I am aware that there is always the possibility of something breaking the sandbox. But for whatever reason, its not happening. To me, thats what matters.

I read the rest of your posts (the ones not on this thread) here at Wilders and seems to me that all along you were looking for a reason not to use Sandboxie. You found that reason in Bromium, the perfect feed for the paranoid.
https://www.wilderssecurity.com/threads/appguard-shadow-defender.358124/

Bo

 

Sigh, why are we on this kind of discussion again? OP, how are you doing?

 

Can you install AppGaurd,Shadow Defender and SandBoxie on the PC. Without any conflicts?
And then run SandBoxie and Appguard at the same time? And then run Shadow Defender and
AppGuard setting at medium without any conflicts?

Looking forward to hearing the answer