DropMyRights &/or Sandboxie

(Q1) If I run my browser under DropMyRights, would there be any *significant* additional advantage to my ALSO running my browser within sandboxie?

(Q2) If your answer to Q1 is "Yes' then -- should I discontinue use of DMR & use SB instead?

 

Q1
http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#HowItWorks
"How does Sandboxie protect me, technically?
"It should be noted, however, that Sandboxie does not typically [by default] stop sandboxed programs from reading your sensitive data. However, by careful configuration of the ClosedFilePath and ClosedKeyPath settings, you can achieve this goal as well.

You can isolate internet-facing applications (e.g., browser1, browser2, email, etc.) inside their own sandbox; multiple sandboxes are supported.

You can open email attachments with applications (e.g., word processor) that are sandboxed.

"Sandboxie also takes measures to prevent programs executing inside the sandbox from hijacking non-sandboxed programs and using them as a vehicle to operate outside the sandbox. [This may be covered at least, in part, by your HIPS?]

http://www.securityfocus.com/infocus/1848
"Complete protection?
While all of this sounds good, it [DropMyRights] can offer a false sense of security. Applications spawned from a browser with reduced privileges will inherit those reduced privileges, but privilege escalation is still always a possibility.

Low probability, but high impact.

Q2
http://www.securityfocus.com/infocus/1848
"Reducing browser privileges
Least privilege
It is important that administrators follow the rule of least privilege. This means that users should operate their computer with only the minimum set of privileges that they need to do their job.

 

I tried the DMR + Sandboxie set up and it worked ok. I think it will give you a little better protection if you run it this way. Every little bit helps.

I decided to go with Defencewall though. I call it DMR on steroids with a few extra tricks thrown in.