DropMyRights VS Sandboxie?

Discussion in 'other anti-malware software' started by bellgamin, Sep 24, 2006.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    I have heard that there are now websites that can do nasty things if I merely visit them or click on one of their links.:eek:

    I would never knowingly visit malware infested sites. My endocrine system is out of ardor with respect to porn. I never mess with cracked programs. I only yank people's chains if I'm somewhere safe, such as here at Wilder's. Even so, I do surf around a lot because I'm a software try-out junkie plus excessively nosey.

    Ergo, even if I am a safe-hexer, I am quite capable of doing something dumb enough to get myself in trouble. Therefore, I am considering two programs that I *think* will enable me to surf in potentially dangerous waters & still be reasonably safe. The programs are (1) Sandboxie, and (2) DropMyRights.

    I seek information about these two programs, and will appreciate any help that you might care to offer.

    FYI- I run XP SP2. My main "real-time-monitoring" security apps are DrWeb, Kerio 2.1.5, System Safety Monitor, & A-squared.

    BACKGROUND #1- I tried Sandboxie & liked it a lot. It ran smooth as silk on my system, and seemed to be affording good protection. {I say "seemed to be" because I don't know any dangerous sites to test it, and (even if I did) I am not very brave about doing such things.}

    My one grumble with Sandboxie was that its processes used quite a bit of RAM & VM. Moreover, it insisted on running those processes even when I wasn't using Sandboxie. That is, when I disabled Sandboxie's processes (I used Autoruns to disable them), Sandboxie wouldn't work even if I reactivated those processes. To get Sandboxie to work again, I had to have Autoruns reactivate all of Sandboxie's processes, & then do a restart.

    Ergo, in my OPINION, Sandboxie is rather cumbersome & heavy to use if I want to activate its processes for on-demand use only.

    QUESTION #1- Is there an easy way to activate Sandboxie's processes only on-demand, without having to go through a rather cumbersome re-activation/restart?

    BACKGROUND #2- I am now using DropMyRights (DMR) whenever I surf. DMR seems to have no overhead at all. Once DMR executes, it keeps nothing in RAM or VM. AFAIK, DMR simply executes a script to drop my status to that of a limited user. Having done so, DMR leaves the scene -- unlike Sandboxie, which keeps all its processes running the whole time I am surfing.

    QUESTION #2- Am I at least ~90% as well protected when surfing under DMR as I am when surfing under Sandboxie? If not, can you please explain?

    FOLLOW-ON REQUEST- If you know of a small-footprint program that is (1) safer than DMR & (2) easier to use on-demand than Sandboxie & (3) will give pretty good protection while I surf, please let me know of it.
     
  2. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Have you tried disabling this option in Sandboxie?
     

    Attached Files:

  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I use GesWall, it is free, automatically does sansboxing of browsers etc.
    Uses 11 MB Ram, 5 MB VM.
    No significant conflicts on my system.
    Support is good even it is free.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    @aigle- That program *seemingly* flopped when tested Yonder.

    @dah145- I THINK I tried that. However, thanks for the hint. I shall check it out.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, u must do this.
     
  6. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
  7. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    bellgamin, i can tell you after running a crapload of tests that geswall is a better product than many of the programs that "passed" yonders "tests". this thing has withstood everything i threw at it, even the dreaded killdisk (when other programs failed causing my MBR to become corrupted). geswall totally protects any attempts to wreck the registry but allows programs to create files on the HD. these files are "marked" and cant' wreck any damage. i highly recommend you give it a try.
     
  8. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Hmmm. I'm running my K-Mel in Sandboxie currently (with a bunch-o layers open) and total mem (private bytes) of the 4 running processes is 3.7 Mb.
    (XP Pro here)
    One of the things I've liked about Sandboxie is it's light resource requirements.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    @Bob D- I agree with you that Sandboxie is *relatively* light. However, Sandboxie insists on loading into memory with every startup, even if I have no intention of needing it until hours later. I do webmastering first thing every day, and that task needs several fairly heavy programs open at once. Therefore, I try to avoid any deadweight from unnecessary programs while I am doing that task.

    @Huwge- RunSafe looks verrry interesting. As you said, it does about the same job as DMR. However, it looks a LOT easier to use. RunSafe's drag-and-drop is a big plus. I will recommend it to my friends who have balked at using DMR because of disliking its configuration needs. THANKS for calling RunSafe to my attention.

    @Anyone- I do hope someone will comment as to the differences in protection between DMR & Sandboxie while surfing the net. Unless the difference is significant, DMR seems like a superb tool at basically zero impact on my computer's resources.
     
  10. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    The main hangup i had when trying out these virtualisation applications is that my 'other' apps could not run inside them. For example, i use Ad Blocking apps and they just don't run in SandboxIE. So i ended up with all the popups, ads, banners etc. It kind of defeated the object really. I mean yeah sure you can clear the cache and everything that you have in your 'session' is gone, but at the expense of not being able to block the things i didn't want? No thanks. And if something manages to 'break out'. Well, what then?

    muf
     
  11. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    As I understand it, DMR eliminates (O.K., reduces) vulnerabilities of running as admin. Per Michael Howard's blog (DMR's developer) discussing malware (specifically variation of the Bagle/Beagle worm):
    Sandboxing, however, offers much more complete protection. In theory, NOTHING can get out of the sandbox unless allowed/manually moved.
    Subsequently, you should be able to browse with wanton abandon, resting assured that you are virtually bulletproof.
    P.S. Regarding DMR. Someone here was posting recently (forget who) claiming that DMR was either ineffective or vulnerable. Sorry cannot recall specifics.

    @Bellgamin: What sort of mem usage r u seeing?
     
  12. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    One of the problem with DropMyRights is that though the browser is run with limited rights, every other app on your system is not. So if the malware gets on your computer through the browser by being downloaded, run through javascript, etc. Then your computer is very vulnerable since the malware has administrative rights, and can manipulate the processes that also have administration rights.

    Sandboxie on the other hand, prevents the browser, and anything launched by the browser from writing any data to the disk. this prevents almost all malware from doing any harm to your disk, including stuff like killdisk, and any other malware. Once you delete the sandbox, it is gone, end of case.

    Also, in regards to the processes of Sandxoie, only one service runs in the backround, and it uses very little RAM on my pc. However, you can always set it to start up manually, then go to services.msc and start the process. Sandboxie will work then.

    Alphalutra1
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It was a pitty that the tester put programmes with different ways of protection to same test bed. That only gives me an idea of his understanding of these software.
    Remember the more strict sandboxing u do, the more functionality u loose. GeSwall is istall and forget. U never need right clicking or drag and drop type of stuff. Run ur computer as u do run routinely and every thing is automatically configured/ protected.

    If u try it against some malware u will feel it gives u enough security. After all u are not going to put an Atomic Bomb on ur PC!
     
  14. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    bellgamin,

    You can always set the Sandboxie service to manual and start it when you want to use it (via services.msc or via a reg file). This way you have protection when you need it and it doesn't use any memory or cpu cycles when you don't need or want to run it.
     
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Dear bellgamin,
    What account do you use, limited user or administrative?
    DropMyRights simply restrict the (dangerous) rights of IE and others when you run an admin acocunt. If you log in as a limited user, you don't really need it.
    Other similar products like this are RunSafe.

    Sandboxie does more than DropMyRights. It isolates your product. Any change made from your product can be discarded (you may select what to keep, eg your favourites).

    Thus the safety of sandboxie is larger than DropMyRights.

    Note that it holds true only if they can do what they claim. All products have holes and malware writers can always find ways to bypass the protection. A mlaware can break out of the sandbox. Similar things can happen to DropMyRights. Only real tests can prove how safe these products are.
     
    Last edited: Sep 26, 2006
  16. Coff

    Coff Registered Member

    Joined:
    Oct 29, 2005
    Posts:
    53
    Location:
    UK
    Just for information, PsExec works in a similar way to DropMyRights, i.e. you create an appropriate shortcut. PsExec also works on Windows 2000 whereas DropMyRights doesn't. On a Win 2000 computer, I got it to work for all internet programs except Opera which threw up an error. Similarly, Amust-1 Defender 2.0 works on XP and 2000. Although it's primarily designed for IE and Outlook Express, you can create shortcuts to your other internet applications. Again, I couldn't get it to work with Opera.

    psexec http://www.sysinternals.com/utilities/psexec.html
    Amust http://www.amustsoft.com/1-defender/
     
  17. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Runsafe .....or.....

    better still Defensewall spring to mind as similar apps
     
  18. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Yes since some applications are not sandboxing programs, so it may give false impressions on novices.

    But think wisely. Just try not to interpret information directly and read wisely. You can make use of the given info to make a right choice.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U are right. Tests are not totally useless though.
     
  20. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Quite true, but considering (on my puter anyway) mem usage on startup (b4 sandboxie is utilized) is <1.5 Mb. I consider it insignificant, almost not worth mentioning.
    Even when I launch my browser within Sandboxie, mem grows to only an additional 2.2 Mb.
    I consider it the lightest, yet most effective piece of security software in my arsenal.
    (My backup AV on-demand Bitdefender free eats 24Mb, yet does NOTHING for me in real time!)
     
  21. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    I'm currently doing tests with DropMyRights, tests with the main types of malwares (spywares, trojans, worms, keyloggers and rootkits). I'll publish it to a site I'm building, but since I am the worst webmaster ever :oops: , it'll take me a while to achieve it...

    So I think I'll post a link to the spyware tests when it is ready (tests with and without DMR against 6 or 7 widespread spywares/hijackers), I hope for the end of this week/beginning of next week, and will release other tests links later ;) .

    Cheers,

    nicM
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    Ohhhh YES! Hurry up & do it.:thumb:
     
  23. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    How about testing Sandboxie as well?
    It's more powerful than DropMyRights.
     
  24. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Well, if I can find time to do it once tests with DMR are finished, why not; but I can't test Sandboxie and DMR together, such a process would take too much time (computer restore after each test, reboots, etc).

    And honestly I do not think the site will be ready soon, the first web host I used to begin was not good, and I have to rebuild it from scratch elsewhere :( .

    nicM
     
  25. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Caught this discussion late.

    The thing with sandboxie being heavy...for me running on startup it takes 6megs of ram. This is not heavy at all.

    I am running sandboxie with dropmyrights and the only lag i get is with the preloading of dropmyrights prior to the browser/ mail app launching. My web speed seems to also be the same as when running without.

    I dont think you can really compare the two since sanboxie also is protecting against things like infected cookies, ect.
     
Loading...
Thread Status:
Not open for further replies.