Help Me Choose a Sandbox

Discussion in 'sandboxing & virtualization' started by bs259, Nov 9, 2006.

Thread Status:
Not open for further replies.
  1. bs259

    bs259 Registered Member

    Joined:
    Feb 3, 2005
    Posts:
    141
    Location:
    Queens, NYC
    I am just learning about sandboxes and I'm trying to figure out if I need one or not, I have been reading about SSM, Greenborder, Bufferzone and a couple of others, If it turns out that I need one I don't want to have to change any settings, I want to be able to install it and forget it is there, I also don't want to see any noticeable system slowdowns. To me it doesn't matter if it is a free or pay version.

    Right now I have KIS 6.0 and Spysweeper 5.2.3 (build 2125) installed. I also have the option of 2 other anti-viruses (Avira 6 month license and NOD32 I think I have a year left)

    KIS 6.0 seems to run the best for me though on all of my computers.

    Any help you can provide will be appreciated.

    Thanks again,

    Billy
     
  2. wir.sing

    wir.sing Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    60
    SSM is not a Sandbox/Virtualization tool. Its a behavior blocker. But concerning the other Sandboxes KIS is a bit special, due to its drivers, so both Greenborder and BufferZone have compability issues with KIS. with GreenBorder and KIS your system starts running unsuably slow and with KIS & BufferZone at least I get a BSOD (Bluescreen of death).

    The only true virtualization tool (which I prefer to apps such as geswall) that runs smooth with KIS is sandboxie. But at least in my opinion that tool is very basic, for example you can't immediately see if a program runs inside the sandbox or not. I would recommend BufferZone or GreenBorder here. Out of the two I like BufferZone more since its cheaper and it lets you more possibility of decision (GreenBorder kinda decides for you, which is great if your not the most experienced pc user) and I find that it has more features. But they are both great tools. So regarding the compability problems, I was told by BufferZone support that a new version of BufferZone should be out by the end of this week, which should fix the problems with KIS.

    If you want comparision of how different sandboxes perform you should check these two links. The first one is a generell test of 8 different sandboxes and the secod link is a here from wilders who test how different sandboxes block keyloggers.

    Link 1: http://www.techsupportalert.com/security_virtualization.htm
    Link 2: https://www.wilderssecurity.com/showthread.php?t=148690
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    With Sandboxie check the top title bar for the [#]...[#] encasing the title and the dots in SB's taskbar icon showing if anything is active within the sandbox.

    Too easy.

    Wilders tab.jpg
     
  4. wir.sing

    wir.sing Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    60
    You are a 100% correct there Franklin, but only for Internet Browser/supported programs. There you have the [#] ... [#]. But I just opened a random program in the sandbox and there you didn't have the [#] ... [#]. I that regard I prefer as said above, BZ or GB because they display quite visiually with a red or greenborder (hence the name :D) respectivly around the program if a program is running inside the sandbox/virtual envirement. This I think is at least for less experienced users a great help since the see quite obvious what is running where.
     
  5. TECHWG

    TECHWG Guest

    sing, perhaps you did something wrong, because when i use sandboxie, i can use it on MALWARE as well as IE, which i suppose they are in the same category lol ;)

    Viva le Firefox
     
  6. wir.sing

    wir.sing Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    60
    what I meant is that I only recieve the [#] ... [#] around the program name for Firefox and Internet Explorer. I if open for example lets say Notepad I did not have the [#] ... [#] around the program name. So it only appears for the Internet browsers. Beside that I generally prefer BufferZone or GreenBorder, after reading some tests performed on all of'em.

    Anyways this is getting way to off topic in my view, so if you don't agree to what I said bout sandboxie open another topic and pm the link or jst pm nd we discuss it there :)
     
  7. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    In strict response to the question the originator asked. GesWall and Sandboxie fit the bill. GesWall is truly set & forget & light on resources.

    Sandboxie when set up is hardly noticable, a little heavier on resources than GesWall, but, a heck of a lot less than BufferZone. And to the observer who commented about not knowing when it is running sandboxed (Sandboxie) There are always 2 hash signs in the title and red dots on the yellow system tray icon.

    In my case Sandboxie displays hash signs on any Sandboxed application if set up correctly.

    ps the two applicationd Sandboxie and GesWall are free in one form or another and support is generally excellent. I cannot say the same for BufferZone

    Hope this helps

    Terry
     
  8. TECHWG

    TECHWG Guest

    geswall i never likes. it looks too messy and complicated for the task at hand. Sandboxie rocks . . even Steve Gibson of GRC recomends Sandboxie sinceits light, and about 0.5 MB, and it works . . .
     
  9. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Hi bs259,

    Running Sandboxie here alongside KAV and Comodo firewall with no probs and no slowdowns.

    If you decide to try out Sandboxie give it a bit of time to get used to it and I'm sure you will like it.

    Doesn't have the bells and whistles like some of the others but considering it's a 250kb download, under a meg installed and the security it provides I consider it to be a gem of a program.

    http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

    Opened Winpatrol, Ccleaner, Winrar, MWsnap, Tweakui, MRU blaster and Agent Ransack sandboxed and they all had those [#]
     
  10. TECHWG

    TECHWG Guest

    actually i found geswall very confusing and uninstalled before i even tried it. I did not like the look of the options and how it looks like it works . . not my thing. Sandboxie is much simple to use and very powerful
     
  11. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I tried and liked the concept of SandboxIE. But can someone tell me is it possible to have your IE reliant apps running inside the sandboxed IE? For example I use Ad Muncher which one of it's functions is to prohibit popups. When I run IE inside SandboxIE all the popups tested popped up! Now if I ran IE not sandboxed then Ad Muncher blocked the popups. It appeared that Ad Muncher was being bypassed.

    Any comments?

    muf
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Probably better off asking the author or one of his helpers over at the Sanboxie help forum.

    Think you can login as a guest and no need to register.

    http://sandboxie.com/phpbb/
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    GeSWall is far from complicated lol. You install it and forget it. You can check what applications have pre-defined rules. On the browser, Skype, MSN Messenger,... it blinks green so that you know that it's isolated.(you can change the colour) . It treats downloaded files from an untrusted app as untrusted also and warns if it tries to do something to trusted apps or parts of the system, etc.
    If it's worst than sandboxie in protection, i don't know. I tried Sandboxie 1st because of the reviews, but something failed installing. I think it was the console or something. I did advise to close all security apps in order to install properly, i don't know if that was the problem. I'll try it again when i have time and pacience. One thing though: GeSWall looks far simpler to use than Sandboxie.:cool:
    I'm waiting for a full and updated review on sandboxes. Objective, clear method and explanation.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Many of sandboxes are good, GesWall, DefenceWall nad Sandboxie are best in my opinion. Imp is that which one fitx according to ur needs and likings. So try them one by one and u will know better.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I agree that GW seems most complicated to work with initially. However once u understand it, it,s just install and forget.
    The easier option that works similarly is DefenceWall but is paid.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  17. TECHWG

    TECHWG Guest

    well from what i saw, in geswall was that it was wanting to do things to lots of running process that i already trust, and then i had to make rules for other things, well if thats how it works its definatly not for me. I want to sand box what i want to sand box, i dont want my system to be one huge pile of S Sand . . ..
     
  18. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    :isay: Sandboxie gets my :thumb: :thumb: up as well. No problems running programs other then my default Browser either. All had [#] on either end of the name in the title bar to indicate Sandboxie was doing its` job. Very small, fairly simple to understand\operatefor for an app. of this type and the protection it offers.
    Some where on the boards is a link to a review covering some of the various sandbox programs available. Sandboxie rated very well.
     
    Last edited: Nov 9, 2006
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U don,t need to make any rules. Just install and use default settings and no problems.
     
  20. TECHWG

    TECHWG Guest

    so upon default instalation and rules what does it do ? it has to effect all programs etc else how does it know what YOU want to watch ? with sandboxie i say virus.exe check this and amke sure it dont do anything bad, with geswall you can just runn virus.exe and it spontaneously knows thats THE exe you want to protect the system against ? from this i get this is an all the time running thing, i dont want my whole system sand boxed . . i only want and only need the odd exe i get to be sandboxed. i am not having my whole system and any random exe i load to be sand boxed thats retarded
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think u did not read its documentation. I will try to explain very brief.

    GW is running all the time in background. All ur system runs as trusted( out of sandbox). It has a database of applications like Browsers, P2P, Chat messengers, E-mail clients etc( most application that are used for internet and can be a possible vector for malware). When u run such an application say ur browser, it gives a pop up that browser is trying to connect to network/ intenet, do u want to isolate( sandbox) it with the option of yes and no and to remember the action. Once u say yes and rememeber the action, ur browser will be sandboxed automatically whenever u launch it( u can revert the settings if u like).

    No more pop up after that. Anything launched by this browser( legit or malware) will also be sandboxed. So if browser carries a malware from internet that will run in sandbox as well and can,t harm the system.

    Its sanbox uses virtualization for registry and relies heavily on policy restrictions as well, so isoltaed applications can,t hurt the system core. There is no virtualization for files but they do remain isolated( can,t harm the system) and are marked by a red border with a small G icon.

    DefenceWall is a bit similar to it but with much easier interface. GW interface will change after some time though.

    Current beta version has a right click menue option to run anything in GesWall just like Sandboxie but it is hardly needed as it isolateds browsers etc automatically on each launch. It has no slow down impact on application launch or surfing at all, I did measure the timings!
    I use all my browsers and download managers within GesWall.
     
    Last edited: Nov 9, 2006
  22. bs259

    bs259 Registered Member

    Joined:
    Feb 3, 2005
    Posts:
    141
    Location:
    Queens, NYC
    Thank you all so far for your responses, from what i have been reading sandboxie and defense wall seem to be the best and easiest to use but defense is a pay version and sandboxie is free.

    If what im saying is correct between the 2 which is better and easier to use price doesnt matter in this case.

    Thanks,

    Billy S.
     
    Last edited: Nov 11, 2006
  23. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Aigle said it. So when something out of the browser tries to read/modify anything trusted, a pop-up apears asking for a decision. That way it preserves usability.
    The link thunderz was prob refering to was http://www.techsupportalert.com/security_virtualization.htm
    But he doesn't say how GeSWall failed:p . And current GeSWall version is 2.3.0, so i don't know if a bug was fixed,... This was in September, not long ago, but they had time to fix potential vulnerabilities.

    To be sure, go for Sandboxie. I'll wait for an updated review.
     
  24. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    That is the link. Thanks. About half way down the page under Test Results it states GS failed at the first and, IMO, the most basic\important test so was excluded from any other testing. Not meant as bashing this or any other product.....just pointing it out.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    The test was useless for GesWall. See the testing of IBK at AV comparatives.
     
Loading...
Thread Status:
Not open for further replies.