I Can See Underbelly Of The Net With SANDBOXIE!!

Discussion in 'sandboxing & virtualization' started by cortez, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Well i guess that on this battlefield there will be never a winner,its an ongoing struggle to stay ahead of newest findings in both camps and act accordingly,i am far of an expert on these matters but a litle human insight let me conclude so.

    Otherwise if there were only good guys it should be a litle boring on this planet.

    then no need for Wilders among others. :oops:
     
  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    There has been a sharp decline on my end since SP2 was released... I think in part due to the addition of the firewall, auto updates and now the Malicious Software Removal tool...

    I saw a drop of almost 40 % in unrecoverable systems... Big difference!
    That was a great and long awaited move on MS's part...
     
  3. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    450
    Location:
    Chicago
    SandboxIE and XP SP3 play well together so far (about a week) and the Underbelly of the web has yet to way-lay this protected partition.

    I use Avast and it seems to catch all mal ware fine inside SandboxIE. I consider this a definite plus as I know when an attack happens. After the session I know that I must Reboot ( "must" in my mind as it calms the nerves completely).
     

    Attached Files:

  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Hi cortez. Good to hear that Sbie is working well with SP3. For now, I also run an anti-virus with Sbie because I like to know if something weird happens.

    What program are you running that you have to reboot? You realize that you don't need to reboot with Sandboxie, you only need to Delete the contents of the sandbox.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,161
    Location:
    U.S.A. (South)
    I think thats another big reason SandboxIE goes over so well with many including myself.

    It's almost like having a super HIPS only better because you can actually allow apps to run inside the sandbox, and just like HIPS choose to Terminate the running program then simply delete the contents as you mentioned, all this without the need for a full reboot.

    Running apps in this artificial environment is a big plus, and if you choose to run SandboxIE with a quality HIPS and/or your favorite AV, or even fire up Returnil or another Virtual or even ISR, it's like adding additional levels of elevation whereas if something was to escape there are your other catch nets to intercept the attempt.

    I dunno about you guys, but SandboxIE for me is really put a nice secure clamp on potential malicious files.
     
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Sandboxie is my safety net incase I forget to update a program or let down my guard at a site. I really need to start experimenting running without my real-time AV protection. I need to make sure that SBIE will only allow internet access to what .exe's I set and nothing else. I could also fire up Returnil like you said for extra protection.

    I'm just really thankful to find something that protects me while online without solely relying on definitions.
     
  7. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Sure SBIE will,but i value SP more,cause for me it starts and ends with good reliable imaging. ;)
     
  8. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    when I get the time I will try Sandboxie again but I agree with Huupi that Imaging is the foundation. If banking or using credit cards on line then a password and identity program makes sense but anything else is not anywhere near as important as having a number of good images.

    Put another way there is no anti-virus, anti-spyware, hips, sandboxie ...... type program that I would use, either alone or in layers, in preference to an image.
     
  9. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    an example,yesterday a good friend with everything on his huge one partition disk[system+personal data]mainly rare music from the sixties has a cooked his disk,everything lost,he is on the verge of jumping out of the window. lol
    i always told him,backup,backup,backup,his useall answer, yes if i have the time,too busy now editing my music files.I even begged him at least to back up his music with a simple Karen Replicator but no ears to my advice !?!

    The weirdest thing now he has everything on it in terms of modern security but no imaging/backup solution to fall back,and so it was the end of the story.:cool:
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    could have been worse - real music from the 40's and 50's :D
     
  11. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Yes, me an oldy too,i like Pat Boone and old immortal Frank S.

    Sadly Erik left Wilders but otherwise he would certainly make to us very clear why Imaging is first and foremost in computing. :'(
     
  12. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I would hope that this would be so patently obvious to all that you wouldn't need someone to explicitly make the case, furthermore it is completely independent of the security issues or the focus of this thread, i.e.:
    • Your PC contains material that you wish to retain
    • Some of that material is directly downloaded or prepared on the PC.
    • At some point, your HDD will succumb to failure. It could be hardware failure, software problem, malware, user error, etc., the cause is irrelevant. Due to the first two items on the list, you need some form of image/backup.
    As noted ad infinitum, imaging is a recovery solution. The recovery phase is oftentimes the most painful part of addressing a security breech, but security and recovery are two different things. Naturally, one can dispense with security all together and practice a pure recovery solution - but don't lose sight of the fact that this is intrinsically insecure even though there are approaches to mitigate the level of insecurity, which have also been covered in detail in many threads here.

    Blue
     
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I also would have hoped that this would be so patently obvious but my take on the situation is that it is very easy to get caught up in new security programs, to keep adding extra layers and to sometimes forget the basics.

    Furthermore I don't see it as independent of security issues or the focus of this thread. Sandboxie is a fine program but I don't use it nor see it as necessary in any way to see the underbelly of the net. With passwords and other sensitive data protected my preference is to rely on DeepFreeze/Returnil etc with the fall back to Acronis or Shadow Protect. To me security is an attitude, an approach not a question of programs used at all.
     
  14. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Very true.
    Let me clarify, regardless of how one approaches security (nothing, various lean approaches, somehow you've managed to install every product known to man and your PC still functions...), imaging/backup really is a very basic system requirement if there is any material resident on your PC that requires persistence beyond the immediate session. This PC could be disconnected from the net and located in a locked room to which only the single user of this machine has access, and imaging/backup is still a basic requirement.

    There are aspects of imaging/backup, namely the recovery aspect, that allow it to be used to maintain system uptime and point-in-time system fidelity and this has very clear implications from a security perspective. However, that connection doesn't render an insecure state secure, nor do I believe that slapping on the latest collection of control/monitoring applications necessarily resolves an insecure condition.

    You're quite correct - it's an attitude/approach, not a question of programs used.

    Blue
     
  15. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Hey Blue, Very supprised at your remarks,to make a distinction between security and imaging.I think in case of imaging,the way you use it makes it a security app.or a protection against hardware failure or both. Imaging programs has no notion of bad code,but you can still kill this stuff by overwrite/restore with an previously made clean image.In this way it functions like a security program.Also with an ISR solution like FDISR initially meant to be an immediate restore after failure of the OS to diminish downtime in corporate environments,sure can also be used as a security solutions[by your definitions],a simple copy/update from a clean archive kills any nasty present on the system.[must admit there some very rare exceptions,as far as i,m aware off no MBR protection such as by imaging Solutions like SP etc.

    For me imaging/security/recovery means,image only if you are dead sure that your image to make is absolutely clean.

    So terms [definitions]like security and recovery are by no means internationally establised ISO standards so anyone may have his own criteria !!
     
    Last edited: Mar 15, 2008
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Didn't know that. He will be missed.
     
  17. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Huupi,

    I'm not sure why you're surprised. It's a distinction that I made to Erik many times and the reason I made the distinction was to reinforce some specific nuances for future readers.
    Correct, but this is recovery, not security.

    As I noted, pure recovery has security implications by returning a machine to a previously defined state. The nuance to appreciate is that depending on the approach towards usage that one takes (as basically noted by Long View), the image state can be either reasonably validated as malware free or not. The specific actions that discriminate between these two possibilities is whether or not the user incorporates downloaded content either intentionally or unintentionally into a reserved image or snapshot and the mechanisms that they use to insure the content is malware free.

    Given what seems to occur to some users out there, keeping these nuances front and center seems appropriate. I'm not suggesting that this requires a multitude of scanners and the like, it could be as simple as restricting one's activity to sites that are generally accepted as good - although there are certainly instances in which even this discipline could fail you.
    Therein lies the implicit and extremely important detail since all that follows hinges on that key observation - the image must be absolutely clean - that is where the security component resides in imaging.
    If you choose to equate security and recovery, by all means do so. However, I find it useful to distinguish between the two concepts.

    Blue
     
  18. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Hi Innerpeace - Speaking of Returnil, I haven't fired it up in a while since I installed SBIE, and decided to turn it on yesterday. After I activated session lock, everything works OK but I hear this tick...tick...tick...tick... from the computer while its on. Do you have any idea what that is, I don't recall hearing that in the past. Of course the ticking is gone when I'm not using Returnil. :)
     
  19. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    using Returnil sometimes together with SBIE,never heard any tick,tick.or is it due to my aging ears ? lol. :D
     
  20. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Actually I didn't have SBIE on, but was running the Returnil alone. Maybe my computer has a bomb in it. :D
     
  21. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    I agree with Blue here, but it really is how you intend on using your programs. Restoring an image is really an ultra-fast way to reinstall Windows along with your program groups. You wouldn't call a reinstallation of Windows a 'Security' measure. (although I guess it could be - lol)
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,161
    Location:
    U.S.A. (South)
    I think it's quite obvious here by now that the discussion indirectly focused on two entirely different aspects as well as the (different) programs that are critical to......

    1) Preserving Your System/Data Safely via backups/ISR etc.

    and/or

    2) Managing application's activity locally via SandboxIE!

    I'll leave the methods & implications of arranging/preserving data via backups or isr's to it's respective participants to that end.

    As to SandboxIE, how a user realizes this type of security is also a very basic measure for improving their protection that does require some understanding of just what the vendor has provided in way of the app's settings.
    In this case, SandboxIE affords additional lines of code that helps it's user/customer to better interact with it, their own system, and realize the results expected. Such as additional registry coverages that ordinarily might not come as default.

    With respect to SandboxIE, i think we all can agree that it's quite simple & effective. You can see some similarities with virtual programs like Returnil and such but those coverages of course are more wide ranged in scope, enveloping the entire file system whereas SandboxIE offer users On-The-Fly sandboxing of individual executables locally or the entire browser and so forth, depending on user's preferences.

    Frankly, SandboxIE and other sandboxes have something of an advantage in that like already mentioned earlier a few posts back, there is no need to reset or reboot the PC in order to dismiss it's contents, you can even choose use safe delete via Eraser for an example to fully wipe it's contents. Termination of any running executables is another advantage of it IMO in the case where someone realizes, oh oh, my AV/HIPS is flagging something as a potential risk.

    Ease of use without the demand for a reboot is extremely beneficial and saves time.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would also agree with Blue. We blur it because we sort of do things in concert but....

    I when I play, I want to see how "secure" my system is really. However if I prove myself wrong, I use the image to "recover"

    But the recovery can be unrelated to security. When I was testing Hardware Independent Restore, there were no security issues, but my computer sure wasn't in much of a useable state. Restoring the original image "recovered" my useable system.

    So there is a big difference.

    Pete
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,161
    Location:
    U.S.A. (South)
    With the onset of today's newest inventions in computer security such as Sandboxes, Virtuals, ISR's, and HIPS.......so forth, IMO the neccesity to always have to reach for an image restore is drastically reduced if not eliminated entirely.

    Even when i test malware, the only recovery needed here is the ISR archive OR duplicate/secondary snapshot which is 100% safe provided it's safely kept isolated. Now i call that real progress :thumb:

    And that's only if, and a pretty big if, the other front line security apps would happen to become compromised or overstressed.

    With so many prevention apps now available and a user only needing a select few for basic safe protection from forceful intrusions, the image backups are more and more on this end anyway becoming a relatively (welcome) but dormant resource; only needed in case of extreme emergency.
     
  25. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'll just explicitly add the qualifier that's implicit here - "....if not eliminated entirely as a result of a malware infection", to which I'd completely agree.

    I agree as it relates to malware problems.

    However, and this is a bit off-topic, I do believe that the increasing usage of electronic media is all aspects of our daily lives, spanning personal photo libraries to online purchased music to all forms of personal data (banking, license keys, tax forms, etc.) which will never find their way to a hardcopy format means that basic protection of these personal electronic assets by imaging/backup is increasing significantly. So while some newer approaches have lessened the likelihood that recovery from malware via image restoration will be required, the general need to have this option available has, I believe, increased for other reasons.

    Blue
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.