I Can See Underbelly Of The Net With SANDBOXIE!!

Discussion in 'sandboxing & virtualization' started by cortez, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,470
    Location:
    U.S.A. (South)
    ABSOLUTELY!

    And that is a very welcome transition or break from the past for lack of better terms that a vast majority of users can finally expect, thanks in whole to today's more advanced developments against malware.

    It's comforting indeed to make use of quality time for "other reasons". ;)
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    I don't use Returnil that ofter either, but iirc, when I first turn on Session Lock, I did hear a faint hard drive activity sound. It sounded like ticking and this was with or without Sandboxie. I'm talking about the free version 1.7.0.7502 and not the newer version which has the option to use the disk cache.

    Even with the free version I'm using, I think I remember reading that it still uses the hard disk to perform it's magic and doesn't solely rely on memory. Hopefully someone will jump in here and confirm this.
     
  3. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    450
    Location:
    Chicago
    Hello innerpease:

    I use Firefox with SandboxIE and am dared to visit some "ferocious" sites from fellow neighborhood internet "daredevils". They are amazed that an internet session can withstand dozens of attacks with out freezing up or melting down (Avast is truly amazing at isolating these threats). I have become a local hero of sorts for introducing SandboxIE to them (we are sort of "backwater surfers" and thus not really up to date on the available mal ware protection now current (restoring an image was considered the best anti-mal ware solution).

    They now realize the extreme utility of SandboxIE. They ordinarily re-image a small "internet only" partition of 3 to 5 gigs which restores in only minutes (these partitions are for surfing only and not downloading), but now this practice has been made obsolete as SandboxIE works so good for their adventurous ventures into the net.

    On some of my own expeditions I get frequently pelted by mal ware, and as I multi boot I am wary that not rebooting in addition to emptying the sandbox container may injure my other OS partitions.

    It probably is overkill but this method sooths my anxieties and I sleep better.

    On this disk I have 4 XP partitions and 1 data partition and want to avoid restoring any of them. I guess my paranoia gets the best of me: two XP's are hidden and two are not.
     

    Attached Files:

  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Hi Cortez,

    I certainly can relate to anxieties ;). The best way to deal with them is through knowledge. In Sandboxie's settings you can prevent/block access to other partitions. The settings can be found in Sandboxie Control - Sandbox - DefaultBox (or whatever you named your sandbox) - Sandbox Settings - Resource Access - File Access - Blocked Access and then add all the partitions, files and folders that you want. This should prevent anything from getting in your other partitions. Just remember that you can't download anything to them. What I do is download a file to my desktop and then scan it thoroughly and then move it to wherever I please. You can also use a shredder application to delete the contents of the sandbox rather than the normal delete.

    This has been mentioned before, but if your going to visit the dark side and you are not going to run a full blown virtualization app., then you might consider a light virtualization app. When I do 'risky' surfing, I use Returnil's Session Lock to virtualize my C: or System partition. I rely on Sandboxie to protect my other partitions with the setting I mentioned above. With Returnil, a reboot is necessary to clean any changes. The also have a free version and the new one should be out very soon.

    It's also very important to keep your installed programs up to date. Most malware are exploiting known vulnerabilities. You can check out the link in my sig to see if any of the common programs you are running are vulnerable.

    As far as rebooting with Sandboxie, it is not necessary. I'm not a malware expert, but I think that some malware may install after a reboot. Someone would have to confirm this though.

    I hope this helps,
    innerpeace
     
  5. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    OK thanks for the info. As long as I'm not the only one hearing it. ;)
     
  6. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    This is my point with Sandboxie. I tried it again and its a hell of alot lighter then SafeSpace. But when Firefox updates or an extension updates those updates never occur if the browser is sandboxed. You need to unsandbox your browser then update what needs to be updated then resandbox your browser. The only point I see in Sandboxie is to use it on demand when you go to the dark side.
     
  7. Terror_Eyez

    Terror_Eyez Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    23
    Location:
    Your moms bed...
    I don't see any need to have to unsandbox your browser? :rolleyes:
    http://www.sandboxie.com/index.php?ResourceAccess#file

    BLAH!
     
  8. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    So much configuring. I tried Sandboie like i said and Flasgot and No Sript had an update. I installed the updates and when I closed and FF they where applied. Then after emptying the Sandbox those 2 updates along with new bookmarks where gone.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Well that isn't the fault of Sandboxie. Naturally if you do an update in the sandbox it will be gone. You need to update outside the sandbox.

    Sandboxie can also be set up to save bookmarks. It's not the fault of the software if it isn't used properly
     
  10. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    558
    It is not that much configuring and you only have to do it once. I got some help here and in the SB forum to configure, and then saved inifile in another partition. Hope this helps:

    http://sandboxie.com/phpbb/viewtopic.php?t=2803&highlight=tepe2
    https://www.wilderssecurity.com/showthread.php?t=198464
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,470
    Location:
    U.S.A. (South)
    Very True.

    SandboxIE is not a HIPS (requiring extensive configuring) but a formidable containment program that restricts file actions based on first, it's default rules, then other rules as you add them then thats all, simply Set & Forget, nothing more required untill new rules are discovered.

    So don't be put off, just follow the excellent advice above on instructions and SandboxIE forums and you'll be just fine.
     
  12. Beto

    Beto Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    47
    I had the hardest time figuring this out--tricky at first--, but now can have the best of both worlds.
     
  13. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    It's good to remember that you download those extension files too. Then scan it if you like or send to virustotal etc. If everything is ok then recovery it and close internet connection. Then open firefox (unsandboxed) and install/update extension.
     
  14. Beto

    Beto Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    47
    MikeNAS; Thanks for the info.

    This has been a dam good thread---without it I would be in the dark concerning Sandboxie and other applications which can protect my, and many of my classmates and friends from enjoying the internet without paranoia.

    Now I often start on page 59 instead of page 1 knowing that if it contained something worth downloading I could test it for threats and if it was infected --no matter!!! Sandboxie will be able to handle it.

    I know that this may not be the place to get info on worthwhile 'dangerous' sites but I'm all ears!!

    I'll be grateful for any sites thrown my way (I think other would be as well!!)
     
  15. CircleGirl

    CircleGirl Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    61
    Location:
    Circle Campus
    Your requests for underbelly websites has been absolutely nil !!! I was hoping for some bones thrown your way so I can pilfer them!!

    I am not totally surprised as this is a security site and one would expect circumspection on the part of users.

    I'm sure if there was the possibility of anonymous posting you would be inundated with the most ghastly and nasty sites to visit. I know that there is an innate need to turn on one's friends to these type of web pages.

    They do make for easy conversations and e-mails. Just remember to always be sandboxed (and scan, of course all e-mail [use only throw away addresses as your real address should be a guarded secret ]) and you should be fine.

    I get them all the time and have regretted getting on some of theses sites as they ( the contents) are often not easy to forget and have caused some terrible nightmares on occasions.
     

    Attached Files:

  16. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    my understanding is that posting such sites is not allowed on Wilders ? and that
    and such posts would be removed ?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That is correct.

    So there should be no such posts, please.

    Pete
     
  18. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I thought that IE-SPYAD and MVPS host + other host files was a place to find numerous obscure websites.
     
  20. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    If you go to "start" and then "run" and type the following:

    firefox.exe -ProfileManager

    you will be able to move the firefox profile to another drive or partition. This will
    allow updates and changes to add ons to occur while using DeepFreeze6 or Returnil so I assume that it will work with Sandboxie. worth a try anyway.

    Before playing around you might want to take an image of C: and or take a copy of your current Firefox Profile
     
  21. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Maybe I misunderstand, but I have a FF SBIE shortcut on my desktop and an FF regular shortcut. If FF wants to update while I'm in Sandboxie, I click later. Then I click off line. Then I click the FF shortcut that isn't sandboxed and when FF loads I do the update. Then the update is on the HD and SBIE.
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    No -It is probably me who doesn't understand. I don't use Sandboxie. If I was not able to update FF or NoScript, or CSlite, or Adblock plus then and there I would not be interested
     
  23. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I could do the update in SBIE, but as soon as I logged off I would lose it. That's why I use it, so if I get infected in SBIE, I can lose the infection when I log off. I could save it by changing a configuration, but the update would only be in the sandboxed FF unless I was able to recover it. My way is faster.
     
  24. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    558
    OpenFilePath=firefox.exe,*\bookmark*
    OpenFilePath=firefox.exe,D:\Mozilla\Firefox\Profiles\Newprofile\xxxxxxby.default\prefs.js
    OpenFilePath=firefox.exe,*\history.dat
    OpenFilePath=firefox.exe,*\patterns*

    I believe updates for bookmarks, NoScript etc work with this configuration. But Im not sure for program updates. I dont know where the program updates are stored, but it should be easy to add that folder too. I cannot remember if I was running FF sandboxed or not the last time it updated. I will try to notice next time.
     
  25. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If any FF updates are done outside the sandbox the contents of the sandbox need to be deleted so Sandboxie recaches FF's settings with the updates included.

    Doesn't take much to update or add bookmarks outside the sandbox and I personally prefer to do it this way rather than open file paths.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.