IE11+Sandboxie vs Chrome on Windows 7 SP1 x64

Discussion in 'sandboxing & virtualization' started by viiv, Feb 5, 2016.

  1. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Hey guys, so I just went through all the labour of reformatting my computer to a fresh fully patched state of cleanliness :) It is running Windows 7 SP1 x64 with the Enterprise hotfix rollup, all Microsoft updates installed (with the exception of the Windows 10 & telemetry updates) and Microsoft Security Essentials.

    Now before I start surfing the web on my pristine machine, I want to keep it pristine. I am most concerned with drive by malware downloads. I am not stupid enough to outright download stuff, just concerned with drive by's, ransomware etc...

    I would rather not run a sandbox within a sandbox so just wondering what is better on Windows 7 x64 to keep my instillation clean.

    Option 1:
    Run IE11 in Enhanced protected mode within sandboxie.

    Option 2:
    Run Google Chrome x64 alone.

    Being that I want to keep my computer as light as possible, I have yet to install either Chrome or Sandboxie on it. I will install only one or the other based on the recommendations of this forum.

    P.S I do not have Flash, Shockwave or Java installed on my computer. Just have fully patched .NET and Silverlight (need them).
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    In terms of drive by's, ransomware and similar both options are quite safe. If you don't run everything that you stumble upon you should be fine.
    If you want to keep your system clean (with little or no traces of your browsing sessions) then SBIE + IE combination will give you higher level of protection.
    Both combinations should be light on your system.

    Personally I use Chrome right now, as I prefer it over IE.

    P.S.: if you install Chrome, you will have to disable Flash if you would like to have "Flash free" system.
     
  3. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    I'm not an IE user but to my knowledge SBIE doesn't work with protected mode in IE, I 'think' (I could be wrong) it actually disables EPM. That being said, I'm a user and believer in SBIE regardless of the browser or programs and have a few persistent boxes I use with it just to avoid reinstalling them after a fresh install of windows though browsers are not among them.
     
  4. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    70
    Hi viiv as noted EPM does not work inside Sandboxie. EPM also is a sandboxing mechanism so even if it was compatible with SBIE you'd still be running a sandboxed app in another sandbox which is just the same as the Chrome in Sandboxie scenario you appear to be trying to avoid.

    I run Chrome inside SBIE but there is a huge thread on the merits of that already so I won't get into that but if you think a sandboxed browser on its own does not need SBIE protection then your choices appear to be Chrome (or derivatives) or IE with EPM. You could of course run another browser inside SBIE but.........

    Policy based HIPS like Appguard also give extra protection to threat-gate apps like browsers as do anti-exploit tools like HMPA and MBAE which have their own massive threads on the forum.which give direct access to the developers..

    Lots of choices but as you don't want to install lots of apps and you appear happy with Chrome x 64 as an option then you should likely stick with that.

    Cheers


    .
     
    Last edited: Feb 6, 2016
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Viiv, based on what you wrote in the opening post, I think, running IE11 under Sandboxie is best for you. When you run IE11 under Sandboxie, Protected mode gets disabled automatically. Thats gonna happen without you doing anything. I suggest you don't untick PM in Internet options, so when you run IE11 out of the sandbox, it runs with PM.

    Bo
     
  6. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Wow ok, I guess the reason I specified that I am on Windows 7 x64 is because IE11 under Windows 7 does not support the sandboxing portion of the EPM.

    As per Microsoft "The sandbox IL, AppContainer, is not available in IE11 for Windows 7", only for Windows 8+

    So enabling EPM under Windows 7 only enables 64-bit processes, so there is no sandbox within a sandbox if used with sandboxie.

    Hence my question, Windows 7 IE11 EPM with Sandboxie vs Google Chrome?

    My ultimate goal is, if I run Malware bytes after one month, one year etc... it will not find any hits.

    Will Google Chrome alone do this? Anyone run Malware bytes after extensive surfing with Google Chrome and still have a 100% clean system with no need for malwarebytes to do any cleaning? Thanks.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Google Chrome is enough to achieve this (I've been doing it for quite some time now) . Off course you will have to clean cookies and temporary files (or configure Chrome to do it by itself), but no infections will happen just because you are using Chrome.
     
  8. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Reallyo_O So you run Malwarebytes after a month of heavy browsing, and it finds...nothingo_O

    Is this on Windows 7?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Yes, Windows 7 x64 with Chrome x64. I don't know why this would be so strange to you?
    Also as said before delete cookies and temp files.
     
  10. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Ok. Is it fine to install the all user account of Chrome x64 offline installer?

    It is strange to me, because I have heard that even if using Chrome, scanning with Malwarebytes will find a bunch of PUP (Potentially Unwanted Programs) entries after surfing?
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi Viiv, I dont use Chrome, never had it installed on my system and havent run any real time scanners for more than 5 years. In my opinion, if you run your browser, whatever the browser, under Sandboxie, I doubt an scan with MBAM will find anything, unless is a false positive.

    I dont use on demand scanners either, dont have any installed on my system but sometimes I install MBAM and HMP temporarily under Shadow defender, just to see what happens and never since installing SBIE a little over 7 years ago has an scan with MBAM find anything, not even a false positive. The key for me has been using Sandboxie and running files that I recover out of the sandbox in another sandbox. Most files that I download run sandboxed until the day they get deleted from my system. So, using Sandboxie for browsing and using it to run most files and programs that run in my computers has been the key for me for keeping my systems clean. As a rule, pretty much, the only files that run unsandboxed in my computers are installers for programs that I am going to install in the real system (my computers are static, I basically never install new programs).

    Bo
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    I use offline installer for all users.
    In my experience Malwarebytes finds PUP when you install some software that has PUP embeded, but not after regular browsing session. It will find PUP in %temp% folder even if you don't install (skip or cancel) PUP component offered during legit install. After regular browsing session MBAM can find only tracking cookies and similar. That's why you should delete those together with history or run in incognito mode.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    MBAM wont find any of that if you run your browser under Sandboxie, it wont even find a cookie unless you allow them out via Sandbox settings.:)

    Bo
     
  14. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Yes I fully see the benefits of Sandboxie if you download stupid things!

    But, will Chrome give me the same result in this case: Am I immune from Ransomware if I actually visit a site hosting it with Chrome just like Sandboxie?
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    If you don't run it, you're safe. If you run it then you are safer with SBIE.
     
  16. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    In my opinion, I doubt it. I see a lot of talk here lately about ransomware, people add this program and that program and after doing that, they still don't feel protected againdt ransomware. My formula for protection against ransomware is the same formula I used for seven years for other malware. No need to change nothing or add nothing because of ransoiomware or any new kind of new malware that comes out in the near future. For browsing, a sandboxed Firefox with NoScript. And for files that run in my PC, dedicated sandboxes tailored according to the program that I am going to use them for.

    You didn't mention Firefox in your opening post. That is what I use. I wouldn't trade my sandboxed Firefox with NoScript for any security setup that you read about in the What is your security setup thread here at Wilders. The way I see it, NoScript blocks and SBIE contains. In seven years I haven't seen any malware, it feels like malware doesn't exist for me. And that is despite doing the same things that I used to do when I used to get infected and visiting the same sites that I used to visit when I used to get infected. NoScript and SBIE.

    Bo
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    No, but neither will SBIE. eBay should fix their webpage. Neither Chrome or Sbie can't solve this problem. You can use script control from inside browser (like Ublock Origin, uMatrix...) to control which scripts can execute.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    It depends on what browser you prefer. IE is more vulnerable and more attacked than Chrome. So you could choose to rely on Chrome's sandbox for security, and perhaps combine it with anti-exploit. If you want to virtualize Chrome (keep the system clean), then you could use Chrome + Sandboxie because Chrome runs just fine inside a third party sandbox.
     
    Last edited: Feb 6, 2016
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Sandboxie can protect data outside the sandbox by via Sandbox settings by only allowing specific sandboxed programs to have access to it, that way only the programs you choose and programs that are installed outside the sandbox can have access to this data, this is not something that can be done with Chrome.

    For data in the sandbox, the proper way of using Sandboxie for sensitive browsing, is to do this kind of browsing in a fresh browsing session, and when you finish, you delete the sandbox before going to back to regular browsing.

    I read the link viiv posted, if you visit a compromised site like the one they talk about in the link....thats the perfect example for using NoScript. If I went to the infected site with my sandboxed Firefox with NoScript, I doubt my password or credit card information would get stolen. NoScript NoScript and more NoScript. Free and better than most paid security programs that claim to protect against a million viruses and malware.

    Bo
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    I know that Bo, but first two paragraphs have nothing to do with possible problem mentioned by viiv.
    There is no NoScript for Chrome (since OP didn't mention Firefox as possible browser) so I suggested uBlock Origin and uMatrix as replacement.
     
  22. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    Yes exactly. So if they are the same from the drive by download standpoint, what's faster?

    I know Chrome is known to be quite the RAM/power hog.

    Will IE11+Sandboxie be worse or better from a performance standpoint?
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    I use Chrome and it's fast on my system. When many tabs are open it can consume a lot of RAM, but I never notice a problem since I have 16 GB to use. If you don't have much RAM to use, it could be a problem.
    I can't compare it with SBIE + IE as I never used this combination. Maybe somebody else can give you advice.

    EDIT: one question - why don't you try both options and see which is better for you?
     
  24. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    Last edited: Feb 6, 2016
  25. viiv

    viiv Registered Member

    Joined:
    Feb 5, 2016
    Posts:
    10
    What about if you check the "Ask where to save each file before downloading?"
     
Loading...