Is it worth spending $15 per year on Sandboxie on top of the $35 of Shadow Defender?

Discussion in 'sandboxing & virtualization' started by Ulysses_, May 3, 2014.

Thread Status:
Not open for further replies.
  1. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Elsewhere it is recommended that Sandboxie is used together with Shadow Defender. While I am convinced of the power of the S.D., I am not sure about Sandboxie on top of S.D, it does not seem to increase security so much.

    Is it really worth spending every year on Sandboxie just for the convenience of returning to the default state without rebooting?

    What are the updates to Sandboxie that justify the cost every year, are old versions really insecure?
     
  2. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Hello Ulysses;

    Have you visited the Sandboxie forums and researched that question ?
    I found this thread. http://forums.sandboxie.com/phpBB3/viewtopic.php?t=8311

    I hope it will help.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Ulysses, I use Sandboxies paid version for security and Shadow defender for installing programs or testing changes in the system. I hardly ever use both programs at the same time. In my opinion, it is worth having licenses for both programs as both programs are very good but you definitively don't need to use them at the same time (if you have a license for both programs). So you have a rather difficult choice to make if you are only gonna get one license.

    I think Sandboxie is best but that's me. I mean, I wouldn't trade Sandboxies free version for any security setup made up of any 5 paid programs. Thats how good I feel about Sandboxie. And I am talking about the free version and the free version its only the tip of the iceberg of what you can do with Sandboxie. If I was the one who had to make the choice, the choice would be easy.
    When you buy a Sandboxie license, you are not getting the convenience of getting in and out of the sandbox in a moments time, that you already have in the free version, buying the license allows you to get every drop of juice out of Sandboxie. Thats really what you get when you register your Sandboxie. Being able to get files and programs sandboxed automatically, without having to think, it is worth a lot more money than fifteen bucks a year.

    Most of Sandboxies updates are for maintenance. They are released to take care of conflicts with other programs. For example, sometimes after a popular antivirus or browser release an update, something breaks with SBIE and that's the time for Sandboxie to get an update. Or Windows gets updated, Sandboxie might break. So there goes another SBIE update.

    If you purchase a license, you ll be able to force programs and folders sandboxed automatically and use multiple sandboxes at the same time.
    http://www.sandboxie.com/index.php?ProgramStartSettings#program

    Bo
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    I believe it's absolutely worth getting Sbie. It's even worth getting the free version of sbie and combining it with any security setup. It'll greatly increase security.:thumb:
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Depends on your usage. If you're going to keep a clean slate most of the time, SBIE may not be needed. If you're going to only use virtualization sometimes, I actually recommend SBIE over SD unless you need to install drivers or services. Plus, SBIE has policy restrictions to complement SD, but it's not the only program for that.
     
  6. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    440
    Location:
    The Outer Limits
    Would`nt even think of going on line without Sandboxie protecting my browser/system.
     
  7. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    In my opinion ,either you use HIPS or the combination ShadowDefender/Sandboxie in order to be reasonably sure to be safe.
    I've paid for both Sandboxie and ShadowDefender and do not repent of it, but I wouldnt choose one only as I think that they both provide
    security when used in conjunction as a double layer: if something goes wrong with one-for any reason- you still have the other.
    As a matter of fact Shadow Defender protection has a wider scope than
    Sandboxie, as it supposedly can take care of threats to the MBR as well.
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    The first thing I would say is that you should never rely on Shadow Defender in isolation. Whilst Shadow Mode will ensure full remediation on reboot, there's still the question of the damage that malware can do in terms of data and identity theft if allowed to run unrestricted in the virtual system. Sandboxie is capable of providing extra protection via its policy restriction features.

    If you never use Sandboxie without being in Shadow Mode then, whilst Sandboxie's virtualization won't be adding much, you would still get the benefit of Sandboxie's policy restriction features. However, the same thing could be achieved using a dedicated policy restriction program such as AppGuard, which does have a couple of advantages.

    First, in common with Shadow Defender, AppGuard does not need to be updated to remain effective. Application sandboxes sometimes have to be updated to cope with changes in other applications, e.g. browser updates. Older versions of Sandboxie may eventually stop working for this reason unless a subscription is maintained.

    Second, an AppGuard license includes all minor version updates until the release of the next major version. On release of a new major version, the user then has the choice of paying an upgrade fee, or continuing with the previous version for as long as they want. Major versions are released, on average, ever couple of years, so the total cost of ownership with AppGuard may be lower than with Sandboxie's annual renewal.
     
    Last edited: May 4, 2014
  9. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Why does SBIE break down with some updates of windows or antivirus software and therefore needs an annual fee to fix but SD does not?

    Also, is the free SBIE still slow to launch because it shows a nag screen?
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Ulyses, sandboxing files and programs automatically and using multiple sandboxes at the same time are the reasons to buy (annual fee) a Sandboxie license. This features allow you to use your computer pretty much like if you don't have Sandboxie installed as sandboxing programs and files gets done with very little thinking required on your part and its done automatically. Using separate sandboxes for different programs makes sandboxing work better, it makes things safer when you isolate programs from each other. For example, when I run a PDF, any PDF, it runs in its own sandbox where only Foxit can run and no program is allowed to connect to the internet. Isolating Foxit not only from the system but also from all other programs in my computer its safer than if I run the PDF in a sandbox where all programs are allowed internet access and all programs can run.

    About SBIE updates. If for example, an antivirus releases a new version and introduces a new web filter, perhaps the filter don't work when running the browser sandboxed. So the people in charge of Sandboxie, then tries to make the filter compatible with Sandboxie. If it can be done, then a SBIE update is released. If it can not be done, then there is no update and the filter can not work within the sandbox. Compatibility issues is not a Sandboxie thing. Most programs have conflict with something.

    About Sandboxie and wasting time. In the free version, you get a nag screen once every time you reboot the computer. So if you reboot your computer once a day, you get one nag screen a day. If you reboot the PC once every two weeks, you get one nag screen every two weeks. In my opinion, that's nothing. On the other hand, Does using Sandboxie saves you time? It certainly does. How? In my personal case, before Sandboxie, I use to do scans every day, How about now?, now I don't do any. Using Sandboxie saves me a lot of valuable time.

    I think you ought to use (if you want) the free version for now and if after a few months, you value what you get when you license your Sandboxie, then get it.

    Bo
     
  11. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Thanks but you haven't said why these things do not apply to Shadow Defender. Shadow Defender does not break down and does not need repairs and therefore an annual fee. That is the question.
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Shadow Defender works at the disk level, below the Windows file system, redirecting all disk writes to a temporary hidden cache. This is simpler to implement than an application sandbox that works at the level of the file system and is a robust mechanism that is potentially harder to bypass. The only time that Shadow Defender has to be updated is to add new features, fix bugs, and cope with changes in the operating system. It does not need to be application aware. Apart from preventing direct disk access, Shadow Defender does not impose restrictions on the operations that applications are allowed to perform. For example, device drivers and services can be started while in Shadow Mode.

    Sandboxie works at the Windows file system level, redirecting file system writes to a virtualization container folder. Sandboxie has to control the interactions between running processes to prevent sandboxed processes from breaking out of the sandboxed environment. Because of this, Sandboxie has to be application aware. Application sandboxes are harder to implement than disk virtualization, as they have to take account of how applications are written, and may need updating to cope with application changes. Sandboxie also has to prevent device drivers and services from being activated within the sandbox in order to prevent a possible breakout.
     
    Last edited: May 5, 2014
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Ulyses, don't take for granted that if you ll install Shadow defender all will be well. It is likely that it would work great but it might not. You have to install the program and use it to know. Shadow defender as other programs, sometimes have conflicts with systems. But don't believe what I am saying, read about it in the long Shadow defender thread here at Wilders and you ll see cases of users uninstalling the program because of a conflict with their particular system.

    In my personal case, I have found some versions of SD working better than others in my computers. So I am using in my computers, the version that I have found that works better in them. And I aint moving from that version.

    Both programs are great, using both is what you should do. You know, before installing SD, I used free Light virtualization programs and they were great. And despite that, I decided to pay and get the best of its type, thats why I got Shadow defender.

    Let me finish by saying, in my mind, I don't think this programs ought to be compared. I mean, I use them for different purposes and both of them do very well for me for what I use them

    Bo
     
  14. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Some would say the same of SBIE. And in that regard I would say to Ulysses, why update SBIE every year if the version you're using is still funcitoning well and without conflicts?

    TS
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi TS, regarding the first sentence in your post, you cant say that about Sandboxie. Let me give you some examples: If you are using W8 and later, you cant use any Sandboxie version earlier than beta 4.09. If you do, you get errors. Another example, if your Windows includes last Decembers updates, you cant use any version earlier than 4.07.05 or you ll be getting SBIE message 2205 (not really an error) all the time. Another example, if you are using Avast and SBIE in the same computer, Firefox doesn't run if you don't have one the latest Sandboxie betas. Those are some examples. But If someone is using an out of date XP, then yes, you can use an old version.

    But anyway, TS I don't want our friend Ulysses to be confused, so I ll say this again, you do not pay to upgrade Sandboxie. Even if you are using the free version, you can update for free every time that a new version comes out. As explained earlier, the license that you pay for is to unlock the features that make sandboxing automatic (more comfortable to use).

    Bo
     
  16. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    SD allows you to exclude folders. This is above the Windows file system.

    Maybe it's a bit of a hack, maybe they scan the entire directory to discover the sectors used by the specific FAT or NTFS filing system and then exclude those sectors at a low level.

    But then where do appends to the excluded files and subdirs go? It must keep a list of excluded files and subdirs too, in other words operate at the Windows file system level still.

    It looks like it is the access restriction feature of Sandboxie (eg to prevent theft of private info) that forces it to be application aware. A feature apparently done better by AppGuard for less money.

    If I pay for Sandboxie once, does it become nagware or crippled in any way after a year?
     
    Last edited: May 5, 2014
  17. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    Last edited: May 6, 2014
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Shadow Defender virtualizes partitions and operates at the disk sector level. Unlike Sandboxie, it has no need to redirect whole files to a sandbox container folder. It only has to redirect disk sectors that are being written to a hidden disk sector cache.

    As each disk sector is only associated with one file, Shadow Defender is able to make a decision about whether to allow a disk sector to be written straight to the disk or whether to redirect it to a temporary cache. This requires an awareness of the file system, but it isn't the same thing as operating at the file system level when writing to the disk. I believe Shadow Defender handles disk writes via an upper filter driver.

    http://msdn.microsoft.com/en-us/library/windows/hardware/ff566978(v=vs.85).aspx

    The point I was making is that Shadow Defender doesn't have to monitor what applications are doing in the way that Sandboxie does to enforce the boundaries of an application sandbox. Shadow Defender only has to intercept disk sector writes and redirect them. Shadow Defender creates a layer below the Windows file system API that virtualizes the entire system. Lightweight virtualization is a simpler, and potentially more robust, technology to implement than application sandboxing. Shadow Defender operates independently of the running applications.

    http://bromiumlabs.files.wordpress.com/2013/07/application_sandboxes_a_pen_tester_s_perspective2.pdf

    I'm not sure if access restriction alone explains why Sandboxie occasionally breaks after a browser update, for example, but AppGuard doesn't. I have no detailed knowledge of how Sandboxie works internally, but it may be that the complexity of implementing an application sandbox like Sandboxie, which has to enforce process isolation as well as access restriction, might have something to do with it.

    Regarding AppGuard, I wouldn't say that AppGuard's policy restriction features are better than Sandboxie's in terms of functionality. Something that AppGuard and Shadow Defender have in common though is that they both operate system-wide, and not just in relation to sandboxed applications as with Sandboxie. With Sandboxie though, you get both virtualization and policy restriction within a single program, and no need to reboot. Each has its advantages and disadvantages.

    Already answered by WSFfan.
     
    Last edited: May 6, 2014
  19. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    What exactly is the process isolation feature of Sandboxie that is distinct from access restrictions?

    So if I only pay the $15, Sandboxie gets crippled after a year?
     
  20. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Processes running inside the sandbox are isolated from processes running outside the sandbox. This implies sufficient access restriction to enforce the boundaries of the sandbox. AppGuard, on the other hand, applies access restriction to running processes, but it doesn't isolate them from each other; all processes run together within the real system.


    No idea. I suggest asking over at the Sandboxie forum. Maybe somebody there can provide an answer.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    After a year, if you don't renew the license, Sandboxie locks the features that are available in the paid version and it turns into the free version. But Sandboxie doesn't become crippled. In case you don't know, Sandboxies free and paid version are exactly the same regarding security. Once you sandbox an application, it works the same way in both versions

    You should also know, in case you just dont want to pay for the program, Tzuk made available in the free version tools that can be used to turn that version very close to the paid version regarding automatically running files sandboxed or opening folders where files would run sandboxed when they are executed. To know how to do that all you have to do is use the free version and learn how to do it.

    The door to get a lifetime license is open now.
    https://www.wilderssecurity.com/threads/sandboxie-pro-lifetime-special-offer.363526/

    Bo
     
  22. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    Hi Bo,

    I sure don't like SBIE's (new?) annual licensing policy. I would understand it if after one year you were not entitiled to any further updates, but imho the way it works now makes it 'rentware'. :(

    Cruise
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    @ pegr and bo elam

    Thanks for the very informative posts. :thumb:

    For some reason I´ve never been into light virtualization tools, perhaps because I never really knew how secure they really are. These posts make it more clear. And I didn´t know that you could also install drivers in virtual mode, if such a driver happens to be malicious, will a reboot undo the damage?
     
  24. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Yes, a reboot will undo any damage to all partitions that were in Shadow Mode if a driver happens to be malicious.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi Cruise, I would agree with you, old lifetime licenses were better than the one year licenses that are the norm now for Sandboxie. But right this moment is the right time for you to get a lifetime license. They are available for a few days, take advantage of the offer. If you get one, doing with SBIE what you and I were talking about a few months ago, would be very easy.:)

    Bo
     
Loading...
Thread Status:
Not open for further replies.