Is Sandboxie Really Nessary

Discussion in 'sandboxing & virtualization' started by Dieselman, Feb 22, 2008.

Thread Status:
Not open for further replies.
  1. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I tried Sandboxie last week and didn't care for the long start ups it gave me on Internet Explorer and Firefox. Well I downloaded the newer version today and both IE and FF open up 10 times quicker. I have been surfing the internet and downloading this that and the other thing for years. And not 1 infection for atleast 5 years. I am currently behind a fully stealth 2Wire Gateway DSL Modem and I am also using the Online Armor(full) and NOD32 3.0. My question is do you think Sandboxie is really worth the extra processes it creates? If you have a good firewall and good av then why use Sandboxie? On the other hand why use a firewall and an av if you have Sandbxie? Let me know what you peeps think.
     
  2. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    SandBoxie in my experience is very quick. I would look at the rest of your pc to the cause of this, could be the reason Sandboxie is slow. The software is free and no excuse not to use it. It's one of the great free softwares. The protection is huge for something so small. It like the power of 5 softwares in 1 as it works in a unique way. Alot security software is heading this way so get used to it.
     
  3. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I never said it was slow. Read my post. I said the last version of Sandboxie made FF open slow but the new version of Sandboxie it opens up very quickly.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, I think it comes down to what your comfortable with. I would probably be comfortable with running Sandboxie and OA2. If I were to go anywhere risky, I would enable Returnil's Session Lock to virtualize my C: partition. I'm still using an AV because I have a license to it and everything is running fast enough for me.

    IMHO, sandbox and virtualization programs are more important than any real-time blacklist scanner. I think next would be a usable HIPS program and then blacklist scannner which would be used for checking downloads. It's a setup that would work with my habits and limited knowledge.

    innerpeace
     
  5. wat0114

    wat0114 Guest

    It depends on your surfing habits, including what you download. If you surf harmless sites, then it is probably not necessary, especially given the security you already have. However, I see it as "why not?" It does little to slow me down so I have been using it. Think about it: if something happens while surfing in the sandbox, you can flush it all down the virtual toilet :D Also, I would not let those extra processes bother you in the least.
     
  6. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Ok but I download stuff like wallpapers, Windowblinds skins, Game patches, Nvidia drivers. I always download everything into My Briefcase. Now when I use Firefox Sandboxed those files I downloaded aren't there unless I recover them. Its kind of a pain in the ass to do this on a daily basis.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    With the latest version add My Briefcase to the quick recovery setting.

    Also check in Immediate Recovery that it's ticked to allow.

    SB gui - Sandbox - Default - Sandbox Settings.
    SB.jpg
     
  8. wat0114

    wat0114 Guest

    In addition to Franklin's advice, this is a good post that may apply to your situation, especially since you could be downloading some risky software.
     
  9. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Like I said. Read My post. I have been doing this for years and NOT 1 INFECTION. So along comes Sandboxie and everyone is using it. What did we do before. Do what we were doing. Using a firewall and av.
     
  10. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    See I am also a gamer and like to keep my system trimmed. Sandboxie is always using 2 processes and 5 when using it with FF.
     
  11. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    You surf while your gaming? Also, if you were worried about keeping your system trimmed, you would use something like K-meleon instead of Firefox. According to task manager, none of Sandboxie's processes are using CPU time. I'm also using it with Firefox.

    FWIW, I have Sandboxie service set to start manually when I open my browser. Before I changed my setup, I would quit browsing, delete the sandbox, exit Sandboxie Control and then stop Sandboxie's service or any other service I didn't need before I began gaming. I game offline though.
     
  12. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    How can you surf when you game? Thats impossible. When i mean game I mean game. WOW,COD4,BF2,BF2142,Halo,TF2,Timeshift,Q4,QWars and many others. I will surf for awhile then close out FF and then crank up COD4 and go to town. Everyone is pushing Sandboxie but I still don't see the point if you are using a firewall with HIPS and a good av. Also common sense plays a big roll. I always scan whatever I download before executing it also. Including Nvidia drivers.
     
  13. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    i would say SBIE is just an extra layer but a very good layer at that.

    i ditched resident AV and others,so my browser is much faster.

    If i go really dodgy then Returnil as extra protection,so basically my testsnapshot is windows firewall + SBIE .

    On demand: SAS and Cureit.
     
  14. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    total agree on that. lets say in will be very unwize surf the net with out SB...this AV most of the time came to be useless to 0 days attack...never count on them and also i dont use AV for more than 1 year ...

    cheers
     
  15. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Well its hard to understand your grammar but what I think your trying to say is that you would not surf the internet without Sandboxie. So what if you download a zip file or and exe file? Sure its trapped in the sand box but how do you know if that file contains a virus before you open it up. Sandboxie is not a virus scan. So having an anti virus is more important to me then trapping things into a temporary virtual folder then dumping out the folder. Sandboxie is a good concept but not a solution for an anti virus.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Continuing your example, you scan the zip/exe file and it comes up clean. You execute it and you become infected. So, there are two choices: trapping things into a temporary virtual folder or scanning things with an (incomplete) blacklist. Both approaches can be defeated.
     
  17. wat0114

    wat0114 Guest

    No one is trying to push the product on you, or at least no one should be, but it is not a bad idea to be open to new possibilities for securing your pc. The antivirus imo and I'm sure in the opinion of many others is becoming increasingly inefficient (due to huge definition - and growing - databases) and increasingly ineffective (due to their difficulty in detecting zero-day threats). The idea I got from a few members is to disable the web access detection of my av and use Sandboxie for surfing along with a HIPS and firewall to compliment it.

    The antivirus has for so many years been considered the "must have" security utility all pc users should have, forming the primary component of their security profile. I don't know about others, but I'm now seeing it as a secondary product, with the sandbox, firewall, and HIPS playing a more important role than the av.
     
  18. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I tried going with just the virtual route but I was too paranoid on whether I had picked up anything or not even though it could just be wiped with a reboot or with sandboxie, just emptying the sandbox. I fell better with an av going along with virtualization.
     
  19. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,451

    You do realise that you can scan what you want to while it's still in your sandbox with your onboard tools as well as a service such as Virus Total ?
     
  20. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Ok I understand Sandboxie is the wave of the future. But let me stress me point again. I have been using a good av and good firewall for over 5 years or so and never 1 infection. I am currently using NOD32 3.0 and Comodo 3.0. It makes sense that you can sandbox a zip file then scan it with NOD32. The file may come up clean but actaully be dirty. Now if its dirty then its still trapped in the sandbox. Does that about sum it up?
     
  21. wat0114

    wat0114 Guest

    So do I. I might be minimizing the importance the av plays but certainly I still see it as a nice supplementary security tool.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,084
    Location:
    North Carolina
    Is it really required,? No. Is it a great addition that pays back 10 fold over the cost? Yes.;)
     
    Last edited: Feb 24, 2008
  23. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Well said.
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, I hope you don't think I'm pushing Sandboxie on anyone. I'm very enthusiastic and like it myself and I would encourage everyone to have a look at what sandbox's have to offer. Like I said in another thread. I'm all about isolating my internet facing applications.

    I understand what your saying about being clean for x amount of years while running traditional security programs. Common sense plays a huge roll in that. I only have one more point that may or may not be relevant. A sandbox can make up for a lapse in keeping your programs up to date. It's hard to keep everything updated all the time and if an exploit is making it's rounds, a sandbox should help if you anti-whatever doesn't have a definition yet.

    I just thought of something else which solidified my belief in sandboxing/virtualization. I was cleaning my relatives computer by using different scanners. 2 of them didn't find anything, 1 of them found 2 confirmed trojans and a FP and two more scanners had a few FP's each. I spent a lot of time uploading the files to VT and also had a few checked by labs to confirm if they were safe or not. I wonder what the scanners may have missed :doubt: .
     
  25. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    The only thing that needs constant updating is NOD32 which is done automatically. SuperAntiSpyware which I only use on demand I check every other day for updates and Spybot only comes out with updates on Wed.
     
Loading...
Thread Status:
Not open for further replies.