Light virtualization: Returnil/PowerShadow/ShadowDefender/ShadowUser Pro

Discussion in 'sandboxing & virtualization' started by BlueZannetti, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I have readed this forum over a year now and I have tested lots of programs (av, as, hips, fw etc.). Nowadays I really like to use virtualization (+sandboxing). It's so easy to use and other users (my wife) likes it too. You don't have to know correct answer when something happens because everything is going back after reboot.

    ATM I just use LUA+SRP with virtualization and sandboxing. So easy to use and users computer skills aren't so important.

    -MikeNAS
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    Long View I like your setup. I am using a Netgear router, Firefox and Sandboxie. I am thinking of adding Deep Freeze. The funny thing is when I add Avira PE set to selective scanning and no pre-scheduled scans, it takes away nothing as far as speed. I have tested it several ways. I figure what does it hurt to keep it.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Some of us are very sensitive to real-time scanning. As you see, it's more of a personal thing.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    thanks lucas. I keep going round and round and no I can be a pain. I guess I am one of those old-schooled folks who just find it hard to give a AV when we have been taught from the start it is the way to go. Most of you are very astute and understand that with change comes new rewards and challenges. For the average user, I think the challenge part is the hump in making the move.

    After taking ShadowDefender off for a week and trying other products, and going back to Avira, I learned two things. One, I missed SD becaue it was simple enough for me and the other is, that instead of preaching but listening to some of you, I realize giving up scanning doesnt have to be a large "hump.:thumb:
     
  5. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Very good thread for us computer security noobs. I decided to try the light virtulization/av route and am very pleased with the results so far. I know I could go without the av where it only takes emptying the sandbox or rebooting to get rid of stuff but I like the fact that it is there to tell me if something IS there to get rid of. I am still keeping SAS too but only running it on demand when I don't have Returnil turned on just to make sure that my underlying system isn't infected.
    I may add Prevx to the mix. I already bought it a week ago, just waiting for my license to arrive. It would bug me too much to pay for it and not use it.
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    when you "buy" a license from Prevx, it is emailed immediately.
     
  7. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Errrrrr...not exactly. I used Pay Pal and they won't send me the license until it clears. I don't use credit cards so I gotta do it the slow way.
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    I'm the same way. Maybe I'm just too nosey LOL. Seriously though, my AV doesn't seem to slow me down and I'm like you, I have it, so why not use it.

    @ BlueZ, great thread and thanks. It's good to see virtualization getting more exposure.
     
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Thanks. It seemed like it was time to have a somewhat coordinated discussion of these types of products for a number of reasons:
    • The new entries that have appeared are recent introductions and have now largely stabilized.
    • The introduction of dynamic entry into a virtualized state, in my opinion, eliminated a large use barrier that afflicted ShadowUser Pro.
    • These products are priced at a point where the mass market can respond. Whether they will is another matter, but the current price points are quite reasonable.
    • Finally, and probably more importantly, they represent a specific potential solution to the continuing lament voiced here that every AV under the sun experiences periodic vulnerabilities due to the onslaught of malware, the increasing rate of appearance of new malware, and the somewhat slow progress in developing proactive detection methods (aside from a couple of entries, it seems mired in the 25-40% range from 2004-2007 in the www.av-comparatives.org retrospective tests). There are many distinct and competing options (execution control, software restriction policies, etc.) that should work as well, but virtualization does not require informed user intervention to work well. Further, as some have tried, light virtualization (or the competing options) can be used as the sole approach to securing a machine.
    In the general view of the thread, I was somewhat undecided on whether to include Faronics Deep Freeze. It really is a member of the same category. However, it's primary market (institutional/enterprise) renders the feature set somewhat different than the products primarily covered in this thread. For someone looking for a solution, it does provide another available and highly recommended option.

    Blue
     
  10. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I did some testing last nite to see how good this all works. I went to a couple different crack/keygen sites to get drive byed...it wasn't long before Avira (set at max hueristics and scan all files) was popping up to beat the band. So I made note of these sites and then rebooted to get rid of everything (was surfing with Returnil and Sandboxie btw) and uninstalled Avira flipped Returnil back on and went to the same sites again. Then I rebooted and ran full scans with Avira and a few others plus SAS. All was clean so I was pretty impressed.

    Another thing that impressed the heck out of me is I tried these sites out (when I still had Avira on) with both IE and Firefox with No Script. When using IE I was getting all kinds of Avira alerts but when using Firefox with No Script...nothing.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    Yep, it works. Of course SD and Sandboxie for me. Same results though.:thumb:
     
  12. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Yes! Thanks to this thread I think I have finally found a set up that I like and trust. The only question I have left to figure out is whether to run Prevx with it or not.
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    why? I just install Esets online scanner or Dr Webs Cure it still while in shadow mode to see if anything is around. Works flawlessly. Sandboxie covers most and is your first line of defense. Then Shadow Defender or Returnil are your boot to total safety as needed. I love it.:)
     
  14. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Hmmmm more options....thanks!!!!
     
  15. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    play around with this sanboxie progy....found it lets say none user friendly nither nice to use it.

    in your case u have SD so why u uses 2 virtualization software ? when in the next rebbot u clear from any malware?

    better add other protection if u keep your pc run 24/7 like NAB or other what they call 0 day tool


    cheers:cautious:
     
  16. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    Hi, if you play around a little more with Sandboxie, you will find it has the option to block access to certain files you specify (such as My Documents). That way during your Virtual Session, if you happen to pick up a key logger etc., your personal files will be safe and remain private. Sandboxie also affords the option to delete it contents and start a new browsing session without that pesky reboot a virtualization software needs.
     
  17. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i play with this look like beta progy 2 much. some of its "config" menu are TXT editors lol

    dont like it to much workk to get simple actions

    cheers:thumb:
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,314
    You might also discover that anything in the sandbox can be left there thru reboot.
     
  19. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    The newer versions of Sbie can be configured from a gui now. It may look like a beta to you, but it's protection is top notch. Have a look at some of the tests Peter2150 has performed. I personally use it to protect my D:\ data partition when I'm online which is even better when paired when I'm using Returnil which only virtualizes/protects C:\. I may even decide to run them both within a VM someday :shifty:.

    Were getting off topic, but Sbie is not that hard to configure. Yes you can still use the text version, but the gui works for what I need. It does take a little effort and one may have to ask for help or search their forum, but help comes quickly. To me, it's worth it and almost all my online apps run through Sbie.
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,090
    Location:
    North Carolina USA
    I use 2 because it works. With no impact to my PC. Go ahead and layer a AV,AS,AT etc, and see the impact. It is my choice, it works, and no, I didnt say it was the "Perfect" solution. But it is a darn good one.
     
  21. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I like the Sandboxie/Returnil setup also. I have Sandboxie set up to empty automatically when I close down Firefox (or whatever I decide to run in it) so all the baddies are gone and Returnil is there for a quick clean up if anything does get thru. So far in my testing Sandboxie hasn't let anything thru. I tested by scanning after closing Sandboxie with Avira set to on demand so it wasn't going off while doing my unsafe surfing. I went to the sites with Avira enabled so I knew what was there.
     
  22. Avail

    Avail Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    29
    Just got a quick question. If your computer can still be badly affected even though you have these programs running then what program can you install that will provide maximum security? Which Vmware can block all modification and installation to your system? So nothing gets through? Need a firewall?
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,531
    Location:
    U.S.A. (South)
    Greetings Again innerpeace:

    I agree that many new improvements now stand out making SandboxIE even more configurable as well as increasing solid protection.

    Do you happen to know the command line or/if it still can be used to have ERASER fill in as the sandbox's default deleter? I know i have run across that post b4 at SandboxIE forums but cannot find it again.

    I believe it's a simple command line run thru the Invocation etc. Well, i think you know what i'm after.

    Thanks in advance

    EASTER
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,097
    Location:
    Mountaineer Country
    Hi Easter,

    I don't use the secure delete, but I remember hearing about it. I'm also not an expert at Sandboxie, just a huge advocate LOL. I'm losing faith in blacklist scanners quickly. See if this link help any. http://www.sandboxie.com/index.php?SecureDeleteSandbox

    Cheers,
    innerpeace
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,531
    Location:
    U.S.A. (South)
    Thanks innerpeace:

    I will look more into it.

    Whitelist HIPS + SandboxIE/Power Shadow/Returnil type apps are the wave of future.

    I quite agree, blacklists don't appeal to me either, too hit & miss with a consistent history of misses. STAMP OF APPROVAL the good/safe apps within a Whitelist while virtualizing/sandboxing etc.

    Exciting to throw up a strong defense shield with minimal layering.

    ___EASTER
     
Loading...
Thread Status:
Not open for further replies.