Preventing everyday infections with Sandbox technology question

Discussion in 'sandboxing & virtualization' started by smee00, Dec 18, 2010.

Thread Status:
Not open for further replies.
  1. smee00

    smee00 Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    20
    Hi experts!

    I have been using VMware to run and test software without being at risk of being infected.

    I now realise that an anti virus and the virtualization is not sufficient to protect against new viruses for operations that do not involve installing. I really thought I was one step ahead of malicious software!

    I have recently spotted infection methods from unpacking a simple RAR file - I am now quite shocked about this level of sophistication, this is really scary stuff to me!

    The forum has managed to educate me about Sandboxie and Shadow type software, I think I should be running unpackers download managers and browsers in such a softwares.

    Firstly am I correct with the above statement, secondly, am I right that other operations like viewing media, pdf's, or deleting specially prepared files can cause me problems when the file has been specially prepared for this operation?

    Can this be combated by using sandbox technology?
    If I delete a specially prepared file without running it, can it infect? The reason for this question is I often see 'delete me!' files in marketing packages from file hosting sites, they must be a reason for including these.

    Which sandbox software do you use and recommend, I see Sandboxie is quite popular.

    Thanks Smee
     
  2. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I use a combination of GeSWall and Returnil and have been pleased with the two. :thumb:

    Sandboxie is a great program but I just seem to like GeSWall a little bit more after getting use to it. Bufferzone is another good choice and you can get the Pro version free through the holidays. Dottech is giving away licenses for Returnil Pro for 72 hours. There are a lot of good apps in this category and now is the time to get good deals on some of them. :cool:
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I am very pleased with Sandboxie.

    I have Start/Run and Internet Access Restrictions enabled which effectively serves as an 'anti-executable' for unauthorized programs in the sandbox. I also have DropRights enabled which has programs running in the sandbox under LUA (Limited User Account).
     
  4. smee00

    smee00 Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    20
    Thank you so far...

    The recommendations are already becoming helpful.
    I will be testing these to see how I get on with them.

    How does one know if a sandboxed software is behaving badly? This could be a good way to tell if one has malware or not...
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Buster Sandbox Analyzer
     
  6. smee00

    smee00 Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    20
    Thank you,

    They sure have thought of almost everything with this technology.

    I will look at Buster Sandbox Analyzer too.
     
  7. smee00

    smee00 Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    20
    I tried the recommended Bufferzone Pro free offer, then I tried a paid version of Sandboxie.

    I must admit, I nearly gave up with it, but now I quite like it now that I have done some settings tweaking.

    I do think the developer should get 25 noobs to try the software and it's competitor software, then report back how they got on, I am sure there can be UI improvements that will help everyone.

    Also I liked the way Bufferzone showed which files it was still holding in the sandbox.

    I stayed with this Sandboxie solution because of the flexibility, out of the box software support and the active support forum.

    Thank you for your help.
     
Loading...
Thread Status:
Not open for further replies.