Prevx 3 and Sandboxie

Discussion in 'Prevx Releases' started by Hugger, Jan 16, 2010.

Thread Status:
Not open for further replies.
  1. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I read that Prevx will not integrate into a Sandboxie'd browser because of the limitations the sandbox puts on the browser.
    What problems would I see by using P3 and SBIE?
    Would I actually get less protection?
    Hugger
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Although the SafeOnline Browser Security application is designed to increase online security, it is neither integral nor essential to Prevx's main function as an anti-malware application.

    As far as I know, there is no incompatibility between Prevx itself and Sandboxie. The only incompatibility is SafeOnline, which won't work with a sandboxed browser. I've used Sandboxie in conjunction with Prevx and, apart from SafeOnline not working, Prevx itself continues to work normally. Most of the time I don't use Sandboxie though because I already use AppGuard and Shadow Defender, so I tend to rely on SafeOnline, which works flawlessly on my 32-bit XP Pro system.

    As Sandboxie already provides very strong browser protection, I wouldn't say that you'd get necessarily get lower protection either way, but Sandboxie and SafeOnline protect the browser in different ways so you'd have to look at your own requirements to see which fits your circumstances best.
     
  3. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    pegr,
    Thanks for the help.
    Hugger
     
  4. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Actually, tzuk (Sandboxie's author) has pointed out that SafeOnline will work with Sandboxie if you select the option under Applications|Accessibility in the Sandbox Settings (accessed by right clicking the sandbox in Sandboxie's control panel). That allows the sandboxed browser to communicate with Prevx outside the sandbox.

    However, the increased accessibility weakens Sandboxie's security, so I don't personally allow it - I just use SafeOnline to secure unsandboxed sessions for online banking, etc.
     
  5. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I'm going to try it but will probably do it the way you do.
    Thanks.
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Thanks for pointing this out, as I wasn't aware of this. I tried it and it does indeed allow SafeOnline to work with Sandboxie. The accessibility option also solves a long-standing problem I've had with Sandboxie. On my system, Sandboxie has always been very slow to respond to mouse movements, resulting in jerky mouse movements that make Sandboxie almost unusable. The jerky mouse issue is one of those things that occasionally gets reported by a few Sandboxie users, but for me at least this setting solves the problem. (I never thought to try this before as it never occurred to me that the cause might be an accessibility issue.)
    I too prefer to rely on SafeOnline to secure unsandboxed sessions for online banking and shopping. For normal web browsing, as I also use AppGuard and Shadow Defender, I am prepared to accept some weakening of Sandboxie security, especially as I will use Sandboxie more often now that the jerky mouse issue has been resolved. I wouldn't advise anybody else to do this though unless they are prepared to accept some weakening of Sandboxie's security.

    Thanks again for the information. :)

    Regards
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks, MaxEntropy, for that workaround! :thumb:
     
  8. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    It works as advertised.
    Am I supposed to check the box on the lower left that says something about applying the change when going to another page(not a quote)?
    Thanks.
     
  9. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    It's not essential but it does speed up changing settings as the changes get applied automatically when switching page if the box is checked. Otherwise, you have to manually press the <OK> or <Apply> buttons to save the changes on a page before you can switch to another page.
     
  10. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    OK. Thanks.
     
  11. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Glad it works for you and for Pegr - not sure about his mouse issue, but it might be worth raising that on the Sandboxie forum.

    Of course, all credit for the SafeOnline workround should go to tzuk (i.e., Ronen Tzur), who posted it on the Sandboxie forum at http://www.sandboxie.com/phpbb/viewtopic.php?t=6667&highlight=prevx.

    Note that it's also best to check the box under Restrictions|Drop Rights in the sandbox settings to reduce the possibility of malware in the sandbox exploiting the increased accessibility.

    Prevx and other security programs running outside the sandbox obviously provide useful extra layers of security - I wouldn't be without them. Even so, I like to keep the Sandboxie protection itself as strong as possible, as it provides a solid frontline of defence against all manner of nasties on the web.

    It's very unlikely, though, that there will be malware on my bank's website or on Amazon etc, so that's where I use the browser (and password) protection provided by SafeOnline without using Sandboxie.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    You dont need Sandboxie with SafeOnline. Trust me, Prevx and SafeOnline are more then enough to keep you safe.

    Keep it simple, keep it secure.
     
  13. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Whilst I respect your point of view, I prefer to have more than one security layer. That's what many security professionals recommend.

    It's also in line with my own experience of being hit by a man-in-the-middle attack a few years ago while using my laptop to access the web in a Chinese hotel. Two security layers (not Prevx or Sandboxie) blocked and quarantined the malware, but they didn't stop it from messing up the registry, which made the machine unusable for a week. Since I rely on my PC for my work, that was a nightmare.

    It may be that you're right that Prevx SafeOnline is all we actually need nowadays to stay safe, but I'd be very reluctant to go back to that Chinese hotel to test your theory with my PC.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you do end up going back there and testing the cleanup of Prevx and there are any problems, write into our customer support inbox and we will correct the issues for you either by walking you through the steps or via remote support :)
     
  15. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Thanks, PrevxHelp. I appreciate Prevx's excellent customer service and cerrtainly feel a lot safer nowadays with Prevx protection. It might well have prevented me from getting infected by a variant of this malware http://www.threatexpert.com/report.aspx?md5=fa1eef38810bd073f0a42c4f204310c4 back in December 2007. (Couldn't boot my machine afterwards. Had to fix it in China by downloading MS ERD using another PC.)

    However, the internet in China is very insecure, and there may be local variants of malware that are not in Prevx's database. To guard against this possibility, I've hardened my system with the extra security layer afforded by Sandboxie (plus the firewall etc from KIS - at the time of the infection I was using ZoneAlarm Security Suite).

    This may be overkill, especially when using the internet in Europe or the US, where Prevx's many users presumably help your systems to pick up new malware very quickly. But even here there must be people in Google and other big-name companies who wish they'd used a more secure browser and email.

    In the UK, Exeter University had to shut down their network on Monday after a virus attack, described as "of a new type which managed to elude the current generation of anti-virus software" - see http://as.exeter.ac.uk/it/status/hotissues/ . It may be that Prevx would have blocked that malware too. But incidents like this only strengthen my view that it's best not to rely on a single layer of security, just in case something nasty slips through.
     
Thread Status:
Not open for further replies.