Question to the Sanboxie Pro

Discussion in 'sandboxing & virtualization' started by Antarctica, Apr 14, 2007.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    I am putting together a PC for my daughter and this is the setup I have so far

    L"n"S paid
    Antivir free
    SSM paid

    I was wondering if it would be a good idea to add Sanboxie or DefenseWall?

    Thanks for comments
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    I would test it on her PC, and if it works well then yes. I like it because it isolates what happens on the internet, but it is still easy to recover downloaded files, if you want, and also it is easy to make everything go away. No reboots needed.

    I have trialed Defensewall twice, and just don't like it. Didn't have any feel of what was going on.

    Pete

    PS. If you pay the modest fee for registering Sandboxie, then all the browsers can be set to open automatically sandboxed.
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    With Sandboxie, the desktop shortcut "Run the default browser under Sandboxie" can be renamed to your browser then change the icon to suit, usually by navigating to your browsers installation folder in program files.

    Set this way another user probably wouldn't even notice they were browsing through the sandbox, until they can't find that saved pic or download that is.:)
     
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Thanks to both of you for replies.
    Pete, when you say "no reboots needed" it means just closing the browsers and everything is gone?
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Everything is gone after you delete the sandbox contents.
    That could be after many days of use or if desired after every browsing session.
    Your choice.
     
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Sounds good, I will give it a try.:)
    Thanks again
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Is their no way to delete the sandbox contents AUTOMATICALLY ? Some kind of setting ?
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Yes, you can set the cleaning up options so that after each use the contents are cleaned. That means I think before Sandboxie control is closed before reboot or exited manually from systray by you.
    I have not tried that myself but I think that just closing a sandboxed browser will not erase all that content.
     
    Last edited: Apr 14, 2007
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    GUI-configuration-sandbox settings-set auto cleanup options.

    I just set CCleaner to clean it every now and then under custom folders.

    But that's not really needed either after a restart with Powershadow.
     
  11. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    508
    When using SandboxIE, it would seem to me that there might be specific items in the sandbox you wish to retain rather than deleting everything in the sandbox.

    Can sandboxed items be selectively deleted/retained ...how does this work? o_O
     
  12. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Some items like bookmarks can be had in synchro with your real browser install with IE and Firefox.
    Other things you have to explore the sandbox contents and manually copy them from that virtual folder to your real system. Something like for instance you run a bit torrent client inside a a sandbox and then want to keep what you have downloaded.
    It is very easy to do that.
     
  13. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    508
    Do emails also wind up in the sandbox?
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Same here with a frozen snapshot, but I would use Sandboxie to protect my computer between two reboots.
    I assume that Sandboxie stops the installation/execution of these malicious objects, stored in the sandbox.
    What is not installed, won't hurt me during the period between two reboots.
    Everything that bypasses the sandbox (nothing is perfect) and infects my computer will be removed during reboot anyway.
     
  15. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Jo Ann, i have personally reverted from my isp emails to using gmail, but yes, I have Mozilla Thunderbird also in Sandboxie and get copied all the spam I still get there also to my real system.
    So yes, emails are also retained i think with thunderbird and outlook express. It is an option that Ronen has made to exclude the virtual thing for a user convinience, same as the bookmark exclusion. Both can be denied too.
    I do wish that not much more exclusions are made to sandboxie virtualization.
    It is quite nice to run as it is without any need for new features.
     
    Last edited: Apr 14, 2007
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No it will allow the installation of software/ malware, only the difference is that malware will be deleted( all related files, registry etc) when u will empty the sandbox. There is no need for Sandboxie with frozen snapshot. It does not stop the malware, just isolates. A policy restriction software like GeSWall, DefenceWall might be the option though as they actually stop execution of malware.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Not totally. I tried installing KAV in the sandbox and the installation failed. I also tried with Online Armor, and it installed but couldn't start. I also installed Cryptosuite in the sandbox and it ran, but I couldn't access files outside the sandbox.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think it does not allow rootkits, kernel drivers etc to be installed that is understodd.
    Try a simple software, say a download manager, or a simple( on-kernel based) keylogger and u will that it will be installed and will run fine.
    Infact it,s a feature of Sandboxie that u can install nw software inside sandbox.
     
  19. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    From Sandboxies FAQs.
    http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sandboxie's feature to install softwares is something I don't need and it seems only to work for little softwares. A frozen snapshot has no limits to install softwares.
    If Sandboxie doesn't stop the execution of malware, even when the installation is isolated, it's worthless to me.
    I don't care about the installation, I care about the execution, the worst part of malware.

    I need softwares that prevent (installation) and execution of malware, like Anti-Executable.
    From what I read DefenseWall also stops the execution of malware in untrusted applications, so that's a good one too.
    What else is there ? :) No scanners, no Powershadow and no HIPS please.
     
    Last edited: Apr 14, 2007
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Eric! I think u can read it all in the post#19 by Franklin.
    It does stop the malware but not like AE.
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. Sandboxie back on the list. :)
    So I have this up to now :
    1. Firewall of Straw + Router
    2. Anti-Executable
    3. DefenseWall
    4. Sandboxie #Firefox# (Thunderbird doesn't need Sandboxie)
    5. FDISR's frozen snapshot, to clean what passed through 1, 2, 3 and 4.
     
    Last edited: Apr 14, 2007
  23. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    1-Soft FW mainly for outbound as I have a FW router. First line of defense

    2-Sandboxie second line

    3-Powershadow third line

    4-Ghost images fourth line

    5-A coupla spare hard drives with clones of the original ready to hook up and boot as masters fifth line

    Nothings got past Sandboxie as yet and I use the FF add on Stumbleupon, which can take me anywhere on the net.
     
  24. EASTER.2010

    EASTER.2010 Guest

    That one is a really intelligent and practical choice and brings back good memories of when i first tried it out. It really did lock down most all executables and was relentless at sealing your system tightly closed from those nice surprises of something hidden in the background suddenly springing to life to jar the blazes out of your nerves and all that.

    Is this a recent choice of yours and even if not, how do you find it? Are you completely satisfied of it's ability and do you regard it as foolproof for the most part if not entirely?
     
  25. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    it not only cleans it automatically after each browsing session, it will allow you to save whatever you downloaded and want to save before the cleaning.

    a really nice feature i just began using a few days ago. cleans out all of the internet rubbish, and leaves SAS with absolutely nothing to do!


    Mike
     
Thread Status:
Not open for further replies.