Question to the Sanboxie Pro

That is also the weak point of file virtualization combined with SandBox. Seamless Sandboxes like GeSWall and DefenseWall are much easier to use.

Put your daughter's PC behind a hardware FW router (the price you pay for SNS, you can also buy a router). When you are not behind a router and want an Anti-executable like SSM, use a firewall which is excellent in its primary function.

Nice freeware setup:

- Blink Neigbourhood watch
- Antivir free
- Spyware Terminator with HIPS enables (is only startup control)

Regards K

 

Thanks Kees for the advice, I may try this setup first:Hardware firewall router, Antivir free, Defensewall and SAS free.

 

HI

Excellent choice, I like SAS very much, good on demand scanner for AS. What could be a nice real time alternative is SpywereTerminator free (nice IDS).

Regards K

 

No it isn't a recent choice, but I'm not so fast in making decisions and installing softwares permanently on my computer, until I'm convinced it fits in my total plan. I'm not in a hurry either.

So I trialed Anti-Executable after reading all its info and discovered that AE was able to stop the EXECUTION of malicious executables based on a WHITELIST, which was based on MY computer.
Prevx1 has besides a blacklist, also a whitelist, but that list is based on computers world-wide and that's why Prevx1 requires an internet connection to verify each software on MY computer, because I can't store Prevx1's whitelist on my computer, its volume is too big.
So I don't really need Prevx1's whitelist, because AE has also one, much smaller and doesn't require an internet connection to verify executables.
AE requires a clean computer from the beginning, otherwise possible bad executables are also whitelisted.
So you can ONLY install AE during an OFF-LINE installation from scratch, anything else isn't clean enough.
I would never install AE, if my computer has been on-line already.
This is a problem for many users, who don't want to re-install their computer from scratch.

I also don't believe that AE keeps my computer completely clean, just like my firewall and all other security softwares.
That's why I have a frozen snapshot (FDISR) to clean the rest and that happens after each reboot. A frozen snapshot does only ONE thing, it removes CHANGES on my harddisk, it doesn't know what malware is,
it doesn't recognize malware like security softwares, it just removes ALL changes, including the good changes.
It also removes my history like CCleaner and keeps my registry clean like registry cleaners, much safer and probably much better too.
Simply said, I give my computer a CLEAN shirt after each reboot, just like a wear a clean shirt each day. What worked fine yesterday, will also work today, tomorrow and the day after tomorrow.
I'm working with a frozen snapshot for months without problems.

The reason why I can give my computer a CLEAN shirt each day is : I separated all my personal data from my system partition and created a data partition on a second harddisk. So my system partition has only winXPproSP2 and Applications, but NO personal files. This means I can do whatever I want with my system partition, without losing my personal files.
NEVER put system files and data files in the same place, which is a bad practice and I don't care what other people say, because I know I'm right and the rest is wrong, but I'm not going to discuss is anymore because it's a waste of time for me.
Separating your data is easy to do, when you use only softwares, which are able to store their OUTPUT files on another partition than [C:], such softwares have always a setting where you can change the folder of their OUTPUT files and these OUTPUT files = my hard work, which I don't like to lose.

I can't store the settings of my softwares on my data partition, at least not completely, because many softwares have a bad architecture and are not designed to make that possible.
That's not a problem for me, because I also have IMAGES/ARCHIVES to restore my system partition and those IMAGES/ARCHIVES contain all my personal settings of each software.

The reason, why I still need security softwares, is very simple.
If a malware manage to install itself during the day between two reboots and executes itself, I'm cheated. A frozen snapshot only removes malware, but doesn't stop the installation and execution.
I don't understand why users are always glad, when one of their scanners removed a malware. Don't they realize, that this is TOO LATE and that the malware could have done its evil job already. A frozen snapshot also removes malware during reboot, when it is TOO LATE and that's why I need software to prevent the execution. The installation is not a problem for me, its the execution that bothers me.
So any software that stops the execution is WELCOME in my frozen snapshot and if it stops the installation, the better.

The only reason why this is so important to me is also simple.
If my system partition is well protected, my data partition is also well protected.
I only infect my data partition myself, if I start downloading files from unknown sources, but my data partition can also be infected by malware on my system partition.
Once my security setup is complete, I will try to find ways to protect my data partition better.
I can't do it all at once, I prefer to work systematically. FIRST THINGS FIRST.

Is this a perfect solution ? I don't know, my technical knowledge is way too small.
I try to solve my security with philosophies and logical reasoning, but it has to be SIMPLE, because my target are hardworking less-knowledgeable users, who don't have the time for security. Knowledgeable users and experts don't need my approach.
That's why I'm telling this at Wilders, to challenge members to break my approach in order to improve my security.
I never had a problem with critism, on the contrary I like healthy critism.
My basic questions in the end are always the same : "What is missing ? What did I forget ?"

 

I have PowerShadow already = frozen snapshot, which is an additional feature of FDISR and although the method is completely different, the result is the same : the harddisk doesn't change.
FDISR can do what PowerShadow does, but PowerShadow can't do what FDISR does.

The reason why PowerShadow is so popular is because it's freeware. For the first time, many users have a tool that doesn't change their harddisk. All the other tools cost money.
What PS-users NOW have is something I have already since I have my new computer in march 2006.
The fact that PS does it quicker is logical, it does only one thing and in a different way than FDISR.
That's not an argument for me to replace FDISR with PS, that would be huge step back for me and I like to go forward.
Faster and less space are NOT functions, that's only usefull, if your computer has the WRONG hardware.

The same happened to ShadowSurfer, when it was freeware for a short time.
Suddenly everybody was talking about ShadowSurfer and how good or bad it was.
It doesn't make a difference for me if it's freeware or payware as long it meets my wishes.

 

I still would like to add something similar to Defensewall and have been keeping an eye on Neoava Guard which I haven't tried but intend giving it a go with the new release which should be ready next month.

Quote the author:

http://www.neoava.com/weblog.htm

 

I watch both softwares, but I can't use NeoavaGuard yet, because it's BETA.
I don't want BETA's on my computer, because I don't consider myself as a qualified beta-tester.

 

Paying for software is no prob here but would you believe I do not have a single credit card and I am paranoid about posting my only other banking details online.

If I could just go to my local pc store and buy Defensewall it would be on my computer right now.

But I think I've done alright with my security setup using freebies so far.

 

That's true, even when a company can be trusted, the employee can be a bad guy too.

 

The thing is, it's very very easy to keep what we want. Use the quick recovery and you'll notice there aren't disadvantages, besides a few clicks more.
What do you want to keep? Bookmarks, downloads, not much more. You set it to monitor those folders and presto, easy to use.

 

Do u expect an Atomic missile attack on ur PC?
Why DefenceWall and Sandboxie together?

 

I don't know, I'm asking the experts, I'm a newbie. Once I start using them, I probably will see that one of them is too much. I'm a newbie, not stupid.

 

No I don't, I'm not even paranoid. I only want a clean computer without using 30+ security softwares. I didn't buy a computer to protect it constantly and watch every move it makes.
I have also an off-line snapshot, that allows me to work quietly without any disturbance. Only my on-line snapshot is a trouble-maker, that's why I bought FDISR to get rid of these problems without knowledge.

 

Faster and less space is a function for me, its not because I have the wrong hardware, thats just the way I want my computer to be.
I like my software to taylor to the way I want it, not the other way around, and if I can get it for free, thats just another bonus.
Power Shadow fits the bill, its easy to work with, I don't have to spend hrs reading a manual to set it up or use all the features.

 

I never could copy a file with speed or less space, but a function like copy/paste did the job.

Everybody does that on his computer.

PowerShadow doesn't fit my bill. You can't compare FDISR with PS and of course PS is simple, it does only one thing.
If I want to type text, I better use Notepad, because it's much more simple than MS Word.

 

PowerShadow doesn't have so many luxury functions as FD-ISR

PowerShadow is popular because it is simple, handy and proven.

 

I agree you

1 = Firewall
2 = Application level virtualization
3 = System level virtualization
4 = Physical backup

Maybe 3 can cover some issues of 2 and 4 can cover some issues of 3

 

Maybe that will be the next trend on this forum. A computer room/bomb shelter.

 

Luxury functions ? Nothing is luxury in FDISR or superfluous, where did you read this ?

This is true : FDISR and PS are both luxury, because you don't really need them.
Your Image Backup Software also restores your harddisk, but it lasts longer.

 

Just a side note: current version is 2.85.

 

Another way to do it is simply create a new desktop shortcut for each app that you want to run sandboxed. For example, my Firefox browser shortcut is:

"C:\Program Files\Sandboxie\Start.exe" "C:\Program Files\Mozilla Firefox\Firefox.exe"

The same can be done for any other app by just adding the path after the Sanboxie .exe like in the example above (including the quotation marks). What I have done is create shortcuts for all apps I want to sandbox, then have created a new desktop folder to place them in so the desktop doesn't get any more cluttered. For those of you who have created shortcuts for using apps with DropMyRights, you'll recognize this method.

 

Nice tip.

 

Great tip KD.
I tried it with my Outlook Express quick launch icon and it worked a treat.

The OE quick launch icon changed to Sandboxie's but was easy to change it back to OE's.

Another off topic tip:
I also have regedit, msconfig, control panel (control.exe), cmd, services, event viewer, notepad and self created shutdown and restart icons sitting in quicklaunch.Only the default three are showing with those >> pointing to the rest.

Can save a click or two and a run command every now and then.

 

Sandboxie is a great tool: lots/any q's are answered by the users or Ronen on the forum.

The "clean/delete" the sandbox function does not overwrite/erase the sandbox.
There are ways to get third party tools to do same.

I use Sandboxie when indulging in "riskier' surfing: don't bother if I am going to my known safe sites.

For me one of the advantages is user control: either run whole session sandboxed or just when I need it on a per application and per session basis.

Some of the other Sandbox type tools do not have that level of granular control: either start at boot or require complex set-ups and cannot get "in and out of sandbox" when you want

I find it a bit of a fiddle getting some files/dls out of the sandbox to keep; but you get used to it if you need to do thatand I would hesitate about changing defaults: why use it if you want some equivalent of file sharing at some level?

That may sound a little paradoxical: sort of reverse discrimination but works for me so far (until next malware hosing )

Please register if you use this tool: it is A.GOOD.ONE.

Regards.

PS an interesting side note: I went to install some trial software through sandboxie and got a not unexpected warning about installing a kernel level driver: Fine. Of note PrevX of all my other little tools popped up and warned about the same: ie afaict IN the sandbox. If PrevX can see into the box then maybe others can see out