returnil+sandboxie,best virtual combo?

Discussion in 'sandboxing & virtualization' started by osip, Aug 26, 2007.

Thread Status:
Not open for further replies.
  1. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Well, been very pleased with returnil...Out of curiousity I also tested safespace,bufferzone pro which I could´nt get to work properly on my system...Decided to give SandboxIE 3.1 a chance and I must say this is impressive...No conflicts with a nice option to either lock system partiton for the session with returnil, either test apps by installing in sandbox and test for multiple sessions/longer time...This must be the ultimate...
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yep, that's my usual setup when not testing new wares.

    You can also add these extra lines to Sandboxie's ini file that will stop all outbounds from within the sandboxed environment except for your browser.
    Code:
    ClosedFilePath=!firefox.exe,\Device\Afd*
    ClosedFilePath=!firefox.exe,\Device\Tcp
    ClosedFilePath=!firefox.exe,\Device\Udp
    ClosedFilePath=!firefox.exe,\Device\RawIp
    Replace firefox with the browser that you will run sandboxed.Such as iexplore, opera etc.
     
  3. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Thx for that...pls explain a little bit further...is´nt the sandboxed environment sandboxed?
     
  4. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I am not familiar with Sandboxie up until now,so my question is can it retain the changes after a reboot with some installs require.Also is Sandboxie independent to Returnil if they are both active. If i reboot to get out of Returnil what happen to Sandboxie,maybe dumb questions but i don't know much about these combo. Like you very pleased with Returnil.
     
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    No Sandboxie can't test apps that require a reboot or need to load drivers and or access the service control manager.

    If you reboot from Returnil mode all changes are reverted including any made within the sandboxed environment.

    Just running Returnil you can still pick up a malware which will require a reboot to be rid of but with Sandboxie all that's needed is simple delete contents of sandbox command to wipe any inet borne malware.

    They compliment each other nicely.

    A virtual machine is the better choice for testing apps that require a reboot with no possibility of interaction with the real system.MS Virtual PC 2007 is free and works fine here.
    Sandboxie FAQ's
     
  6. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    @Huupi:

    For your info this is what I´ve done: I installed Onspeed 10 day trial with the setup in the sandbox for testing...the whole installation went to sandbox evironment...After reboot no signs of onspeed in program files but sandboxie has "open any program": there it was,so,I opened up onspeed in the sandbox,tried it a bit ,made a couple of reboots,all worked allright,then decided to delete the sandbox...Installation was gone...
    Okey,then tested returnil as usual with the exemption that I took Sandboxie to exit...Why run both simultaneously?...Returnil´s session mode works perfect allright...
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yes it's sandboxed but it still doesn't stop outbounds from anything sandboxed with default settings

    By adding those extra ini lines Sandboxie should just about stop any outbounds from the sandboxed environment which you can test at the link below.

    Remember that with those extra ini settings not even your email program will be able to connect if ran sandboxed.
    http://www.firewallleaktester.com/

    If you have further questions on Sandboxie's workings please feel free to come over to Sandboxie's forum.
    http://sandboxie.com/phpbb/
     
  8. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Appreciate it, Franklin...Configured as suggested, earlier with other above mentioned had problems with Admuncher, thought I had to do the same with admuncher.exe in .ini, but that stopped connection,....just the browsers and all runs fine...even admuncher works...Great!
     
  9. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Thanks Boys, These app makes for an almost invincible Combo !
     
  10. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Probably Franklin has more experience in this but nevertheless...
    http://www.zshare.net/image/33281129aced5f/
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Have just tried Sandboxie and found it irritatingly slow when used with either Firefox or IE7. Does it slow things down or am I just being unreasonably impatient. I like the Sandboxie idea but is there any alternative that I could use without noticing its there ?
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Zshare doesn't quite have it right for new versions. Yes you can install in the sandbox, and in theory reboot. Problem is that reboot usually means you have to start a service or install a driver. Sandboxie says no to that although you can override to some extent.

    Pete
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I replaced SB with DefenseWall, which is so quiet, that you think it doesn't do anything. Even its log doesn't show anything remarkable. Maybe I don't surf too dangerous. If there was no icon in the system tray, I would forget I have it. Strange software.
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That (and the use of Firefox) is why your scans come up clean.
    Policy-based sandbox. Quiet and user-friendly (not noob-friendly :D)
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You forgot the main one : my frozen snapshot keeps my computer clean. :)
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    With your surfing habits, Firefox and the security apps installed, there's no malware to clean ;)
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You seem to have alot of faith in Firefox and security softwares, I certainly don't.
    Once my computer is connected to the internet, I consider my computer already as possible infected. I just assume it is clean and nothing can proof I'm clean.
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Eric - I agree that nothing can prove that your machine or mine is clean but until evidence to the contrary is provided I proceed as though my machine is clean.
    Although I have no security software running real time I do periodically install ( using Acronis or FD-ISR or deepFreeze, or Returnil to ensure that my machines are not loaded down with security permanently) security programs such as KAV, SuperAntispyware, NOD, Spybot, Ad aware.......... and NOTHING is EVER found more dangerous than a cookie.

    Everyday my Netgear DG834 sends me an e-mail and every day it reports nothing bad - yes it could be broken.

    In my opinion threats from the internet are greatly exaggerated - they do exist, of course they do - but to hear some talk you would imagine that the moment you plug in you are exposed and unless you install at least 7 programs that you will be infected within minutes if not seconds.

    For me the best combo has to included a hardware firewall, an imaging program and a freeze program. Netgear plus Firefox, deepfreeze 6 or Returnil, and or FD-ISR and Acronis all help to protect. Going back over the last 4 or 5 years the only 2 that I have used all the time are the Netgear and Acronis.
    As Acronis stops nothing but just gets me out of jail I have to conclude that
    the Netgear alone plus my surfing habits is in reality sufficient - the rest just add a bit without slowing things down.

    I had hoped to add sanboxie but will have to get used to the initial delay problem - perhaps if I try it on a faster machine then I will agree that Reurnil + Sanboxie is a good combo ?
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    In Firefox: Yes.
    In security apps: It depends on the user behind them.
    A bit of paranoia is fine, but with the proper measures you can connect to the Internet safely.
     
  20. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Faster machine? I´m running them on an old P3 1Ghz...Not a sign of slowing down...
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Each browser, including Firefox, is a swiss cheese, full of security holes, waiting to be discovered by the bad guys. That's why these browsers are patched all the time.
    It's not only browsers, all softwares are vulnerable, including security softwares.
    If a software isn't attacked yet, it's because it wasn't a target yet.
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I like Returnil then DefenseWall protection on. If I want to try some new software I have a FDISR test snapshot to run it in. I use Firefox with NoScript. I did have both computers connected to a router but my wife plays Yahoo spades and it kept throwing her out. She would lose 50 points each time. I just bought a new router so I may try running through it.
     
  23. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Get not too paranoid Erik,it will pale the joy of your computer experience !
     
  24. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    The slowness I'm taking about is the initial start of Firefox or IE - it takes several seconds longer to load the home page. After that the speed is quite normal. I have read elsewhere that this is normal that this is the way that Sandboxie works - it takes a few seconds extra to start a program in the sandbox compared to the normal way.

    Even with this slowness I think I'll keep it for general surfing. I use Roboform 95% of the time which it appears can be left to work as normal.
    .
     
  25. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    - NoScript reduces the window of vulnerability to almost zero.
    - The folks at Mozilla are fast at patching holes. They usually patch the bugs before any PoC is released.

    What will you do when a bug is discovered in FD-ISR and the freeze storage can be tampered? Or a hole in AE which bypasses its execution control? Will you feel naked?
     
Loading...
Thread Status:
Not open for further replies.