returnil+sandboxie,best virtual combo?

Well, been very pleased with returnil...Out of curiousity I also tested safespace,bufferzone pro which I could´nt get to work properly on my system...Decided to give SandboxIE 3.1 a chance and I must say this is impressive...No conflicts with a nice option to either lock system partiton for the session with returnil, either test apps by installing in sandbox and test for multiple sessions/longer time...This must be the ultimate...

 

Yep, that's my usual setup when not testing new wares.

You can also add these extra lines to Sandboxie's ini file that will stop all outbounds from within the sandboxed environment except for your browser.

Code:

ClosedFilePath=!firefox.exe,\Device\Afd*
ClosedFilePath=!firefox.exe,\Device\Tcp
ClosedFilePath=!firefox.exe,\Device\Udp
ClosedFilePath=!firefox.exe,\Device\RawIp

Replace firefox with the browser that you will run sandboxed.Such as iexplore, opera etc.

 

Thx for that...pls explain a little bit further...is´nt the sandboxed environment sandboxed?

 

I am not familiar with Sandboxie up until now,so my question is can it retain the changes after a reboot with some installs require.Also is Sandboxie independent to Returnil if they are both active. If i reboot to get out of Returnil what happen to Sandboxie,maybe dumb questions but i don't know much about these combo. Like you very pleased with Returnil.

 

No Sandboxie can't test apps that require a reboot or need to load drivers and or access the service control manager.

If you reboot from Returnil mode all changes are reverted including any made within the sandboxed environment.

Just running Returnil you can still pick up a malware which will require a reboot to be rid of but with Sandboxie all that's needed is simple delete contents of sandbox command to wipe any inet borne malware.

They compliment each other nicely.

A virtual machine is the better choice for testing apps that require a reboot with no possibility of interaction with the real system.MS Virtual PC 2007 is free and works fine here.
Sandboxie FAQ's

 

@Huupi:

For your info this is what I´ve done: I installed Onspeed 10 day trial with the setup in the sandbox for testing...the whole installation went to sandbox evironment...After reboot no signs of onspeed in program files but sandboxie has "open any program": there it was,so,I opened up onspeed in the sandbox,tried it a bit ,made a couple of reboots,all worked allright,then decided to delete the sandbox...Installation was gone...
Okey,then tested returnil as usual with the exemption that I took Sandboxie to exit...Why run both simultaneously?...Returnil´s session mode works perfect allright...

 

Yes it's sandboxed but it still doesn't stop outbounds from anything sandboxed with default settings

By adding those extra ini lines Sandboxie should just about stop any outbounds from the sandboxed environment which you can test at the link below.

Remember that with those extra ini settings not even your email program will be able to connect if ran sandboxed.
http://www.firewallleaktester.com/

If you have further questions on Sandboxie's workings please feel free to come over to Sandboxie's forum.
http://sandboxie.com/phpbb/

 

Appreciate it, Franklin...Configured as suggested, earlier with other above mentioned had problems with Admuncher, thought I had to do the same with admuncher.exe in .ini, but that stopped connection,....just the browsers and all runs fine...even admuncher works...Great!

 

Thanks Boys, These app makes for an almost invincible Combo !

 

Probably Franklin has more experience in this but nevertheless...
http://www.zshare.net/image/33281129aced5f/

 

Have just tried Sandboxie and found it irritatingly slow when used with either Firefox or IE7. Does it slow things down or am I just being unreasonably impatient. I like the Sandboxie idea but is there any alternative that I could use without noticing its there ?

 

I replaced SB with DefenseWall, which is so quiet, that you think it doesn't do anything. Even its log doesn't show anything remarkable. Maybe I don't surf too dangerous. If there was no icon in the system tray, I would forget I have it. Strange software.

 

That (and the use of Firefox) is why your scans come up clean.

Policy-based sandbox. Quiet and user-friendly (not noob-friendly )

 

You forgot the main one : my frozen snapshot keeps my computer clean.

 

With your surfing habits, Firefox and the security apps installed, there's no malware to clean

 

You seem to have alot of faith in Firefox and security softwares, I certainly don't.
Once my computer is connected to the internet, I consider my computer already as possible infected. I just assume it is clean and nothing can proof I'm clean.

 

Eric - I agree that nothing can prove that your machine or mine is clean but until evidence to the contrary is provided I proceed as though my machine is clean.
Although I have no security software running real time I do periodically install ( using Acronis or FD-ISR or deepFreeze, or Returnil to ensure that my machines are not loaded down with security permanently) security programs such as KAV, SuperAntispyware, NOD, Spybot, Ad aware.......... and NOTHING is EVER found more dangerous than a cookie.

Everyday my Netgear DG834 sends me an e-mail and every day it reports nothing bad - yes it could be broken.

In my opinion threats from the internet are greatly exaggerated - they do exist, of course they do - but to hear some talk you would imagine that the moment you plug in you are exposed and unless you install at least 7 programs that you will be infected within minutes if not seconds.

For me the best combo has to included a hardware firewall, an imaging program and a freeze program. Netgear plus Firefox, deepfreeze 6 or Returnil, and or FD-ISR and Acronis all help to protect. Going back over the last 4 or 5 years the only 2 that I have used all the time are the Netgear and Acronis.
As Acronis stops nothing but just gets me out of jail I have to conclude that
the Netgear alone plus my surfing habits is in reality sufficient - the rest just add a bit without slowing things down.

I had hoped to add sanboxie but will have to get used to the initial delay problem - perhaps if I try it on a faster machine then I will agree that Reurnil + Sanboxie is a good combo ?

 

In Firefox: Yes.
In security apps: It depends on the user behind them.

A bit of paranoia is fine, but with the proper measures you can connect to the Internet safely.

 

Faster machine? I´m running them on an old P3 1Ghz...Not a sign of slowing down...

 

Each browser, including Firefox, is a swiss cheese, full of security holes, waiting to be discovered by the bad guys. That's why these browsers are patched all the time.
It's not only browsers, all softwares are vulnerable, including security softwares.
If a software isn't attacked yet, it's because it wasn't a target yet.

 

I like Returnil then DefenseWall protection on. If I want to try some new software I have a FDISR test snapshot to run it in. I use Firefox with NoScript. I did have both computers connected to a router but my wife plays Yahoo spades and it kept throwing her out. She would lose 50 points each time. I just bought a new router so I may try running through it.

 

Get not too paranoid Erik,it will pale the joy of your computer experience !

 

The slowness I'm taking about is the initial start of Firefox or IE - it takes several seconds longer to load the home page. After that the speed is quite normal. I have read elsewhere that this is normal that this is the way that Sandboxie works - it takes a few seconds extra to start a program in the sandbox compared to the normal way.

Even with this slowness I think I'll keep it for general surfing. I use Roboform 95% of the time which it appears can be left to work as normal.
.

 

- NoScript reduces the window of vulnerability to almost zero.
- The folks at Mozilla are fast at patching holes. They usually patch the bugs before any PoC is released.

What will you do when a bug is discovered in FD-ISR and the freeze storage can be tampered? Or a hole in AE which bypasses its execution control? Will you feel naked?