Returnil & sandboxie freeware

Discussion in 'sandboxing & virtualization' started by the dummy, Nov 26, 2010.

Thread Status:
Not open for further replies.
  1. the dummy

    the dummy Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    71
    Ive been useing this combo for awhile, and havent found any malware able to bypass up till now. So why do you need a antivirus, hipps, bb, firewall, etc?
     
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    There is no reason IMO. Many people on this forum are very insecure with their browsing habits,and by pileing on the security software programs,somehow it's gives them a piece of mind while they sleep @ night I guess.

    I myself ran this setup a year or so ago,and never had any problems with malware,etc.:thumb:
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    How do you check for malware? Guess or via antivirus? You surely need something to ensure none of known nasty slip your setup, while your combo (Returnil & sandboxie freeware) will ensure that unknown/0-day threads are trapped in it.
     
  4. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Set contents to auto delete on browser exit,done. No need for an av on a setup like this. Dont believe me? I've got this same setup on a 62 year old's grampa's computer for the last 5 years. The only thing he's had trouble with,is catching enough fish during fishing season.
     
  5. the dummy

    the dummy Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    71
    Im sorry, i have been scanning with malwarebytes, sas, hitman, a2, and mse with not even a tracking cookie to be found.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I also use Sandboxie and Shadow Defender (although rarely simultaneously). I agree an antivirus is really not needed with your setup (I do use one though, because I'd like to know if malware is running on my system). An AV is also useful to check your outgoing mail, lots of people may be infected until their next reboot, but their computer meanwhile is broadcasting malware to their friends. Finally if you wish to retain something from the shadow session or from the sandbox, how are you going to know if the download is clean or not?

    A firewall is IMO necessary to stealth your computer ports and to check if anything is trying to connect to the Internet (although Sandboxie can be configured to allow only some applications to connect to the Internet.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I do not wish to debate the usefulness of an antivirus, behavior blocker, hips, etc., but I could assume you're saying that snapshot and/or isolation tools are completely foolproof?

    IMO, that would be quite an assumption, considering they are applications, and as happens with every other application, they also have bugs.

    That only means that the approach you're following as been working so far, or that those tools cannot detect anything, because they simply can't. They will never be able to detect all existing malware.

    Maybe an approach you should follow just in case? If it has been working for you, that is.

    Personally, unless I verify xyz file with anti-malware apps, I won't be able to to rest assured that the files I sent to someone via e-mail were clean, if even they're not! I can always swear my antivirus reported it clean, so not truly my fault! :D
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    m00nbl00d, Sandboxie is not just any application. A hardened Sandbox
    is all I need for my system to stay clean but I use a AV real time to scan
    files as they are recovered to my hard drive and like the dummy, nothing
    has gotten thru. I use windows firewall and if you ever get to use SBIE
    and use it for a while, you ll know what I mean.

    Bo
     
  9. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    There is an old saying that comes to mind after reading this thread.
    'Never say never,'
    I never had any trouble with a virus until I got nailed by one. That was many years ago and I lost everything I had on that pc. Hard lesson.
    I rely heavily on Sandboxie. I love it. And I'm buying a lifetime license for my daughter.
    But I still use MSE and Prevx. It doesn't hurt my performance at all and it gives more of a 'sense' of being secure.
    Hugger
     
  10. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Setup Sandboxie correctly,you wont have any issue.

    Computer security isnt rocket science,keep it simple!
     
  11. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    returnil2008 + sandboxie no antivirus works very well for me too :D
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    How does SBIE perform vs. keyloggers and web born password stealers? Also, if malware, say a keylogger for instance, is running while in a sandbox can it still steal input data- at least until reboot or the sandbox is flushed?
     
  13. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    i am using sb+eaz fix for some years , use ONLY OD scan time to time :)
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I believe it depends on what you are doing. If one is working with sensitive data they may need the extra layer of security. Some may not. I believe its really important to minimize your time of exposure to a threat. Even if one has something like SD or Returnil that does not stop your data from leaking until the next reboot. Sandboxie can prevent the infection, but nothing is fullproof. I have sandboxie, but i prefer an AE with SD or Returnil.
     
    Last edited: Nov 27, 2010
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    You can restrict what is allowed to run in the sandbox (you name the programs allowed to run) and you can name the programs that can access the Internet, and you can also run the sandbox without admin rights. A keylogger must be allowed to run in the first place, then it needs access to the Internet, both actions denied by Sandboxie properly configured.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Sorry, when I wrote my previous post, I had no mentions to disdain Sandboxie. It's a great application and the author is a great developer!

    But, isn't Sandboxie also just an application, and the programmer (Ronen Tzur, I believe it's the real name; I haven't checked :D) as the human he is, make mistakes in his coding, like every other programmer does, and that mistake mean a vulnerability in Sandboxie, that in turn malware can bypass?

    I'm not saying it is happening, or that it will happen, but isn't there always, at least, 1% of chance it may happen? I always have in mind this 1% of chance things may happen.

    It's just me saying how I like to see it; not the final word for everyone. :)
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    But, the thing is, IMO:

    You have an isolation application - Sandboxie. Then again, you have a rollback application - Returnil.

    What does that tell me, IMO? You have no trust in Sandboxie, and that's why you also make use of Returnil. Or, you don't fully trust Returnil, and that's why you make use of Sandboxie as well.

    Other people, use Sandboxie plus an antivirus or hips, or even behavior blocker, applocker, srp... Anything they feel will add the security they feel they need.

    You use those two apps, because you feel is all you need to be secure, isn't it?


    Regards
     
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I thought I had read that there are web born password stealers (able to log key strokes, steal clipboard data, etc) that are not installed onto a pc but are on the web only- maybe some sort of cookie or 3rd party infected ad?

    If so then how does a sandbox type program protect against that sort of threat?
     
  19. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    977
    Location:
    Brooklyn, USA
    Wonderful thread. I am about to prepare two laptops to be used by relatives in country outside of USA where I am. Would like to set up the simplest security that would allow them to freely use machine without much user intervention involved. I use Shasow Defender but am afraid to buy more licenses now that Tony is missing. Have thought of using Returnil Free but what version - I liked 2008 version for simplicity, but what do you recommend?

    Also, running SBIE free, Boost, you mentioned configuring it and you would eliminate problems with malware. What do you and others recommend for settings? Thanks again. for your help in this. It is timely for me.

    I will be running Windows 7 x64 Home Premium on these 2 laptops and making a separate data partition for documents and other files.

    Gary
     
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    You can still buy liscenses for Shadow Defender, A few people have done it with no issues.

    I ran Returnil 2008 free version,never had any issues,problems. I used it mainly for trying out new programs that didnt need a reboot,and getting rid of internet junk,temp files,etc.

    Far as configuring sandboxie,the only thing I ever setup was,deleting all contents when browser was closed,and saving bookmarks,otherwise it was as installed :).

    I banked online,shopped online,and surfed online with no issues,period. Virtualization is a simple concept,you just need to learn how to use it.
     
  21. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    977
    Location:
    Brooklyn, USA
    Thanks. One more concern if I use SD for them which I might, how should I instruct them on the Windows 7 updates? I guess set updates off and then have them simply take C out of shadow mode and then update Windows every so often? Otherwise, run Windows partition shadowed with SD and SBIE free set as you mentioned?


    Also, have thought of installing K9 Protect to limit browsing possibly dangerous and other unwanted sites? Do you think there would be any conflicts running K9 with SBIE and thanks.

    Gary
     
  22. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Interesting thread indeed, which has got me thinking. In reality, a properly configured and utilised Sandboxie is all you need to stay safe. Everything else is superfluous and only needed:

    1. To make you feel more secure and sleep at night
    2. In case of user error, i.e. accidental install of malware

    If I were brave enough I would run with Sandboxie alone.
     
  23. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293

    What I did was,disabled SD,applied windows update,then enabled SD. As for k9,I have not used it,so cannot comment on it.I do know,there's alotta people running SB with SD with no issues on these forums ;) and they have no problems.

    That older gentleman I was talking about earlier,he applied his windows updates the first of every month,then enabled Returnil fulltime once again.Then he gets ready,weather permiting,grabs his fishing pole and out on the boat he goes! :argh: :D
     
  24. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    i use both because they work well together when i can't deleat sandboxie contents [reg hive busy] restart deletes the whole sandbox :D
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Thats how I see it and how I do it. Nothing gets thru unless is recovered
    by me. Then MSE scans it.

    Bo
     
Loading...
Thread Status:
Not open for further replies.