Returnil & sandboxie freeware

Ive been useing this combo for awhile, and havent found any malware able to bypass up till now. So why do you need a antivirus, hipps, bb, firewall, etc?

 

There is no reason IMO. Many people on this forum are very insecure with their browsing habits,and by pileing on the security software programs,somehow it's gives them a piece of mind while they sleep @ night I guess.

I myself ran this setup a year or so ago,and never had any problems with malware,etc.

 

How do you check for malware? Guess or via antivirus? You surely need something to ensure none of known nasty slip your setup, while your combo (Returnil & sandboxie freeware) will ensure that unknown/0-day threads are trapped in it.

 

Set contents to auto delete on browser exit,done. No need for an av on a setup like this. Dont believe me? I've got this same setup on a 62 year old's grampa's computer for the last 5 years. The only thing he's had trouble with,is catching enough fish during fishing season.

 

Im sorry, i have been scanning with malwarebytes, sas, hitman, a2, and mse with not even a tracking cookie to be found.

 

I also use Sandboxie and Shadow Defender (although rarely simultaneously). I agree an antivirus is really not needed with your setup (I do use one though, because I'd like to know if malware is running on my system). An AV is also useful to check your outgoing mail, lots of people may be infected until their next reboot, but their computer meanwhile is broadcasting malware to their friends. Finally if you wish to retain something from the shadow session or from the sandbox, how are you going to know if the download is clean or not?

A firewall is IMO necessary to stealth your computer ports and to check if anything is trying to connect to the Internet (although Sandboxie can be configured to allow only some applications to connect to the Internet.

 

I do not wish to debate the usefulness of an antivirus, behavior blocker, hips, etc., but I could assume you're saying that snapshot and/or isolation tools are completely foolproof?

IMO, that would be quite an assumption, considering they are applications, and as happens with every other application, they also have bugs.

That only means that the approach you're following as been working so far, or that those tools cannot detect anything, because they simply can't. They will never be able to detect all existing malware.

Maybe an approach you should follow just in case? If it has been working for you, that is.

Personally, unless I verify xyz file with anti-malware apps, I won't be able to to rest assured that the files I sent to someone via e-mail were clean, if even they're not! I can always swear my antivirus reported it clean, so not truly my fault!

 

m00nbl00d, Sandboxie is not just any application. A hardened Sandbox
is all I need for my system to stay clean but I use a AV real time to scan
files as they are recovered to my hard drive and like the dummy, nothing
has gotten thru. I use windows firewall and if you ever get to use SBIE
and use it for a while, you ll know what I mean.

Bo

 

There is an old saying that comes to mind after reading this thread.
'Never say never,'
I never had any trouble with a virus until I got nailed by one. That was many years ago and I lost everything I had on that pc. Hard lesson.
I rely heavily on Sandboxie. I love it. And I'm buying a lifetime license for my daughter.
But I still use MSE and Prevx. It doesn't hurt my performance at all and it gives more of a 'sense' of being secure.
Hugger

 

Setup Sandboxie correctly,you wont have any issue.

Computer security isnt rocket science,keep it simple!

 

returnil2008 + sandboxie no antivirus works very well for me too

 

How does SBIE perform vs. keyloggers and web born password stealers? Also, if malware, say a keylogger for instance, is running while in a sandbox can it still steal input data- at least until reboot or the sandbox is flushed?

 

i am using sb+eaz fix for some years , use ONLY OD scan time to time

 

I believe it depends on what you are doing. If one is working with sensitive data they may need the extra layer of security. Some may not. I believe its really important to minimize your time of exposure to a threat. Even if one has something like SD or Returnil that does not stop your data from leaking until the next reboot. Sandboxie can prevent the infection, but nothing is fullproof. I have sandboxie, but i prefer an AE with SD or Returnil.

 

You can restrict what is allowed to run in the sandbox (you name the programs allowed to run) and you can name the programs that can access the Internet, and you can also run the sandbox without admin rights. A keylogger must be allowed to run in the first place, then it needs access to the Internet, both actions denied by Sandboxie properly configured.

 

Sorry, when I wrote my previous post, I had no mentions to disdain Sandboxie. It's a great application and the author is a great developer!

But, isn't Sandboxie also just an application, and the programmer (Ronen Tzur, I believe it's the real name; I haven't checked ) as the human he is, make mistakes in his coding, like every other programmer does, and that mistake mean a vulnerability in Sandboxie, that in turn malware can bypass?

I'm not saying it is happening, or that it will happen, but isn't there always, at least, 1% of chance it may happen? I always have in mind this 1% of chance things may happen.

It's just me saying how I like to see it; not the final word for everyone.

 

But, the thing is, IMO:

You have an isolation application - Sandboxie. Then again, you have a rollback application - Returnil.

What does that tell me, IMO? You have no trust in Sandboxie, and that's why you also make use of Returnil. Or, you don't fully trust Returnil, and that's why you make use of Sandboxie as well.

Other people, use Sandboxie plus an antivirus or hips, or even behavior blocker, applocker, srp... Anything they feel will add the security they feel they need.

You use those two apps, because you feel is all you need to be secure, isn't it?


Regards

 

I thought I had read that there are web born password stealers (able to log key strokes, steal clipboard data, etc) that are not installed onto a pc but are on the web only- maybe some sort of cookie or 3rd party infected ad?

If so then how does a sandbox type program protect against that sort of threat?

 

Wonderful thread. I am about to prepare two laptops to be used by relatives in country outside of USA where I am. Would like to set up the simplest security that would allow them to freely use machine without much user intervention involved. I use Shasow Defender but am afraid to buy more licenses now that Tony is missing. Have thought of using Returnil Free but what version - I liked 2008 version for simplicity, but what do you recommend?

Also, running SBIE free, Boost, you mentioned configuring it and you would eliminate problems with malware. What do you and others recommend for settings? Thanks again. for your help in this. It is timely for me.

I will be running Windows 7 x64 Home Premium on these 2 laptops and making a separate data partition for documents and other files.

Gary

 

You can still buy liscenses for Shadow Defender, A few people have done it with no issues.

I ran Returnil 2008 free version,never had any issues,problems. I used it mainly for trying out new programs that didnt need a reboot,and getting rid of internet junk,temp files,etc.

Far as configuring sandboxie,the only thing I ever setup was,deleting all contents when browser was closed,and saving bookmarks,otherwise it was as installed .

I banked online,shopped online,and surfed online with no issues,period. Virtualization is a simple concept,you just need to learn how to use it.

 

Thanks. One more concern if I use SD for them which I might, how should I instruct them on the Windows 7 updates? I guess set updates off and then have them simply take C out of shadow mode and then update Windows every so often? Otherwise, run Windows partition shadowed with SD and SBIE free set as you mentioned?


Also, have thought of installing K9 Protect to limit browsing possibly dangerous and other unwanted sites? Do you think there would be any conflicts running K9 with SBIE and thanks.

Gary

 

Interesting thread indeed, which has got me thinking. In reality, a properly configured and utilised Sandboxie is all you need to stay safe. Everything else is superfluous and only needed:

1. To make you feel more secure and sleep at night
2. In case of user error, i.e. accidental install of malware

If I were brave enough I would run with Sandboxie alone.

 

What I did was,disabled SD,applied windows update,then enabled SD. As for k9,I have not used it,so cannot comment on it.I do know,there's alotta people running SB with SD with no issues on these forums and they have no problems.

That older gentleman I was talking about earlier,he applied his windows updates the first of every month,then enabled Returnil fulltime once again.Then he gets ready,weather permiting,grabs his fishing pole and out on the boat he goes!

 

i use both because they work well together when i can't deleat sandboxie contents [reg hive busy] restart deletes the whole sandbox

 

Thats how I see it and how I do it. Nothing gets thru unless is recovered
by me. Then MSE scans it.

Bo