Running lower rights or Sandboxie - safest ?

Discussion in 'other security issues & news' started by pb1, Apr 30, 2014.

Thread Status:
Not open for further replies.
  1. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    Hi

    That is the question for me - running IE 11 - and only that - with lower rights with the help of Process explorer or running it with Sandboxie for increased security . To you who may answer - please do evaluate it a little bit since i am a novice in the question on hand .

    I would very much appreciate a good answer according to the above !
     
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Hello pb1:

    Run another browser (not IE11), with the lowest rights, in a sandbox. Simple!

    You're on the right track though.

    My 2 cents.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    If you're running Win7 or Win8, IE is already running with low rights. You can add additional layer and secure your browser with Sandboxie. That way any intrusion that would try to exploit IE will have to escape SBIE also. SBIE would probably stop recent IE zero day if configured correctly.
     
  4. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden

    And 2 cents it was ;) - :) since , i do not want to run another browser and secondly it is overkill for my situation i just need some basic security and hopefully in a simple way so i am leaning towards lower rights but if it comes to it i am of course willing to use Sandboxie instead but as i said before i do not know how to evaluate the choice properly . My info right now tells me that lower rights seldom gets infected but Sandboxie can due to new malware constructions even if that is not usual but , yeah - there it is right now .
     
  5. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden

    Is that so - already running with lower rights in W7 as i have - are you shure ?...where can i find a confirmation on that if that is a fact then it would be nice !
    That would mean that running it with Process explorer is redundant and i do not have to run anything extra at all since i already have the protection i want , yes ?[/QUOTE]

    Maybe i should say that i am always running as admin but maybe that does not mean anything in regard to what you said about IE running in lower rights natively .
     
    Last edited: Apr 30, 2014
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    You can run Process Explorer and check out integrity level of IE:
    upload_2014-4-30_12-13-53.png

    If you're logged in as administrator, you should have UAC turned on (I have it set on max) so you will get notification if IE is trying to elevate rights.
     
  7. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    That is one reason for my posting here - i do not get the info about IE`s rights status as you have in the picture above even though i installed P.e yesterday so it is the latest version - after the word "company name" it is totaly blank on the rest of the line . Change to another version or what ?
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    Run File - Show details from all processes.
     
  9. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    Okej , i`ve got it , thanks .

    So lower rights is a running fact then i am back to my basic question which is - is it really that much difference in security between lower rights in IE and Sandboxie when it comes to the pure protection of the browser and nothing else . If so - why and how ?
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    For pure protection of browser I would suggest you tu use Emet or some other mitigation software that can protect against some exploits. For protection of system Sandboxie will give you additional (extended) protection than IE itself.
     
  11. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    Can you elaborate the second meaning in the text above about the difference in security according to my question in post # 9 ?

    By the way - EMET is good protection but is way overkill for me because i am a low risk surfer .
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    If you want to protect IE process only, you can use EMET - it will protect browser's process from some vulnerabilities. If successful, exploits against IE will fail. Should exploit manage to bypass or break EMET's protection you need something else to protect OS from exploited browser. That's where SBIE can help. It will sandbox vulnerable application and prevent it from harming your system. It's another layer of defence. If you are not risky surfer and don't think that you need EMET, then you might not need SBIE also.
     
  13. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    It stood between S-boxie and EMET a long time ago but then i choosed Sb and bought a license but now i am tired of all this clicking and moving things around so i think i will try out EMET . Is there anything special to think about regarding it - configuration e.t.c ?
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    I know that it comes installed with pre-configured settings for popular software that you can use to set it up. I personally didn't use it for some time now and can't give you any special advice about latest version.
     
  15. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden
    Okej , so i will look to the net to find some answers .

    Thank you for your effort and interest !
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,085
    You're welcome! :)

    P.S.: there are users on this forum that know EMET very well. Some of them might come along and give you some advice.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    The way that I look at it:

    THE major feature of SBIE = virtualization.

    So in theory, SBIE should keep your system safe (or clean), even when malware succeeds to bypass the lower rights protection. :)
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    What do you mean by clicking and moving things around? If you mean, recovering files out of the sandbox, then you can set your downloads to bypass sandboxing so they go straight into your Download folder as they are downloaded, it would be like if you were not using Sandboxie and you would not have to recover anything.

    If you like to try this out, set Direct file access to your download folder in your browser sandbox. Sandbox settings>Resource access>File access>Direct access, navigate and add your download folder.

    Bo
     
  19. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden

    Hi Bo

    Okej , thank you - i did not know that one , havent i`ve been the ignorant one .

    I have EMET now and if i also would have S-boxie i will be so protected that it will be ridiculous , but i will probably try it out just for fun . IE 11 with all it`s protection activated , EMET and S-boxie , man that`s what i call a first layer of defence :D , it will be a small wonder if i will get infected then .
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Pb1, since you have a license, you can set things up with Sandboxie in a way in which it would feel like you are not using SBIE. I prefer to recover files manually out of the sandbox but 99% of everything else that I use Sandboxie for, is done automatically. No thinking is required to get files and programs sandboxed when you have a license, like you do.

    Bo
     
  21. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    343
    Location:
    sweden

    Bo

    I installed Sb with my native language and could not follow your directions due to bad translation - it is a sort of swedish/english mix , so i un/reinstalled to the english version and then it got fixed - then un/reinstalled again :p . Running smooth with several test downloads . Since it does not affect my start up time which went by the boards totally with the installation of Farstone restore it some days ago i will probably keep Sb . EMET - and Sb , man do i feel safe .
     
Loading...
Thread Status:
Not open for further replies.