Runsafe By GetaData ???

Discussion in 'other anti-malware software' started by SPEEDY6128, Mar 14, 2006.

Thread Status:
Not open for further replies.
  1. SPEEDY6128

    SPEEDY6128 Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    101
    Does Runsafe do the same as Sandboxie ?

    Is Runsafe classed as a Virtual Sandbox app ?

    Many thanks
     
  2. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    RunSafe is more like DropMyRights, reducing any app's privileges to user when you're logged as admin.

    It does offer few more features than DMR, too : you're prompted when the "runsafed" app is launching another one (with a "remember" mode), which you can refuse, etc. And you can send a program to the runsafe mode with just an icon drag-and-drop from desktop :) .

    Hopefully someone else will tell more about it's features, I don't remember everything.

    Cheers,
    nicM
     
  3. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
  4. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
  5. SPEEDY6128

    SPEEDY6128 Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    101
    I suppose what the question should of been.

    Is there any point in running my Firefox within Sandboxie which itself would load within Runsafe. I've tried it and as Sandboxie is configured to boot Firefox when i click my Sandboxie Desktop Icon, its just a case of placing my sandboxie Icon in Runsurf as if I was just to place my Firefox Desktop icon it in. I've not noticed any performance hit when trying this, and everything seems to go ok. But underneath it all it might actually be doing more harm than good in terms of providing me extra security. Just like when you run two software firewalls, they may look like they get along together but underneath it all, it could be offering less protection.

    I'd like to hear your thoughts on the matter guys, if you wound'nt mind that is ?
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I don´t see any problems with it but it´s not really necessary. Running in non-admin mode will strip apps from certain rights and running apps in a sandbox will deny malware the chance to see the real registry and file system so sandboxing is always safer. ;)
     
  7. SPEEDY6128

    SPEEDY6128 Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    101
    Thnaks for that mate ;)
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    RunSafe adds some additional process control, like prompting you to allow or deny spawning other processes and downloads from your browser. I don't know what all else, but I'm sure it's not limited to that. It also works a little differently than DropMyRights, making it a little more reliable in some ways. So as to whether it's worth getting over DropMyRights, it definitely does more and adds some additional convenience. Chances are that it would also work just fine with another kind of sandboxing app if you really wanted to, but this is a sandbox itself.

    Plus, if you're only going to use it for a couple apps, it will work with up to three for free. You only have to pay if you want to protect more than that.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    From the info on the page I get the impression that it´s doing the exact same thing as DropMyRights, namely running apps in non-admin mode so I wouldn´t call it a sandbox. Also, if it can restrict process spawning it´s a nice extra but the child processes from apps running in non-admin mode will normally also run with limited rights AFAIK. ;)
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Erm, except that it.. does more.. than DropMyRights...
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes if it can control process spawing it certainly does more, however like I said before, from all the info on their site I don´t get the impression that it´s a highly advanced sandbox, but perhaps you know more? o_O
     
  12. SPEEDY6128

    SPEEDY6128 Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    101
    many thanks for all your replies ;) ;) ;) ;)
     
  13. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    What is your definition of "a highly advanced sandbox" ?
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    ^^^^

    With that I mean apps like BufferZone, Sandboxie and Defensewall for example.
     
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I think the difference you're thinking of is virtualization, which is a separate thing. A sandbox runs processes in a protected space, not allowing it to make changes to the system that may be damaging. Virtualization creates a whole virtual environment within the sandbox, that is separate from the host system.
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    What do those do, that make them 'advanced sandboxes'? :)

    [Bquote]
    I think the difference you're thinking of is virtualization, which is a separate thing. A sandbox runs processes in a protected space, not allowing it to make changes to the system that may be damaging. Virtualization creates a whole virtual environment within the sandbox, that is separate from the host system.
    [/bquote]

    So virtulization gives more flexibility to do dangerous things?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    The reason why I wouldn´t call RunSafe a sandbox is because it´s basically DropMyRights + Process Spawning Control (PSC). HIPS like ZA Pro and SSM also have the PSC feature. So without RunSafe I´m currently just as safe.

    And like I said before, with tools like BufferZone and Defensewall, you should normally be safer since they restrict apps even more plus running in non-admin mode will probably not always save your ass. But I´m not saying it´s a useless tool, the concept is nice but on my machine it´s not working smootly, plus what´s up with the GUI? It´s very unhandy if I have to keep launching my apps from the RunSafe window. :thumbd:
     
  18. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Hmm You earlier said you wouldn't call Runsafe an *advanced* sandbox, which implies it is a sandbox, just not an advanced one. Now you are saying it's not even a sandbox?

    Because you don't need those features, you wouldn't call Runsafe a sandbox?
    :)

    I guess the question is what restrictions does defensewall do that non admin mode + process spawning doesn't? Any answers are appreciated by those in the know.

    Thanks.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    What I´m trying to say is that personally I don´t see RunSafe as a sandbox, because a true sandbox will restrict apps from seeing the real registry and file system. I don´t see how I can explain it any better. ;)
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    That's virtualization, though. All virtual machines are sandboxes, but not the other way around.
     
  21. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yup, Notok is right. There are sandbox HIPS with virtualization and without it. Virtualization MAY give you an additional protection layer, but is is not for the regular users- there are a lot of the problems with virtualized file system for them (espesially when they uninstall/disable defense). As about RunSafe- the thing is that "restricted user account" is not very good idea to rely on it only- there are some ways to bypass it. Also, if this tool restrict process spawning, it is not good idea too. If you see e-mail link within web page and click it- you will be very dissapointed when your e-mail client won't start!
     
  22. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Of course Notok is right. :)
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Ok I guess it´s a matter of definations then. But at the moment I´m running about 25 apps in non-admin mode (Software Restriction Policy) plus ZA Pro is taking care of Process Spawning. Then how would you call this? Is the SRP feature in XP also a sandbox?
     
    Last edited: Mar 22, 2006
Thread Status:
Not open for further replies.