SafeSpace Is The Bees Knees

Discussion in 'sandboxing & virtualization' started by TerryWood, Dec 5, 2007.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi All

    I tried SafeSpace when it first came out, my first impressions were, circa 100mb download, no thank you. To be fair 90 mb of this is the.NET2 download which Windows XP does not include. Vista does.

    I sort of lapsed in and out of SafeSpace and Sandboxie in the period up to now.

    Having spent considerable time with SafeSpace I advance my views of SafeSpace.

    The Good

    1) A very attractive relatively simple interface. Once you understand the terminology simple to use. More or less set & forget. I think not for fiddlers or technophobes.

    2) Not Just sandbox virtualisation but also incorporates upto date keylogger protection (I can confirm this from personal experience)

    3) Low rights protection similar to DropMyRights, all in one package

    4) The best support I have experienced from any software outfit - ever, paid or unpaid. In short fantastic. Kris is the best advert for this product. One to one emails within minutes.

    No I am NOT A COMPANY EMPLOYEE NOR AN INVESTOR NOR DO I HAVE ANY PECUNIARY INTEREST WHATSOEVER other than I say what I believe about any product good or bad.

    5) Its FREE!!! (For Now)

    The Not So Good

    1) A very slight slowdown in performance when virtualised relative to other products.

    2) Forgetting .NET 2, the download @ 10mb is hefty (compared with Sandboxie) but look at the user interface!

    3) It is not possible to clear the sandbox automatically when say Opera closes. It has to be done manually. This will be addressed in future releases I understand.

    4) You can only give Full Control on a folder basis. The impact of this means that if you want Firefox Bookmarks to be retained in your real folders you have to "expose" the whole of Firefox Profile, which is not entirely secure. Again this will be addressed in future releases.

    Overall. it is a very rounded product with a high level of protection and compatibility with KeyScrambler,apart from KeyLogger Protection in its own right. I have overcome all my reservations and I am now using it as my mainstream Browser/email protectionsoftware

    Terry
     
  2. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Yep, been using it now since the last release a couple of weeks ago and I love it. I'm actually using it instead of SandboxIE at the moment. Slight slowdown at times, but I can live with that. I'm looking forward to future releases and improvements, but yes, this seems a great program. :thumb:
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Does it protect other partitions also, like a partition dedicated to your personal data ?
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I agree, it does seem to be a quite powerful product which gives you good protection against malware trying to infect your "real" machine. The protection against keyloggers is a nice extra.

    But the problem for me is the overhead, it feels too heavy, even when no other realtime security tools are running. Sandboxie feels lighter, but still, I also don´t use it as a realtime protection tool because it delays the startup time of apps, even when it´s only seconds, it´s very annoying to me.

    But these sandbox HIPS tools are the future, there´s no doubt about that. To me, the ideal HIPS would be a mix between sandbox HIPS and a behavioral blocker. What if you could run a tool in the sandbox and could see exactly what it´s trying to do (what is blocked)? Currently, you will have to run tools on your real machine before the behavioral blocker steps in, this is a bit risky.
     
    Last edited: Dec 5, 2007
  5. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    No, ErikAlbert, not in the way that PowerShadow does (that I am aware of, anyway). You can select folders and files to protect in different ways by making them read only, virtual or completely private.

    It reminds me of DefenseWall a little, but you need to configure SafeSpace a bit more. Personally, I really like it and it 'feels' very secure. I've read some posts here with users testing it against keyloggers, etc, and it seems to cope well.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. Thanks. Sandboxie (sandboxed) and DefenseWall (untrusted) can protect another partition and both passed Peter's destructive tests. Locking harddisks doesn't seem to be very reliable.
    Well, I still have room for one more security software, maybe SafeSpace is the one, if it is able to stop the execution of malware.
     
  7. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Hi ErikAlbert.

    By default, SafeSpace treats all folders on all partitions as private, so no matter where you store your personal data files, isolated applications will not be allowed to read them.

    SafeSpace can easily be configured to allow limited, full or virtual access to specific folders.

    Best regards,

    Kris.

    Artificial Dynamics.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    So "no reading", does that also means "no writing" and "no stealing" ?
     
  9. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    'Private' means that private files cannot be read, modified, copied, deleted or moved, so no stealing.

    'Read only' means that private files can be read and copied, but not modified, moved or deleted.

    Sandboxed applications are still able to create *new* files in these area's, and these files are highlighted with a red border - we call them 'tracked' files.

    Tracked files can only open back inside SafeSpace, as the contents are untrusted. Tracked files cannot be opened by an unsandboxed application.

    This protection can be removed if you are happy that the file is trustworthy, by right clicking it and deselecting 'Enable SafeSpace Protection'.

    The benefit of all this is that you can continue to download/save files and documents to the same place you always have, whilst keeping the secure segregation between untrusted files from the internet and files you want to keep safe.

    Best regards,

    Kris.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    Kris,

    Along these lines, how do we go about updating plugins like Adobe Flash? At the moment on my Vista 32 bit system the flash installation fails because it cannot write to subfolders inside C:\Windows (the browser is NOT running in SafeSpace). On the SafeSpace console privacy tab the Windows folder (and all subfolders) are "Virtual and Locked". Is this what is preventing the Flash installation? If so how do we work around it?

    Victek123
     
  11. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Hi Victek.

    The only behaviour control SafeSpace enforces on native applications is stopping them from opening tagged files. Considering your issue is in C:\Windows (which is virtualized, and so won't have any tagged files), this is not relevant.

    Do you have UAC enabled? Installations should elevate, but maybe it is not being triggered. Also, Vista runs IE in protected mode by default, which uses built-in integrity levels to limit where it can write to. Again, this *should* elevate during an install, but it may not be. Try running Internet Explorer in Admin mode to see if this resolves your issue.

    For the record, the 'Locked' status in the SafeSpace configuration only means that those settings cannot be removed in the console, as they are critical to application stability.

    If you have no luck with my suggestion, please contact me at support@artificialdynamics.com and we can investigate it further.

    Best regards,

    Kris.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    Thanks for the suggestions. Running IE as Administrator and outside of SS did the trick.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Btw, I have a question, right now SafeSpace is clearly meant as an "anti zero day" app, protecting vulnerable tools from attacks, but is it possible to make it more like Sandboxie? So that we will actually be able to install tools in the sandbox?
     
  14. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Same question.
     
  15. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Does SafeSpace need to be rebooted or is it like Sandboxie which does not need rebooting?

    Thanks,
    Acadia
     
  16. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Hi Acadia.

    If you are referring to installation, SafeSpace requires a reboot.
    If you are referring to cleaning the sandbox, then SafeSpace does not need a reboot.

    Best regards,

    Kris.
     
    Last edited: Dec 18, 2007
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Tidyup, thank you.

    Acadia
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I´ve checked out the latest version of SS and was a bit disappointed. Would be nice if the GUI remembered its window size, and if you could turn the annoying border off. Why not just put some icon or some symbol in the titlebar like (GeSwall/Sandboxie)? But worst of all, it takes about 15 seconds to load the main GUI, completely unacceptable! What I did like was the quick startup time of sandboxed apps, it seems to be quicker than Sandboxie.

    No answer means, it´s not going to happen, or perhaps it will be a surprise?

    I still don´t know what "Bees Knees" means. :)
     
    Last edited: Dec 19, 2007
  19. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    To Rasheed 187

    "Bees Knees" An expression common in the UK to "silver surfers". I would have thought from the tone of my original post you could have hazarded a reasonable guess as to its meaning. However....

    ITS GREAT

    Terry
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes of course, I knew it was something positive, I´m not that stupid. :D
     
  21. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Actually I thought you meant Safe Space was the Ants Pants:)
     
  22. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    I'm not totally clear about the commands with Safespace.

    When I download something that comes from an isolated web browser, that software is also isloated. If I extract the archive, where does the file go?

    How do I save something from being purged but would also have restricted rights?
     
    Last edited: Dec 30, 2007
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    When you download a file in SafeSpace the file will be stored in your default location. It will not disappear when you purge the virtual space. However, the file by default will be protected by SafeSpace. When you run or open the file SafeSpace will virtualize the environment that the file runs in. For instance, if you have a PDF that is being protected by SS then when you open it the copy of Acrobat Reader will also be protected by SS. AFAIK SS doesn't support installing applications in virtual space, though. For that you need something like MS Virtual PC2007. When you want to install an application that was downloaded by a browser in SafeSpace you need to remove SafeSpace protection from the executable first (of course you want to make sure the file is free of malware). Hope this helps.
     
  24. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    Good to see another Safespace user here. I am a regular user of Sandboxie and look forward to trying this new software.

    If I download a .rar archive using Firefox that is protected by Safespace, the file will go where I normally send downloaded files. However, when I extract the .rar archive, the resulting file doesn't appear in the same place. In fact, I can't find the extracted file anywhere. The same thing happens in Sandboxie. However, I do know that Sandboxie stores its virtualized files in
    c:\sandbox so that isn't a problem in finding things. Sandboxie also has an option to "explore contents" in the sandbox. The majority of files I download are in .rar archive so this is a important factor for me to consider.
     
  25. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    The more simple way to deal with compressed files in Sandboxie is to save the file (I always use the desktop), then unzip it. My first couple downloads of compressed files disappeared until I realized this was easier.
     
Thread Status:
Not open for further replies.