SafeSpace- my impressions

Discussion in 'sandboxing & virtualization' started by aigle, Feb 1, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I have tried SafeSpace briefly. Overall seems good and it,s free so far.:thumb: :thumb:

    It need .NetFramework2 to install.:thumbd: ( I think it,s included in Vista by default?, if so the no rpoblems for Vista users). I have mainly relied on snapshots. To me it looked very similar to BufferZone( BZ), but has almost no performance issues than BZ.

    Use with EQS, CFP( FW mode only) and ShadowSurfer without issues.

    Install went without problems, was smooth. It needed a reboot. Tray icon is nice and so is the GUI. I realy liked it.:thumb:
     

    Attached Files:

  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It runs multiple pocesses that use quite a bit of memory but overall it,s acceptable.

    Did not notice any slow down in system but launch of application inside SS was a bit delayed( slower than GW, DW, SBIE - almost same like BZ).

    resource.jpg
    resource2.jpg
     
    Last edited: Feb 1, 2008
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Here are main features of GUI.

    privacy.jpg
    privacy2.jpg
    running appl.jpg
     
    Last edited: Feb 1, 2008
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Tested some nasty malware/ POCs( i will not write the details what these malware do as it has been known to many during discussions over here and i am soooo lazy to write)

    Prueba malware- Pass
    AKLT- all Pass
    File infector malware( blackday trojan)- Pass
    SDTRestore( physical memory access)- Pass
    SohandIM worm- Pass
    XP Killer trojan- Pass
    SSDT Unhoker rootkit( EZ) - Pass
    RegTest- not sure, it crashed explorer and f i launched explorer again, it recrashed but sustem was no rebooted.
    Bontok worm pass
    Worm Autoit- Pass
    Autostart reg enteries manipulation via Autoruns- Pass
    System Shut Down Simulator- Pass
    BZ Trojan test- Failed( test is buggy though so I can,t be sure).
     
    Last edited: Feb 2, 2008
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Bugs/ Problems:

    Unable to attach trusted file via Opera and IE in Hotmail
    Unable to upload trusted file to rapidshare and even over here at wilders, very irritating
    High CPU usage by isolated aplication when it tries to creat a file in a protected directory( see pic)
    I was nable to zip/ unzip an untrusted file via 7-zip

    bug.jpg
    hotmail.jpg
    rapidshare.jpg
    bug CPU use.jpg
     
    Last edited: Feb 1, 2008
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Needed features/ improvements

    Decrease in the delay of isolated application,s launch time
    A file explorer for created isolated files for recovery of needed files or analysis
    Ability to purge the registry only but not the files on session closure
    Separate manual purge option for registry and files
    Ability to kill isolated processes individually( selectively) via main console
    Optional notifications on high risks events like hook based keylogging, driver/ servic install, creation of execuatble/ rgistries in protected direstories( windows start up, System32 folder etc)
    Option to totally lock down system 32 folder for isolated aplications( read-only)- not sure f it,a alreday there by default
    Option to iolate CD rooms, USB and Floppy drives
    Network access control( default deny without popup) for isolated aplication except allowed for executables that need it like browsers, messengers etc but not their child procsses unless specified by aplication rules or globally in the main GUI
     

    Attached Files:

  7. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Nice review thanx.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Last edited: Feb 1, 2008
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It does has issues. During last 15 min of Wilder,s browsing via Opera in SafeSpace. I posted, uloaded pic, did search, serch in page, browsed in multiple tabs etc- all over here at Wilders. It,s not smooth. I get hangs down especially on USB mouse scrooling an serch in page while page loading etc.

    Not good feeling. Needs work!
     

    Attached Files:

  10. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Yes, FlashPlayer Webstream and other Media Players are a little bit hooking, too, high CPU spikes, but it works, I use it.
    Maybe next Version will be pefecter with purging Regkeys, because its a little bit fragmentation my Harddrive and my Defrag can't fix it, only after Reboot.
     
  11. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Hey aigle

    I've been using SafeSpace for a few months now and I love it. It does have a few issues, as you say. I find that it does, sometimes, slow down the initial startup of Firefox, and sometimes Firefox just doesn't even start at all.

    I don't have the hanging whilst browsing that you have experienced (although I rarely use Opera). I have also experienced the slight slowdown of applications opened inside SafeSpace, but it's bearable to me.

    Thanks you for the tests that you have done - I think SafeSpace could become a great application. They also show that it does a pretty decent job of isolating threats ran inside SafeSpace.

    I now use it instead of SandboxIE myself. I find it easier to configure than SandboxIE, too. There are some helpful threads on the official forum that could be worth a read for anyone starting to use this excellent app.
     
  12. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Thanks for the review aigle!

    Have you tested Sandboxie in a similar fashion against real malware, especially any keyloggers? How does SafeSpace compare to Sandboxie in terms of keylogger protection?
     
  13. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Sandboxie doesn't have keylogger detection I believe, but they do get removed once you clear the sandbox.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, there is an old thread of mine with all major sandboxes if I don,t forget.
    SBIE is not good againt stopping the keyloggers, it,s only major drawback!
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Regarding the CPU spikes and hanging issues, I think they are significant enough for me and I can,t use it ATM for daily browsing, atleast with Opera!

    I am using GW, very smooth indeed. Can,t say about SBIE and DW. Initial slow launch of applications is also an issue. I am too touchy in this regard. DW, GW, SBIE are very very good in this regard.
     
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    there is nothing to compare this safespace junk to SANBOXIE.

    sanboxie is is more advence... flexable stable ...etc....

    wize ppl choos sandboxie among all other

    cheers:thumb:
     
    Last edited: Feb 4, 2008
  17. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Sandboxie as freeware is nagware and you have a lot of more features with SafeSpace as freeware.
    Playing a little with some Media Players.
    GomPlayer was very slow at loading in SafeSpace, now I'm using MediaPlayerClassic. It runs very fast with only a little Start delay. I think its the better way to play with some apps, to find the best konfiguration.
     
  18. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Nice review, aigle. Your usual excellent job.

    The only fault I have with SafeSpace is its inability to allow full access to individual items within a folder instead of the whole folder. As far as the lag of sandboxed browsers opening...well, sometimes Sandboxie is real slow opening up a browser as well (at least in Vista).
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    SafeSpace is going to continue to evolve. But in the meantime SD works very well.
     
  20. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I like safespace a lot, though I initially had problems understanding the system because I was locked in the sandboxie view of things...

    The main problem so far I think is that it is still occasionally very heavy on resources, though this has improved a lot since the earliest release.
     
  21. Tadoussac

    Tadoussac Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    118
    Tresspasser said:
    I agree that this is a flaw.

    Also, on my system apps run inside SafeSpace were really slow and unresponsive. I think it's an attractive product; and I plan to try it again once they've ironed out some issues.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Nice job Aigle, I can only say that at the moment this app is not really an option for me, I´m sure that it does a good job in protecting apps, but look at all those (slowdown) problems. Plus it needs 10 seconds for the GUI to load, this is ridiculous. Strangely enough I found it to be faster than Sandboxie when it came to launching apps sandboxed.
     
    Last edited: Feb 3, 2008
  23. twofiftyfive

    twofiftyfive Registered Member

    Joined:
    Jan 23, 2008
    Posts:
    4
    Hi,

    Thanks to everyone for the feedback on SafeSpace, especially aigle for such a detailed review and we have noted the feature requests.

    All comments regarding SafeSpace are appreciated, as they ensure that we continue to improve the software.

    I'd like to respond to a few of the comments made:

    • Each system is unique and occasionally there are issues with performance with individual applications. With each release we attempt to improve the overall performance and all reported problems with performance are investigated thoroughly, and so we will be looking into the issues raised here. Most of our testing for web browsers is focused on Internet Explorer and Firefox, so we will look to carry out more detailed testing with Opera, in light of this post. We will also investigate the high CPU usage when saving a file to the windows directory.
    • With regard to the console, the original design decision to use .NET was to allow us to rapidly develop an attractive and feature-rich user interface. As .NET is an integral part of Windows Vista, it will become the standard for UI development in the future. From the feedback, I think we have achieved this goal, but we also appreciate the concerns. We acknowledge the memory footprint of the console is not small, but it’s comparable with other feature-rich UIs, and .NET uses a garbage collector to reclaim memory, as and when required by the operating system. The isolation engine does not use .Net, and therefore has a small footprint.
    • The problem with being unable to attach a trusted file is due to the privacy setting of the Desktop, which by default is ‘No Access’, to ensure that your private files can’t be read by spyware. This also prevents an application running inside SafeSpace, such as Opera, from accessing your private data. To upload files to an application running inside SafeSpace, you must either tag the file from the shell menu or have the folder protection level set to at least ‘Read Only’.
    • Attempting to run untrusted (tagged) applications from a native application (running outside SafeSpace) will be blocked, as this is part of SafeSpace's protection. We have provided a shell extension to allow the user to open/run an untrusted file from explorer by simply double clicking it or using the shell context menu.
    • The feature request to allow full access to files, is something that is available in the underlying engine, but we initially decided not to expose this feature in the User Interface. However since we have added the ‘Manage Exclusions’ advanced feature to the console, there is now a mechanism to allow you to do this. We will be posting a Knowledge Base article on the SafeSpace Forum in the very near future.
    • The protection level for the Windows folder and it's subfolders, including system32, is by default set to ‘Virtual’, which means that isolated applications can’t modify the OS system files. All modifications (creating new files, overwriting files, renaming files, deleting files etc) are virtualized and will be wiped clean when SafeSpace is purged.
    • For information, the two WAVEHOST.EXE processes are virtual services for RPCSS and DCOM, and are created on demand when the first application launches inside SafeSpace. They remain running, as the SafeSpace environment remains live until you purge, either manually or by logging off.
    And finally SafeSpace is always going to be free for personal use, so we hope you will continue to use it and we appreciate and encourage all constructive feedback.

    Regards,

    John
    Artificial Dynamics
     
  24. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Thank you for more testing Opera in the future !
    The scolling of big Web-Pages is one thing you could be make better, but please have a look at the Flashplayer Plugin, its not running perfect. The Videos have a "flicker" every 5 seconds.
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle

    Impressive impression. What I also like is the readiness of the developers to assist you with setup questions (there is a setting possible which nearly is as easy to use as GeSwall and DefenseWall), their open mind to improvement suggestions and the flexibility of the engine.

    It looks like SafeSpace is going to develop into a virtualisation tool which
    a) offers application based virtualisation (normal operations mode, the SandBoxIE like operation)
    b) offers a full/partition virtualisation (the strong protection setting, like PowerShadow)
    c) offers a GW/DW like protection by virtualisation of the most critical OS files (the light setting)

    With such improvements since first release and flexibility of the engine, it will deserve the choice/preference of more Wilders Members
     
Loading...
Thread Status:
Not open for further replies.