Discussion in 'sandboxing & virtualization' started by Minimalist, Sep 4, 2015.
Hi Minimalist, the guy who wrote the article says, "Nobody is going to run the sandbox for five days to see if the file is bad..." Myself, I don't run files in the sandbox to try telling if they clean or not but once a file is created in my computers, I run that file in a sandbox until the day it gets deleted.
Your system never meets those files, so malware never gets a chance to compromise it. Most users probably couldn't use it that way.
How do you test software that requires driver installation? Do you use virtual machine?
Where i can download this new app?!
On my 1st pc i use ShadowDefender / Sandboxie
On my 2nd pc i use VMware Wokrstatino / Sandboxie
I keep all time all virtualized, sandboxed(24/7) system and apps like browser, packers and some games also.
Becasue if hacker bypass game he can global send infection like old time in Opera browser so dont trust trusted app
Thats right, malware that goes to sleep for days or weeks, wouldn't have a chance to infect me. The only time really that I put my computers in danger is when I install new software. But my computers are so static, that probably, for most people here at Wilders, it would be boring using computers as I do. Basically, I install what I know I want to use and dont change nothing. I rarely test any new software but when I do, if its done not using SBIE, I use Shadow defender.
It looks like a business solution. More info here: http://www.checkpoint.com/products-solutions/zero-day-protection/
Bo elam but you forgot 1 fact SD same as Sandboxie meaby isolate your system but still use your mian system source
So if malware can be cleaned in next boot system. he can spy you until your system still work/reset -,-
With vmware or virtualbox he will dont spy your mian system but only what you do in this 2nd virtualized
Quasar, about Sandboxie, you forgot something. In Sandbox settings, you can block sandboxed programs from having access to your personal files and folders. That way, programs that run in the sandbox cant see them or upload this files to the internet. You can also, restrict the programs that are allowed to run or connect to the internet.
Examples for you. If you are browsing in a restricted sandbox where only your browser can run and all of the sudden malware of the type that steals information gets downloaded into the sandbox, the malware cant run. If it cant run, it cant run or steal your information. Nothing gets stolen from your computer.
Another one. If you are browsing the internet using an unrestricted sandbox, the malware can run but it cant see your sensitive files because you block sandboxed programs from accessing those files. If malware can not see your sensitive files, it cant steal them.
I can give you more examples how to set Sandboxie to keep your personal information safe. But above you have the two extreme case uses for Sandboxie. One, using a highly restricted sandbox and the other one using a non restricted sandbox. In both cases, your sensitive files and folders are safe from being stolen.
About SD. It doesnt have settings like that. But I hardly ever use SD and don't use it for security. Sandboxie is my security program.
I know i use faq from ssj100, but it can be still not enought
I use"know" sandboxie from 1st olders version
My old guide on SG.pl https://safegroup.pl/temat-sandboxie-omowienie-i-konfiguracja_9334 in poland lang but you dont figure nothing there about what you dont know
For sensitive files i use SpyShelter method witch block all programs and pop up if smb wanna affect with it
Combined with Sandboxie and AppGuard its just awesome on 2nd pc i have yet Exe Radar Pro with
Nice tutorial, Quassar.
Well said, until I started using the more advanced features [That was my second time around ] I wasn't even tempted to stick with SBIE. The first time I tried it, I uninstalled it almost immediately because the interface came across as old and unpolished (I still don't like it~but it felt 'low quality' so I figured, how could its protection be much better? ) and I didn't realize how it could be used to prevent such things but the stuff you can do to lock down each box differently with a little learning, trial and error or reading is simply amazing. These days I can't find anything else that comes close to giving me the 'degree of control' I've grown to love. If it wasn't for the glowing comments (and info) ppl like you had spread around I may never had buckled down and started my testing in-depth. I would have missed out on such a great program! Once I got the swing of SBIE and added AppGuard (then later MBAE) to the mix I was tempted to ditch my HIPS and AV but old habits die hard so I've not taken out those layers yet.
Now that I've gotten that part of the rant out of the way, back to SandBlast...I skimmed over the article but can't see how that qualifies as a sandbox.
It reminds me more of how AppGuard might work (or even a classic HIPS). It could have its uses in a business environment, sure, but I fail to see how it's a new spin on 'sandboxing'. If anything the whole article seems to be a spin job as I can't see how anything it's doing can be considered sandboxing (eg isolation/restricted environment). It's doing behavior analysis and 'likely' preventing those actions...Sure it could be useful for 'identifying' malware but it's not new and it's not a sandbox. IMO at least.
TIME OUT. This thread is not about Sandboxie, or Appguard. It is about a specific product Sandblast. Lets stay on topic.
Oh it's a shame we can't test the program, it's conceived for enterprise market only.
Key point that Bo was writing in the above post is that you can easily block all programs and all sensitive files with Sandboxie as well, so Spyshelter is over-redundant if you use both Sandboxie (properly configured) and Spyshelter at the same time on the same computer-oh, sorry, I won't post about anything else but Sandblast.
Sorry for a bit off topic but its still about sandboxing i cant wait when this technology out for home usage not only for buisness
No it isn't. Read the subject, and please stick to it.
I don't get it, what is so unique to this sandbox compared to others? I noticed that they claim to be able to block exploits, but so can other tools like Invincea Endpoint, and blocking exploits is something different than detecting malware that's started manually.
CPU and OS aware sandbox at network level. Similar to magic lubricant which adds 10% horse power to an aging car engine. For once we are on the same wave length. I don't get it either. I just read a sequence of security related buzz words. After reading their explanation I am in a higher state of excitement but at the same level of confusion.
You are right of course, I did ramble a bit (a lot) there. Especially in regards to sandboxing (and sandboxie in particular). I just can't see this approach as new or even strictly speaking sandboxing (I can only hope there's more to it that the author didn't understand/know). My mention of AppGuard was brief though and only meant to show how such a product that monitors (and prevents) memory changes has existed for quite a while and even some of your standard classic HIPS programs could (can) prevent this type of activity so the article claiming that's what makes it new is hooey.
Maybe if we had a chance to test it or a bit more technical info we might get a better idea of what all makes it a 'new approach' but all I got from that link and the info I saw was misleading hype. Assumptions and limited info don't make for good conclusions but as it doesn't seem we'll get a trial or home version I'm calling it how I see it, brown and going down. :-/
They show it on the list to trial I think. You have to register first.
I registered but when I go to the select an eval product there is three boxes
1. select product
2. Select account
3. What is purpose
In the number two spot is a down arrow and that one doesn't let me select an account for some reason. :-(
Yes, it's probably just marketing hype.
Separate names with a comma.