Sandboxie and banking browser configuration

Okay. Thanks for the info. I have PrevxSOL but am really interested in Trusteer. I'd uninstall PrevxSOL to test. On the Trusteer installer, is that the full application(the 226kb)...? Where can I download an offline installer..?

 

I don't personally perform tests using live malware but there are others at Wilders that do, and I haven't seen any verified reports of Sandboxie bypasses.

Sandboxie will protect the system against malware installed inside a sandbox but not against malware installed on the real system. Sandboxie is designed to contain, not to detect.

If a user recovers a software download that contains a trojan from the sandbox, thinking it's clean; and installs it on the real system outside the sandbox then it's game over as far as Sandboxie is concerned. Regarding keyloggers, the installation could even be a deliberate action by a third-party with access to the machine.

 

You should be able to download it here: http://www.trusteer.com/webform/download-rapport but see the note about obtaining it from your bank if they support it.

 

Hi, pegr. Big thanks for your input.
I never download anything, this is why I wanted to know if SBIE is the perfect solution for me. The only thing that actually worries me are my removable drives-can I protect from infection from CD/DVD or USB stick with SBIE configuration. I did go in the SBIE and forced drives like E: and F: to run sandboxed-but will this stop an keylogger/rootkit/spyware/MBR rootkit/worm/virus or anything else to install on the REAL system?
That's the only thing what I'm afraid.

 

This is why it's impossible for SBIE to protect computer from infections from my USB stick. Because, malware is already in the real system on USB stick, and I tried with SBIE to force my removable F sandboxed, but when you have auto-run enabled/diabled (it really doesn't matter), SBIE will not protect from malware installing on my computer. Besides, when you see, my removable drive F is normal it's not sandboxed-you need to run sandboxed, but by than (especially in the case auto-run is enabled) the game is over, I'm infected.
With Sandboxie, with or without ultra-tight configuration, you really need to have some antivirus if your removable drives infect your computer.
Cheers.

 

Everything is ok, except the 3rd option. When I forced my removable drives F and E (F is for my USB stick), I was actually hoping that when I open removable F it will be inside the sandbox, but it isn't, instead of that only my files (Microsoft Office documents) when you open them, you can see they are sandboxed, but not the entire the removable drive F:
The problem is also, what if I pick up some keylogger on USB stick-yes, it will be sandboxed, but the problem is it wouldn't be blocked to start/run at all.
This is why I think, it's important to have AppGuard, because SBIE does not fully protect removable drives.
I have opened this question, because at this Monday my USB stick will be infected-not because of some testing, but because I have to write something in computer on the college, unfortunately, all of college's computers are infected, I know this because I had previous experience with this, after I was writing my graduation, my USB stick was loaded with malwares.
You might say what is this system administrator doing?
Obviuosly, not much.
Because I always put my USB stick in danger of being infected every time I plug my USB stick in one of college's computer.
Cheers.

 

Coolwebsearch,
This should do the trick.
[USB]

ConfigLevel=7
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
BorderColor=#00FF00,ttl
Enabled=y
BoxNameTitle=n
DropAdminRights=y
NotifyInternetAccessDenied=y
ForceFolder=B:\
ForceFolder=A:\
ForceFolder=Z:\
ForceFolder=Y:\
ForceFolder=X:\
ForceFolder=W:\
ForceFolder=V:\
ForceFolder=U:\
ForceFolder=T:\
ForceFolder=S:\
ForceFolder=R:\
ForceFolder=Q:\
ForceFolder=P:\
ForceFolder=O:\
ForceFolder=N:\
ForceFolder=M:\
ForceFolder=L:\
ForceFolder=K:\
ForceFolder=J:\
ForceFolder=I:\
ForceFolder=H:\
ForceFolder=G:\
ForceFolder=F:\

 

Thank you so much for this configuration, I'll try it tomorrow.
Again, thanks a lot.

 

CoolWebSearch, restrict Internet access on your USB drive sandbox. On mine, no program is allowed to connect. Do that in addition to what Pete said and your USB drives will be protected. That keylogger that worries you, wont be able to connect.

Bo

 

Why use a USB stick at all if you're certain it will be infected? Why not use email, a cloud, dropbox? Surely there's a way to avoid using something that you know will get infected.
Run a live OS on the stick or an optical disc (pick your flavor of Linux), totally bypassing the dirty school computers entirely.
There has got to be another, safer way to go.

 

Perhaps also consider using Panda USB Vaccine to disable autoruns on both your computer and your USB stick.

Disabling write access to the autorun.inf file on your USB stick wouldn't prevent malware from writing itself to the stick, but it would prevent it from automatically running when the stick is inserted into a USB port on another computer. That way you protect any computer into which the USB stick is inserted and you would be able to clean or reformat an infected stick without it having caused any damage.

 

I did disable my autorun of removable drives, ok I will use Panda USB vaccine, I didn't even know about it.
Thanks.

 

if you have any custom icons for your drives it may mess them up, just saying, happen to me, that's why i do not run panda anymore

 

Bit of an old thread, but I'd thought I'd share my approach to banking.

Basically I have a virtual machine which was prepared for that purpose only. A clean OS install, browser, keyscrambler, MBAM, and that's it. Browser without extensions and absolutely everything in it is disabled, except for what is needed to run the banking website. All of this is saved in a snapshot. Whenever I need to do some banking, I load the snapshot and that's it.