Sandboxie and Returnil

I'm just now learning about these 2 programs and was wondering,basically these programs both do about the same thing.

Both will protect you while surfing the internet,and if infected,for Sandboxie,it's as simple as deleting the sandbox. As for Returnil,it's a matter of rebooting the computer to erase the infected malware.

correct me if I'm wrong here

 

correect. Sandboxie protects your PC via your web browser and deletes changes when you close your browser.

Returnil will protect your entire PC but cleans on reboot, maybe on relogging in to, not sure about that one. I have used both and really like the complete protection of Returnil.

 

Returnil removes any change in your system partition, but only during reboot.
Between two reboots any malware can install, execute and do its evil job and Returnil will allow this.

Sandboxie is one of the softwares, you can use to protect your system partition against threats between two reboots.
These threats are isolated in a sandbox and can't hurt you anymore.
This applies only for sandboxed applications of course.

After reboot all these threats will be removed by Returnil of course.

 

Cool,so it's not necessary to delete contents in the sandbox,unless you encounter malware, or is it deleted by simply closing the browser?

 

If you go through the settings of Sandboxie, you will find an option to clean the sandbox after closing the browser. You can do it manually too, if you like to see these threats first.

 

Ok, thanks guys for the info!

 

It depends. I enable "Session Lock" and surf on the net; if I get infected, when I reboot the malware and the damages are disappered. If I enable "Session Lock" again I'm still protected, but if I don't enable it and I get infected, Returnil can do nothing.

If I turn "Protection Status" ON I have to reboot, and at the startup I'm protected by Returnil: if I get infected, at the next reboot all the changes are disappeared, but I'm still protected until I turn "Protection Status" OFF.

 

Frankly, I don't see the difference.
The period between two reboots can be 8 hours and during that period any malware can install itself and do its evil job, including stealing your data.

Returnil without any other security software, will only remove the malware during reboot, but it won't stop the execution.

 

Please see this post for instructions on how to do this.

 

If Returnil is active,your real system is write protected but anything that has to connect to the bad guys can do without limitations,so you have to do something against it.And here SBIE has a function to filter these connections in configure it the way that only trusted app. can connect.Most important in here is to have a clean system in the first place ! Some malicious keylogging app. have their own dedicated server who can connect straight to the web,circumventing your Sandbox.

So Returnil and SBIE together fits nicely,and are not overkill if you have no additional security.

FYI Anything that have input on your system can be sandboxed such as your CD player (you never know !)

 

I know, I know, but not everybody seems to think that way. I've read already 2 times that users think that Returnil and SBIE is overkill or overlap eachother or do the same thing. That's not true, you need both or a similar combination.
After all, Returnil + SBIE is not the only solution, it is just a user's choice.

Some malware will change or damage your system partition, but these threats are peanuts and Returnil will always remove these threats and undo the changes and damage caused by these threats. I'm not worried about by these threats. That's a routine job of Returnil.

Other malware are there to steal your data and you can't recover from this, when that happens.
Returnil will remove these threats also, but it can be TOO LATE, because the data is already stolen between two reboots.
These malware are the real trouble, if you don't do something about it.

 

There are many alternatives but this is just a Returnil/Sandboxie thread.

ERIK Your own security strategy is the most thorough i know of but for me Pffft.....i'm really a lazy guy.

 

I'm also very lazy, that's why my setup doesn't require any extra work. Boot and reboot is all I do, just like anyone else.
I only have to work, when I need a new software, but everybody has that problem too.

 

Interesting thread. My only real big concern is keyloggers and I understand
that SBIE is a useful adddition to ones online security in this regard.
However, question is whether SBIE is needed when running Opera as limited
user ?
Edit:- Assume all internet facing applications in LUA - not just Opera.

 

OT(?) but I sure would appreciate some more info (like names or links etc) about these malicious keylogging applications that do what you say. Thanks.

 

For me Returnil is enough. I'm not concerned about what bad things might theoretically happen between reboots ( every couple of hours). The only data that matters ( bank info, credit card details) is encrypted so the only sort of thing that could be stolen would be music files, photos, research docs, movies....

 

Hmm.. as I am also running Returnil the 'neutered' rogue stuff will likewise be
gone on reboot. So I presume I don't really need SBIE given the LUA
scenario mentioned.
I tend to agree with Long View's view. In addition my data is on another
partition and 'sensitive' files are encrypted.
Nevertheless I like the idea of a sandbox - can I test it properly in Returnil,
or does installation require a reboot ?

 

There so many out there,hyjacking your STMP mail service to send logs out,some more advanced use their own and the list goes on.Maybe you catch via USB stick or promotial CD/DVD or network(public places) or e-mail or anything what can have input to your system,think about Peer to Peer connection,compromised websites,basically the way other malicious stuff can make it to your computer. The irony is that almost all are legitimate client/server app. that can be compromised.

solution is a clean system firsthand ! then Returnil and SBIE have their place.

Thats a reason to have resident or ondemand anti malware scanners used on a regular basis or any other solutions to keep your system clean in the first place.

 

I must admit I never considered Returnil in that way, because I only surf: I don’t have sensitive data to disclose, apart this forum’s and another’s passwords, neither home-banking nor online-shopping (I never trusted in them), the isp-account’s credentials are stored in the router, and to contact my friends I phone them or via sms (no email or instant messengers). So my only care is to save myself the trouble of a bare-metal restore in case of destructive malware. If Returnil should fail, then ATI makes a cat’s paw… Actually one should combine security software accordingly his demands, and in the case you explained, it’s indeed necessary to support Returnil with something else.

 

The more I read the more confused I become. I have downloaded both Sandboxie and Returnil but have yet to install either. As I have a Tax Preparation business I have tax information that is of paramount importance to protect. Most of this information is kept on an external hard drive but during tax season information is kept on my internal hard drive. I turn my computer on in the morning and turn it off each night. By reason of this I assumed that Returnil best suited my need. My use of either program would be for Internet browsing and little of that. I have installed as security Sygate Professional Firewall, Symantec Corporate Version, and SuperAntiSpyware all paid versions. And weekly will do an online scan with a reputable software. I have yet to make an image of my system but do intend to do so very soon. With the protection I have is it necessary for me to have both Sandboxie and Returnil or is one enough? And, if one is enough which one would you recommend. I have been a computer user for a long time but still consider myself as having limited knowledge. As always I would appreciate your replies and would thank you in advance.

John

 

I guess your pretty safe with Sandboxie alone,in your situation with a bit internet it should protect you very well,there more ways to configure Sandboxie as save as possible. How ? ask the gurus here on Wilders ! they do a better job on it then me.

I already observed that you keep your system clean,so problems diminish remarkable that way.

 

It would much less troublesome for you to let stay the data on your external disk and lock Sandboxie from accessing it.( programs in the Sandbox)

One thing you maybe overlooked are chances that your OS becomes unbootable or the disk itself goes south,then all clients data will be lost !

One healthy advise i think is look for a good solid imaging solution in the first place.

One thing : since you have very sensitive data it is very adviseable to make copies to another external disk......external disks can crash too !!

 

True, with returnil or sandboxie, if the machine crashes all unsaved is lost. Same would be true if you had neither returnil or sandboxie. Since all important data is saved to an external source, retunil would be quite beneficial as important data would be erased from internal drive (saved to external) after re-boot and would be no chance of info being stolen. An imaging software and returnil would be a benefit from what I can see....