Sandboxie and Returnil

Discussion in 'sandboxing & virtualization' started by Boost, May 11, 2008.

Thread Status:
Not open for further replies.
  1. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I'm just now learning about these 2 programs and was wondering,basically these programs both do about the same thing.

    Both will protect you while surfing the internet,and if infected,for Sandboxie,it's as simple as deleting the sandbox. As for Returnil,it's a matter of rebooting the computer to erase the infected malware.

    correct me if I'm wrong here :)
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    correect. Sandboxie protects your PC via your web browser and deletes changes when you close your browser.

    Returnil will protect your entire PC but cleans on reboot, maybe on relogging in to, not sure about that one. I have used both and really like the complete protection of Returnil.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Returnil removes any change in your system partition, but only during reboot.
    Between two reboots any malware can install, execute and do its evil job and Returnil will allow this.

    Sandboxie is one of the softwares, you can use to protect your system partition against threats between two reboots.
    These threats are isolated in a sandbox and can't hurt you anymore.
    This applies only for sandboxed applications of course.

    After reboot all these threats will be removed by Returnil of course.
     
  4. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Cool,so it's not necessary to delete contents in the sandbox,unless you encounter malware, or is it deleted by simply closing the browser?
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you go through the settings of Sandboxie, you will find an option to clean the sandbox after closing the browser. You can do it manually too, if you like to see these threats first.
     
  6. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Ok, thanks guys for the info!
     
  7. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    It depends. I enable "Session Lock" and surf on the net; if I get infected, when I reboot the malware and the damages are disappered. If I enable "Session Lock" again I'm still protected, but if I don't enable it and I get infected, Returnil can do nothing.

    If I turn "Protection Status" ON I have to reboot, and at the startup I'm protected by Returnil: if I get infected, at the next reboot all the changes are disappeared, but I'm still protected until I turn "Protection Status" OFF.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Frankly, I don't see the difference.
    The period between two reboots can be 8 hours and during that period any malware can install itself and do its evil job, including stealing your data.

    Returnil without any other security software, will only remove the malware during reboot, but it won't stop the execution.
     
  9. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Please see this post for instructions on how to do this.
     

    Attached Files:

    • sb.png
      sb.png
      File size:
      25.8 KB
      Views:
      1,257
  10. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If Returnil is active,your real system is write protected but anything that has to connect to the bad guys can do without limitations,so you have to do something against it.And here SBIE has a function to filter these connections in configure it the way that only trusted app. can connect.Most important in here is to have a clean system in the first place ! Some malicious keylogging app. have their own dedicated server who can connect straight to the web,circumventing your Sandbox.

    So Returnil and SBIE together fits nicely,and are not overkill if you have no additional security.

    FYI Anything that have input on your system can be sandboxed such as your CD player (you never know !)
     
    Last edited: May 12, 2008
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I know, I know, but not everybody seems to think that way. I've read already 2 times that users think that Returnil and SBIE is overkill or overlap eachother or do the same thing. That's not true, you need both or a similar combination.
    After all, Returnil + SBIE is not the only solution, it is just a user's choice.

    Some malware will change or damage your system partition, but these threats are peanuts and Returnil will always remove these threats and undo the changes and damage caused by these threats. I'm not worried about by these threats. That's a routine job of Returnil.

    Other malware are there to steal your data and you can't recover from this, when that happens.
    Returnil will remove these threats also, but it can be TOO LATE, because the data is already stolen between two reboots.
    These malware are the real trouble, if you don't do something about it.
     
    Last edited: May 12, 2008
  12. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    There are many alternatives but this is just a Returnil/Sandboxie thread.

    ERIK Your own security strategy is the most thorough i know of but for me Pffft.....i'm really a lazy guy.
     
    Last edited: May 12, 2008
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm also very lazy, that's why my setup doesn't require any extra work. Boot and reboot is all I do, just like anyone else.
    I only have to work, when I need a new software, but everybody has that problem too. :)
     
  14. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Interesting thread. My only real big concern is keyloggers and I understand
    that SBIE is a useful adddition to ones online security in this regard.
    However, question is whether SBIE is needed when running Opera as limited
    user ?
    Edit:- Assume all internet facing applications in LUA - not just Opera.
     
    Last edited: May 12, 2008
  15. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    167
    OT(?) but I sure would appreciate some more info (like names or links etc) about these malicious keylogging applications that do what you say. Thanks.
     
  16. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    For me Returnil is enough. I'm not concerned about what bad things might theoretically happen between reboots ( every couple of hours). The only data that matters ( bank info, credit card details) is encrypted so the only sort of thing that could be stolen would be music files, photos, research docs, movies....
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Lua will pretty much neuter an rogue app, but not remove it. Running sandboxed with Sandboxie, you can prevent anything else from running in the sandbox, and anything else from using the internet. Then when you empty the sandbox, anything that may have come down the pike, gets deleted.

    True if it's on the system but can't run, it's harmless, but I feel better knowing it's gone.

    Pete
     
  18. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Hmm.. as I am also running Returnil the 'neutered' rogue stuff will likewise be
    gone on reboot. So I presume I don't really need SBIE given the LUA
    scenario mentioned.
    I tend to agree with Long View's view. In addition my data is on another
    partition and 'sensitive' files are encrypted.
    Nevertheless I like the idea of a sandbox - can I test it properly in Returnil,
    or does installation require a reboot ?
     
  19. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    There so many out there,hyjacking your STMP mail service to send logs out,some more advanced use their own and the list goes on.Maybe you catch via USB stick or promotial CD/DVD or network(public places) or e-mail or anything what can have input to your system,think about Peer to Peer connection,compromised websites,basically the way other malicious stuff can make it to your computer. The irony is that almost all are legitimate client/server app. that can be compromised.

    solution is a clean system firsthand ! then Returnil and SBIE have their place.

    Thats a reason to have resident or ondemand anti malware scanners used on a regular basis or any other solutions to keep your system clean in the first place.
     
    Last edited: May 12, 2008
  20. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    I must admit I never considered Returnil in that way, because I only surf: I don’t have sensitive data to disclose, apart this forum’s and another’s passwords, neither home-banking nor online-shopping (I never trusted in them), the isp-account’s credentials are stored in the router, and to contact my friends I phone them or via sms (no email or instant messengers). So my only care is to save myself the trouble of a bare-metal restore in case of destructive malware. If Returnil should fail, then ATI makes a cat’s paw… Actually one should combine security software accordingly his demands, and in the case you explained, it’s indeed necessary to support Returnil with something else. :thumb:
     
  21. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    421
    Location:
    Terre Haute, IN
    The more I read the more confused I become. I have downloaded both Sandboxie and Returnil but have yet to install either. As I have a Tax Preparation business I have tax information that is of paramount importance to protect. Most of this information is kept on an external hard drive but during tax season information is kept on my internal hard drive. I turn my computer on in the morning and turn it off each night. By reason of this I assumed that Returnil best suited my need. My use of either program would be for Internet browsing and little of that. I have installed as security Sygate Professional Firewall, Symantec Corporate Version, and SuperAntiSpyware all paid versions. And weekly will do an online scan with a reputable software. I have yet to make an image of my system but do intend to do so very soon. With the protection I have is it necessary for me to have both Sandboxie and Returnil or is one enough? And, if one is enough which one would you recommend. I have been a computer user for a long time but still consider myself as having limited knowledge. As always I would appreciate your replies and would thank you in advance.

    John
     
  22. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I guess your pretty safe with Sandboxie alone,in your situation with a bit internet it should protect you very well,there more ways to configure Sandboxie as save as possible. How ? ask the gurus here on Wilders ! they do a better job on it then me.

    I already observed that you keep your system clean,so problems diminish remarkable that way.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    No Returnil would be bad, you want to go with Sandboxie. You can set it up so you can browse, and nothing in the Sandbox can get to where your data is, so thats safe.

    But, you work most of the day on your tax stuff and it is on the C: drive, and for whatever reason, your machine crashes. With returnil, everything done is lost, unless you work out of it's protected partition.

    For your purposes Sandboxie is just simpler and more trouble free.

    Pete
     
  24. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    It would much less troublesome for you to let stay the data on your external disk and lock Sandboxie from accessing it.( programs in the Sandbox)

    One thing you maybe overlooked are chances that your OS becomes unbootable or the disk itself goes south,then all clients data will be lost !

    One healthy advise i think is look for a good solid imaging solution in the first place. ;)

    One thing : since you have very sensitive data it is very adviseable to make copies to another external disk......external disks can crash too !!
     
    Last edited: May 12, 2008
  25. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    True, with returnil or sandboxie, if the machine crashes all unsaved is lost. Same would be true if you had neither returnil or sandboxie. Since all important data is saved to an external source, retunil would be quite beneficial as important data would be erased from internal drive (saved to external) after re-boot and would be no chance of info being stolen. An imaging software and returnil would be a benefit from what I can see....
     
Loading...
Thread Status:
Not open for further replies.