Sandboxie and what else?

Discussion in 'sandboxing & virtualization' started by Page42, Dec 15, 2010.

Thread Status:
Not open for further replies.
  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    What security programs do you run with Sandboxie?
    If I add Sandboxie, which apps should stay and which should go?
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    See my sig.

    I have also successfully ran Sandboxie with Avast free, DrWeb Antivirus and Online Armor Free.

    For which applications are you using RunSafer? I would not use RunSafer on Sandboxie. Also, I use DropRights in Sandboxie.
     
    Last edited: Dec 15, 2010
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    page, you have my thought process. I am thinking of going strictly with Sandboxie. In testing I have done, HMP or MBAM, works great as a back up scanner if you keep all internet facing apps sandboxed. Hardly any impact on system. Otherwise I would just go with a light AV like Avast free. I am pretty sure I am doing this tonight because in the end, it works.
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Maybe the question is what other tools do you NEED if SBIE is configured tightly.

    Think about that for a minute.. if you understand what SBIE does.

    You might need an AV if you download a lot of files and you plan on keeping/using them outside of the sandbox. Or you might just upload to an online scanner.

    You might need a firewall if you are fearful of what runs outside the sandbox doing something naughty.

    What else? Malware/spyware/adware scanners? Don't think so. HIPS/IDS/BB? Don't think so. OS hardening techniques? Maybe not a bad idea.

    My point? If all the "scary" internet facing activities are performed with a well configured sandbox, then you have trapped the "scary monster" and he cannot get out to the real system. Some OS hardening is all that is needed to really dial it in.

    Save all those other security tools for a rainy day :cautious: That is, until something actually escapes from the sandbox -- then all bets are off ;)

    Sul.
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I keep my Win 7 laptops pretty simple. I surf as a limited user, use the Windows Firewall, run Sandboxie and have Avast for the stuff I bring out of the sandbox. Oh and WinPatrol, mostly so I know when I install something new and it changes a fundamental service, startup and such.
     
  6. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    SandboxIE, Avast 5, Private Firewall, Admn. account. Windows update never... :D
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Add VirusTotal Uploader for suspicious downloads.
     
  8. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Only thing I run real time is LnS, Spyshelter Premium, and Sandboxie.

    I find that LnS is much much more configurable than the Windows firewall and its nearly as light. With the Windows FW off and the services disabled Ive merly replaced it with an alternative.

    I use Spyshelter Premium because I have an x64 system. If you happen to come across a keylogger in your sandbox your screwed. The keylogger wont get to your real system, but until you empty the contents the sandbox will contain it and it will have access to all the passwords/usernames that you use with your browser in the same sandbox.

    And over course Sandboxie. I have two sandboxes. One for internet browsers and related files for proper functionality (Flash, Silverlight for Netflix, Java for Blackboard, etc). Everything in my browser box is drop rights, and empty contents on exit. I have a few locations I have set to ask about recovering contents.

    The other box is for running suspect files. Only my download folder is allowed to run within the box with no internet access, drop rights, and delete contents after all items are closed.

    I have Avast Pro On demand because I download alot and I like to check files before running them. If Avast says they are clean and they are from a trusted source Ill run them on the real system. If Avast says they are clean and not from a trusted source they get run in the sandbox. If Avast says they are infected they get run in the sandbox so I can recover the clean contents I need and delete the rest without harming the PC.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Just add internet access restrictions.
     
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    I could, but that would hinder the browser from being able to function properly for quite awhile until I dialed it in alot. Id have to make exclusions for PDF readers, bittorrent files, flash files, videos, music, pictures, etc.
     
  11. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    So you add wmplayer.exe, pdfxview.exe, utorrent.exe (or whatever you use). Takes 10 seconds - what's the big deal?

    Add start/run restrictions and a keylogger in you sandbox cannot execute....which means you have no need for an anti-keylogger to protect you from your Sandbox content.
     
  12. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I use a different approach.
    I have direct access given for all sandboxes to my "downloads" directory.
    I download objects to the "downloads" folder.
    The "downloads" folder is forced into a sandbox that allows any program to start but no outbound net access.
    I click on file, download, then execute/play/whatever the file from the "downloads" directory.

    I also force my media players into another sandbox, and give only those items outbound access and only those items allowed to run.

    In my browsers sandboxes, I only have foxit.exe as an alternate allowed program to run.. so my opera sandbox only allows opera.exe and foxit.exe to run, and only those two are allowed outbound access. I install flash on the system usually outside of the sandbox.

    That is all I have to do. Now, I can download a file, navigate to it and execute it, forcing it into a sandbox with no outbound net access. That is simple.

    I run opera, click on a pdf file, and it opens with foxit. Or, I go to youtube/whatever and flash runs fine. Or, I click on a link that uses media player, and media player runs the file, but in its own sandbox.

    There really wasn't much work to set it up, more work was required to figure exactly what I do and how to make SBIE work the best for me.

    Sul.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I only allow Firefox to have Internet access, my browsing function perfectly
    and messages from SBIE are very rare. Start/run is limited to Firefox, Foxit
    and Plugin container. Allowing what I mentioned works perfectly for me and
    it gives me a nice balanced SBIE. Find the perfect balance for you.

    Bo
     
  14. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    2,5 years with Sandboxie and Shadowdefender and nothing breaks trough without my permision.
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    Hi Page,

    I think having Avast and MBAM + Sandboxie it would make your system very tight as the only problem I see is keeping clean downloaded files from the Internet. Sandboxie can restrict, hamper any circulation of malware, but it can't analyse files.

    Having Sandboxie would also allow you, if you wish, to use Avast and MBAM on demand making your system certainly faster (I use Sandboxie and Avira + MBAM on demand on 2 of my computers).
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Man, all you guys sure post interesting findings regarding Sandboxie.
    In just a matter of one day, this thread turns into a must read/must save situation for me.

    What I am getting from most replies is that,

    a) Sandboxie can be strengthened, and
    b) most former real-time security apps can be relegated to on-demand duty.

    I just look at the tales of success on this thread alone, and I naturally respect the big jump alot of you made by making Sandboxie your "one and only" gatekeeper.
     
  17. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Sandboxie
    (+)
    Boot-to-Restore software (e.g. Returnil, Shadow Defender, Deep Freeze, Time Freeze)
    -OR-
    Instant System Recovery software (e.g. Rollback Rx, EAZ-FIX, AyRecovery, Comodo Time Machine)
    (+)
    Key-Logger protection (e.g. KeyScrambler, SpyShelter, Zemana etc.)
    ___________________________________________________________________________________
    = A Light yet very Strong Security Setup! :thumb:
     
  18. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I've been running XP Home Edition SP-2 Administrative without an AV for months now and remain infection free.

    My setup includes all freeware;
    Sandboxie, Keyscrambler, Simple Adblock, IE7 Pro, Comodo Time machine, and Malwarebytes on-demand.

    About twice each week, I will download/install an AV- usually AVIRA, and scan for malware.
    Following that, I use CTM to revert to the most recent snapshot, then install (perhaps) Emsisoft and scan again.

    So far, all indications are that my setup is clean, so I am a definite believer that you don't need real-time AVC.
     
  19. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    wtsinnc & Mr.PC :thumb:

    I like your guys thinking,keeping it SIMPLE :thumb:
     
  20. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I have something similar to Sully ... in that if I download anything it goes into a created sandboxed downloads folder - if anything other than my on demand scanners execute in the sandbox they're shut down via restrictions. Adding just those to the allowed list stops anything else trying to make a move. Only when i'm sure what I've downloaded is safe does it come out to play.

    I definitely get along ok without the plethora of real-time protection. I now place more emphasis on having a really decent backup plan, aka Imaging!

    Sandboxie (with restrictions) + Imaging = much less hassle
     
  21. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    iuse sandboxie and avast..
    but i still need to know how to configure "resources...what to block and what to allow.
     
  22. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Yes!:)
     
  23. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Maybe try adding another sandbox only for surfing, and just give Firefox (if you're using this browser) internet access.

    Apart from that, use your MBAM/Avast scanners to check on downloaded stuff (forcing PDFs to be downloaded, videos, music, etc)

    And based on your sig, you're pretty much protected, unless you visit those potentially hazardous sites.

    [edit] And to answer the OP, I'd go with post #2's suggestion, plus restricting Internet access. I believe it'd be better in terms of prevention.
     
  24. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    @ TheKid7...
    Sorry, I missed this question. I am using Run Safer with the usual internet-facing programs... browser, email client, media player, pdf viewer, FastStone Capture, Winword. It is my plan when installing Sandboxie to use DropRights for those, and any others that are suggested.
     
  25. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thank you.

    The main reason that I asked the question is that I am not sure if running Sandboxie as RunSafer would cause a problem for Sandboxie.
     
Loading...
Thread Status:
Not open for further replies.