Sandboxie and what else?

What security programs do you run with Sandboxie?
If I add Sandboxie, which apps should stay and which should go?

 

See my sig.

I have also successfully ran Sandboxie with Avast free, DrWeb Antivirus and Online Armor Free.

For which applications are you using RunSafer? I would not use RunSafer on Sandboxie. Also, I use DropRights in Sandboxie.

 

page, you have my thought process. I am thinking of going strictly with Sandboxie. In testing I have done, HMP or MBAM, works great as a back up scanner if you keep all internet facing apps sandboxed. Hardly any impact on system. Otherwise I would just go with a light AV like Avast free. I am pretty sure I am doing this tonight because in the end, it works.

 

Maybe the question is what other tools do you NEED if SBIE is configured tightly.

Think about that for a minute.. if you understand what SBIE does.

You might need an AV if you download a lot of files and you plan on keeping/using them outside of the sandbox. Or you might just upload to an online scanner.

You might need a firewall if you are fearful of what runs outside the sandbox doing something naughty.

What else? Malware/spyware/adware scanners? Don't think so. HIPS/IDS/BB? Don't think so. OS hardening techniques? Maybe not a bad idea.

My point? If all the "scary" internet facing activities are performed with a well configured sandbox, then you have trapped the "scary monster" and he cannot get out to the real system. Some OS hardening is all that is needed to really dial it in.

Save all those other security tools for a rainy day That is, until something actually escapes from the sandbox -- then all bets are off

Sul.

 

I keep my Win 7 laptops pretty simple. I surf as a limited user, use the Windows Firewall, run Sandboxie and have Avast for the stuff I bring out of the sandbox. Oh and WinPatrol, mostly so I know when I install something new and it changes a fundamental service, startup and such.

 

SandboxIE, Avast 5, Private Firewall, Admn. account. Windows update never...

 

Add VirusTotal Uploader for suspicious downloads.

 

Only thing I run real time is LnS, Spyshelter Premium, and Sandboxie.

I find that LnS is much much more configurable than the Windows firewall and its nearly as light. With the Windows FW off and the services disabled Ive merly replaced it with an alternative.

I use Spyshelter Premium because I have an x64 system. If you happen to come across a keylogger in your sandbox your screwed. The keylogger wont get to your real system, but until you empty the contents the sandbox will contain it and it will have access to all the passwords/usernames that you use with your browser in the same sandbox.

And over course Sandboxie. I have two sandboxes. One for internet browsers and related files for proper functionality (Flash, Silverlight for Netflix, Java for Blackboard, etc). Everything in my browser box is drop rights, and empty contents on exit. I have a few locations I have set to ask about recovering contents.

The other box is for running suspect files. Only my download folder is allowed to run within the box with no internet access, drop rights, and delete contents after all items are closed.

I have Avast Pro On demand because I download alot and I like to check files before running them. If Avast says they are clean and they are from a trusted source Ill run them on the real system. If Avast says they are clean and not from a trusted source they get run in the sandbox. If Avast says they are infected they get run in the sandbox so I can recover the clean contents I need and delete the rest without harming the PC.

 

Just add internet access restrictions.

 

I could, but that would hinder the browser from being able to function properly for quite awhile until I dialed it in alot. Id have to make exclusions for PDF readers, bittorrent files, flash files, videos, music, pictures, etc.

 

So you add wmplayer.exe, pdfxview.exe, utorrent.exe (or whatever you use). Takes 10 seconds - what's the big deal?

Add start/run restrictions and a keylogger in you sandbox cannot execute....which means you have no need for an anti-keylogger to protect you from your Sandbox content.

 

I use a different approach.
I have direct access given for all sandboxes to my "downloads" directory.
I download objects to the "downloads" folder.
The "downloads" folder is forced into a sandbox that allows any program to start but no outbound net access.
I click on file, download, then execute/play/whatever the file from the "downloads" directory.

I also force my media players into another sandbox, and give only those items outbound access and only those items allowed to run.

In my browsers sandboxes, I only have foxit.exe as an alternate allowed program to run.. so my opera sandbox only allows opera.exe and foxit.exe to run, and only those two are allowed outbound access. I install flash on the system usually outside of the sandbox.

That is all I have to do. Now, I can download a file, navigate to it and execute it, forcing it into a sandbox with no outbound net access. That is simple.

I run opera, click on a pdf file, and it opens with foxit. Or, I go to youtube/whatever and flash runs fine. Or, I click on a link that uses media player, and media player runs the file, but in its own sandbox.

There really wasn't much work to set it up, more work was required to figure exactly what I do and how to make SBIE work the best for me.

Sul.

 

I only allow Firefox to have Internet access, my browsing function perfectly
and messages from SBIE are very rare. Start/run is limited to Firefox, Foxit
and Plugin container. Allowing what I mentioned works perfectly for me and
it gives me a nice balanced SBIE. Find the perfect balance for you.

Bo

 

2,5 years with Sandboxie and Shadowdefender and nothing breaks trough without my permision.

 

Hi Page,

I think having Avast and MBAM + Sandboxie it would make your system very tight as the only problem I see is keeping clean downloaded files from the Internet. Sandboxie can restrict, hamper any circulation of malware, but it can't analyse files.

Having Sandboxie would also allow you, if you wish, to use Avast and MBAM on demand making your system certainly faster (I use Sandboxie and Avira + MBAM on demand on 2 of my computers).

 

Man, all you guys sure post interesting findings regarding Sandboxie.
In just a matter of one day, this thread turns into a must read/must save situation for me.

What I am getting from most replies is that,

a) Sandboxie can be strengthened, and
b) most former real-time security apps can be relegated to on-demand duty.

I just look at the tales of success on this thread alone, and I naturally respect the big jump alot of you made by making Sandboxie your "one and only" gatekeeper.

 

Sandboxie
(+)
Boot-to-Restore software (e.g. Returnil, Shadow Defender, Deep Freeze, Time Freeze)
-OR-
Instant System Recovery software (e.g. Rollback Rx, EAZ-FIX, AyRecovery, Comodo Time Machine)
(+)
Key-Logger protection (e.g. KeyScrambler, SpyShelter, Zemana etc.)
___________________________________________________________________________________
= A Light yet very Strong Security Setup!

 

I've been running XP Home Edition SP-2 Administrative without an AV for months now and remain infection free.

My setup includes all freeware;
Sandboxie, Keyscrambler, Simple Adblock, IE7 Pro, Comodo Time machine, and Malwarebytes on-demand.

About twice each week, I will download/install an AV- usually AVIRA, and scan for malware.
Following that, I use CTM to revert to the most recent snapshot, then install (perhaps) Emsisoft and scan again.

So far, all indications are that my setup is clean, so I am a definite believer that you don't need real-time AVC.

 

wtsinnc & Mr.PC

I like your guys thinking,keeping it SIMPLE

 

I have something similar to Sully ... in that if I download anything it goes into a created sandboxed downloads folder - if anything other than my on demand scanners execute in the sandbox they're shut down via restrictions. Adding just those to the allowed list stops anything else trying to make a move. Only when i'm sure what I've downloaded is safe does it come out to play.

I definitely get along ok without the plethora of real-time protection. I now place more emphasis on having a really decent backup plan, aka Imaging!

Sandboxie (with restrictions) + Imaging = much less hassle

 

iuse sandboxie and avast..
but i still need to know how to configure "resources...what to block and what to allow.

 

Yes!

 

Maybe try adding another sandbox only for surfing, and just give Firefox (if you're using this browser) internet access.

Apart from that, use your MBAM/Avast scanners to check on downloaded stuff (forcing PDFs to be downloaded, videos, music, etc)

And based on your sig, you're pretty much protected, unless you visit those potentially hazardous sites.

[edit] And to answer the OP, I'd go with post #2's suggestion, plus restricting Internet access. I believe it'd be better in terms of prevention.

 

@ TheKid7...
Sorry, I missed this question. I am using Run Safer with the usual internet-facing programs... browser, email client, media player, pdf viewer, FastStone Capture, Winword. It is my plan when installing Sandboxie to use DropRights for those, and any others that are suggested.

 

Thank you.

The main reason that I asked the question is that I am not sure if running Sandboxie as RunSafer would cause a problem for Sandboxie.