Sandboxie and what else?

I think RunSafer would cause problems on Sandboxie, as it needs to do a driver hook. I haven't got OA on my system right now, maybe you guys can test it out (with caution).

If tzuk's still active, I think he'd be happy to enlighten us.

 

Page42, I am using SBIE with MSE but I did use it with Avast free a few
months ago and they were fine together. XP firewall, hardened sandbox,
NoScript and your favorite AV is all that's needed, in my opinion.

Bo

 

Hey Bo
Are you concerned about keyloggers with that setup? OA's HIPS seems like a good keeper when running Sandboxie.

 

For clarification, I mentioned to TheKid7 that I am using Run Safer with the usual internet-facing programs, and that my plan when installing Sandboxie is to use Drop Rights for those... and I meant INSTEAD OF using Run Safer. I don't know if that meaning came across.

 

Hi Page42, I believe that by only allowing my browser (firefox) internet access
and limiting start/run to Firefox and Foxit, the danger of a keylogger starting or
sending anything out is none. Nothing goes out. I am not much into Firewalls
but I had OA installed for about a week a couple of months ago and it played
well with SBIE. I wanted their HIPS but not the FW. I honestly believe SBIE
helps me stay clean better than anything that's out there, go for it man, you
wont be dissapointed.
Use the drop my rights setting in SBIE if you run as a administrator.

Bo

 

You are welcome!

 

Yeap...You are on the right track!
You may add Hitman Pro and GMER
to the On-Demand Scanners (i.e. MBAM & Emsisoft)
you use for System Check-up.

 

I have been preoccupied this past week with some hardware stuff... installing a new HD and cloning one to the other. All that went well. I'm now in a place to focus once again on running and configuring Sandboxie.

I read each and every post on this thread carefully. Everyone has something to contribute, and I enjoy checking out what Sandboxie users are thinking.

So, the questions are still here...
What security programs do you run with Sandboxie?
If I add Sandboxie, which apps should stay and which should go?
Any tips on how you have Sandboxie configured on your machine?

 

The only "Active" security programs that I run with Sandboxie are ESET NOD32, Windows XP SP3 Firewall, ClearCloud DNS, Cable/DSL Router, Firefox with Addblock Plus (Malware Domains, EasyList and EasyPrivacy subscriptions).

As for configurations I do something like this:

1. Appearance->Display border around the window. I chose green color.
2. Delete->Invocation->Automatically delete contents of sandbox
3. Program Start->Forced Programs->Firefox (Option available in Registered version Only)
4. Restrictions->Internet Access->Firefox, wmplayer, java, jqsnotify, plugin-container, sandboxierpcss (Having any program here stops all other programs from running in the sandbox.)
5. Restrictions->Start/Run Access->Firefox, wmplayer, java, jqsnotify, plugin-container, sandboxierpcss (Having any program here stops all other programs from running in the sandbox.)
6. Restrictions->Drop Rights->Drop rights from Administrators and Power Users groups
7. Applications->Selected desired access/settings related to web browser: bookmarks, cookies, etc.
8. Applications->Security/Privacy->McAfee Siteadvisor

Items 4 & 5 will give you extra security, since they serve as an "Anti-Executable" to stop Malware from executing in the sandbox. You just need to experiment with what programs need to be added to the allowed list.

 

As seen in my signature, the only third party program that I run in real time is Sandboxie. LUA, SRP, DEP and WinXP Firewall are part of the Windows XP setup. SuRun is run on-demand. This configuratiion is very light.

 

I'm at a relatives place for christmas.Their PC has had only 2 security programs on their computer for the past 2-years-going on 3 in 2011.

Sandboxie and Shadow Defender,thats it,period!

No issues and no complaints!

Once again proving,you dont need to pile on the security software!!!

Merry Xmas peeps!

 

to prevent keyloggers and rootkits simple
SBIE1308 Program 'rundll32.exe' cannot start due to restrictions

 

@page42
XP firewall, Avira9 and NoScript on Firefox are the security programs that
I am using with SBIE (hardened).
In my opinion, no more is needed.

Bo

 

Yes, you are right.
This Combination [i.e. Sandbox (+) a Boot-to-Restore or Instant System Recovery]
has been much more effective than Scanners...

 

SANDBOXIE, Zemana AL , Windows firewall
Realtime

 

a firewall...

 

I purchased a lifetime license tonight.

 

Smart move...

 

great move,sandboxie is a gem.

 

Thanks. And now the fun begins... what to leave in, what to leave out.

All of my apps have been chosen for a purpose.
OA for firewall, reduced rights and HIPS.
avast! for its various shields.
MBAM to shore up the AV's detection and cleaning, and IP blocking an added plus.

After many months of steady use and no jumping around from one app to another, I am pondering leaving some of these players behind (meaning, I don't take them along with me in real-time).

What to do?

Have I created for myself a false sense of security, or have my apps been necessary cogs in an anti-malware wheel?

From a performance perspective, shutting down avast's Web Shield might make a difference... as might the Network Shield and the Behavior Shield. Maybe letting go of MBAM real-time protection might enhance speed. But then, my speed hasn't really been an issue. And I have grown to rely on OA's HIPS, viewing it as a great attribute.

Sigh.

It can be tough to undo what has been so solid for so long.

Would it be nuts to simply add Sandboxie to my mix, and leave the other players right where they are? Am I clinging to the past? Am I facing a dilemma that all beginning Sandboxie users go through?

 

For FW you can use Windows built in FW as long as you are Vista and up. If your on XP Id pick a light weight FW like LnS or PrivateFW (also has a light hips, but definitely not necessary). OA is over the top with SBIE.

I would uninstall all of Avast's shields except for the file system shield and run it on demand only. Only reason I say install that shield is because Ive seen mixed reviews on whether or not it affects Avast's on demand right click scanning.

Id also run MBAM as on demand only. If you have the Pro version you can schedule a system scan once a week at a time where you would be sleeping. Thats what I have done with my MBAM and HMP. They do scans at 2:30AM and 3:30AM respectively on Sunday every week.

Only thing I would consider running real time like I said earlier is an anti keylogger program until your comfortable with your SBIE setup with allowed/restricted programs and their internet access.

 

Boy, this is tough! It's the same dilemma many of us Sandboxie users have gone through. Here's some thoughts:

- With Sandboxie, Antivirus becomes much less important. All it's going to do is scan files outside of SBIE, which should be ones you've recovered from the Sandbox anyway. So, either cut out some of the shields or remove it completely and replace it with daily HMP scans set up as a scheduled task

- Having an anti-executable function is still necessary. Seeing as you have Online Armor already, stick with that as your anti-executable. The additional benefit is that also gives you a firewall and keylogger protection.

Personally, I'd remove Avast and MBAM, leave OA where it is and set up daily scans with HMP.

 

@Page42

I'd recommend that if you're going to replace anything, don't rush through it. Make the change one at a time. Start with getting Sandboxie to work well to your usage patterns first and then think of the others.

Firewall:

OA comes as a firewall with HIPS. Do you need them both? If yes, leave things as it is. Alternatively, do you really need outbound firewall control if everything else you run on the real system is 'trusted' and anything you don't is placed inside SB with internet access denied? Weigh your options, usability, comfort,etc and then decide. You don't necessarily have to change...

AV:

Do you feel the need for all the Avast shields to be ON? If so, then why not leave it on if you're comfortable with that as the 'speed' is good enough for you? Otherwise, perhaps File System Shield (and Behavior Shield?) itself ought to be sufficient? Consider which are the main threat sources for you and then decide what each shield's worth is. You can opt for a complete change and go to the likes of on-demand scanners like Hitman Pro only (as suggested by Scoobs72) but are you fine with the idea? Do you feel the need to scan all downloaded files and are you diligent enough to do it manually if you choose this route? Only you can tell...

MBAM

Again, what's the function of MBAM Pro in a sandboxed browser? Anything really important for you to have? If not, you can do as whitedragon551 suggested.

If all of these is way too much work and decision for you, then just throw in Sandboxie onto your setup and leave the rest intact. Get the hang of things and then your perception of what's needed and what's not will naturally flow in. Otherwise, I'm here happy to accept the Sandboxie license if you're going to give it away. Just shoot me a PM if that's the case...

 

This helps... saying what you would do if you had the set up I have. Thanks, man.

safeguy, this is good advice. I'm not prone to impetuous security decisions... in fact, I'm probably guilty of over-thinking a situation. I'll keep processing the feed back I am getting here, and elsewhere, and soon "the way" will open up for me.

 

I appreciate the input, whitedragon551.
I may rethink my entire lineup, and lose avast and lose OA, install one of the firewalls you recommended and add Prevx back in. I still have a 2 pc, 3 year license, and Prevx just might be a sweet addition alongside Sandboxie.