Sandboxie Configurations Learning Thread

I also have DefenceWall that will stop a key logger.

 

I'll try to explain it this way. Everything that you have stated is completely correct and would apply if the goal was protection against "current session" keyloggers. You have to think of Sandboxie as protection against "past session" keyloggers. Current session keyloggers are easy, as Pedro has stated, all you need to do is start with an empty sandbox and go immediately to your bank site and 'exit and empty' thereafter when you are finished. The assumption is that your system and the bank site are clean. That assumption quantifies your risk factor.

In this respect Sandboxie even with merely its' default settings (I think this is WilliamPs' question) will give you adequate protection. Most securityware offers this same level of protection. After all, if you start with a clean system and go immediately to your bank site, and that site itself is clean - what is there that is going to get you?

But what if you were doing this for the hundredth time? Could any other security product give you slam-dunk protection against any keyloggers picked up in the past? As you say, there are many ways for an exploit to happen. Since Sandboxie has completely flushed all of this past activity away, and done so in a total fashion, the likelihood that your system remains clean for todays bank visit remains high.

 

SandboxIE is a tool. It won't stop you from doing what you want to do.
It makes sure you save only what you want, install what you want, and so on. It's not smart to tell you what's bad or not.

An AV is also a good tool. If it's a known trojan for instance, the AV will tell you "this is a trojan". Then there is no doubt, unless it's a FP. If you suspect it is a FP, contact the AV company.

This is about SandboxIE, NoScript is not relevant.

 

i already knew that amigo,my point is that for average people i think it is good idea to run both,for extra protection.

 

Then i agree.

 

On one computer I tried adding Internet Explorer as the only program allowed to access the internet. When I do this IE won't work. If I remove it from the settings IE will work again.

 

Check that you added it correctly as iexplore.exe, many times a mistake happens as people add an "R" at the end as in iexplorer.exe.

 

From one Sandboxie fan to another...great explanation, Mitch.

 

Thank you Mitch. I had it wrong. What do I have to put in for firefox?

 

If you use Sandboxies' "Add By File" and navigate to the exe file in question, you can avoid spelling errors. But in any event Firefox would be firefox.exe.

 

the question didn't make that distinction but if you want to make that distinction then yes there is a very big difference in what a sandbox can do for you between the current session and old, destroyed sessions...

but there are also things that can survive session destruction because they aren't technically inside the sandbox but are part of your setup... it's not a keylogger per se (though one possible application is to facilitate man in the middle attacks that can be used to capture everything you send over the internet, or to automatically reload your system with drive-by downloaded malware such as a keylogger as soon as you try to connect to any site)... i'm talking, of course, about pharming attacks, especially drive-by pharming where javascript or flash connect to your router and change the DNS settings... since the router isn't inside the sandbox, the changes to the DNS settings don't get reverted when you destroy the sandbox session...

 

All true, and that is where your other security programs (or Windows settings) would be used that would target any weaknesses in your setup. If a user considered those exploit avenues to be likely, the user can add to his setup. Sandboxie is a pretty nice "Baseline" security product though.

 

agreed... just in case anyone got the impression i don't like sandboxie, i actually do like it... in fact i like it better than other sandboxes i've tried... i just keep in mind that like everything there are limitations to what it can do and by making myself aware of those limitations i'm in a better position to find ways of compensating for those limitations...

 

Agreed Mitch, but maybe that last line could read:

Sandboxie is an excellent "Topline" security product though.

 

Because of pure laziness I havn´t read the hole thread, but I configure sandboxie in the following way:


1. Every application runs in its own sandbox (media- and network applications)

2. Blocking network access for my media applications and only allowing network access for one application in each sandbox for my network applications.

3. Blocking file access for my network applications and only read access for my media applications regarding my data harddrive (Z:\).

4. Blocking file access for all my sandboxed applications regarding cmd.exe, cscript.exe, wscript.exe, regedit.exe and notepad.exe.


/C.