SANDBOXIE HIGH TECH PROTECTION

My fingerprint reader will not work with Sandboxed Firefox. Browsing is slower.

 

Sandboxed browser opening times:

4 seconds for Firefox to start.
5 seconds for IE6 to start.

Once firefox is up and running, to start a second Firefox takes only 1 second.
With IE6 it's always the full 5 seconds.

Not an unbelievably fast pc, but fairly nippy. Dual core AMD64 4600+ with full 3gb ram. Windows XP SP2.

I'm running KAV7, Prosecurity Free, Ad Muncher and Browser Sentinel in real time.

muf

 

Good grief, for all of the protection that it provides who cares if opening up something in Sandboxie is slower. If using a pc over the past 8 years has taught me anything it is this: patience is required to correctly and safely use a pc.

Acadia

 

My thoughts exactly.

 

Yeah but that is not the point. This always develops into a poll like thing. My comp is this, my comp is that, and followed by who cares anyway. The point is that if a number of people say one thing and you are experiencing something different - then.... something is wrong. It's very true that you could decide to live with that difference, and that is of course fine. Or you may decide that this may be indicative of a problem that might just jump up someday. Maybe it can be located now. If my browser was loading extraordinarily slow and a bunch of folks said that wasn't the case with them - I would be formatting in the AM and the culprit program would be gone. But that is just me, doesn't make it right or wrong.

 

Absolutely. A few additional micro-seconds to get out of the gate with the browser is IMO worth much more than any of the time that would be required to effect a repair due to some malware entry.

I definitely concur with that summation, and plus SANDBOXIE ROCKS!!!

This forum and all of it's member's & staff's contributions & discussions in security ware is educated me beyond my wildest expectations and trumps anything i ever done or suggested as a hijackthis specialist before. These apps and the way they are scrutinized greatly elevates their capabilities well beyond normal expectations, and for all that i owe a thank you to all.

 

Hmmm, mine takes 6 seconds to load up firefox. Less than 3 seconds to run Opera sandboxed and 8 seconds to run IE7 sandboxed. Basically the same time as it takes to run them without the sandbox.

Could it be one of your add ons slowing the process down? Try disabling all of them then running Firefox sandboxed and see if it still takes as long as before. If it doesn't then re enable the add ons one at a time to see if you can pin it down.

HTH.

 

The more i read delays from IE7 and FF the more it convinces me that newer will never always equate to being always better, and conflicts that follow give evidence to that they are ineviditable each and every new release in spite of hype or claims, so it's IE6 for this user untill further notice. Loads instantly, no delays nor conflicts, and is very well protected even under SP2.

EDIT: My spelling is awol lately

 

I did that, and no matter how many extensions I disable FF always takes 24 seconds to load after a boot up, and takes 10 seconds if I access FF again during the same boot WITH Sandboxie on. With Sandboxie off, It took about 12 seconds to load after a boot up and about 4 seconds if I access FF again during the same boot. Now after I disabled the addons "Forecastfox" and "Customize Google" it takes 4 seconds to load after a boot and 2 seconds if I access again in the same boot with SB OFF. So, add onns do have an effect but not a big change disabled with SB on. I like my "Forecastfox".

 

Hmmm, the world was created in one day. Wonder if that was Sandboxed or not.

 

Was it in beta?

 

from the looks of things, I would say it still is.

 

Amen! .

 

Not to me, I´m extremely picky about these things. On all of my machines, I´ve seen that SBIE will add at least 5 seconds to startup time, and that´s the main reason why I choose not to use it as a realtime protection tool. I hope that someday this will be improved. But at the moment I feel quite save sandboxing apps with SSM/NG + SRP, of course without virtualization.

Btw, I´ve tested it again and it seems like even the latest version of SBIE does not protect against the SSDT unhooker (Rootkit Agent EZ), meaning that it will be able to wipe hooks of all security tools installed, but on reboot everything is back though. Also, SBIE will continue to function correctly, even if the hooks are wiped, not surprising since it doesn´t even seem to hook into the SSDT? I thought all HIPS had to do this, can someone explain?

 

A SandboxIE user could forego altogether sandboxing anything except the browser and even it too then sandbox it from the right click context menu.

I find it weird so many seem to experience delays on bootup from SandboxIE, do you first delete %sandbox% contents before restarting? Does that make a difference, after all, files have to pile into the folders when sandboxed and that might be something to look at.

Tzuk though is the specialist in this, i would approach him with this type concern. I still say FF is a chief problem with many users issues & SandboxIE and why i'm quite content to rely on old IE6 or Opera.

 

I've been curious about this time delay thing, so timed msie6 and Kmeleon 1.1.3 with and without Sandboxie.

Without, msie6 opens in a bit over 3 seconds. With Sandboxie, it take exactly a second longer.

Kmeleon times are virtually identical. Kmeleon is much faster during surfing, and I use it almost exclusively.

Obviously, from what I've read, other PC's may be different. Regardless, for the safety provided by Sandboxie, I can't see quibbling about a second, or even two or three seconds. Those few extra seconds barely gives me time to light a cigarette.

 

If you can knock off another second you could quit smoking.

 

The vulnerability has been fixed. This rootkit was first mentioned by NicM a while back, but since then I´ve never saw him on this forum again. As you may remember, quite a lot of HIPS were vulnerable.

http://sandboxie.com/phpbb/viewtopic.php?t=2901
http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

 

Agreed.
Starting Opera sandboxed takes a couple of seconds on my PC but that don't bother me.
After Opera is sandboxed, zipping around the net is just as fast as without it.
So the couple of extra seconds to start the sandbox is nothing compared to the protection SandBoxie offers.

 

Hi all,

I currently have a client I setup with Prevx 2.0 and Sandboxie...
Fun part is I have reduced my work with her enormously by finally successfully training her to use the sandbox properly. However prior to that I had several issues where Prevx would Jail spyware twice, once captured in the sandbox and once in the primary system... actually causing a bit of problems until I was able to manually clear the sandbox for her... (Prevx would lock the bug in jail and would not release/delete even after reboots until the sandbox was emptied)

This goes to prove that the combination is preferable for high risk /low skills users... I still cant get how she managed to get infected twice... Both in and out of the sandbox with same malware. My thinking is that she got infected and still allowed the executable out of the sandbox and ran it somehow but before Prevx made the catch... (worthy of note: She doesn't want to delete the sandbox after each use which probably facilitated the infection and she loves to download everything, from free icons to mp3's).

On a side note, this one follows Easter's effort. I am playing with exploding every malware I get my hands on within sandboxie and so far I cant report anything... I am also going to sites to purposefully infect the box and still nothing... Great software!

 

I think i've exhausted my runs of malware and they were contained but i want to retry another one that for some reason seemed to evade sandboxIE and proceeded to unregister vscript + jscript.dll which are important components to accessing system restore. There is a small possibility that my settings were not adjusted to cover this file.

I'll retest again today to ensure this is true or not and if so send the file to tzuk for lab examination.

EDIT: Sratch that possiblity. I run the same file with Power Shadow and nothing happened this time. This malware is full of sneaky surprises and evasions.

 

I was playing with some malware in sandboxie yesterday and after I did a scan with ewido micro scanner to see if it would detect some of the malware in the sandbox the scanner picked up a detection in the system restore,

I also had returnil on and after a reboot and rescan there wasn't any detections in the system restore,

did the malware get out of sandboxie?

there was only one detection in system restore all the other detections were found IN the sandbox.

 

Sandboxie member Paul_K explains System Restore here;
http://sandboxie.com/phpbb/viewtopic.php?p=14656#14656

 

Thank you for that link MitchE323 I never read that post before,

now I understand how the malware got in system restore and how to stop that.

 

people using good solid imaging solutions turn as a rule system restore off.

So they get rid of these huge files, and in place using imaging as a more and better replacement for System Restore.

benefit : no risk as mentioned and a smaller system part.also more reliable !