sandboxie or OA runsafer ?

Discussion in 'other firewalls' started by thathagat, May 29, 2009.

Thread Status:
Not open for further replies.
  1. thathagat

    thathagat Guest

    well...can someone explain which is ideal for internet facing programmes....with gaotd OA offer i am using OA+Dr web av5....should i continue with sandboxie 3.38 paid or OA run safer gives ample protection...also i read somewhere that OA webguard does not work with sandboxie....is that the case?
     
  2. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    IMHO If you're already using Online Armor's firewall and HIPS you should just use their RunSafer, it provides great protection.
     
  3. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    Run safer explorer.exe (windows explorer not internet explorer) then logoff and login, now you are a nearly a limited user for most operations, run safer your internet browser too.
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    I run my browser and mail-client with Sandboxie and both are set to RunSafer at OA.

    OAs Web-Shield doesn't work with a sandboxed browser, but Banking mode works.

    Cheers
     
  5. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Just a question here but wouldn't running your browser sandboxed with the Drop rights toogle on in SBIE be the same as RunSafer?

    Ice
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    As a generalization, that isn't quite true. Runsafer will protect the system as long as the malware needs administrative rights to do it's deed. But if it doesn't then Run safer does nothing.

    I've got several pieces of malware that lower rights doesn't help a bit, but sandboxie protects the system.

    Also Run Safer doesn't prevent the malware from getting on the system nor make it easy to delete. Sandboxie does.

    I run both of them and the work great together and compliment each other nicely.

    Pete
     
  7. fasteddy2020

    fasteddy2020 Registered Member

    Joined:
    May 12, 2009
    Posts:
    106
    Location:
    USA
    I don't know if it matters or not but I run a sandboxed browser with OA webshield on and I have no problems whatsoever.
     
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Yes, but the difference is obviously that the browser must run sandboxed whereas RunSafer works always (as long as OA is running), even if the browser is hijacked by another application.

    This doesn't matter much if you force your default browser or mailclient to run sandboxed.
    But if not, RunSafer is the second safeguard.

    Cheers
     
  9. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Very good point Subset. Now the light at the end of the tunnel is becoming clear. I don't force the browser, so I will use RunSafer as a safe guard with the sandboxed browser.

    thanks
    Ice
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    You are absolutely right. I do force my browser into the sandbox, but there are times I can't, so Run Safer is a good fallback.
     
  11. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Err... that was only hypothetical. :cautious:
    No, there is no 100% security and also human errors may lead into disaster, like trusting the wrong program.

    For example, I have tested some apps with Trojan.Win32.KillAV.yp today.
    Among other things it tries to run the default browser from a batch file with command line parameters (-url "http://www...")
    Browser not forced to run sandboxed + no RunSafer. :ouch:
    But with RunSafer the chance that really bad things happen is relatively small, even if I trust this Trojan.Win32.KillAV.yp (hypothetically...).

    RunSafer is set it and forget it, there is no popup for RunSafer and there shouldn't be big problems with browsers or mail-clients etc.

    Cheers
     
  12. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    How common is it for malware in the wild to be able to bypass lowered rights?
    Thanks
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Probably not very, although it only takes once. Main thing is to understand the difference, and then you can make a sound judgement.
     
  14. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I like the idea of running the browser sandboxed with OA RunSafer. I see no slow downs combining the two. I have tried this on IE8 and FF3.5b4. Forcing the browser into a Sandbox doesn't sound like a bad idea either. The only issue I had with doing that was when FF issued an update for the browser and I had problems updating the browser. However, I could have downloaded the .exe and installed it that way. Good thread by the way.

    Ice
     
  15. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi IceCube1010

    Have a look here for a temporary way to disable forced programs. http://www.sandboxie.com/index.php?FileMenu#disableforce

    After you know Firefox has an update, you can use the above method to disable forced programs and then start Firefox during the allotted time limit you set and update it that way.
     
  16. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    thank you innerpeace! Search and you shall find.

    Ice
     
  17. thathagat

    thathagat Guest

    As updating is not possible of forced sandboxed applications until they are run un-sandboxed, so does a similar procedure apply to applications set to runsafer ? so when updating say my browser do i have to run it non sandboxed and runsafer? or are updates possible with runsafer option turned on?
     
  18. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Awesome to have this. I only stumbled on disabling forced programs through a right-click of the sandboxie icon.

    Thanks for the link which shows how to set the time limit for disabling forced programs. :thumb:
     
  19. wat0114

    wat0114 Guest

  20. wat0114

    wat0114 Guest

    Indeed, lots of usability and configurability. Also, and maybe I'll sound like a broken record, but I have so much confidence in the security it provides that it is the only security app running on an old dog of a computer the kids use. for their needs I see no need to even run antirus on it. SB is configured to flush away all leftovers and force their Internet apps in the sandbox. It's a wonderful thing :)
     
  21. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    It's funny but your probably right.
    Ice
     
  22. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I have tried updating add-ons for firefox (outside the sandbox) with the runsafer option and had no problems. I may have even updated firefox itself but I can't remember :( . I'll have to try it next time I update. Which browser do you use?
     
  23. thathagat

    thathagat Guest

    main browser opera 9.64 run forced sandboxed+runsafer
    chrome just runsafer....maybe I should also force sandbox it too.
    IE8 only for checking windows updates
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I don't have either of those to check. Hopefully someone else can confirm if an update is possible with runsafer on.

    If you use a program like Returnil, it can be useful while trying new things such as this. If the update or your browser doesn't work then reboot and everything is back to normal.
     
  25. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    I use OA paid without AV ver. 2.1.0.131 with Runsafer enabled, and Sandboxie free ver. 3.28.

    I update Firefox and Firefox extensions (NoScript, AdBlock Plus, IE Tab and hideBad) outside Sandboxie with Runsafer on. It works for me.
     
Thread Status:
Not open for further replies.