Sandboxie Pro questions

Ease of use... absolutely. If you make it so restrictive that you lose some functionality, then to me it's too much. My goal is to have my computer as secure as I can while still being able to do everything I want to do on it, easily.

The great thing about Sandboxie is I can set up 2 sandboxes for the same thing though... one with ease of use in mind, and the other for a secure session. Then I just right-click and pick my poison. Of course, if you want to "forget it's there", then this approach isn't viable.

Sully's quote:

"I use many sandboxes, each for a specific program and purpose. I really like knowing how things are going to interact, or rather not interact, both in sandboxes and in the real system."

Frickin A man!...

 

Eh, using multiple sandboxes means choosing. No fun.

 

Using multiple sandboxes is not really 'choosing', as programs open
sandboxed automatically, when you click on files. Choosing is, if
you have to right click on a file in order to run it sandboxed, but
thats in your past now.

Bo

 

Actually, I was meaning that multiple sandboxes means less choosing and less possible secuirty problems.

The way I use it is that like you, I don't really want to be bothered by what is or is not sandboxed. But I also don't want to lump all my apps in one sandbox. So I create one sandbox for one browser, and restrict it so that only that browser and any needed helper apps like foxit are the only thing that can run or have network access in it.

Now I can start Chrome, and know what is going to happen -- only Chrome will run etc. At the same time, I have a sandbox for QTWeb that is stand alone, but that deletes its contents on shutdown. I don't have to do anything special, only to realize that in the Chrome box things will remain until I manually delete them and in the QTWeb box things are always deleted. This gives me one sandbox with cookies and passwords for places like this so I don't have to enter them all the time, and one the opposite. I then use my browsers for different purposes, knowing which one has what characteritics and use them accordingly. It all happens transparently.

In the same manner, all my media players are in one sandbox, so that I know that any sandbox that calls a media file into play does not actually start the media file, but rather they start within my media sandbox. Again, nothing I have to do, only to realize how my sandboxes work to segregate things from one another and the system.

The only time I have to right click is on a file that exists somwhere out of the normal places that I want to start in my test sandbox, or if I want to do what I call a live test. My normal test box (my downloads sandbox) allows all programs but no net access, and my live test box is a default box. But for testing, I am fine knowing I have to manually change how things work, as I want to know what is going on. For everything else, it is seamless.

Sul.

 

We all have our own unique ways of using Sandboxie. This is just a testament to the versatility of the program.

One thing that seems to be unanimous: it is great software, however you choose to deploy it.

 

One of the benefits of using Sandboxies registered version is the ability
that we have to create more sandboxes. On top of that, we can use
them at the same time. It can not get any better.

To take SBIE to the limits, for better isolation, creating and using
multiple sandboxes is a must.
This quote is from the bottom of this page.
"Create more sandboxes for better isolation of separate programs."
http://www.sandboxie.com/index.php?UsageTips

Bo

 

I have each individual application sandboxed separately. But I don't have multiple sandboxes for a single application.

 

I think it only really makes sense to do for a browser, nothing else. 97% of the time I'm doing normal stuff like I am now, checking email, surfing, posting, ect... And when I'm doing so I don't want things too restrictive. I want everything to work. But that 3% of the time I'm doing things I consider sensitive (purchasing), I want a stricter set of rules. That means no plugin-container, no direct access to bookmarks, no nothing really... other than Firefox & Keyscrambler.

It's no different than having sandboxes for 2 different browsers. It's just that I'm a one lady man, and I only have eyes for Firefox.

 

I think I'm going to dump the manual sandboxing via Comodo and stick to just Sandboxie.

I'm still going to sandbox anything that connects to the internet.

 

I these sandboxes normally. I have been testing Chromium without SBIE for a while now, nothing to report though.

Unique sandbox for:
IE
Chromium
QTWeb
(any other browser gets own box if I use it)

Media Players - all get same sandbox
Downloads - force downloads directory - this is also my test box as it has no outbound access allowed
Live Test - default box pretty much, but allows testing things which I want to allow online

And that is pretty much it normally. Not too complicated, and the independent browser sandboxes let me know what is going on. Everything else is not as important. I used to use LiveMail, and had a box for that too, but don't any more.

Sul.

 

Honestly, I don't really think Chrome needs the sandbox... I have direct access to the downloads folder, which is set to LowIL, and I don't doubt Chrome's own sandbox. I have it sandboxed because if I'm going to be adding on to my attack surface I may as well make good use of it =p

I only have one browser (Chrome Dev) and that's the one I'm sandboxing.

I have Comodo sandboxing MPCHC and I might move it to sandboxie eventually but I have it working right now so it's not a priority (I feel it's secure as is.)

I could force my downloads directory. I copy and paste everything in "Downloads" to my "Everything" folder anyways to move from LowIL to MedIL.

I have a "Manual Sandbox" for stuff I don't trust but I might also use Comodo's sandbox for that. I need to configure it more.

 

This are mine:
Firefox Tight
Firefox Tighter
IE
Downloads
Foxit
Office:Word,Excess,Power Point
All:Only Drop Rights and delete contents is enabled, all other settings
are on default. Mostly use this one for FF when Flash needs Internet.
Prueba: For trying programs
Outlook Express
USB Drives
CD Player
WMP
WExplorer:7Zip, WinRar, HJSplit
Windows Explorer

I run as an administrator, no AV, XP firewall. Nothing but SBIE, so I
run everything sandboxed except KMPlayer.
Bo

 

What's the difference between "tight" and "tighter" for FF? Just wondering. I've already got Chrome really very tight.

 

On one I only allow Firefox to do anything. On the other
one I also allow Foxit and Flash to start but no internet.

I dont use any other plugin or Java.

Bo

 

You run on the internet with no Flash? Hm. I couldn't last.

 

Videos like this one are the only reason why I have Flash.
http://www.youtube.com/watch?v=Y1PiHsS8LP8

Bo

 

Flash comes in Chrome by default =p I do'nt worry about it >_> I'll just learn to avoid certain videos

 

Duane Allman: considered by Rolling Stone as the 2nd greatest guitarist of all time

 

This one was good laugh!!!

So, the guy who says that users shouldn't have to use common sense, is using/going to use common sense!!! Priceless!!!

(Just messing with you!)

 

=p Well I've gotta stay away from certain videos of guitarists.

If only there was an OS-based security method for such a thing! haha