sandboxie question

Discussion in 'sandboxing & virtualization' started by stephenjg_2001, Jan 30, 2011.

Thread Status:
Not open for further replies.
  1. stephenjg_2001

    stephenjg_2001 Registered Member

    Joined:
    Dec 21, 2010
    Posts:
    18
    ok so i have another post but its old and no one notices it so i thought id repost. Im new at sandboxie and im pretty sure i know how to use it, i know that no files can escape the sandbox but does that also include toolbars, video codecs etc? For example, you go to a website with tv shows and other video files for free, before you can watch any movies you get a box in the window saying "codec needed, download?" now obviously its probably going to download spyware etc but after i close the page will i still be ok?
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Sandboxie does exactly what you tell it to. If you have made exclusions then files used in the sandbox can/will be placed in the real locations. If you have not made any exclusions, then you might be asked if you would like to recover sandboxed files to the real locations, but it will not happen without your approval. Its all in the options you use.

    Sul.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    If you keep your browser settings within Sandboxie on default or only change
    to allow bookmarks to be saved, then the codec will not remain when you
    delete the sandbox.

    Bo
     
  4. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    @stephenjg,

    What OS do you use? If it's XP, then Sandboxie is pretty much bullet proof and you should be safe downloading and running any app/file in a sandbox. If your OS is Windows 7 (64 bit), then Sandboxie's level of protection, while high, may not be quite as impenetrable. More about that here: http://www.sandboxie.com/index.php?NotesAbout64BitEdition
     
  5. stephenjg_2001

    stephenjg_2001 Registered Member

    Joined:
    Dec 21, 2010
    Posts:
    18

    Im using Windows Vista 64 bit, with Chrome. I wish i could type the address here im wondering about but i know i cant.
     
  6. Prole

    Prole Registered Member

    Joined:
    Feb 2, 2011
    Posts:
    36
    Often, once you see a popup like that, no matter what you click on your already infected. Sometimes it changes your registry so that it runs the next time you start your computer.

    But Sandboxie will stop this from changing your system...99% of the time.
    There are all sorts of ways to stop this in Sandboxie.
    You can set restrictions...you can set Sandboxie to allow 'read-only access' to you 'C drive' and Programs folder...etc etc.

    Also, you can go online using a 'Standard User Account' to further restrict what malware can do.
    And for gods sake leave UAC enabled.
    :D
     
  7. stephenjg_2001

    stephenjg_2001 Registered Member

    Joined:
    Dec 21, 2010
    Posts:
    18
    Its not really a pop up, its more like a interactive window inside the video before it plays asking to download the codec. Theres no pop up, it is easily closed with no ill effects.
     
  8. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    I'm confused. Is there some essential difference between a popup video window vs. "an interactive window"?

    Could Sandboxie-knowledgeable comment on stephenjg_2001's "it's easily closed with no ill effects". If the video were malicious, is just closing the video in a sandbox enough? How would stephenjg_2001 know there were no ill effects? If the video had in fact some malicious content, is it possible that the sandbox could be infected, and that anything in that sandbox or future actions in that sandbox could be compromised? At what point is it best practice to delete the sandbox?
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I delete the sandbox often, never keeping it. When you browse sandboxed
    using Sandboxie, every thing that you do is kept isolated from your real
    system so its not affected by whats inside the sandbox. Codecs that get
    installed or changes to your browser done by malware or you, will be gone
    when you delete the contents of the sandbox.

    Bo
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Hey Bo
    In addition to boxes for other internet-facing apps, I have created a couple browser sandboxes... one for ordinary use, and one for, let's say, financial use. The 'ordinary use' box doesn't get deleted (erased) until near the end of the day. But the 'financial' box, which is used for anything like banking or medical records, gets deleted immediately after use, on the outside chance that a keylogger is at work. I don't think the likelihood of that is very great, because of how I have configured the sandbox to restrict both internet access and start/run access, but it's a routine that I follow regardless. I assume that this is a fairly standard way to use Sandboxie. :)
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    It is for me anyway ;)

    Sul.
     
  12. sindbad

    sindbad Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    17
    So, in each sandbox you have to update all the programs installed in that sandbox?

    Best regards,

    KOR!
     
  13. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Well, you could/should I suppose. I don't use Sandboxie that way myself. I install programs to the system, then restrict what they do with SBIE. If I need to put an update in place, I do it outside of the sandbox. I save bookmarks outside of the sandbox. I set my options/config outside the sandbox. If I delete a sandbox, only a few things might need to be rebuilt, maybe a certain option I only use when sandboxed, etc. I only install things that are "temporary". I have a box devoted to trying/installing things, and routinely delete it after playing.

    Of course, others may use it differently most likely. I have always thought of the sandbox as a "playground" so I view the system as the original and the sandbox as a copy. If I want to make a permanent change to something, like a browser option, I do it outside of the sandbox, then delete the sandbox contents, then the next time the program etc starts in the sandbox, it inherits whatever those changes were and they stay until I repeat/modify.

    Sul.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Sully answered better than I could... I update or make changes (to the browser, for example) outside of the sandbox, then the next time the browser starts in the sandbox, it inherits those changes. Since I have IE set as a forced program, when I want to do something with the browser outside the box, I right-click the SBIE icon in the system tray and select 'Disable Forced Programs', and then open IE. When I am done, I can either uncheck that option, or it will time out, since I have it set for a given length of time... although I've now forgotten where that particular setting is. ;) HTH
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I also do it like Sully and Page, always update out of the sandbox. Basically
    UPDATES are the only thing that I do out of the sandbox, nothing else.

    Bo
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    You know Page, one thing that I learned during the time that I have used
    Sandboxie is that there is not only one way to use Sandboxie properly.
    You and I wont be using it the same way and it would still protect us
    better than any other program that is out there and as long as we tailor
    it to our needs and balance it properly, nothing will get in or go out
    unless you allow it.

    Bo
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Yes, I am beginning to see that, Bo.
    And it really speaks to the power of the program.
    I frequently spend time just perusing the settings and configurations, mostly stumbling across personal "ah ha" moments. :)

    Say, do you happen to know where the setting is for the timer (length of time) on the Disable Forced Program feature? I ran across it once, and changed it on one of my computers... maybe I changed it on both of them, I've completely forgotten what the default is. One computer has that feature set for 10 seconds, and the other is for closer to 3 minutes. I'm scratching my head over where that setting is located? :)

    Edit in: I'll post this over on the SBIE forum too.
     
    Last edited: Feb 12, 2011
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Sandboxie control / file / disable forced programs.
     
  19. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    You da man, LoneWolf. ;)
     
  20. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Sul,

    Thank you for taking the time to reply. And, thanks to Page42 and Bo for their responses too.

    Sul, I have read on this forum about Sul's setting for Sandboxie. Did a search on the threads you have started before responding to this. Couldn't find it. Can you please point me to this thread?

    All my operating systems are Windows 7 x64. Only, one of the laptop has Windows 7 x32, which is hardly used and doesn't have Sandboxie on it.

    The people at the Sandboxie forum are really nice, especially Guest10 and few others. He is a God sent there. I recently learned that one can install programs in Sandboxie and also learned that programs that require "adm rights" can be used with Sandboxie (inside and/or outside) with "drop my rights". I have set up a Sandboxie just for that.

    I have two problems with Sandboxie which I still haven't able to sort out, though I have not posted them at Sandboxie forum. This is with Firefox installed outside the Sandboxie.

    1. It takes Firefox ages to load?

    2. The colored boarder outside the Firefox takes makes the scroll (up/down) very thin. So, when I try to scroll up and down, Firefox usually freezes?

    Many thanks,

    KOR!
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    If your FF takes about 5 seconds to open, that would be fine but if its
    taking 20 seconds or so that probably means you have a conflict with
    another program, like a FW or HIPS or an addon.
    I never used the border, always use the # setting that's on default.
    The # setting makes it clear that you are sandboxed and it does not
    create problems, maybe it will work better for you than the border.

    Bo
     
  22. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Bo,

    Thank you for your answer.

    It takes about 4 times longer to open FF in Sandboxie than it is without. This is FF installed outside the Sandboxie. All the programs, FW, HIPS and add-ons are the same.


    The #...#, doesn't work in all programs, and especially in FF v4 beta10 onward. And, the color border is easier to see at my age.

    Best regards,

    KOR!
     
  23. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Firefox was slow with me with Sandboxie so i now use Chrome
     
  24. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196

    I am using sandboxie free at the moment and I have a question about the sandbox file in C:\. If I download a program it ends up in that sandbox file in C:\
    If I open the sandbox file there is in it, the default box, user folder, current folder and my documents folder and the download folder where I want to download the current program ready to be recoverd. I still haven't recovered it yet via immediate recovery. Now, as that downloaded program or file as it sits in C:\ sandbox folder, is it actually sandboxed and can I scan it there with say an AV or say MBAM to see if it's safe before I actually recover it to my actual Documents down load folder? That is the main point point of my question, is that downloaded file actually sandboxed while sitting in C:\ sandbox folder.
     
  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Wow, I have responed in a lot of threads, hard to know which one you might mean :) Also I don't start as many threads as I reply into, so you might use keyword sandboxie and user sully.

    I would look at the Sandboxie Configuration Recommendations thread first.
    https://www.wilderssecurity.com/showthread.php?t=240008

    Sul.
     
Loading...
Thread Status:
Not open for further replies.