Sandboxie technical tests and other technical topics discussion thread

Discussion in 'sandboxing & virtualization' started by MrBrian, Oct 17, 2014.

  1. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Let's not make this personal, okay. Have a good Xmas!
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,909
    Location:
    .
    Yep, agreed. Good Xmas for everybody!!! :)
     
  3. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,335
    Location:
    US
    Hmmm, interesting. Bo, knowing how you sandbox so many things, was BitDefender also sandboxed? I have no issue with BitDefender, BUT it is not sandboxed AND I also use the free version.
    Thanks for the info,
    Acadia
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    Hi Acadia, an AV is something that we should always install out of the sandbox and not run sandboxed. Its good to hear from you that BitDefender free works good along SBIE. It doesn't surprise me since its a simple AV and doesn't have the addons that their paid version have. Using the addons is what causes problems to some people. I remember, the known problem with the old versions of BD was caused by something called Active Virus Control. This setting had something to do with a behavior blocker or heuristics, I don't remember. The setting has been modified into something else and I believe, its also called something else.

    I stopped using AV in Dec 2010, I tested BD probably around early 2010 or late 2009. I wanted badly to use that AV and tried and tried to make it work nicely with SBIE. But it was really messy. Applications took a long time to pop up in their sandbox when ran and the sandbox took 15 20 seconds to delete. I couldn't take that. I like my sandboxes to open and close fast, immediately, no delays. Then later, I tried BG but I got basically the same as with BD.

    But I always thought that BD free should work with Sandboxie. It doesn't surprise me that its working good for you along Sandboxie.

    Bo
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,335
    Location:
    US
    Heh, if it ever became a question for me of choosing between the two, Sandboxie and BitDefenderFree, HELLO!, don't burn out your brain cells on this one.

    The one thing that I do like about this free BitDefender thingie is that it warns me about unsafe sites even before any other program does, and these are sites that leave me scratching my head (false positives?), doesn't matter, I always redirect onward to other sites just to play it safe.

    My all time favorite security saying: The weakest link in your system's security chain is that piece of FLESHWARE that sits between the chair and the keyboard!

    Acadia
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,740
    Location:
    The Netherlands
    I was thinking about this, for example with BufferZone, which also uses virtualization, all installed files will end up on the real system, but they are all tracked and clearly marked. This can be handy to avoid user confusion. On the other hand, I still like SBIE's approach more, I like to keep all virtual files in one folder/container.

    Interesting post, which explains it well.
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,909
    Location:
    .
    Careful, not virtualization in Sandboxie whatsoever. Just file system isolation or container, you can read posts above about this matter.
     
  8. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    OK, but what do you mean by "sandbox is altering another sandbox"?
    Should I consider this good or bad thing?
    And, BTW, Meryy Xmas.
     
  9. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I'm not sure if I can agree with system-wide protection thing:
    The fact is with Sandboxie you can run everything inside sandbox, the entire Windows Explorer, than there is that option "run any program sandboxed", all applications, all exes, all dlls and everything else inside the sandbox, so not just applications (plus they can all be blocked by SBIE's policy restrictions), Pegr.
    So, I disagree that Sandboxie cannot be considered system-wide protector-on default level it is not, but SBIE can be configured that way.

    Can we say for sure that properly/super-tightly configured Sandboxie (on maximum level), properly/super-tightly configured AppGuard (Lockdown mode/on maximim level), DefenseWall (properly/super-tightly configured on maximum level) are equally good when it comes to security/protection level against all forms of malware, even the same number of exploits, as well as against the same same forms of exploits (except the method SBIE protects is entirely different from how DefenseWall and AppGuard both protect against malwares and exploits) is very different than -would you agree with me, Pegr?


    For example, if Sandboxie cannot protect .dll, .sys malformations and all other malformations or exploits (which AppGuard, DefenseWall and SBIE can protect against), can your system be fully protected by AppGuard and DefenseWall?
    I'm talking about dlls, sys and everything else that cannot be blocked by SBIE's configuration like kernel32.dll, win32k.sys and all other things that you cannot configure to block inside Sandboxie!
    And, BTW, Merry Xmas.
     
    Last edited: Dec 25, 2014
  10. 142395

    142395 Guest

    Merry Christmas!! (sorry if your religion is not)

    Well, I care more about other programs I'm running. I know you have simple setup, so while you don't experience issues, I might. But thanks for testing!

    Sorry, I don't get it. What part of my statement are you referring?
     
  11. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I mean on this:
    "I personally prefer to use already equipped native function rather than altering that by 3rd party product."
     
  12. 142395

    142395 Guest

    Okay, I meant e.g. firstly disable built-in sandbox and then wrap the browser by SBIE. Or e.g. don't use SRP or AppLocker, instead use 3rd party anti-executable such as NVT-ERP or SecureAPlus. List goes on...
     
  13. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    So you suggest, I should rely on something like Sandboxie sandboxing web-browser (without sandbox), than using Sandboxie sandboxing already sandboxed web-browser, as well as rather use NVT ERP or Secure Plus than SRP or AppLocker?
    I guess you rather personally rely on third-party software than configuring and protecting with native functions?

    Jeez, I feel really said because on my Windows 8.1, I actually wanted to use AppLocker, and on Windows XP I wanted to download and use SRP-now, I don't know what to do anymore, because I don't know if SRP, AppLocker and web-browser's built-in sandbox are enough for security and protection, I mean I never download anything at all, this is from where my confusion comes from in the first place, I just hope if I finally decide what option to choose it will be the native function or the third party software application which protects the same things on computer; I don't know which approach is the right one, and which one is the wrong one, because I'm obsessed with security when it comes to this-I mean third party security applications evolve when it comes to security/protection, Windows 8.1 and Windows XP and all other Windows before Windows before 8.1 will not evolve when it comes to update regarding security and protection ( mean you cannot buy new system every single time, every year, every month just because this new Windows system is more secure than the previous one, this is where and why people rely on third-party anti-exploits, antivirus, anti-executables, sandboxes, HIPS, AppGuard and etc. because they always evolve in order to keep up with newer methods which protect against newer cyber-threats in the first place)-while third party security software applications to evolve.

    I truly don't what's better for me anymore, the same dilemma I have with Sandboxie and Google Chrome (should I disable Chrome's built-in sandbox or not), and also between Sandboxie and Mozilla Firefox-future versions which will have built-in sandbox (should I disable Mozilla Firefox's sandbox or not), should I use SRP and AppLocker or not or use NVT, ExeRadar Pro, or SecureAPlus or not?
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    CWS, I believe you got that backwards. Yuki basically prefers using Chrome's native sandboxing rather than disabling it for SBIE. I would agree, why disable something clearly useful for potential compatibility issues?
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Yes, I do agree. Any of these applications: AppGuard, DefenseWall, or Sandboxie, properly configured, provide very tight security. The key to using any of them is to ensure that all vulnerable applications, USB drive launches, etc, are forced to run sandboxed with the minimum privileges and access to the system they need to operate. You'd be very well protected with any of them. It comes down to personal choice and what works well for you.

    Merry Xmas and Happy New Year to you too.
     
  16. 142395

    142395 Guest

    You're right, very thanks.
    Well, for anti-executable I use SecureAPlus, though also using SRP (and found it don't make another inconvenience), this is because SAP have fascinating feature. SRP can't block driver, and though can block .dll, it's inconvenient. With SAP, the inconvenience gone. And while I allow admin to execute anything in SRP, still admin is restricted by SAP. Very well combo, I feel. (Woops, it's off topic...)
     
  17. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    CWS, some people do it like me: Have Chrome sandboxied and forced to do that, it guarded by AppGuard and then also that "sandbox" of its own surely abled. Chrome's profile can't be protected/virtualized without SBIE.

    Sandboxie might have some features in Chrome not working sometimes. I remember wanting to post a picture in here that I could only do with Firefox. Those are just minor inconviniences.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    Yes, the simple setup of using Firefox with NoScript and sandboxing most programs and files that run in my computers, works real good (no malware no conflicts no stress):).

    Bo
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    I got good news for you, CWS. Regarding the new Firefox sandbox and Sandboxie, I tested Nightly in W7 and XP, the browser ran real well with no issues whatsoever with Sandboxie.:)

    Bo
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,909
    Location:
    .
    I chose disable Chrome's built-in sandbox, reason?
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=20055#p105502

    I trust Sandboxie above all, why? Because it's a security oriented solution and Chrome is not. Besides the built-in sandbox produces conflicts with Sandboxie making hard work for Curt (Invincea) to deal with them. Period.
     
  21. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,414
    For how long though when Mozilla starts having problems with conflicts or compatibility issues. Look at Chrome
    as an example and the work Invincea has to do to solve issues.
     
    Last edited: Dec 26, 2014
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    Firefox.....is not Chrome. When the sandbox is released, I ll make a decision on whether to disable it or not. In the Nightly version that I tested, the sandbox can be disabled and it can be set to be more restricted than how it comes on default, I tested all settings that have been implemented to this point. And the result in 1 to 10, regarding SBIE....it was a solid 10.

    Bo
     
  23. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,335
    Location:
    US
    Thank you, and I even like Chrome.

    Wow, that is awesome if that continues to the release version.

    Acadia
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,162
    Location:
    Nicaragua
    I hope so too, Acadia. In the Nightly version that I tested there is a setting in Firefox tools>Options>General where E10s is easily enabled or disabled.There is also a setting in about:config that supposedly does the same. When I tested that setting, it didn't work. But the setting is there so perhaps when Firefox with the sandbox gets released, through about:config will be the way to disable it. Hopefully, Mozilla leaves making the choice of using or not using the sandbox up to us, that would be in line with the Firefox way of doing things.:cool:

    Bo
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,909
    Location:
    .
    That's mandatory imao. If they don't leave as a user choice FF would lose many users.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.