Discussion in 'sandboxing & virtualization' started by Franklin, Sep 2, 2008.
Good to know! thx
Thanks for good news!
thanks for the heads-up
Exactly what I was waiting for!
SandboxIE keeps improving and stays ON TOP!
Thank you Franklin
Sandboxie is one of my favorite programs.
I have some dumb questions... I know a reasonable amount about PCs but nearly nothing about sandbox or VM type apps. Whenever I've looked into them, they seem a bit overwhelming. I've asked a handful of questions here and there and never come away any more knowledgeable than before. (While some may not see it this way, if you are a newbie, there is often a bit of an elitist air about users of these apps and their willingness to help true beginners. Example, I asked about Returnil a while back and asked the main poster from the developer if there was some kind of newbie guide. His answer... no. So, needless to say, I never pursued it beyond that.)
This all said, is Sandboxie newbie friendly? (And I really mean newbie here. I'm wanting to know if this is something (if I learn it) that I can recommend to people who know nothing about PCs.) Is there a guide somewhere that is newbie friendly? (I've looked at the website and I do not consider it's presentation of information to be newbie friendly at all.)
For my own purposes, can it be ran under a Limited User account in XP? Is a Limited User account meaningless if you run Sandboxie? If it truely blocks web-based malware from the OS, wouldn't a simple firewall and AV for local file exchanges be enough security? IOW, are HIPS, behavior blockers, etc. no longer necessary?
If this sounds somewhat confrontational, it's not meant to be. But I do admit I'm a little frustrated (mostly with myself because I don't seem to be able to grasp these things.)
I felt overwhelmed also when I first heard of sandbox and light virtualization apps. The hardest part is changing the way you think and understanding what Sandboxie does. In the end, it actually comes down to trying Sandboxie and seeing for yourself what it does and what it can do for you. I'll try to explain the best I can though.
Sandboxie basically creates another copy of your browser (or whatever) in a sandbox (a sort of container) along with what it needs to work. So your really running a virtual and identical clone of your browser in this sandbox. You can also create rules that would allow your bookmarks to be saved for real in your real browser settings. You can also create other rules, but I'll keep this simple. If need be, you can recover downloads to your real machine and a pop-up will ask you what you want to do with it. When your done with the sandboxed browsing session, you can delete the sandbox automatically or manually along with anything and everything good or bad (cookies, cache, possible malware, etc.) that happened during that session. In other words if you ran ccleaner after a deleted sandbox session, ccleaner wouldn't have to delete any browser stuff.
Sandboxie and it's settings are customizable for extra security and convenience if you choose to and the developer seems to be making this easier with every release. Don't let that scare you away as it's easier than it looks and the default sandboxie settings are pretty darn secure. Sandboxie should automatically create a desktop shortcut of your default browser that starts the browser sandboxed.
I'm not sure about running Sbie in a LUA, but it would probably have to be installed as an admin because it installs a driver. I have however created a shortcut that starts my browser with DropMyRights and sandboxed. From what I understand, sandboxie also limits some rights of the browser.
The reason I run all my internet facing apps sandboxed is because they are one of the riskiest things I do with my computer besides downloads. I figure by putting my browser, media player and IM in a sandbox and deleting the content when finished should help tremendously. It's like a new found freedom and I'm not afraid to click on 99% of links anymore. If I do download anything, it's from the original site and scanned with my anti-virus, and 2 anti-malwares and/or if smaller than 10MB it's uploaded to VirusTotal or Jotti.
I hope this helps.
In its default mode, Sandboxie protects against everything EXCEPT keyloggers. All other processes are *safe* -- just as long as they stay inside the sandbox.
If you choose to move something from inside the sandbox to outside the sandbox -- a downloaded application, for instance -- THAT could be malware. Thus, you need a good on-demand-AV to help you try & spot any malware that you may have moved outside of the sandbox. You should also have an SPI-capable router.
First premisse : The system has to be clean,no rootkit/keylogger or anything keylogger,if this is true then SBIE can configured in a way that only your browser.exe can connect to the web(has to be done in the config ini file)so any sandboxed phoning home thingy can collect data but can't send out.
Its already discussed to death in earlier threads though.
Sorry Belgamin,you mentioned default mode.
Huupi, the feature to only let the browser connect, can be done in the GUI. The anti-execute feature can only be done in the INI.
SandboxIE is reasonably easy to use for a newbie, since the concept behind it and how it works is very easy to understand. The hard thing is get used to be carefull with what you recover from the sandbox.
Note, that once you recover something from the sandbox, you can still try running it sandboxed to see what it does. Only real exception to that would be a program that needs to install services or drivers.
Do I have to uninstall/reinstall?
Or will Sandbox Control/Help/Check for Updates be good enough?
Download the new version and install on the top of the previous one
Two nice tools to SandboxIE made by users:
- BorderGuard: a Sandboxie border indicator - Provides any color of border around the active window if it is sandboxed.
- Sandbox Marker: Notifier for sandboxed applications - writes the blinking (two-colored) text SANDBOXED to the windows title bar and the notifiers tray icon will change.
Both can be customized by user.
Is it possible to install this under Returnil to see if the upgrade goes ok, or will returnilmess with it?
It does not require a restart as long as you have a previous version installed.
Yes, I just wondered would Returnil perhaps cause a problem with the installation of the driver, otherwise it doesn't like my laptop as it just blacked out the screen during the driver install
Yes thats right,sorry for not explaining that clearly. Point is that if you have a resident keylogger on your system(and some are hard to detect) then anything beneficial SandBoxie can deliver is utterly pointless.
Some keyloggers come with their own FTP server and can connect straight to the WEB(bad guy),so a CLEAN system is what make SBIE very usefull if configured the right way.
Sadly installing this version crashes my system, or uninstalling ver 3.22 does, as initially I tried an update over 3.22 with Returnil protection which resulted in a black screen, I have now just tried to uninstall the prior ver 3.22 without Returnil protection and I have a black screen DOH!!
Win XP sp2 fully patched
Security software installed SSM (disabled for install/uninstall), Avast! (disabled for install/uninstall), Sygate Firewall.
Success after a bit of bad behavior I was able to uninstall 3.22 on second attempt and installation of 3.30 was uneventful
You may want to be aware of this bug with 3.30. Tzuk acknowledges it, but may be a while before he makes corrections.
Han, I'm a "keep it simple" type of guy (as indicated in some of my other posts on Wilders) and can tell you that I consider Sandboxie a very good fit for my style. If your primary intention for using Sandboxie is to safely surf the web, then "yes", it's newbie friendly. Just click on the Sandboxie icon in the system tray and choose the run browser sandboxed selection. That's it.
It's also very lightweight and not an intrusion on your system resources.
Thanks for that, I did have a quick look for issues, must have missed that one. Not one I'd worry about personally I don't think.