Sandboxie

Discussion in 'sandboxing & virtualization' started by John Bull, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Like it Peter, see what else develops. My SBie seems to have an awful lot of files listed that look delicate - are they at risk of leaving SBie for the dreaded Far East ?
    Screen shot :-

    Sandboxie data.JPG
    John B
     
    Last edited: Jul 30, 2010
  2. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Different subject. Just discovered a tiny surprise.

    All my Desktop icons I can open in Sandboxie by right clicking and sending them to the SBxie DefaulBox, except IE8. The "Send to" option does not come up, it is a smaller and different panel. It is the only icon that has declared UDI.

    I am sure somebody will tell me why and at the same time laugh at my inadequacy. I do not use IE8, I use FF but tried it for kicks.

    John B
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Step back and examine for a moment.. the sandbox was empty when you started it. If you went to a bank and input your PIN, possibly it still resides within the sandbox to be extracted at some point.

    But, if you only went to a forum or other benign site, what is in the sandbox to steal? Only whatever data that was needed/obtained from going to a benign site -- which is what? Cookies and cached gifs?

    I have no doubt that if you visit a bank, and data is stored within SBIE sandbox, a method employed by a website can take it as it pleases in most cases. SBIE is designed to keep what happens within the sandbox out of the real system. The flexibility of having multiple sandboxes with the paid version allows you to rest in peace that sandbox A is clean, but sandbox B is not, but you don't care because you don't do anything with it that would be worth anything anyway. You use sandbox A for that sort of stuff and it is regulated/deleted.

    Sul.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It can be stolen by the site, etc, but how's it going to be stolen otherwise? Something has to run, it can't. Something has to transmit the data somewhere, it can't

    So how is it going to be stolen from the sandbox
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    How. Whenever I close a browser, the sandbox is deleted.
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I have said this for months and no one listens. I set SB to automatically delete contents. On my sons computer from time to time, if I open up the sandbox in C: there are tons of files that have not deleted. It has done this on all my computers.

    If I uninstall SB like I do sometimes, then go into C: drive to delete the sandbox folder, it says it has a ton of stuff in it. One time I opened it up and there were files that had not deleted when SB was closed.
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Excellent advice for anyone using multiple sandboxes.

    For those using a single sandbox, in addition to locking down the sandbox as described by Peter2150, for additional security the sandbox should be emptied before visiting banking and shopping sites, then emptied again afterwards before resuming general surfing.
     
  8. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    This ^^

    Been using Sandboxie now for a few months now instead of Bufferzone and I've got it set up to delete contents and thats exactly what it does.
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,255
    Location:
    Sydney, Australia
    @dw426
    No.

    As per Pete & sully et al: they are on the button.
    Your observation is also correct.
    This is not a criticism of SB, just a pointer re correct set-ups ( as noted by sully :thumb: ) and end-user insights.

    We're all on the same wave here: just dissecting the finer points. :)
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If you have set Sandboxie to auto delete then you can check by closing down your sandboxed browser and watch Sanboxies taskbar icon which should show a red cross briefly as it deletes the contents.

    Sandboxie will only auto delete when no processes are running in that sandbox and if any files are eligible for quick recovery then that dialogue will show up before auto deletion.
     
  11. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    What sort of havoc with the browser can be caused which is not reversed by deleting the Sandbox?

    Well, if the same amount of care and responsibility is used without NoScript there shouldn't be any problem and Sandboxie is the safety net.

    As far as the various issues mentioned, re- or misdirection, malware installation, keylogging, etc., I'd think merely deleting the Sandbox before doing essential work and limiting the session to essential work (and deleting the box immediately on completion) would see them off nicely.

    By the way, I'm thinking that a responsible user would indulge in safe surfing here plus a DNS such as Norton and WOT-ratings. For the more adventurous types nothing may suffice.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I understand what you and the others are saying. The one thing I would argue with is care and responsibility without NoScript. In my mind, it's a little hard to prevent malicious scripts if, without NoScript showing you them and controlling them, you don't even know they are there. Perhaps I've become too reliant on it, but after seeing how many different scripts there can be on a website, I just feel uneasy with the limitation of scripting being disabled completely or allowed unlimited running. That's really, at this point, the biggest reason I've stuck with Firefox, as otherwise there isn't much left for it to offer in my eyes.

    I don't know about WOT anymore, not to wander off subject, but how can I trust something that almost entirely depends on a regular users' "vote" as to whether a website is safe or not. I used LinkExtend for a while, but it seemed to really stall things and was too "busy". Anyway, back to my point. I just see tools such as NoScript as a part of being a responsible, careful user, with Sandboxie covering my screw-ups or things that I can't control, which is admittedly very little if, again, I am careful and responsible.

    I didn't mean to turn this into an argument against Sandboxie or doubt its protection. I simply choose to use tools that are available to me and easy for me to use, to keep as much malware away as possible, and let Sandboxie handle the rest.
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I'm completely opposite as I want any and all malware to run unimpeded and I actively search for it.

    I used to use Noscript but it only got in the way. Even FF's inbuilt site checking is turned off.

    Think of all those lovely fake scan sites you're missing out on. :D

    My default sandbox is restricted to certain apps running/connecting which I use to find malware samples which are recovered from the restricted sandbox and ran within a default settings sandbox and analyzed with BSA.

    For me using Sandboxie then most other security are redundant except system virtualization and Images.
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,630
    Location:
    Milan and Seoul
    Thanks Pete and Sully,

    I've had Sandboxie for a month, and with these last configurations tips I can understand why some people are even running with no other layer.

    Indeed, its versatility makes it really brilliant. A bit of a learning curve though for the average user. I've also stopped using NoScript as it was basically disrupting my browsing experience.
     
  15. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Fully accepted Peter. I am not all that conversant with the heart & mind of Sandboxie, just that I have been persuaded by all the postal comments made on Wilders to trust it implicitly.

    The suggestion that some Bogey man can put his grimy hand inside my sandbox and grab the family jewels made me nervous. Your explanations plus one or two others have dispelled that fear.

    Thank you : Te quiero Sandboxie
    John B
     
  16. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Sandboxie's default deletion command [RMDIR] didn't always work for me too. Heidi Eraser works perfectly and never misses a beat. how to

    Might be a pain for some having to download a 3rd party secure deleter and setting it up but it's worth doing. IMO. Anything dangerous in the sandbox is guaranteed to get nuked.
     
  17. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    I have deleting manually but is it possible that the auto-delete doesn't work for you or your son because some process is lingering (uninformed thought on my part)?
     
    Last edited: Jul 31, 2010
  18. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,349
    Location:
    US
    Yes, SB has definitely made me more relaxed during my surfing. If I have to allow a cookie, or a script via NoScript in order to view a web page, no big deal, it's all going to be going bye-bye soon anyways.

    And I always take tzuk's advice and dissolve Sandboxie before going to a banking site just in case a keylogger or similar Trojan has sneaked onto my system.

    Acadia
     
  19. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    Code:
    Fourth, nothing running in the sandbox can access data locations on my machine
    what to check in sandboxie to have this done?..
     
  20. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    This post was buried by the more important issues. No problem, I have found out how to do it.

    Right click SBxie tray icon.
    Put cursor on DefaultBox>Run Any Program.
    DefaultBox panel is shown - Run Sandboxed.
    Enter " iexplore.exe " in box, click OK.
    IE8 is opened in Sandbox.
    All done !
    John B
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Open the Sandboxie control panel and go to your Sandbox setting page.
    Click on Resource access then file access

    Under direct access you can specify files that you need to access outside the sandbox. One example of this is if you want to view a word doc in the sandbox it needs to access the normal.dotm.

    So I have %appData%Microsoft\templates\Normal.dotm

    Then under blocked access I have

    D:\
    %Personal%\

    This means nothing in the sandbox can access the d: drive or the My Documents area.

    Pete
     
  22. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    hey thanks a lot Peyer,great instructions
     
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I wonder, it seems like there is always someone who says "that is great advice" when some of us talk about having multiple sandboxes, each doing something different, yet combined create the type of security we desire.

    Is it a mindset or something related to the use of a suite, or just one easy thing to use for security? I guess I found it natural to think of using a different sandbox for different purposes, and really took it for granted that everyone would do the same. Yet it sounds sometimes like some folks just want a minimal amount of boxes and had not thought of using multiples for granularity.

    For those of you who haven't thought about it like that, why not? Is it because you are using the free version with its one box limitation? Or do you find yourself just geared towards that suite type tool, where it is all contained on one unit for you?

    Really curious as to what some people might find as non-interesting about using multiple sandboxes.

    Sul.
     
  24. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Hello, i've just installed Sandboxie (paid) in Windows 7 x64. I would like to keep the Historiy in IE8, after the termination of the sandbox. Is that possibleo_O?
    Thanks!
     
    Last edited: Aug 2, 2010
  25. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    1. Yes, I have the free version. I'm trying to get a Paypal account because this programme definitely deserves to be paid for.
    2. Some users (even at Wilders!!!), may want to know and to have just enough to get along safely while using the internet for their work (or whatever).
    3. For folks like that, self included, I guess a minimum modification of the defaults should suffice:
    a) drop my rights
    b) restrict programmes that can run in the Sandbox.
    c) delete the Sandbox as often as possible.

    I know of quite a few people who are put off from using Sandboxie because of all the options experts (goodheartedly) lay out ;) .
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.