Sandboxie

Hi John,

I echo your sentiments. Wilders is the only forum I regularly participate in for the following reasons: -

1. I don't have the time to participate in mutliple forums.
2. Wilders addresses the full spectrum of security related issues, not just those pertaining to a single product.
3. Wilders has a vibrant and active community of people willing to give generously of their time to help others.

Regards

 

If left as default settings it doesn't prevent anything from running,however it does contain it within the sandbox layer.So if,for example you encountered a malicious script exploiting Flash Player it'd actually 'exploit' a sandboxed Flash and be unable to interract with any real resources.Basically any process spawned by a browser that's sandboxed will inherit the sandboxed status.

 

I installed Sandboxie as a result of comments on this thread about 3 weeks ago.

My system is ; Windows 2002 XP Home. SP3 and Firefox as browser.
SpywareBlaster, AVG9 and Comodo Firewall Pro.

Sandboxie went in without the slightest problem and was ready for immediate use. I have used it ever since as my normal log-on to the Internet and have not had a grain of trouble. It has worked silently doing it`s job and performed immaculately in all respects. It has dealt with sand-boxed items just as described and has so far an unblemished record of sheer perfection.

My advice to anybody who is interested in a sandbox, is install Sandboxie NOW and all your troubles will be over. security goes up by 100%.

John B

 

I've used Sandboxie (Registered/Paid) since its early versions on Windows XP Pro SP2 and SP3.
Now with Windows 7 Home Premium 32-bit, I've used Sandboxie without a problem, too.
-It isolates my Browser from my System.
-It helps me to Open Suspicious/Ambiguous files without infecting my System.
Sandboxie is Light but is offers very Effective protection.
This exceptional Security Software have saved my Setup.

 

In fairness I doubt that there's another product anywhere on Wilders that's as universally loved as Sandboxie,it's incredibly difficult to find even mild criticism relating to it.

 

Espozito, andyman35 and everybody !

What a testimonial. I have never seen in my life any other product so widely acclaimed and showered with praise as Sandboxie. Boy, am I pleased with this thread. Without all the posts seen here, I would never have installed it on my own.

Nothing is perfect, but with Sandboxie I feel safe browsing any site on the web, no matter how ugly.

I can only thank every one of the posters for their contributions on this issue.

Tzuk, what can we say other than God Bless You and our sincere best wishes for a long, successful and happy life.

John B

 

Of note, at default settings, Sandboxie isn't as secure as it can be.

(Pretty sure you know that, John Bull, meant for future readers.)

 

Just a question for the experts who have used Sandboxie for a long time.

If Sandboxie is configured properly and the settings are adjusted correctly -
is it true that one does not need any other protection like an AV or Anti-spyware/malware program ?

In theoretical terms, if the virtual space of Sandboxie in which we operate the Internet is so isolated from contamination to the rest of our computer - why then DO we need anything else ?

I am happy with my opinions, I just want others to express theirs. I am well aware that it is a semi-hypothetical question and smacks of elementary mentality, but it is important to those who are contemplating a Sandboxie installation. They may well be puzzled on the same question.

Many thanks
John B

 

I am far from an expert, but am quite a satisfied user of sandboxie. From sandboxies site you can read that they believe there is a place for traditional AV solutions to be used in conjunction with sandboxie. Here is a relevant quote from their site:

 

I can only give you an opinion. I'm not as tech savy as most others here.
Yesterday I was using Stumbleupon to see where it would take me.
I use MSE and Sandboxie and have my FF browser sandboxed by default.
During my travels, MSE popped up with a red warning that it had detected a root kit. I don't remember which one nor the site I was at.
If I did not have MSE, or some other light AV, I think I could have infected myself if I had downloaded something from that site and then saved it to my disc.
I may well be wrong.
I'll be interested in what others have to say about your question.
Hugger

 

I'm not an expert either and not sure anybody would positioned himself to be, cause if he would - suppose he is not. Don't think you are right. Sandbox IS supposed to prevent infection of your system in situations like this. What makes you think you would be infected? One weakness of sandboxie with default configuration (and the most of others sandboxing programs) is that ANY program is free to run and has access to any file on a PC unless it's restricted by the rules. So if, say, the file "my_parols.txt" is being found in a not guarded folder, it would be easily sent to the internet. I'm talking about system, unprotected by other security programs. Of course there might happen a (very, I think) rare accident that sandboxie's isolation system is penetrated and author is accepting it. I don't think it is definitely your case.

 

Hugger if you download a infected file and recover it to your hard disc
you will get infected if your Anti virus don't detect it as malware; but if
you delete the contents of the sandbox and don't recover the infected
file then you wont get infected. John that's the reason why is safe to
go without a anti virus real time.
John lots of Sandboxie users prefer not to use a Anti virus application
real time but you should always have one for scanning files before you
do a install. I myself use Avast real time but I know I will be just as safe
if I was not running it real time.
Bo

 

Of course don't need to run real-time scanners. Blacklisting methods are outdated,far from perfect. I only use on-demand scanners for checking some downloaded files or do quick scans. I wouldn't give any system resources to real-time scanners.

 

You can recover any malware.exe from the sandbox to the real system without getting infected.

The exe has to be executed in order to infect.

I have archived gigs of samples doing it that way but I have accidently double clicked a sample outside the sandbox when meaning to drag and drop to a .rar archive stored on D drive a couple of times and that's where Returnil kicks in with a simple reboot all is well.

 

Franklin you are absolutely right when you say that to be infected by the
recovered file, it has to be executed first. I should had pointed that out
on my previous post.
Bo

 

The data given in this thread is VERY useful to anybody using or contemplating using Sandboxie.
It is to me and I am grateful to all the posters for their contributions.

Just to cut through all the official reading matter, am I correct in summarising it as follows ?
Assume that Sandboxie is installed, set up properly and the user knows basically how to use it.
====
Internet browsing and Sandboxie is operating.
All activity is totally confined to the sandbox including updates and downloads - the lot.
If a virus, Rootkit, hacker, spyware or malware etc. shows up, it is confined to the sandbox.
No harm is done, the infection cannot affect the main computer files outside the sandbox.
And there it all stays, going nowhere.
The only time anything can leave the sandbox is if it is recovered.
If updates are left in the sandbox, the item they updated IS updated within the sandbox.
Such items outside the sandbox are NOT updated until the update or updated item is recovered.
All items in the sandbox including infectious material will be deleted and killed off once the sandbox is emptied.
Sandbox deletion can be done either manually or on browser shut-down.
======
So, we have an isolation ward from which nothing gets out unless it is a modern-day Houdini.
Theoretically then, no AV or other security program is needed.
But I myself, still run my normal security programs.
I do all updates I trust by not using Sandboxie.

Is that synopsis correct ?

John B

 

John when I first installed Sandboxie I had "faith" that the software would
keep me clean but now faith has turned into "knowledge". That only happens
after you being using it for a while and realize that everything you read about
it is actually true. To me its not a theory but a fact that Sbxie would keep
keep me clean even if I don't use a real time anti virus. To me the AV is just
there but is necessary to have one even if you only use it for scans. I don't
depend on my AV for nothing but expect everything with respect to security
from Sbxie and DefenseWall.
Bo

 

If you never install new software, never enter personal credentials online, and have total control over physical access to your PC, that might just be true. However, examples of scenarios where supplementary approaches would be required are: -

1. You install a program that can't be installed inside a sandbox (one that installs a device driver or service for example) and want to check it's not malicious.
2. You bank and shop online and want to make sure that the websites you visit are both genuine and trustworthy.
3. Someone with physical access to your PC installs a keylogger without your knowledge.

These are just a few examples that are meant to be illustrative, not exhaustive. In each of these scenarios Sandboxie wouldn't help and additional security approaches in the form of blacklisting, heuristics, reputation scoring, behavioural blocking, etc would be needed.

However valuable Sandboxie is (I use it myself), no one approach to security is a complete solution, which is why a layered approach is always to be preferred.

 

is sb secure for facebook,twiter,etc?...

 

Using software from known sources will solve this. I've never had a problem with malware from a file I got from a trusted source. And if in the unlikely event that things went wrong, restoring a clean back-up image would be ideal.

I'm guessing when the previous poster said all he needs is Sandboxie, he means in terms of separate programs? Can't you simply use browser add-ons to secure this like WOT for Firefox?

How can software deal with this? Wouldn't you need to lock up your room?

 

Leach,
My statement wasn't against SB.
I meant that if I decided to save a downloaded game, as an example, that I could get infected if I didn't have an AV running real time or as an on demand scanner to check the download for critters large and small.
This would be a failing on my part, not SB.

bo elam,
Yes. You are right.
I apologize to both of you.
I didn't word my post properly.
I rarely am on the internet without being sandboxed.

Thanks.
Hugger

edit: And I too forgot that I would need to execute the file in order to get infected.
Thanks all of you for the help.

 

Hi lordbest,

I agree if you stick to known and trusted sources, the risk is minimal. I've never had a problem either. You've raised an important point, which I agree with, that security largely resides in safe practices. Common sense on the part of the user is arguably the most important thing of all when it comes to security.

In the event of something going wrong, I too would restore from a clean image, but it does beg the question of how you know something has gone wrong in the first place without software in place to detect and to alert. What worries me most is not the risk of infection but the damage that may occur from data stealing and identity theft during the time to removal. As the saying goes: Virtualisation can protect the PC from the user but it can't protect the user from the PC.

To a certain extent, yes you can. However, the browser isn't the only source of infection. Software that provides system wide protection such as AV's and behaviour blockers for example can still add value in some situations.

In terms of prevention of keylogger installation by a third party, of course you are right. Again I was only to trying to point out that to detect or mitigate against the effects of a keylogger running outside of the sandbox from stealing passwords or other credentials, other software would be necessary. A number of Wilders posters do use some kind of anti-keylogger software. It is to this market segment that programs such as Trusteer Rapport and Prevx SafeOnline are aimed at.

I don't think that there's any disagreement between us. I was only trying to make the general point that there is no such thing as one size fits all when it comes to security. As this thread may be read by a large number of people of varying levels of experience, I just wanted to inject a note of caution to anyone who might think that all they need to do is to install Sandboxie and all bases are covered. That might be appropriate for some users who understand what they are doing, but I would hesitate to make that a blanket recommendation for everybody.

Regards

 

Hi pegr!

You make a good point. However I believe that identity theft of the home user is over-exaggerated, mainly for marketing purposes. I believe that phishing/other trickery is the only reason why people have had their personal online accounts stolen, not keylogging or similar. Just the other day, I got an e-mail from a friend in my address book which had a link in it. I clicked on the link and it went to a web-site asking me to enter my personal details because I had won something. This is where people get their identity's stolen. And no anti keylogger, behaviour blocker, antivirus or whatever will stop this.

It's like wearing a lead suit (= antivirus, behaviour blocker, anti-logger) every time you leave your lead shielded house to reduce your radiation exposure. It's simply not worth it and can have bad side effects like exhaustion. Also, what's going to stop you being tricked from taking off the lead suit by a hot girl (= phishing/other trickery) who seems very interested in you, only to find that she simply wants to zap you with her radiation gun (= identity stolen).

Read above.

Read above.

In other words, I believe there is a lot of scare-mongering going around when the real-world risk of identity theft cannot be prevented by anti-this and that.

 

Hi lordbest,

You may well be right about the level of threat that people face being over-hyped by the security industry, but it's difficult to know for sure what the objective situation is statistically as regards the risk from various kinds of threats. You have expressed your own personal view which I respect.

Everybody comes to their own assessment of risk in relation to their own pattern of usage and the potential impact on them, should the risk materialise. There are knowledgeable members at Wilders who rely solely on a router, using no real-time security software, and who never get infected. I currently use Sandboxie along with Prevx SafeOnline and AppGuard, and my machine runs just fine. My approach suits me but I'm not advocating it to anybody else.

My only purpose in posting was to point out that Sandboxie does not, and can not, cover every conceivable kind of threat. As there is no such thing as 100% protection, IMHO it's all about weighing up risk and achieving an acceptable level of security without going to extremes. This is something that each user must form their own assessment of, as best suits their individual circumstances.

Regards

 

I agree pegr. It's also hard to know statistically as to how many people's identities have been saved by Prevx SafeOnline, or whether Prevx SafeOnline even works against real-world threats out there, if there are in fact any. And as I already said, Prevx SafeOnline isn't going to save you from entering your personal details in to a rogue web-site. And this method of identity theft is not only the most common, but the only type I have ever come across.