Sandboxie

Discussion in 'sandboxing & virtualization' started by toploader, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i'm trying Sandboxie on my system to see how it runs.

    it installed ok and runs with no noticable slowdowns

    there is a little icon in the system tray - right click on it to launch your browser.

    sandboxie works by creating a [virtual drive] folder - everything downloaded to disk goes in there. no changes are allowed to your real disk.

    The advantage is that no virus, trojan or spyware downloading via the browser can install itself on your machine - so you can surf the net completely protected.

    of course you can't download any files you want either or update bookmark files etc as they are lost at the end of a session. (but you can explore the sandboxie virtual drive and move files out - but of course they might contain malwear)

    at the end of a session just delete the contents of the sandbox and terminate all sandboxed processes.

    if anyone else is using sandboxie please feel free to add your experiences and thoughts to this thread.
     
    Last edited: Sep 26, 2005
  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Looks good!

    Seems like it works with any browser. I was first under the impression that it only worked with IE because of Sandboxie.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Toploader,
    I would use Sandboxie too, but Sandboxie doesn't work always. It depends on the configuration of your system.
    IMO Sandboxie is developped in a specific environment and has never been tested in other environments.
    If you have bad luck, it won't work with Firefox, unless you find a workaround to make it work.
    A software that works like that isn't professional enough for me.
    If I had to choose between Sandboxie and ShadowUser, I would vote for ShadowUser.
    So I ditched Sandboxie because of that.

    Another possibility is AntiMalware, which also works in a Virtual Safe Environment, but I still have to learn how this software works.

    IMO softwares like Sandboxie, AntiMalware, ShadowUser, ... are much better than definition-based softwares, because they don't depend on what the bad guys do. They have a total different approach.
    I'm just not sure they are the RIGHT solution and they have most probably their own specific disadvantages.
    I prefer to wait for other not-definition-based solutions.
    This opinion will cost you 2 eurocents. :D
     
  4. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    I'm not experiencing any speed decrease with Sandboxie.

    This program is based more for Browsers than the entire computer system.
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    yes it is a little confusing Kye-U - perhaps it only worked with IE when first released? - so far it's working fine - i'm using it with firefox.
     
    Last edited: Sep 26, 2005
  6. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for your 2 euro cents Erik :D

    i will check out shadowuser and antimalware too - cheers
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If that was true, why did Firefox not work in Sandboxie on my computer and after reading the Sandboxie Forum, I wasn't the only one.
    You have to find a workaround was their solution. I call that bungling. :)
     
  8. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Well Sandboxie and Firefox have worked fine on my system for quite awhile.
     
  9. -----

    ----- Guest

    Mine too. Maybe the user is the one that is bungling?
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That was my point, some users don't have a problem and others have a problem.
    MSIE + Sandboxie, worked fine on my computer, Firefox + Sandboxie didn't.

    It wouldn't be the first time that some softwares conflict with other softwares, sometimes it even causes a BSOD and we all have a different combination of softwares.
    I'm not going to change my configuration, like some users did in the Sandboxie Forum to make it work (Firefox + Sandboxie), just because of ONE software and I'm not going to spend hours to figure it out.

    The software itself isn't important for me, it's the philosophy behind the software that interests me.
    I like the philosophy behind Sandboxie, simply because it isn't based on definitions/heuristics.
    I have just bad luck, that Sandboxie doesn't fit in my actual configuration.
    Sandboxie won't be the last software with that philosophy and I'm sure that other softwares will be developped with another kind of philosophy, but not based on definitions/heuristics.
    Everybody seems to believe in definition/heuristic-based unconditionally, I don't.
    Each time I see a new AV/AS/AT/AK/... scanner, I sigh, because re-inventing the wheel over and over again,
    isn't exactly what I'm waiting for and they are developped for only one reason : MONEY.

    I don't expect that members read or agree with my posts, I'm here to see what happens in the security world.
    New scanners don't interest me.
    The trend of creating security suites, one after another, doesn't change anything, because they are all based on Firewalls and definition/heuristic-based scanners. They only meet the wish of less-knowledgeable users, who are tired of having so many security softwares on their computer. It amuses me, how these security suites are build, nothing but a compilation of softwares from different sources, that's why I call them Frankenstein security suites.
    ProActive softwares are only developped for knowledgeable users, who know exactly what they are doing.

    And of course I use these softwares, because there is nothing else and I have to protect my computer too, but that doesn't mean I have to be happy with them. :)
     
  11. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I certainly wouldn't be without ShadowUser. It's perhaps my favourite program. Surf the web, and upon reboot, all changes are gone ! <unless you make changes to Excluded Folders, or manually commit changes>

    I finally got AntiMalware working, and seeing how it goes <only my first day with it>. I really like the concept behind the program. It seems a 'similar' concept to Sandboxie, except each program is treated individually by AM, and it's more automated than sandboxie.

    Online Armor has quickly become a favourite of mine. And the upcoming version 1.2 promises to have many improvements to it. But I'd say my favourite part of it will always be the ability to completely uninstall anything that's installed while OA's been running (seeing as it tracks all changes made by installation programs and running programs).
     
  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Vikorr, what you stated about Online Armor is the reason that I purchased it. I wonder if anyone has tried it out, to see if will remove something. Also I have a question. Wouldn't you be able to surf with Sandboxie ,as with Shadow User?
     
  13. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Actually, when I was playing around with AM, trying to get it working, I tried to take a short cut (not rebooting after uninstalling AM, then installing AM again)...and AM played up, and the AM icon in Add/Remove Programs was missing...so I uninstalled AM through OA and everything was fine again - so yes, OA's uninstall feature works fine.

    As for Sandboxie VS ShadowUser, for me there are a number of benefits to SU :
    1. I have it running all the time (unless I'm installing, or changing settings that require registry changes) - so I don't have to remember to start it up before going online
    2. It covers email as well (anything that's running at the time really)
    3. SU doesn't have any compatibility issues that I've ever heard of
    4. SU doesn't have any technical vulnerabilities that I know of

    However, some may find Sandboxie more convenient because it doesn't effect their whole system (ie with sandboxie, you don't have to reboot to make changes).

    Also, in the end, I think AntiMalwares sandbox program is a superior concept to sandboxie (but one that I would think is much harder to code correctly than sandboxie). Still sandboxie is free, and offers quite decent protection, so I don't mind the program at all.

    heh, I'm thinking that the combination of SU/AM/OA would mean I don't need a realtime AV/AT/AS, whatever I was doing (installing, email, p2p, browsing etc)...just run the very occasional on demand scan. <AM claims by itself you don't need an AV, because untrusted programs can't effect trusted programs - but AM doesn't remove malware; SU basically eliminates spyware/trojan/worm infection while on the internet (but only after reboot); and OA tracks any manual installations and can uninstall (as well as it's other benefits/protections)
     
    Last edited: Sep 26, 2005
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not sure that my AntiMalware is working.

    When I right click the AM-icon and I click on "Enable Protection", I get the window "AntiMalware Control Panel"
    with "Protection disabled".
    If I press the blue "Enable" nothing changes.
    Is that normal ?

    ---------------

    I can enter the "Virtual Safe Environment" (VSE), I can run programs inside VSE.
    Is that enough or do I have to do something more than that ??

    I ran Notepad in VSE and created a txt-file and saved it.
    After leaving VSE, I expected that the txt-file would NOT exist, but the txt-file was there.
    Is that normal ?

    Maybe I should read and translate the manual first, but that will take alot more time. :D
     
  15. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Erik

    No this is not normal. I take it that when your computer starts and the AM icon appears in the system tray, it is a red box with a big white X through it? That means it's not functioning. And when you click on Enable Protection, you should get a GUI with 3 tabs, including Summary, Trusted Programs, and Configuration.

    One thing though, if you are using Prevx, or even just have it installed, AM has a terrible clash with it's drivers (Prevx Pro, and Prevx1 that I know of). I was not using Prevx at the time I installed AM, but only after I uninstalled Prevx1 did AM work properly.

    Other than that, if you send an email to their support staff, they are most helpful. Although because they are in Israel the replies aren't always instantaneous (but rarely more than a day, and sometimes they'll reply a few times during the day if you are sending them multiple emails).

    About the VSE, I've never tried it. Probably won't bother due to ShadowUser. It may be that VSE is simply a temporary buffer zone for the whole computer - ie.anything that is created in there (either by truste or untrusted programs) can't effect trusted programs once you come out of it...but that's only a guess. I'd ask them over at their forums maybe, or send them an email.
     
    Last edited: Sep 26, 2005
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Many thanks for the info. Now I know for sure that AM isn't working properly on my computer and I have indeed a white X. I don't have PrevX though.
    But don't you worry about it anymore, I will take care about this myself. :)
     
  17. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    On the subject of Sandboxie.Been using it for several weeks and it works as stated.

    Both IE,FF and Outlook run fine through sandboxie.Have tried the various trojan and virii tests found at Wilders and they are all contained by sandboxie.

    I am quite impressed with SB so far but I still run ZAP,Winpatrol and my realtime AV with no conflicts.

    Shame you can't get it working properly Erik as I agree,Sandboxie type software
    -this is the future to combatting internet malaware.
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Well, I suppose, you're wrong, Franklin. When I was designed my DefenseWall HIPS I was thinking about some king of the temporary storage volume for the files, created by the untrusted applications. And I refused this way of the protection. For example, you just downloaded some very importan and interesting data and forgot to remove it from the virtual disk. This data will be lost! And what about the new created by the e-mail client files and folers? All the new mail will be lost. Also, this "protection" won't prevent you from being keylogged and rootkited.
     
  19. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hmmm...with sandboxie, if IE, or Outlook is inside Sandboxie, isn't EVERYTHING (from IE/Outlook) written inside the sandbox ? I thought it was written into a virtual environment ? So if a rootkit tried to install...it would be inside the sandox, and when you closed it...goodbye rootkit ? <of course, I only read its description briefly, but that's what it seemed to be saying to me>
     
  20. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    That`s the way I understood it too.
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    As you try to delete files within Sandbox and you have downloads you are warned as such.

    OE works just fine here and I usually don't run OE through SB.Just saying that it runs fine if Sandboxed.

    May I ask,have you tried Sandboxie yourself.

    See this link - Sandboxie forum
     
    Last edited: Sep 28, 2005
  22. Scoobs

    Scoobs Registered Member

    Joined:
    Sep 21, 2005
    Posts:
    110
    Vikorr, what you have to say about your new approach to malware is quite interesting.

    Sandboxie looks good and is free. Your three programs (AM, SU, and OA) seemed like overkill until you explained what they each did. Can you tell me how much Antimalware costs. I can't find it on Trustware's site.

    Still, $110 for the other two means this is an expensive option. Did you get them to play nicely, or do they conflict? (They all seem to want to create a virtual space in which to quarantine anything from the web - how does this work when there are three such virtual spaces?)
     
  23. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I'm not exactly sure how much antimalware costs...I've just put a post over at their forums, so I should have some info for you in the next day or two.

    They do have a trial version available for download (which I presume you have to pay for whenever it expires - but as you say, I can't find a price on their website either)...but AM also have a beta version, which is what I downloaded from their forum <I'm not sure if this is available to everyone - I originally signed up as a beta tester a while back, but never got AM working back then>

    ...heh, in case you haven't figured...this is only the 2nd day I've had AM on my computer, and I haven't yet got around to asking Trustware a number of questions about it (prefer to save them up, rather than pester them)

    As for how SU/AM work together. In SU, I excluded AM's 'Virtual' folder, and also the folder to which AM was installed. So AM goes about happily doing it's thing without interference from SU. OA doesn't create any virtual images.

    And yes, it's a fairly expensive option <thankfully I didn't pay for OA either as I beta tested it>

    Btw, any of the programs I'm using are quite good by themselves...AM claims you don't need an AV with it, Mike Nash at OA is aiming to have OA eliminate the need for an AV (there's lots of improvements coming up for it), and SU by itself is also very safe....but the reason I'm using them together...I'm basically looking for a way to eliminate the need of realtime AV's, and those 3 together seem to cover all the bases I want :)
     
    Last edited: Sep 28, 2005
  24. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You see, there is one thing- if you able to get ring0 access you can do everything. The fact is that untill SB is seldom- it is the protection. But not for the long time.
     
  25. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
Loading...
Thread Status:
Not open for further replies.