Sandboxie

i'm trying Sandboxie on my system to see how it runs.

it installed ok and runs with no noticable slowdowns

there is a little icon in the system tray - right click on it to launch your browser.

sandboxie works by creating a [virtual drive] folder - everything downloaded to disk goes in there. no changes are allowed to your real disk.

The advantage is that no virus, trojan or spyware downloading via the browser can install itself on your machine - so you can surf the net completely protected.

of course you can't download any files you want either or update bookmark files etc as they are lost at the end of a session. (but you can explore the sandboxie virtual drive and move files out - but of course they might contain malwear)

at the end of a session just delete the contents of the sandbox and terminate all sandboxed processes.

if anyone else is using sandboxie please feel free to add your experiences and thoughts to this thread.

 

Looks good!

Seems like it works with any browser. I was first under the impression that it only worked with IE because of Sandboxie.

 

Toploader,
I would use Sandboxie too, but Sandboxie doesn't work always. It depends on the configuration of your system.
IMO Sandboxie is developped in a specific environment and has never been tested in other environments.
If you have bad luck, it won't work with Firefox, unless you find a workaround to make it work.
A software that works like that isn't professional enough for me.
If I had to choose between Sandboxie and ShadowUser, I would vote for ShadowUser.
So I ditched Sandboxie because of that.

Another possibility is AntiMalware, which also works in a Virtual Safe Environment, but I still have to learn how this software works.

IMO softwares like Sandboxie, AntiMalware, ShadowUser, ... are much better than definition-based softwares, because they don't depend on what the bad guys do. They have a total different approach.
I'm just not sure they are the RIGHT solution and they have most probably their own specific disadvantages.
I prefer to wait for other not-definition-based solutions.
This opinion will cost you 2 eurocents.

 

I'm not experiencing any speed decrease with Sandboxie.

This program is based more for Browsers than the entire computer system.

 

yes it is a little confusing Kye-U - perhaps it only worked with IE when first released? - so far it's working fine - i'm using it with firefox.

 

thanks for your 2 euro cents Erik

i will check out shadowuser and antimalware too - cheers

 

If that was true, why did Firefox not work in Sandboxie on my computer and after reading the Sandboxie Forum, I wasn't the only one.
You have to find a workaround was their solution. I call that bungling.

 

Well Sandboxie and Firefox have worked fine on my system for quite awhile.

 

Mine too. Maybe the user is the one that is bungling?

 

That was my point, some users don't have a problem and others have a problem.
MSIE + Sandboxie, worked fine on my computer, Firefox + Sandboxie didn't.

It wouldn't be the first time that some softwares conflict with other softwares, sometimes it even causes a BSOD and we all have a different combination of softwares.
I'm not going to change my configuration, like some users did in the Sandboxie Forum to make it work (Firefox + Sandboxie), just because of ONE software and I'm not going to spend hours to figure it out.

The software itself isn't important for me, it's the philosophy behind the software that interests me.
I like the philosophy behind Sandboxie, simply because it isn't based on definitions/heuristics.
I have just bad luck, that Sandboxie doesn't fit in my actual configuration.
Sandboxie won't be the last software with that philosophy and I'm sure that other softwares will be developped with another kind of philosophy, but not based on definitions/heuristics.
Everybody seems to believe in definition/heuristic-based unconditionally, I don't.
Each time I see a new AV/AS/AT/AK/... scanner, I sigh, because re-inventing the wheel over and over again,
isn't exactly what I'm waiting for and they are developped for only one reason : MONEY.

I don't expect that members read or agree with my posts, I'm here to see what happens in the security world.
New scanners don't interest me.
The trend of creating security suites, one after another, doesn't change anything, because they are all based on Firewalls and definition/heuristic-based scanners. They only meet the wish of less-knowledgeable users, who are tired of having so many security softwares on their computer. It amuses me, how these security suites are build, nothing but a compilation of softwares from different sources, that's why I call them Frankenstein security suites.
ProActive softwares are only developped for knowledgeable users, who know exactly what they are doing.

And of course I use these softwares, because there is nothing else and I have to protect my computer too, but that doesn't mean I have to be happy with them.

 

I certainly wouldn't be without ShadowUser. It's perhaps my favourite program. Surf the web, and upon reboot, all changes are gone ! <unless you make changes to Excluded Folders, or manually commit changes>

I finally got AntiMalware working, and seeing how it goes <only my first day with it>. I really like the concept behind the program. It seems a 'similar' concept to Sandboxie, except each program is treated individually by AM, and it's more automated than sandboxie.

Online Armor has quickly become a favourite of mine. And the upcoming version 1.2 promises to have many improvements to it. But I'd say my favourite part of it will always be the ability to completely uninstall anything that's installed while OA's been running (seeing as it tracks all changes made by installation programs and running programs).

 

Vikorr, what you stated about Online Armor is the reason that I purchased it. I wonder if anyone has tried it out, to see if will remove something. Also I have a question. Wouldn't you be able to surf with Sandboxie ,as with Shadow User?

 

Actually, when I was playing around with AM, trying to get it working, I tried to take a short cut (not rebooting after uninstalling AM, then installing AM again)...and AM played up, and the AM icon in Add/Remove Programs was missing...so I uninstalled AM through OA and everything was fine again - so yes, OA's uninstall feature works fine.

As for Sandboxie VS ShadowUser, for me there are a number of benefits to SU :
1. I have it running all the time (unless I'm installing, or changing settings that require registry changes) - so I don't have to remember to start it up before going online
2. It covers email as well (anything that's running at the time really)
3. SU doesn't have any compatibility issues that I've ever heard of
4. SU doesn't have any technical vulnerabilities that I know of

However, some may find Sandboxie more convenient because it doesn't effect their whole system (ie with sandboxie, you don't have to reboot to make changes).

Also, in the end, I think AntiMalwares sandbox program is a superior concept to sandboxie (but one that I would think is much harder to code correctly than sandboxie). Still sandboxie is free, and offers quite decent protection, so I don't mind the program at all.

heh, I'm thinking that the combination of SU/AM/OA would mean I don't need a realtime AV/AT/AS, whatever I was doing (installing, email, p2p, browsing etc)...just run the very occasional on demand scan. <AM claims by itself you don't need an AV, because untrusted programs can't effect trusted programs - but AM doesn't remove malware; SU basically eliminates spyware/trojan/worm infection while on the internet (but only after reboot); and OA tracks any manual installations and can uninstall (as well as it's other benefits/protections)

 

I'm not sure that my AntiMalware is working.

When I right click the AM-icon and I click on "Enable Protection", I get the window "AntiMalware Control Panel"
with "Protection disabled".
If I press the blue "Enable" nothing changes.
Is that normal ?

---------------

I can enter the "Virtual Safe Environment" (VSE), I can run programs inside VSE.
Is that enough or do I have to do something more than that ??

I ran Notepad in VSE and created a txt-file and saved it.
After leaving VSE, I expected that the txt-file would NOT exist, but the txt-file was there.
Is that normal ?

Maybe I should read and translate the manual first, but that will take alot more time.

 

Hi Erik

No this is not normal. I take it that when your computer starts and the AM icon appears in the system tray, it is a red box with a big white X through it? That means it's not functioning. And when you click on Enable Protection, you should get a GUI with 3 tabs, including Summary, Trusted Programs, and Configuration.

One thing though, if you are using Prevx, or even just have it installed, AM has a terrible clash with it's drivers (Prevx Pro, and Prevx1 that I know of). I was not using Prevx at the time I installed AM, but only after I uninstalled Prevx1 did AM work properly.

Other than that, if you send an email to their support staff, they are most helpful. Although because they are in Israel the replies aren't always instantaneous (but rarely more than a day, and sometimes they'll reply a few times during the day if you are sending them multiple emails).

About the VSE, I've never tried it. Probably won't bother due to ShadowUser. It may be that VSE is simply a temporary buffer zone for the whole computer - ie.anything that is created in there (either by truste or untrusted programs) can't effect trusted programs once you come out of it...but that's only a guess. I'd ask them over at their forums maybe, or send them an email.

 

Many thanks for the info. Now I know for sure that AM isn't working properly on my computer and I have indeed a white X. I don't have PrevX though.
But don't you worry about it anymore, I will take care about this myself.

 

On the subject of Sandboxie.Been using it for several weeks and it works as stated.

Both IE,FF and Outlook run fine through sandboxie.Have tried the various trojan and virii tests found at Wilders and they are all contained by sandboxie.

I am quite impressed with SB so far but I still run ZAP,Winpatrol and my realtime AV with no conflicts.

Shame you can't get it working properly Erik as I agree,Sandboxie type software
-this is the future to combatting internet malaware.

 

Well, I suppose, you're wrong, Franklin. When I was designed my DefenseWall HIPS I was thinking about some king of the temporary storage volume for the files, created by the untrusted applications. And I refused this way of the protection. For example, you just downloaded some very importan and interesting data and forgot to remove it from the virtual disk. This data will be lost! And what about the new created by the e-mail client files and folers? All the new mail will be lost. Also, this "protection" won't prevent you from being keylogged and rootkited.

 

Hmmm...with sandboxie, if IE, or Outlook is inside Sandboxie, isn't EVERYTHING (from IE/Outlook) written inside the sandbox ? I thought it was written into a virtual environment ? So if a rootkit tried to install...it would be inside the sandox, and when you closed it...goodbye rootkit ? <of course, I only read its description briefly, but that's what it seemed to be saying to me>

 

That`s the way I understood it too.

 

As you try to delete files within Sandbox and you have downloads you are warned as such.

OE works just fine here and I usually don't run OE through SB.Just saying that it runs fine if Sandboxed.

May I ask,have you tried Sandboxie yourself.

See this link - Sandboxie forum

 

Vikorr, what you have to say about your new approach to malware is quite interesting.

Sandboxie looks good and is free. Your three programs (AM, SU, and OA) seemed like overkill until you explained what they each did. Can you tell me how much Antimalware costs. I can't find it on Trustware's site.

Still, $110 for the other two means this is an expensive option. Did you get them to play nicely, or do they conflict? (They all seem to want to create a virtual space in which to quarantine anything from the web - how does this work when there are three such virtual spaces?)

 

I'm not exactly sure how much antimalware costs...I've just put a post over at their forums, so I should have some info for you in the next day or two.

They do have a trial version available for download (which I presume you have to pay for whenever it expires - but as you say, I can't find a price on their website either)...but AM also have a beta version, which is what I downloaded from their forum <I'm not sure if this is available to everyone - I originally signed up as a beta tester a while back, but never got AM working back then>

...heh, in case you haven't figured...this is only the 2nd day I've had AM on my computer, and I haven't yet got around to asking Trustware a number of questions about it (prefer to save them up, rather than pester them)

As for how SU/AM work together. In SU, I excluded AM's 'Virtual' folder, and also the folder to which AM was installed. So AM goes about happily doing it's thing without interference from SU. OA doesn't create any virtual images.

And yes, it's a fairly expensive option <thankfully I didn't pay for OA either as I beta tested it>

Btw, any of the programs I'm using are quite good by themselves...AM claims you don't need an AV with it, Mike Nash at OA is aiming to have OA eliminate the need for an AV (there's lots of improvements coming up for it), and SU by itself is also very safe....but the reason I'm using them together...I'm basically looking for a way to eliminate the need of realtime AV's, and those 3 together seem to cover all the bases I want

 

You see, there is one thing- if you able to get ring0 access you can do everything. The fact is that untill SB is seldom- it is the protection. But not for the long time.

 

Then join the beta-testing process here https://www.wilderssecurity.com/showthread.php?t=98240