Sandboxie

Discussion in 'sandboxing & virtualization' started by toploader, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Franklin,
    Thanks for your sympathy, but don't worry about it.
    It's very funny, that the softwares (AntiMalware, Sandboxie), I really like, don't work on my computer, while the ones, I don't like, are working fine. :D

    I did alot of installing/un-installing during the last 3 months and I think that the leftovers of all these softwares are causing my problems with AM and SB.
    Vikorr already mentioned that PrevX was one of his problems and I had PrevX installed on my computer, maybe it wasn't removed completely or it could be another leftover of some other software, who knows.

    I'm not in hurry and I'm not disappointed at all, that AM/SB doesn't work on my PC at this very moment.
    This is temporary and I'm confident, I will fix it one day. I don't panic over softwares :D
    Meanwhile I like to read the experiences of other members with AM/SB and certainly ShadowUser (SU), because SU has the biggest sandbox LOL, maybe AM too, but AM is TOO NEW.
    Sandboxie has the smallest sandbox and is usefull for certain programs, like MSIE, Firefox, ...

    Definition/heuristic-based softwares do NOT have a future and I'm not going to repeat myself, I've explained this already in other posts.
    Frankenstein Security Suites aren't any better than definition/heuristic-based softwares.
    (H)IPS softwares are only developped for knowledgeable users and certainly not for the less-knowledgeable users, my favorite type of users.
    So these softwares don't interest me, no matter how good they are.
    Who ever developped a software like ProcessGuard, didn't understand anything about less-knowledgeable users, working in the real world.
    ProcessGuard is a pure theoretical software, which isn't practical and requires too much knowledge.

    So what is left ? AM, SB, SU and similar softwares, because they are userfriendly and not based on definitions/heuristics or (H)IPS.
    Are these softwares THE future ? I'm not sure about that, but they are certainly smarter than the rest.
    AM, SB and SU are based on the same philosophy, but I'm very sure that security people will ever develop softwares with another kind of philosophy and that's why I prefer to wait ... I'm not in a hurry.
    I have some ideas on my own, but the trouble is that my knowledge about malwares is so poor, that I would make myself ridiculous and I know how people can be, especially in forums where nobody knows anybody.

    Even at work I have troubles with my ideas, because they don't fit always in the traditional methods.
    Many years ago I had a hard time at work and everybody laughed at me, because I claimed I found a way to eliminate the functions "Add - Edit - Delete", which are always used for updating any database in any software, even security softwares.
    It was in a pub and our computer department likes to brainstorm, even when they are drunk, but I was nevertheless serious.
    So I designed at home a new interface to update any database without having "Add - Edit - Delete" on the menu.
    I could prove it only one time that it was possible, because my boss was also curious, but after that never again.
    It was too new and people are afraid of new ideas, especially when they deviate from the traditional methods.
    Since then, I like to be more carefully with telling people about my ideas.
    It doesn't really matter, it's more a hobby for me to prove that things can be done in another way, if you think long enough about it. :)
     
  2. Pollmaster

    Pollmaster Guest

    Does that mean you have now dropped prev1 and Processguard for OA,SU and AM? What do you think you will be recommending next month?

    As for doing without real time AVs, I predict that the key to doing that is not really dependent on software, but rather your level of paranoia.
     
  3. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Ilya, I'm already trialing one type of sandbox product at the moment. I don't think two would be a good idea. I did notice that your concept seemed closer to AntiMalwares concept than the Sandboxie concept.

    -------------------------------------------------------------------------

    Ah, don't be so cynical Pollmaster, I spend more than time than should be needed, explaining to you things that shouldn't need to be explained. It seems you choose to see the cynical side of things - often without any background knowledge of what I'm doing or the reasoning behind it <and some that you just choose to ignore>...these things aren't particularly important unless someone wishes to make a hobby of attempting to pick faults with people.

    Now you already know that I dropped Prevx1, because it's popups were annoying, and in it's current state it didn't actually provide much protection <though the protection level should change as they get closer to release>.

    As for PG...

    If you read back over the previous posts, I had actually wanted to try AM about 'a while back' <actually about 6 months ago>...unfortunately it never worked for me back then (which now seems likely because of Prevx)

    But <just recently> when I was trying to get AM working, I uninstalled PG to see if that was causing the problem. And then, seeing as DiamondCS are bringing out and updated PG sometime soon <and AM should achieve much the same thing, maybe more>, I wasn't bothered reinstalling it yet...then I found out that when OA updates to 1.2 it will have lots of new goodies that will likely make PG obsolete for me...so there's another reason for me not to reinstall it yet.

    I'm not at all certain of the effectiveness of AM <which should be clear enough in my posts>, though I know what they claim, and I like the concept. So I'm not sure how you can think a discussion on what I have on my system is a recommendation of anything.

    You really need to think about what you are saying before you attempt to go phishing with people....almost EVERYONE uses an AV. This sentence is saying everyone is paranoid (seeing as they choose to use realtime AV)

    That said, I'll happilly admitt that I have some level of paranoia - with good reason...and the good reason is not 'because of past infections' :)
     
    Last edited: Sep 28, 2005
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Vikorr,
    Good reply. No further comments, because I wasn't criticized.
    If you have some good or bad experiences with SU, AM or SB combined with any other software, I'm all ears and I'm not the only one, when I re-read this thread. :)
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i agree Erik - exchanging good and bad experiences without critism is what these forums should be all about. no one is perfect we are all scrabbling around blindly in the dark (though one or two have torches) :)
     
  6. Pollmaster

    Pollmaster Guest

    Obviously, I don't know what you are doing or why, that's why I'm asking.
    But thank you for answering.


    Like it or not, when someone says he runs x,y,z then follows up with a lengthy defense of why he is doing so - it is an implict (at least) recommendation.

    My point is simple. You (and I and lots of people here ) seem to have an extremely high turnover with regards to security software. How certain are you(we) that you(we) are strengthening your(our) security as opposed to weakening it?

    Right now when we go to any dangerous test site, at least 5-6 different whistles sound up, is there really that much room to be 'safer'?

    Certainly, the evidence doesn't support that. All we have is conceptual models that might or might not hold up in the real world, because we don't understand the details.

    It seems to me that what you are doing is ,

    1. You see some new software that looks cool
    2. You try to install it
    3. If it conflicts with some older software already installed, uninstall the older one.
    4. If it doesn't you keep it.
    5. Go to step 1.

    Okay so I'm cynical, but does this really ensure that your security is improving?


    You miss the point. I'm not talking just about AVs. The same thing can be said of ATs, AS, whatnot. It's all in risk assessement. And No, not EVERYBODY uses real time av. Lots of 'experts' don't.

    Care to share the reasons, which make you at your level of paranoia? Do you work for the CIA?

    Anyway I'm sure Vikorr will take this the wrong way, he always does.

    I'm just tossing out a point to consider here, is all this shuffling and testing of new security software and replacing them with a new lineup every 3 months or so, really helping to increase security?

    I know it's fun :)
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Yes, that is right. Simular to AM, but not the same. And, you know, there is bosh/VMWare/Virtual PC to test as many sanboxes as possible :) Use the force!
     
  8. Pollmaster

    Pollmaster Guest

    I disagree. 'Critism' is exactly what we need. Too often disinformation and misinformation, half remembered and half understood 'facts' is accepted as gospel around here, because somebody looks like he knows what he is doing.

    There is a line though, that I freely admit I cross occasionally due to bad judgement and poor command of the English language so it looks like I'm doing a personal attack.....
     
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Informed technical critique is an important part of the on-going dialog here. Unfortunately, for the bulk of us and I lump myself in with this crew, our informed critique does consist mainly of personal and anecdotal experiences involving selected challenges and responses observed. Ultimately, we all place a fair level of trust in the vendors we choose, third party evaluations that we come across, and the experiences of others.

    Objectively, if faced with a new application, what do I know? Well, after installation I will know:
    • The feature list claimed by the vendor
    • Whether my surfing experience is impacted for better or for worse.
    • Whether there are significant conflicts between it and other continually running processes.
    • That it appears to respond in an observable manner to chance or purposeful challenges
    Although some of these items may seem like hard data, they are all fairly soft results. At the end of the day, I personally take a stance that, based on all I hear at this site, others, and my own understanding, that there are specific items that I should pay close attention to. It is how I deal with these items that is the issue. I do try to discern hard facts from anecdotal observation, which means ultimately I deal with few hard facts, but lots of anecdotal claims. I really don't even treat the vendors feature list as a hard fact. I'd prefer to be standing on firmer ground, but I fear that's not possible for the bulk of us.

    Blue
     
  10. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi pollmaster - i've no problem with criticizing products or debating ideas and issues - it's personal criticism i was referring to - it's easy for one poster to make another look stupid or small by picking up on their lack of knowledge or insecurities. i've seen message boards where people spend all their time slagging each other off, making snide remarks, smug remarks, cheap shots and trying to score points instead of concentrating on reasoned argument and debate :)
     
    Last edited: Sep 29, 2005
  11. Pollmaster

    Pollmaster Guest

    Interesting point of view. ;)

    if we are helpless (mostly) to handle the hard facts, what exactly drives our usage and purchasing behavior? If all we can do is to rely on anecodotal evidence , it seems futile to ever hope that we can make the right choice based on such incomplete and unscientific information. Even if we suceed it would be a matter of chance.

    In fact, a cynic would say that if we are incapable of handling and appreciating hard facts, all that means is that whatever is in 'fashion' around here is a matter of marketing rather than reality.

    That would be very sad.
     
  12. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hello Pollmaster. Thank you for the reply. It clarifies some things.

    Fair enough. Unfortunately, often people will be talking software, and then you will talk people ie, you ignore the discussion about the software, and comment about the person, often with nothing constructive following the comment.

    Personally, I think you would be a great help/benefit to the Wilders forum if you offered something constructive with all your posts…I think that’s a fair thing to ask, don’t you?

    Actually, no, you never asked ‘why’…and if your subsequent post was a clarifying post (?) then your original post never asked any of the questions you ask in your subsequent post either, nor raised any of the ‘issues’.

    As for me taking things the wrong way…interesting thought…I notice two other people who thought you were criticising me. Seeing as you haven’t actually said so in your post…would you care to clarify whether or not you were criticising me, or phishing/baiting?

    As for
    If nothing constructive is offered after the ‘criticism’ then a lot is lost without almost nothing achieved.
     
    Last edited: Sep 29, 2005
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Well fellas,I did ask a question.Have you tried Sandboxie and what do you think of it's abilities to contain malaware.
     
  14. Pollmaster

    Pollmaster Guest

    I'm sorry to hear you think my posts are not constructive (as opposed to yours?). I'm sure I will not comment on whatever you say in the future whether they are right or wrong. I hope this will make you happy.

    And as for ignoring the discussion. Which one is it? Some people say I nitpick when i point out errors of facts as I have done many times with your posts.
    Other people say there is no facts to nitpick.

    In this case, no , I'm not talking specifics, there is very little specifics for me to comment on since you haven't mentioned any.

    I think I have asked several fair questions, you can choose to answer them or not, whichever you think is more constructive to do, I await your response.

    Actually you are right. I didn't ask "why", "why" was the question *you* felt I should have asked. I was trying to be polite to the answer you gave that you thought I should have asked.

    In fact, I didn't really need to know why you dropped PG or Prevx. My question was meant to be more general than that.

    Wow, 2 good choices you gave me. I was doing neither, but if you wanted to force me to choose, I would say the first.

    Here's the question or critism if you prefer again.

    Do you truly feel safer, with all this switching and changing of security software?
     
  15. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Thank you. That is a much better post :)

    You are quite welcome to comment on whether or not you believe something I have said is right or wrong. If you point out that something I say is wrong, then I would hope that you will share your knowledge of what is correct.

    (You do know that correcting people isn't what any of these posts were about?)

    Do I feel safer with SU? Yes. Do I feel safer with OA? Yes. Do I feel safer with AM? (and not having PG)....I can't actually answer that question. I don't know if I'm safer with AM or not. If it works as Trustware says it does, then I would say yes <though I have a few questions about it too>...but still, there is a possibility that I am not.

    I don't feel any less safe for having dropped Prevx1 - it was in report mode for most of it's 'protections' (the Prevx forum moderators informed me of that, but only after I asked...they let other people assume that it offered the same protection as Prevx Pro, only more intelligent).

    For PG, the two things I really liked about it was the ability to block hooks and driver installation (I like the ability to prevent termination/modification to files, but it doesn't cover a great many files). I have yet to ask Trustware about untrusted programs that require drivers, I believe it blocks hooks <but another thing to ask Trustware>, and prevents modification of any trusted programs by untrusted programs.
     
    Last edited: Sep 29, 2005
  16. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    715
    Location:
    Blasters worm farm
    Franklin, Sanboxie works well on my system and does as it claims.

    There's some reports that it doesn't work with Firefox, myself & other have no problems with that combination, I've had some problems with Opera. It works great with IE.

    As for "abilities to contain malaware" ? I feel its 100% effective, like any other piece of software nothing is guaranteed.

    Its well worth your time to test it out. If you don't like it I've found its best to uninstall it in SafeMode. :)
     
  17. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    At the present time I am following Sandboxie and AntiMalware. I am not sure which I like or need. In some respects I like the idea of Sandboxie. It seems simple and if there is something that I am worried about opening ,I can open it in Sandboxie. I assume that also goes for E Mail. I allready have Process Guard. AntiMalware seems kind of like PG in as much as it knows the trusted stuff and won't let the bad stuff run. I have considered ShadowUser. I may be wrong but it seems you may have to do a lot of rebooting with it. My wife does a lot more with the computer than I do,such as ,digital photos,playing spades and E Mailing. With AntiMalware or Shadowuser ,can you just use the computer with those shut off?
     
  18. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi William

    Peter says you don't need SU with FD ISR? but seeing as you're interested :) ...

    With SU, you make an Excluded Folder entry for the folder in which your email is stored. That way your new email's are safe from vanishing upon reboot. The same goes for the Folder in which your wife stores her photo's...basically, you exclude your 'work' folders <anywhere where you save documents etc to>. I also exclude Folders where I have security programs that require updating.

    The only difference playing windows games like spades etc with SU running, is your high score won't be saved after reboot. The game itself isn't effected in any way. But if you really do want to save high scores...Windows games like spades, freecell etc are stored in the C:\windows folder. I would highly recommend you NOT excluding this folder :) ...a work-around, would be for you to create a folder c:\games and Control-drag <hold down control whilst dragging> the game executables into that folder. Then make shortcuts for them to your desktop. Then exclude c:\games in SU.

    Just remember though, even with Excluded Folders...you can still do a lot of rebooting...depending on your computer habits/likes/dislikes. Ie. if you like changing windoes settings a lot, then SU would require a lot of rebooting, and would probably get irritating after a while...but if you can set your computer up the way you like it, and don't do much installing...then SU is great.

    With AntiMalware...it does not stop malware(untrusted programs) from installing or running...is disables their ability to modify trusted programs (anything on the computer when AM was installed). It prohibits other interactions between untrusted and trusted...but I'm not certain what yet. You are of course, able to make an untrusted program, trusted. So far, the only problem I have found with it is that Yahoo IM didn't like being made untrusted...but it's happy if any files created by it are made untrusted (which amounts to the same thing). My windows games etc aren't effected. They are all trusted. AM won't apply it's bufferzone rules to anything that was on your computer when it was installed.
     
  19. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    An interesting interpretation of what I wrote I must say
    Did I say we were helpless to handle hard facts? I think not. I did note that we often do not deal in hard facts. Much of what we discuss doesn't really constitute fact. Product A running faster than Product B on my machine, under a given set of conditions would be an example of a fact. Product A is faster than Product B (no qualifiers attached) isn't a fact. The general case has not been demonstrated. It's an extrapolation of the casual observation which may or may not be true. If I have a sufficiently unique configuration the opposite could be more generally observed. That fact is, it is important to appreciate the difference between isolated observations and extrapolated generalities, unfortunately many miss that nuance.

    Now, the preceeding doesn't mean that the anecdotal information regarding performance on my machine or your machine is worthless, but I do have to appreciate the dangers if I try to extrapolate to a more general situation. As more people weigh in, a clearer picture may develop or it could simply become even muddier. The same holds for performance testing. Many will claim product C is better than products D through F if it scores higher on a given challenge. In my mind that is soft information since the details of test protocols are typically only partially known to us and are certainly not generally applicable since they apply to a very contrived situation. Operationally, we do make some determination of the intrinsic value of the information based on past experience, consistency with our own observations, and the trust we place in whoever developed and executed the test.

    There's nothing wrong with anecdotal information, I just see too many extrapolations beyond the scope of the original observation. Sometimes the overreach is plain, at other times it's not. However, one thing is clear - there is always a danger than the extrapolation is quite wrong.

    You certainly have missed the point here. If there were hard facts available, I think everyone could certainly deal with them. My point is that, in more instances that you are seemingly willing to admit, the hard facts are not available to us. Further, since the usage and performance of many of the products discussed here is situational, hard facts in the context of general truths really don't exist. You seem ready to label me a cynic, I tend to feel that it's important to understand where solid understanding ends and opinion/impression/gut feeling/preference begins. Obviously, YMMV.

    Blue
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    Thank you Vikorr. I have FDISR and I like the program, but I look at it as recovery system. I don't look at these others as a recovery program. My wife plays Yahoo spades. And sure doesn't want to loose her scores.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Simplicity is the big point of ShadowUser.
    You can surf on the internet as long you want, without being carefully.
    You can download and try any software and ditch it when you don't like it without any malware infection.
    You can satisfy your curiosity on the internet without hurting your system.
    A simple reboot removes every malware on your computer in 5 minutes.
    That's what every internet user wants : simplicity, no annoying questions, freedom and speed.

    Or do you like to run 10-15 incomplete scanners each day, which takes alot more than 5 minutes and the total scan time increases every day, while the reboot time remains the same.
    After running all these scanners, you still don't know for sure if everything was removed : undiscovered malwares, incomplete definition databases, not detected by heuristics, updating too late, false positives, ...
    SU doesn't have all these many problems.

    ProcessGuard safe ? If you are knowledgeable enough to answer YES or NO, maybe and what if you don't have that knowledge ?
    One wrong YES or NO and your computer is infected or doesn't work properly.

    I have many reasons to vote for SU and I don't see any hard proof that SU isn't working properly either. The rest are stories without background.
    As long I don't really need SU, I won't buy it, but SU will be the very first security software, I will pay for.
     
  22. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    William...sorry I thought you meant windows spades. I'm not certain about Yahoo spades, but 'if' her high score is stored on their server, then SU won't effect it at all (but if it's not stored on yahoo's server, you just find the folder where it's stored, and exclude that folder...so long as it's not a windows/system folder or c:\)
     
  23. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    Ok , here is my question. Sandboxie vs Shadowuser. Why can't Sandboxie be used the same as Shadowuser. From what I have read I could surf the web or download a program and then remove the sandbox and it is all gone. Where is the differense? Don't get me wrong. I'm not saying the programs are the same. It just looks to me like I can accomplish the same thing with either one. If not please explain.
     
  24. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    As far as I can see there's no reason that sandboxie can't be used for the same purpose that SU is used.

    The major differences would be in reliability (I know SU's security won't be compromised -not completely certain about Sandboxie), conflicts (none with SU), and functionality (SU is automatic and global, but requires reboots for certain things vs SB's local management of IE, which allows changes to windows settings without a reboot)

    Ie in some ways Sandboxie is more convenient than SU, and it's free...and in someways SU is more convenient than Sandboxie (esp if you don't install much, or play with your settings much), and is more solid - but also expensive.

    Btw, I don't know if you saw the post, but AM is free (you just have to sign up to their forum). Also, I just ran this test on it (post 24) https://www.wilderssecurity.com/showthread.php?t=98653&page=2
     
  25. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    Help guys! I have downloaded Sandboxie but Online Armor won't let it open IE or Firefox . If I shut off OA then they will open. How do I get OA to behave itself?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.