What is your perfect sandboxing setup in yout opinion? I'm thinking about doing this: I will buy a license of Shadow Defender I will buy a Sandboxie License I am using an unlimited trialware of Symantec Workspace Virtualization I see that Sandboxie and Shadow Defender are discussed more than enough, so i'll briefly explain what SWV does. For those who don't know Symantec Workspace Virtualization, it allows to virtualize installations and folder/registry changes (and save them for distributing packages) and put the in "Layers" just like photoshop. I.E: You install chrome in a so called "layer" and SWV keeps track of all windows registry, files and other changes. Then if you activate the layer you will see chrome installed (with all the desktop links, start menu shortcuts etc...), when you deactivate his layer it will be completely removed like you never installed it. And you can activate/deactivate it when you wish, even just for using it for 5 minutes then switch it off. The advantage is that, other that you can de-clutter all the stuff they install when you deactivate the layer, this particular software operates at OS level, so you avoid all the known uncompatibilities you usually encounter with Sandboxie (memory sharing, file sharing between sandbox and the OS More info here https://en.wikipedia.org/wiki/Symantec_Workspace_Virtualization This is how I would use them: Install in the order: Sandboxie, SWV, Shadow defender Shadow defender shadow mode will be activated depending on what I have to. If is something risky or really heavy (multiple installations, risky software, know bloated setups etc...). It will be active on ALL drives, NO EXCLUSION OF FOLDERS OR ANYTHING, everything must be revertable. I will install with Symantec Workspace Virtualization the various software I need by letting it monitor their setup. This way I can keep them installed, highly compatible and functional, since SWV let them run like they were really installed and not sandboxed (i read about people with SWV running successfully Photoshop, AutoCAD, 3DMax, Steam and other big or minor softwares). After this install, I will launch these apps with sandboxie. Probably after I got the lifetime license, I will keep them in forced sandbox so they will always launch sandboxed (at the moment I was keeping things installed in sandbox, and since I have free version of sandboxie I can have only one sandbox so I have to reinstall everytime I clean the sandbox). This way it should be all clean and if I want to remove a software completely I can just deactivate or delete a layer from SWV. Shadow defense will be the last resort if all else fails (If I activated it) letting me revert all to the previous state. I find that SWV can suit well in this because it can be used for free for personal use. What are your thoughts? Suggestions are welcome.
so basically Symantec Workspace Virtualization is a kind of snapshot software a la Rollback RX; but with SWV: 1- do you need to reboot to activate/deactivate layers? 2- can you delete a layer without impacting the others? 3- can you reorganize those layers? 4- does the MBR is protected? Personally i would put SWV before Sandboxie (because point 2) , because Sbie needs so many (annoying) updates to solve issues after some apps or browsers are updated. details and link please
https://www.symantec.com/products/t...kspace-virtualization-and-workspace-streaming https://www.symantec.com/content/dam/symantec/docs/data-sheets/workspace-virtualization-en.pdf It isn't what you think it is.
Details about free personal use https://www.symantec.com/connect/forums/free-personal-edition http://svs4all.com/site/symantec-workspace-virtualization-61-sp1-release-notes-download Also, when you install it, it automatically inserts a serial key without even asking me, I guess that's the personal use key. also to answer your points, though I've installed it some days ago and I'm not very experienced with it: 1- do you need to reboot to activate/deactivate layers? No, you can do it anytime. The only caveat to this is that to create a new layer you have to deactivate all the others during the creation process. 2- can you delete a layer without impacting the others? Depends. It's like they are installed in the OS. So if some software depends strictly on some layer then yes, it will impact the others. Example: A)You have .NET Framework 3.5 on your machine B)You create a layer on which you install net framework 4.5.2 C)You create a layer where you setup an application which needs net framework 4.5.2 or that can work also with .net framework 3.5 D)You create a layer where you set up an application which needs stricly net framework 4.5.2 If you deactivate layer B) then layer C) will work with net framework 3.5.2 and layer D) will stop working. And that's it. 3- can you reorganize those layers? What do you mean? From what i understood it works exactly like photoshop. You have layers on top of each other and they respect that ordering. Taking from the previous example if you put B) after D), then D) won't work. I'm 90% sure of this, but have not tested it personally, Each layer has lot of options: http://image.prntscr.com/image/a75735aba5024e7686e83c2f4fa9cdfc.png Also, it's very particular as you can do "Data layers". Example: You create a folder with 4 files then you create a layer on it. Then if you activate the layer and you add/modify files there they will remain trapped to the layer and you can activate/deactivate layer and created folders and modified files will appear/disappear. 4- does the MBR is protected? I don't think so. It's just protecting what you do in the OS when it's already booted. Does that mean that you would put sandboxie in a layer? Or what? Anyway Lockdown it's right. In commercial environment it's used to replicate complex processes of software installations (i.e. an entreprise application with a lot of components to install in a certain order to make it work right) they put everything into layers and then they are able to replicate throught another symantec software (I think it's called Workspace notification center or something like that) they are able to install it anyware by distributing the exported package, which is the export of all the layers. This way install a big software on another computer should become easy. For personal use it can be bent to a personal help to keep bloated installers from leaving trash or doing damage to the system and eventually remove them in a few click. Think when you need a little tool for something and you end up trying a lot of those trashy little programs until you find the right one. I hope it's clear. Comments are welcome
I will be interested to see how it works out, but my opinion is that it's like trying to scratch your right ear with your left hand while standing one on foot. To me there are much simpler ways to accomplish what you describe
@Porkechebure it seems like too much effort and overhead to me. Why would you worry about risky software anyway?
yes. let say you setup them your way : 1- Sbie > 2- SWV > 3-Shadow Defender Now you decide to update Sbie; where the update can be applied ? outside a layer (so on top of the initial installation of Sbie : point 1) or inside a layer? Do you have access anytime on the system before you installed SWV?
from my view symantec "stuff" (i would call it more "crap") is absolutely pointless. i would investigate into an full blow virtual machine if i had such doubt about unknown software. it makes me remember at BufferZone which was abandoned and free version was dropped - at least there exists better solutions. the major point still is - any software either sandboxed or not has the ability to use its current settings and system settings. if its allowed to go online it goes online in a sandbox if not otherwise set up - and there it goes the data. sandboxing vs doubt using certain software - just BS. if i dont trust software i never will use it, either in a sandbox or for real.
some decisions are that simple - black or white. there are a lot of it but in most cases its not a "regular" piece of software, or unknown sources. it need to investigate some thoughts about it - i dont have doubt for my system to check out anything, most times, two or three checks to determine the direction. and i also had benefit from users eg here at wilders who will test or have testet doubtfully software.
I agree. I do play with malware, but I do it in a VMware Workstation machine. For further isolation I have all the VM exe's guarded with Appguard. This blocks memory read/writes. I would never do that with this symantec stuff.
Geesh, I thought I might take a look. Just looking at the download location stuff is enough to make your head spin. No thank you
my refusal for symantec is historical founded. i'd like the norton stuff before symantec overtook it and blew it up, i have the full collection in my archive. in between they foxed some and it became better but now again its pain to read problems which are caused by pre-installed symantec stuff on new systems. "pre-installed - then i cant be bad". and they made the mistake to separate the business from the private versions with complete different methods. it takes time to learn that small niche products are not that bad.
Explain Any setup or software I would need for a short time should be treated as removable and/or risky (example you might need a pdf joiner and there are tons of crappy progs doing that, would you try install 10 until you find the right one?) My idea was not to put sandboxie in a layer but letting it free. Sandboxie it's not risky or useless for me and should always be availble and installed properly Don't know about stacked updates. I think that you can top another layer to the pre existing install of a program as unless you explicitly say so, each layer can see the other one and therefore you can execute the update setup and layerize it (which is good because you might want to add/remove an update layer to test different versions of the app) Well that doesn't make much sense to me, since you would never try anything thinking like that. took me a lot too. Then I found it was easy. Just google the name, go to their site and click on the trial button, fill the form and try it out. Anyway the point of the post it isn't "which are the best security practices" to which, the answer is "Don't try anything". It was "Which would be your most comfortable and useful virtualizing setup for security and testing software
For testing new software, I just Macrium Reflect imaging software. Makes it easy to restore back. For risky stuff I use a virtual machine. I looked at the symantec stuff a long time ago. It looked like a mess then. You are asking an opinion. You've got it.
if that will be your summary ^^ for some users it might be the best. i have learned to unpack (if possible), to use a sandbox (different programs, eg sandboxie and bufferzone), trying installations in the box, or VM, or for real with shadowing (worst case). reason for my actions are different - studying, malware search, nosiness, creating portable, removal tools. in most cases a run in sandboxie is enough - i have several boxes for several cases created. but - i dont test malware. that risk is higher than i could bear and i am not able to lock a break out in any case. shadow defender is a last scenario to test software i would probably install for sure, in a VM not.
VMware. That is all. Actually, I have an older version of VMware which I used for this very purpose on occasion, but I became bored with the practice so now I never even bother using it.
Sounds high maintenance (something that could turn into a hobby). I use SBIE and Macrium Reflect only. I don't try much new software anymore but if in doubt I would read reviews of any new software first and anything I download that might be suspect run thru Virustotal, then make an image before installing it.
Well, ok. I am a software developer so I never mind to explore new software to find its full potential and I see hidden in forums and posts that people are quite satisfied with this symantec thing (which I didn't even knew until the other day) so I just wanted to try it out and find what it can really do. I'm glad anyway to have informed the community about a new product, maybe some more opinions will pop out if someone feels like trying it... heck, it's free anyway Thanks for the opinion I've seen Macrium Reflect named much times, I guess I'll give it a shot to see what it does and how it works out. I think i'll set up a VM with no network and shares anyway. EDIT: I've read about Macrium Reflect and I'm much interested in the possibility of snapshotting my disk and recover it back exactly as it was. I've used CloneZilla in *nix environments for this. Does this works the same way? Anyone have a good tutorial to point me at?
Hi Porkechebure I do endorse the virtual machine concept, it's just I use an updated VMware Workstation machine. The symantec product has been around quite a while, but it seems cumbersome. A virtual machine is just like your computer. To see the full potential of Macrium you need to try the trial of the home version. But just to give you an idea. On my testing machine, my c: drive has 140gb in use. So a full disk image and restore takes right at 20 minutes, in itself not bad. One of the things I run is Acrobat Pro v12. I wanted to test Acrobat Pro DC, so first I took and incremental. That took 1 minute. I installed the DC trial which caused the installer to first uninstall V12. The total data swap was about 2gb. I then realized I didn't like it so I just did a restore. The restore took just shy of two minutes, and my system was back like it had been. One could easily keep images of different machine configurations. Also I have totally abused Macrium and it has never failed me. For more information you can go to the Macrium.com site and under support there is a knowledge base. Also there is a long thread here. Also we have some experts here in the form of TheRollbackfrog. He is plenty willing to help.
