SbxIE, SD or Returnil, which is the lightest ?

Discussion in 'sandboxing & virtualization' started by BrendanAdams, Jan 2, 2009.

Thread Status:
Not open for further replies.
  1. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    137
    Location:
    France
    Reading tens of threads for a couple of days might have convinced me to go for one of these solutions. To be honest they were completely new to me a week ago (I know ...).

    I read much about their functioning, and I have to say it was very interesting and instructive. Now my sole concern is about their slowing down my laptop or not. If any one of them was very light (+ Opera, NOD32 and Outpost friendly), my choice would be much easier.

    Therefore, I am afraid I have to seek advice from experts.

    Thanks a lot for your help ! :)
     
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    The lightest of these 3... They are all so light that i never cared to compare... They hardly use the CPU.

    Sandboxie works fine with Opera and Outpost for me. I don't know about NOD32.

    About slowing down... hard to say. Sandboxie doesn't slow down the entire system, that's for sure. The other 2, since they use disk as buffer, in large quantity of data, maybe can be a tad slower and i would give Returnil a very slight edge over SD.

    But i 'd say you should try them and see for yourself. Each system is unique.
     
  3. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    137
    Location:
    France
    Thanks a lot for your quick reply :)
    I might try Sandboxie, then.
     
  4. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    When I used Returnil free a year or so ago I was very happy with it. On an old machine SB was a pain as it slowed down going on line the first time. Now I use SD and nothing but SD. I can't be bothered with all the fiddling that appeals to some. Either SD is on or it isn't. occasionally I forget that it is on when I want to save a download so I use the commit function.
     
  5. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    LoL the "forggeting to commit a downloaded file" ... I figured that would happen to me too so I don't use Shadow Defender or Returnil...

    I am to scared to lose settings while using Returnil or Shadow Defender.. not just files :p

    So that kind of witholds me from using one of those programs, I prefer Sandboxie.

    Everything is reset on reboot but you still need anti-virus/spyware because it would be annoying having to reset all the time because you're being careless opening anything :p
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi BrendanAdams,
    Though I am biased, I believe RVS in memory caching mode is the lightest on resources of those selected, especially as it does not include clonning of alternate drives and partitions. We chose a more simple approach to selective protection for these types of volumes so there is less overhead and a better user experience in the Premium Edition.

    The Personal Edition will also eventually have the File Protection feature at some point in the near future ;)

    Regardless of my opinion, I highly recommend trying all of the selections before you make a final decision as you are the only one who can say which is best in your environment.

    Also be aware that many are finding the combination of SBIE and RVS to be a valid configuration so that would reduce the number of choices to two, rather than three...

    HTH
    Mike
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I've tried them all separately, and system impact has never been an issue. I think the first choice should be between sandboxie and the other two. Returnil and SD are more similar as they virtualize completely. I ended up picking SD as it is the closest to ShadowUser which is perfect for my habits.
     
  8. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    137
    Location:
    France
    Actually I tried to instal Sandboxie and it conflicted with OSS 2009. It wanted to overwrite or delete (I had both options) an Outpost component, called sandbox.sys. Well, that makes it a bit more complicated, lol.

    Thanks a lot for your replies anyway :)
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    With full virtualizers you don't need antispyware, and with Shadow Defender (I don't know about Returnil) you can exclude the antivirus.
     
  10. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    You can commit the files and folders for the AV/AS but you cannot commit selective registry changes yet in RVS. For some AVs this means that you must deactivate Returnil to update/upgrade these programs for use without protection on. When RVS protection is on, your AV/AS will update and work as expected but will reset when you restart the system.

    For always on systems, this is not that great an issue but can be distracting if you frequently turn protection on/off or restart the system the same way. If we are discussing the later, I would suggest updating the AV/AS and then turn on protection for the day/update cycle (Most AV's are on ~ a 6hour cycle with updates, some have shorter or longer cycles so some experimentation may be in order to get your timing right...)

    Mike
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Just a simple test to try and show why a combo of SB and either RN or SD might be a good idea.

    Right click desktop - New - Shortcut and enter " shutdown.exe -r -t 00 " no quotes, which will restart the computer if double clicked.

    Right click the shortcut and run sandboxed and the system call to restart is contained.

    Like I said, just a simple test and even though if it was a malicious action it would be gone after a reboot if only using RN or SD but SB would have prevented the reboot if run in a sanboxed environment.
     
  12. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    I'd rather prevent junk from getting on my computer in the first place, even if you reset everything by simply restarting.. you'd still have to restart !!

    That's wasting time in my opinion .. I hate rebooting/waiting -_-



    The registry is saved in a file so you CAN commit the registry but you'd be commiting some changes you don't want to commit.

    You can also exclude folders but you never know what happened in the "shadows" xD
     
  13. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    137
    Location:
    France
    I would just like to say I have just tested and adopted Sandboxie.
    The conflict problem with Outpost (sandbox.sys issue) was solved by installing Sandboxie first and OSS 2009 second.
    I might go for any of the other 2 as well in the future ... I am still hesitating at the moment, for the reasons mentionned in my signature ;)

    For now I just wanted full navigator protection, so I guess Sandboxie is enough. I have just noticed that, when sandboxed, OPERA.EXE was no longer visible on the Outpost network activity pannel (sorry, I have it in French, so I don't know the exact English terms for it). It seems logical, all the more so as it has been replaced by SBIECTRL.EXE.
    By the way, should that SBIECTRL.EXE be fully trusted by Outpost or not ? Same question about the other Sbxie app, START.EXE.

    Thanks again for your help ! :)
     
    Last edited: Jan 3, 2009
  14. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello, your sig says Opera 6.3? Should there not be a "9" in there somewhere? ;) :D



    snowbound
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    You are perfectly right, for people too busy this is certainly a waste of precious time.
     
  16. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    137
    Location:
    France
    Definitely. Just modified :D
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I pit bots & malware up against tools and available latest secuirty apps but i also watch for stability in any app i run.

    I can't vouch for SD at all because i had little time to try it, but i can say in all confidence that RETURNIL is stupidly "Lite" given the fantastic capability it offers as well as SandboxIE is also "Lite" as i feather in my continuing experince with these two if that helps.

    I say stupidly lite with respect referring to RETURNIL because that's one very capable virtual system that eclipses in my experience with it any of the other virtual programs in comparison & stability you just wouldn't expect given all it can do, and with ease. Of course they have,like Tzuk and many other skilled developers here, have spent intense efforts to see to it they offer a nearly if not totally fool-proof product for protection/privacy.

    EASTER
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I agree on Returnil and i can say the same for Shadow Defender (i bought it today).

    Resource usage after 3 hours of use (browsing, p2p, video playback):

    http://img517.imageshack.us/img517/7780/60229046cm1.png

    :D
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    ShadowDefender of the three.
     
  20. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    I have tested Returnil, SD and Sbie with a P4 system, 768MB RAM against 12 virus/trojans about a week ago for a German security forum.
    The test can be found here: http://www.rokop-security.de/index.php?showtopic=17962

    Now with Returnil I didn't recognize any delay, neither when activating Session Lock nor when running the malware.

    With MD there was only a slight delay when activating Shadow Mode.

    Whereas with Sbie there was a slight delay when running the malware sandboxed.

    But all in all every program performed great on this old machine and I don't think performance is the essential fact to choose one of these outstanding programs.

    Cheers
     
Thread Status:
Not open for further replies.