Shadow Defender or Sandboxie: If we choose

Why, thank you very much!


after reading all the good posts here that encouraged me to re-install SBie.

it's one of the few problem-free and light security app around.
there is a slight slow-down when launching the browser but no big deal really.

i've allowed only IE9 and PDF-Xchange Viewer in the Start/Run restrictions and IE9 only for Internet restrictions.

i get bugged once in awhile by rundll32.exe and dllhost.exe but not enough to allow them in the restrictions.

 

I have a strong liking anymore for in-built security. It is personal preference.

I use SBIE because it works and for me is about as close to "set and forget" as any product I can think of.

If one educates themselves on how SBIE works and the few changes in protocol that it brings, it is IMHO also one of the easiest security tools I know of.

I must officially be a Sandboxie Fan Boy now It is the one and only 3rd party application that I would recommend to anyone.

The theoretical situation of having to choose is just that, theoretical. Anyone who has used the two knows that they perform different functions, and you might not always need both of them. But, if you do, there is no real reason to choose between the two, each will serve you fine separately or together.

Sul.

 

Bo knows.

 

Quite the Opposite!

 

If Sully recommends something, you had better listen. He is a very good judge of programs and has no hang-ups, just an extremely knowledgeable appraisal of any situation, program or problem. One of my favourite Guru`s.

So if he says SBxie, then SBxie it is.

John

 

None of them. I am using the Returnil Lite.

 

This thread poses a fundamental question. It is about virtual programs, those which allow us to operate in a virtual environment which isolates our PC from all activity therein.

A virtual system does not rely on vast ever growing and never up-to-date data bases of recognised inflectional material and kills all possible threats when the browser is closed. Nothing gets out into the main physical computer to infect our system.

So it sounds as if using a virtual program is the ideal choice for every one of us, in theory making all AV and AM software redundant.

So why is there any doubt about the concept of virtual operation ? It appears just a matter of which program to use as this thread asks. I do not know why the colossal industry of AV and AM is not rapidly declining in today`s world, if virtual systems are so perfect and an obvious indication of the future progression of computer operations.

Please, can our more knowledgeable members expand on this point, not particularly to kick my butt, I am no expert and am willing to learn all the time, but to clarify this important matter.

I use SBxie as you all know and my reading of many Forum posts and lots of associated web data leads me to believe that if SBxie, Returnil, Shadow Defender or some other similar virtual program is used, we do not need anything else.

SBxie is so easy and invisible that I do not know it is there at all, but I do know that when I close my browser, all the bugs and nasties go with it.

There must be a catch somewhere, what is it ?

John

 

we're starting to see "alternatives" from AV vendors and developers.
Kaspersky has some 'rollback' module and Avast has a decent sandbox.

the problem is to make this technology as painless and transparent as possible for Joe/Jane Average.

 

Average computer users would be confused by virtualization programs, especially those system-wide ones. One reboot, and their new programs and settings are gone.

Sandboxie will be easier, but teaching them how to recover safe files will be hard.

 

You can set Direct file access so the user wont have to "recover"
anything. Their favorite AV can check that downloaded files are OK.
Sandboxie should be easy for all users but I agree, system wide
virtualization programs can be confusing for the average person.


Bo

 

Indeed that is true, but John Bull thinks AVs are redundant, as do yourself.

 

On the other hand, the possibility of No Longer Relying on [Real-Time] Scanners
while Having a Light and Effective Security Setup for FREE (= Sandboxie and Returnil),
has made many Average Users eager to educate themselves on these issues.

 

John Bull does not think AV`s and AM`s are redundant, he simply is saying that a virtual system is almost impenetrable and that these other traditional security programs look rather like being of little value with the introduction and progressive development of future virtual programs.

OK, the despicable ~ Snipped as per TOS ~ who devote their entire miserable lives to wrecking everything that is good will not lay back and let it happen, but the ball is in their court and virtual systems at present beat them into a frazzle.

Spending good money on some AV or AM program seems an economic lapse of judgement when one can simply install a reputable virtual program for FREE and to hell with Internet threats.

John

 

I like to think that all applications that are currently available have a specific place in the security spectrum. To rely only on an AV/AM wouldn't be enough nowadays, and I agree Sandboxie or Shadow Defender will protect against almost any new type of malware (provided that the malware hasn't been specifically coded to defeat the sandbox or the virtual system).

This is all fine as long as the user doesn't download and execute anything, because if one wants to download something from an unknown source then the only way to ascertain whether it is infected is to use a scanner.
There are several excellent free scanners Avast, Avira, MBAM to name a few. I don't think they are redundant.

 

We have to be careful we don't think all virtualisation software is like Sandboxie. It's not.

If we use the 2 in the OP only SBIE can be used to restrict the behaviour of the virtualised application and what is spawned from it. SD in my experience will succesfully wash away all remnants of malware on reboot but will not stop it installing and running - potentially stealing data/keylogging etc in the time between install and reboot.

Using SD on its own then, for me at any rate, is not an option. Using SBIE on it's own, with appropriate precautions such as start/run restriction and a strategy for confirming the safety of what you let out into the real system, can be.

Having said that I don't think its essential to run real-time AV/AM with SD as long as you use something like Defensewall, Geswall, AppGaurd or even well implemented SRP to keep the nasties at bay until reboot.

I use SBIE on all my systems with no real-time AV but do make use of on demand scanners and VT/Jotti as well as VM's for unknown apps.

Virtualisation as long as it is backed up with some form of restriction (inbuilt or 3rd party) is great if you understand how to check what you need to instal is clean. If you know that AV/AM is a choice rather than a necessity. If you don't you need to keep the AV in real time in my opinion.

Cheers

 

J L, yes, I don't use antivirus real time but the type of user that you
were talking about in post#34 would benefit by using their favorite
antivirus and SBIE together, like I described on post#35, making it
easier to recover safe files. If my grandma was a internet junky,
I would set it her up that way.

Bo

 

You`ve done it again BO, never fail.

Whilst I have said a few things here, some right, some wrong, I am getting an enormous amount of interest and information out of this post.

It is a good thread and very topical subject in today`s world of cut and thrust.

 

I agree. When needed I use Wondershare Time Freeze instead Shadow Defender. In general I use SandboxIE.

 

What are they going to do about downloaded files then?

 

Pray they are not infected.

 

-In terms of Security (i.e. Checking Doubtful Files):
They use VirusTotal, on-Demand Scanners, and on-Line Scanners.

Countless users have stayed Malware-Free
by using Sandboxing & Virtualization
while they are Not relying on Real-Time Scanners.

 

Just noticed that SD is a PAY program.

Why on Earth bother to raise this thread ? SBxie is FREE unless you choose to pay for the more sophisticated version. I have found that FREE SBxie is absolutely perfect, so why pay for SD ? This factor alone appears to resolve this thread question precisely.

If you really have a hang up, then go for Returnil FREE. You do not have to dig into your pocket to get a perfect security package that keeps you bug free.

The thread is a non starter - to compare a PAY program with a FREE program + optional PAY is not logical and a waste of Forum time. You simply cannot compare bananas with apples, they are different commodities.

Bottom line - just use SBxie and forget SD. Returnil is an excellent alternative and that is FREE as well.

Why people line up programs that do not have a direct equality, I will never understand.

 

Because they are different types of program, each with it's own pros and cons, so it's perfectly valid to have a discussion around the differences. Free vs Paid is just one dimension.

 

if you want to test programs SD id better as SBie will not let a program install drivers.