Toolwiz Time Freeze and AV updates

Discussion in 'sandboxing & virtualization' started by javahole, Jan 24, 2013.

Thread Status:
Not open for further replies.
  1. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Hello,

    I'm happily using the above with Comodo CIS, but i decided to not use exclusions for any Comodo or Windows updates so if Comodo updates whilst i have TWTF turned on i just let it knowing the update will be erased after i restart, and then i manually update the av after.

    Just to be sure would TWTF erase ALL of the CIS updates on my system when i restart or are there leftovers somewhere on my system ?

    Basically is it ok doing as i am ?

    Cheers
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Javahole, I am not using TTF now but for trying programs out or upgrading programs and see what the effect of the changes would be in my computer is the reason I use programs like TTF. I never saw any change escape TTF in my W7 but on my XP, using another LV program, I found some entries in the registry that I believe escaped this other program. I think in theory, nothing should get out. I switched both computers to Shadow Defender which is supposed to be the best of this kind of programs.

    Bo
     
  3. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    ''I found some entries in the registry that I believe escaped this other program''

    Bo elam,

    Yeah , i was wondering if this was the case and was interested.

    I use W7. I'm guessing that even if old updates leftovers remain on the registry its no big issue ??

    I sometimes think of ditching the AV and just use TWTF with a decent light weight anti spyware/keylogger and an AV on demand scan that updates only when you want it to.

    Cheers
     
  4. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    TTF in early versions started when login; but if some other app. started before in login also, some system changes (done by these app. that started before TTF) could not be discarded.

    Such annoyance was solved in newest versions, since TTF changed their engine: it starts in kernel level (before login) now.

    So I think you don't need to have concerns about: TTF will "erase ALL of the CIS updates on your system when you restart" and "there AREN'T leftovers somewhere on your system" using Toolwiz Time Freeze.

    I´m using TTF with SandboxIE [I don't use any AV since I have this combo]; TTF in 'Frozen Mode' always. Never noticed any "leftovers" left in my system!
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Javahole, TTF with Sandboxie is a great combo. I would have suggested doing like that if Majomo had not done so. No need for real time antivirus if that's what you want with that combo. I know Sandboxie alone is enough since that's what I use, on its own, for security. Doing things like Majomo:cool:, running SBIE under TTF should be even safer.

    Like Majomo, I never saw anything escape TTF.

    Bo
     
  6. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Thanks for the help. Yes, i originally downloaded sandboxie, but unfortunately
    my acer aspire one kept blue screening with it (couldnt even load the program) . Bluescreenview and the dump file pointed to the graphics driver and the helpful Tsuk said it was likely a problem with this combo (given somebody else experienced it with same driver) so unfortunately it looks like my laptop cant handle it. I get bluescreens when i used the virtual comodo dragon so it seems sandboxes dont agree with my machine.

    A shame as from what i've seen Sandboxie is kind of like an AV as its actually detecting stuff that shouldnt be there. Toolwiz Time Freeze is so unobtrusive and cant see myself not using it and no issues.

    Cheers
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Javahole, TTF worked great for me, never a problem, you ll like using it.

    Sandboxie is coming out with a new version soon, its going to change the way it does things. Perhaps that version will get along with your computer.

    http://www.sandboxie.com/phpbb/viewtopic.php?t=14454

    You could try the beta now or wait when the stable is released. The thing that I like about programs like TTF is that you can use it to try programs like this beta with no worrys. If you try the beta under TimeFreeze, if your computer crashes, everything will be back to normal after you reboot. Try the SBIE beta to see if the new design works better in your PC.

    http://www.sandboxie.com/phpbb/viewtopic.php?t=14453&sid=574020cfabeb8a189524aa6084e44a5b

    Bo
     
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Hi javahole,
    I noticed you mentioned that your using CIS.I assume its version 6.
    Have you tried installing any programs within the virtual kiosk yet.?
    Just wondered if you can achieve the same results with kiosk as you can with toolwiz.
    Thanks.:cool:
     
  9. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Yeah, thats a good idea, i'll probably give that ago. I couldnt even get to try Sandboxie before, but the thought of not having debris left behind if it doesnt work sounds good to me. Its a shame Geswall isnt more vocal/public as i'd like to have faith in that to give it a try.

    When i'm using TWTF all i really care about is maybe 3 website passwords , and nasties from Java which i use alot. From what i've read though theres questions on whether or not Sandboxie actually protects you from Java exploits ??

    I notice that on the Toolwiz site they say this ;

    ''Can I use Toolwiz timefreeze with other virtualization product at same time?
    We do not recommend you to do like this. It is more like install two AV in your system:)''

    Beethoven1770, yes the latest version. I didnt get that far with the virtual comodo to be honest as it kept crashing and BSOD's so i decided to stop using it. I'm not quite sure if its FULL virtualization in comodo ?? The AV scan is alot quicker than my old Avira which is a plus considering an AV scan isnt that important to me seing as i'm using TWTF.

    If the smart TWTF guys added some sort of live detection to the software that would be something. Not being greedy or nothing...:argh:
     
  10. littleturle

    littleturle Registered Member

    Joined:
    Jun 26, 2012
    Posts:
    102
    Location:
    US
    1)Update your AV when TTF is on.
    2)Click Exit Time Freeze on TTF.
    3)Choose Save All Changes option.

    No need restart system and just wait for few seconds, you will save the updates.
     
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Sandboxie is an application sandbox, which is nothing like an AV. Sandboxie contains sandboxed executables within the walls of the sandbox without making any judgement about their intent. Sandboxie contains; it does not detect. Because Sandboxie redirects all system changes to a sandbox container folder, Sandboxie can be used in conjunction with real-time AV if desired. The AV will treat the sandbox container folder no differently from other folder within the file system and will monitor it for suspicious content.

    It isn't recommended to run two light virtualization products at the same time but that doesn't apply to a LV and an application sandbox. Because Sandboxie runs at the file system level, it can run without conflict within the virtualized system partition created by a LV, effectively providing two layers of virtualization for sandboxed applications.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    TTF does not protect passwords.

    If you are using Sandboxie while browsing and you get hit by a Java exploit, its contained in the sandbox. It will be gone when you delete the sandbox. There is no question about that. The result should be the same when you reboot your computer using TTF.

    You definitively can run Sandboxie along Light virtualization programs with no problems. I have used some sort of combo between SBIE and three different LV programs in two computers with different systems and haven't experienced any issue. But you should never have two LV programs installed at the same time. Thats not recommended for sure and is a very bad idea to do.

    Personally, I like programs like Sandboxie and TTF as they are. Sandboxing, virtualization is their game. Hopefully they remain as that. I stopped using antiviruses and definitively I don't want any kind of detecting tool in Sandboxie.

    I know you read Javahole but I ll give you some important advise about TTF uninstalling in case this hasn't come across your way. Make sure when you uninstall TTF, to use their own uninstaller located in their folder in the Start menu. If you don't, it is likely that you will have problems.

    So, did you fire up TTF and try the new SBIE? :)

    Bo
     
  13. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    But you can see whats running in the sandbox no ? Can you not see most viruses in the sandbox ?

    Not sure if running Sandboxie with TWTF is any more defense against Keyloggers than TWTF on its own though ;

    ''Defending Against Key-Logger

    Sandboxie is not designed to detect or disable key-loggers, but it is designed to make sure that sandboxed software stays in the sandbox, that such software can't integrate into Windows, and that it can be completely discarded when you delete the sandbox.

    This means that if you take care to carry out all untrusted activity in the sandbox, you can always delete the sandbox to undo the effects of that activity, and restore your computer to a trusted state.

    The first step is to make sure your system is not infected by malicious key-loggers, prior to using Sandboxie. A system scan by an anti-virus or anti-malware tool should help here.

    Then carry out all untrusted activity -- such as browsing the Web, reading email, and testing unknown programs -- only in the restricted area of the sandbox. This doesn't mean you won't be infected by key-loggers, but it does mean you can get rid of them''
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Yes, you can see whats running in the sandbox and the files that are created in the sandbox but SBIE doesn't use definitions or detect nothing as antiviruses do.

    Sandboxie treats all files the same way.

    Bo
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    There are two aspects to this: (1) Drive-by downloads via a sandboxed application running in the sandbox; (2) a keylogger already installed outside the sandbox.

    As regards the first aspect: In addition to virtualization, Sandboxie also has a comprehensive set of policy restriction features. Properly configured, malware encountered via a sandboxed web browser may get downloaded into the sandbox but it won't be able to run or access the Internet. Sandboxie won't detect it though; it will simply silently contain it within the sandbox without regard to its intent. An AV is still needed if detection is wanted as well as containment.

    As regards the second aspect: Sandboxie won't protect against a keylogger that is already running outside of the sandbox, but neither will a pure LV such as TWTF that lacks policy restriction features. Policy restriction needs to be added separately, either using available inbuilt OS features or by adding a separate policy restriction/anti-executable/HIPS type program.

    All of this assumes that the keylogger has been encountered accidentally via a drive-by download. If the keylogger was deliberately installed by someone with physical access to the computer then there are bigger things to worry about.
     
    Last edited: Jan 28, 2013
Loading...
Thread Status:
Not open for further replies.