Discussion in 'sandboxing & virtualization' started by Trustware, Dec 1, 2010.
Jdixon2278, Thanks for the heads up!
Does this seem to slow down a computer at all?
Thanks for the heads up. Do they send you a license code?
I'm running it on a Dell Inspiron 1525, cheapie model with 2G RAM, Vista HP 32 bit. No slowdown at all. In fact, the computer boots faster and even with MSIE 8, it's quicker than when using my old combo of ZA Pro and AVAST, both of which are gone.
I'm relying on BZ to protect, along with a couple of free on demand programs, MBAM and Hitman Pro as backups. I ran an older version of BZ a while back. Never had anything get through. I empty the bufferzone each day, just as I delete sandboxie files at the end of the day. I like BZ, always have.
has this benn tested with serious threats?
thanks for the info
In regards to the Ask Toolbar - BufferZone has a new feature which allows you to select whether a signed installer will be installed Inside or Outside BufferZone.
You can go to the Policy tab of BufferZone and select the relevant level for you.
** Maximum protection **
o All programs will automatically be installed inside BufferZone
o BufferZone will not prompt for confirmation
o Recommended only when most strict protection is required
** Notify All **
o BufferZone will prompt for destination before every installation
o Recommended when manual control is required
** Notify Unsigned **
o Signed programs will automatically be installed outside of BufferZone
o BufferZone will prompt for destination before installing unsigned programs
** Automatic (Default) **
o Signed programs will be installed outside BufferZone
o Unsigned programs will be installed inside BufferZone
o BufferZone will not prompt for confirmation
o Recommended for most situations
** No Protection **
o All programs will automatically be installed outside of BufferZone
o Not recommended
In regards to 64 bit support -
BufferZone currently supports 32 bit operating systems.
64 bit support is planned for the Q1 2011.
Thanks Trustware for info In my tests, Ask toolbar was permanently installed too with out of box configuration. I will check it with modified BZ configuration.
BTW, Is Ask toolbar digitally signed?
Most important settings
1. Specify installers from untrusted sources (e.g. IE and USB to run inside BZ when installers are NOT signed
2. When trusted programs drop down a new executable, run unknown INside BZ (works the same as CIS Sandbox)
3 Run scripts inside BZ sandbox
4 Allow or DENY untrusted programs to go outbound (allow should be after deny)
In this example Chrome is allowed outbound
enjoy this freeware on x32 bits See pic on how to set confifential files/folders
Now you know the basics you don't have to be cautious (beware a signed ask bar installs yes that is correct, it is the default setting, until you clear the BZ sandbox as Franklin so kindly showed you) RTFM
Franklin tip: https://www.wilderssecurity.com/showpost.php?p=1791759&postcount=18 also important to know (BZ does not clear the sandbox by default, but leaves it as is, until you clear it, it is not Sandboxie, it is a cross over of Avast/CIS sandbox, SBIE and GW).
Thanks Kees very informative.
I have never run this program before so I have a question or two.
Are you able to save your bookmarks and certain things in browser profiles? I see this has a FW. You guys run this a long your normal FW?
Thank you Kees1958 for your informative post here and in your BufferZone second thoughts thread. Makes me want to try it again.
My problem with Bufferzone is minor and cosmetic. Bufferzone does not seem to recognize that my taskbar is at the top of my desktop instead of at the bottom. Attempts to move the sandboxed windows when they are maximized are to no avail.
I know the easy fix is to move taskbar to the bottom of the screen but I happen to like it at the top. Running XP SP3.
Yes, these are excluded by default (at least in older Pro versions, I could see it was excluded in the XML steering tables).
Well, when you run XP/Vista/Windows FW as inbound, it is a nice outbound protection addition. When you tell all unsigned programs to run inside BZ (as shown in the screen prints), it is effectively an outbound application filter for unsigned programs. Make sure you add your email and webbrowsers in the BZ firewall.
What do they mean by unsigned and signed programs? This looks like a nifty program. I'm using Vista.
If you want to test malware via BZ then you need all programs to connect out so any lovely malware extras can be downloaded.
I find it easier to have a shortcut on desktop to BZ's working folder where I can drag and drop anything then execute.
Can I save a file out of the sandbox?
I mean, can I download and save files from Internet or I need to turn off Buffer Zone to do so?
You old bugger. Look at the questions people are asking: it is on the primary functions of BZ. You are giving them advice of a pro or at least someone who knows how to play with malware. Have some consideration
Bufferzone is a cross over of a application sandbox like Sandboxie and Sandbox of Comodo or Avast.
Comodo/Avast like sandboxing
Signed programs are generally safe to execute (although Avast has reported malware which was included in some signed software, but that is an exception). Bufferzone offers protection for your complete system on:
a) executing new programs, downloaded by by safe programs
Which are unsigned in the Bufferzone sandbox (see post https://www.wilderssecurity.com/showpost.php?p=1792527&postcount=36 )
b) execution of scripts, downloaded by safe programs inside the sandbox (also system wide protection) see https://www.wilderssecurity.com/showpost.php?p=1792528&postcount=37
Sandboxie like application virtualisation with containment coverage like GesWall and DefenseWall
c) In stead of individual sandboxes for each application, BZ applies application virtualisation like GeSWall and DefenseWall apply it for all untrusted programs. (see top https://www.wilderssecurity.com/showpost.php?p=1792526&postcount=35 )
d) Like DefenseWall you can set USB as threatgate or untrusted source also, meaning that unsigned programs are kept in the sandbox, signed are executed outside sandbox (same applies for internet facing contained BufferZoned programs) see bottem of https://www.wilderssecurity.com/showpost.php?p=1792526&postcount=35
e) Next you can specify to control outbound internet connections of bufferzoned objects (programs, USB-drives, scripts) see https://www.wilderssecurity.com/showpost.php?p=1792529&postcount=38
f) With right click command you can run a program in/outside the sandbox or move a file or a folder outside the sandbox. You can also tell Bufferzone to clear the sandbox (see https://www.wilderssecurity.com/showpost.php?p=1791759&postcount=18 ) OR recover a saved sandbox 'snapshot'
Yes Bufferzone keeps sandboxed data by default, you have to clear (empty) it yourself. BZ also does a reasonable job installing programs in the sandbox. Those 'SNAPSHOTS' can be saved or recovered.
There is also an option to specify confidential folders (like GeSWall and DefenseWall) see https://www.wilderssecurity.com/showpost.php?p=1792530&postcount=39 Untrusted objects are not allowed to access them.
For an application virtualisation unique feature: is the option to protect you from KEYLOGGERS (only on Internet Explorer) using the PRIVACY option (just specify the URL's you want to defend).
It seems bufferzone pro is very heavy and unusable on my windows xp pro sp3 pc. I tried it yesterday on a newly formatted pc and it slowed my windows to a crawl and froze it many times and made the bootup very lengthy and made normal operation useless. I had to manually shut down and return to a good snap shot on CTM to get rid of it. SO anyone here with win xp sp3 having the same issues or are there any possible way to resolve this. My pc has only 1.5GB of ddr2 ram and do not know if thats enough for bufferzone or not? Any help or inside into this is welcommed.
Cheers, I don't have time to investigate in details, so please advise:
if I use Sandboxie, DefenseWall and Shadow Defender can/should I add BufferZone?
Short answer - no, you shouldn't.
Separate names with a comma.