Using AV with Sandboxie

Hello, long time lurker who decided it's time to de-lurk.

My subscription for NOD32 is coming to an end in a few days. The consensus here appears to be that using Sandboxie and an on-demand AV like Malware-bytes is good enough protection but as I haven't seen the question asked recently I thought I'd get an up to date opinion.

I'm running Windows 7 64bit with 64bit Sandboxie 3.58, although with the experimental 64bit protection turned off - I haven't actually turned it on as people seemed to be getting BSOD's at the time. I'm not sure if this is now sorted anyway.

Opinions, suggestions are all welcome. FWIW I have nothing against NOD32 and feel it's done a good job over the years but it just feels a little redundant in my setup.

 

I'd suggest using the experimental mode. The possible BSODs appear minutes after bootup, so should you run into one, you can safely boot and disable the feature from Sandboxie.

If not using Experimental mode on 64-bit Windows, it is suggested that the Drop Rights -restriction is enabled. This way Sandboxie is somewhat as good as on 32-bit platform, altough without Experimental mode, it still lacks some security.

When an AV feels redundant in a setup, it usually can be just that. Using Experimental mode in Sandboxie with MBAM sounds very good, proving you know what you are doing. Maybe consider using Standard User Account for extra security, or atleast take the UAC settings to the max level.

 

Personally, I ll recommend that you use a light AV with SBIE when you first start using Sandboxie. After a year or two, if you are ready to drop it, you ll know it.

If you feel "scary" or "naked" because you are dropping using the real time AV, then you are not ready. You should not look at Sandboxie as a replacement for your AV even though you might drop it in the future, when you learn SBIE and feel comfortable using it.

Enjoy Sandboxie.

Bo

 

Thanks this is good to know. Your one of my favorite posters now. You really did well in the other thread and proved your point, Not only that Bo is one of my favorite names from a movie character! Love the name. Sorry if that sounds strange.

 

Thanks Max, I appreciate what you are saying.

Bo

 

Your welcome.

 

Thanks for the replies. I've been using Sandboxie since December and the licensed version since January. It's certainly going to feel odd not having an AV running in my systray after all these years if I go that route. The problem with paying for a years licence is the feeling of obligation to use it having paid for it. I guess I can give MSE a go alongside it for a bit.

 

But when you feel your put take a big breath of fresh air from non resident and relize how sandboxie is like Kevlar alone.Your ready to graduate to the No AV camp. Welcome to the No AV club when you ready.

 

I'm using avast! free with only the file and behavior shields with Sandboxie Paid, and it's a very light combo. I have set Sandboxie and C:Sandbox as exclusions in avast!, and I also set avast! to scan no packers and my machine is as snappy as with no AV at all. No AV seems like a risky idea, especially when having one can be just as light as without one, with the proper settings.

 

I still trust my Eset NOD32 antivirus...and with version 5 I guess there are some improvements in it in detecting malware threats. Some infectors comes from USB flashdrives, cd/dvd's...not only from the internet. So an antivirus was still very useful.

Besides, why should I uninstall and remove program that didn't hog down my pc, the combo works ok and light on the system. I have also sandboxie and are happy with it.

 

Not updating or upgrading scanners is a huge benefit that I get from not using them. Doing those updates/upgrades use to give me stress, but now it feels better as I am more relaxed when I am in front of the PC.

Bo

 

Update: I went a few hours with just using sandboxie. I can't say I noticed any real performance gains compared to using Nod32 although Web pages did seem a little snappier. That could've just been me though.

I did wonder about updating sandboxed programs like Firefox. I normally update sandboxed programs by disabling forced programs so they can write to the Program Files folder. I presume this is the best way to do it?

Anyway because of this it occurred to me I might need to have some AV running just in case (of what I'm not sure but 'just in case') so I went with MSE which seems to light in any performance hits it might make. Given that I haven't noticed any real difference's between running an AV and not I think I'll stay with this setup for a while.