Using Sandboxes app a smart Defense Strategy ?

Hi, folks: I have been using DeepFreeze standard for just over 2 weeks. I do like it and could not help thinking that using virtulization technology to protect your pc system is'nt a bad approach at all. There are other good sanboxes apps on the market such as ShadowUser, DefenseWall, GeSWall, Sanboxie and BufferZone. Can you share your experience of these apps with Forum viewers? Thanks.

 

I just started using sandboxie a few days ago and I am very impressed. I was about to reimage my drive, so for the hell of it, I used IE/ sandboxie and purposely went on sites known to install spyware/adware/ect. After, I used Spyware doc, Ewido, Spyweeper, Counterspy and online TrendMicro to scan my system. I didnt even have a tracking cookie after!

Since then I have been able to disable my realtime antispyware programs. I now sandbox all browsers and Outlook.

 

Sandboxie didn't like my computer. It wouldn't install or work.

 

Another SandboxIE user here for about a month now.
(Gonna register and send them some $. It's worth it.)
Nice proggie. Not much resource impact, only a couple stability issues on rare occassions. Forum available with respectable support (queries usually answered by the developer).
Allows surfing with wanton abandon. You're nearly bulletproof.
I've created two shortcuts to my browser (K-meleon).
One to run under SandboxIE, the other to run normally (under DropMyRights).
Interface is fairly intuitive. Doesn't take much time to figure out it's workings.
I haven't even explored all the other possibilities of running test programs within it.
As browser protection alone, I feel it's well worth it.

 

I didn't like SandboxIE because my popup stopping app could not run while in SandboxIE mode. So i ended up getting all those popup's that i hate.

I tried Defencewall and found it inhibited apps too much. I couldn't ever get it to run Steam(game playing application) or even if i placed my online game .exe files in there all i ever got was permission rights errors and the games wouldn't run.

muf

 

Hi, folks: A bit problems w/ Sandboxie and DefenseWall? Why not try DeepFreeze or ShadowUser? They will allow you to DO anything that you would on your normal partition/drive. After you finish, simply reboot PC, and everything ,I mean everything you have done or the damadges malwares have caused, are gone, vanished w/o any physical trace. This "borrowed" partition/drive is your temp pass for joy and excitement.

 

Both are already bypassed by malware writers. Direct PDO IRP!

 

Hi, folks: Can you tell us more? I thought the newer DP V.6 has this problem fixed.Thanks.

 

What is DP?

 

I believe Perman meant DF (DeepFreeze) v.6

 

Hi, folks: Sorry, just a mis-spelling of DF (DeepFreeze).

 

Here: http://www.cracklab.ru/f/index.php?action=vthread&forum=3&topic=3132&page=8, MS-Rem's post. Sorry- in Russian.

 

Hi, folks: Interesting, although I do not read Russian. Perhaps you or memebers who read Russian can assist a bit. Is it using some codes while accesses a particular PC to bypass DF's password and then unfrozen DF,hacking the target? Or is it a more advanced than this? Do you have any remedy?

 

Keep this thread quiet or freaking crackers will sneak in and find juicy stuff to prey upon.

Just joking. Been using SBoxie for almost 6 months now and all I can say is that got no infection at all while browsing the net.

Nice appointment.

 

Hi

I've been getting in the habit of using ShadowUser more and more of late and once used to the reboot which is no particular pain, I've found it does exactly what it purports to do.

I'm not an adventurous surfer but the fact that it would undo any carelessness on my part makes me far more comfortable when surfing in Shadow Mode.

I do however take care to only visit my trusted sites when out of Shadow Mode.

So far I just can't find a downside to it but would be interested to know more more about it's susceptibility to malware that Ilya refers to.

 

Hi, folks: Before I can enlist any help from Russian speaking friends, and just to ease my curiosity and anxiety, I went to that Russian connection link provided by Ilya, post#12 on this thread. Apparently, only these names have been mentioned several times; ShadowUser, ShadowBeast and Folder Guard. Perhaps some cracks have be unearthed. I am a DeepFreeze user and have learned from other forum that DF is now immune to any attack. I do hope these two factors will assure me of smooth and safe surfing for the next while.

 

I am not quite understanding problems users are having with sandboxie. I have the paid version which allows you to force programs to run thorugh it. I only have my browsers using it. All other programs, unless you right click and option them to run through sandboxie, are not run though the sandboxie program.

For the users who cannot install, it may be time for a reinstall of XP.

 

First sentances are: "Full bypass of ShadowUser, Folder Guard and other simular programs weight ~15kb of code. The method's aim is in search of original file system's driver entry points and direct it's call, bypassing all the filters and hooks of the protective software. I won't post here full code but fragments.".

 

I'm a happy User of Shadow,like many in this thread. Until i saw your post,Ilya, i thought i had spared myself the hassle of reinstalling and using again the likes of Antihook (waiting for version 3 i became happy with ShadowUser) or SSM. But,after an initial discomfort,i reasoned that what you imply is that ,if you take a pc with just OS and ShadowUser/FG/others THEN it's just that simple to bypass the 'sandboxed' machine.
My point is- is it still that simple to get to a machine which runs -along OS and ShadowUser- also a Router, Avast! antivirus with WebShield, Jetico firewall with Process Attack filter, BOClean, uses Firefox with NoScript allowed, runs a hardened OS,+ Firewallleaktester, to name the essentials?
I say this because perhaps,by now, practically every software on earth can be 'bypassed' by a hacker,isnt that so?
Perhaps security is 'layered', and SU -albeit theoretically bypassable like most- provides a 'certainty' which not many HIPS can give, that is,a reboot is death for any malware or mistake.

 

The question is, can this be done on the fly? So if SU or DF for example are active can the code bypass the protection there and then or does it need to be loaded up at boot?

 

"Both meaning Deep Freeze and ShadowUser"

In Shadowmode, with PG full completely locked, RegDefend active, L'n'S properly working, and no physical access to my machine I really wonder who is going to bypass whatsoever....

The only disadvantage I find running ShadowUser is that sometimes I forget that I'm in shadowmode (I only switch to normal mode to download a program or to update Windows) and some data that is not written to the excluded folders might get lost with the next reboot.

DeepFreeze is a good program, cheaper than ShadowUser, but doesn't allow you to exclude specific files and folders and doesn't allow multiple reboots
in frozen mode (important if you try a program that needs a reboot).

 

In fact, it is always possible to bypass any protection from the driver level.

 

Hi,folks: Does this also mean that the BADGUY can bypass at kernel or socket level? Supposed that I have a kernel- or socket based security app installed, and if(only if) it has been compromised,then is it possible that this BADGUY can freely get a smooth ride into your system? Why do I ask this 2-cents question? I have a kernel-based AS app installed,during DF frozon stage, any def updates seem to stay even after reboot. Just wonder? BTW. is kernel or socket a process activated prior to driver during pc booting ? Just a layman's question.

 

Antivirus and firewalls have no role whatsoever in protecting something like Shadowuser or DeepFreeze from being 'hacked'. If one can manage to bypass these programs' protection (and it's been done before), having the most unbelievably accurate antivirus and firewall protection won't help any.

 

TNT ,you forgot one item of those i mentioned : Router.
As a matter of fact i am well aware that the antivirus is not directly responsible of any hacking operation,while i cannot entirely agree with you about the uselessness of a firewall.
I only mentioned these softwares -which usually people do run in their pcs- because they represent an obstacle to an easy conquering of a machine, as opposed to the statement that ShadowUser and DeepFreeze can be bypassed with extreme ease: yes,only if you have no other defense,though.
If you think a Router ,even a not so recent one,can be bypassed that easily you should find a fabolous thread at www.dslreports.com
in the Security section where the story is told of how many of the best security experts in the US tried to break into a Router some days ago and failed (excepting and partially just one). I dont remember the post now,but you wont have any difficulty finding it.