Whats your opinion on Sandboxie

Whats your opinion in Sandboxie! Ill say its really good and my computer is fast and it works well with Avira. What do you think?

 

Well said!

 

As long as you have some sort of firewall in place and, at least in my opinion, a good antivirus (whether or not an AV is needed is a hot debate), SandboxIE is probably the last security program you will ever need. I'll go further although I know I'll get arguments, you can forget HIPS, you can forget real-time antispyware, forget it all. Every possible infection/problem you can get is wiped away with the closing of the browser (if SandboxIE is configured to empty after the browser is closed...which is a recommendation).

The paid version is configurable to hell and back, but even the free version will utterly destroy anything thrown at it by emptying the sandbox...now that's protection and power.

 

+1

 

Amazingly brilliant.

 

No argument from me, dw426.

 

I totally agree with you man! Well the thing I really like about Sandboxie is that........ If theres a virus in your computer and its in the sandbox all you need to do is delete the sandbox. Unless theres a keylogger then it can the hacker can still see your typing even if its in the sandbox. Thats why I have Keyscrambler.

Note: Always make sure to download everything in the sandbox unless your 100% sure that the file is safe!

 

Keyloggers can actually be stopped cold. I believe this is only in the paid version, but you can set SandboxIE to deny internet access to EVERYTHING in the sandbox except for programs you explicitly permit, such as the browser.

 

Oh..... I see. Really cool!

 

Besides that if one does not plan on downloading,under restrictions can be restricted to anything in the sandboxie can't not start/run other then programs selected such as IE,Fox etc.

 

I don't feel safe without it.

 

Well that's not entirely true, I mean sth could hijack the browser so giving Internet access to the browser, would be Internet access for the keylogger as well.
Hope I'm not wrong on this.

Of course one can delete the contents of the Sandbox and start browsing with a fresh one or use Keyscrambler

 

SBIE will isolate malware away from my main computer, but it will not DETECT malware, per se.

If I download something & want to keep it & install it, I will have to eventually remove it from SBIE's cloistered protection. Upon doing so my computer becomes vulnerable.

Using other security applications (HIPS, Antivirus, etc) in conjunction with SBIE offers me a good possibility of detecting malware before &/or after* removing it from SBIE.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*I have heard that some malware will detect that it is sandboxed; hence will not manifest its nefarious nature until it is removed from the sandbox. Someone please verify or correct me on this.

 

I understand what you mean, however, would not scanning a file you download with a good AV/AS (even just an on-demand one) cover that particular area of concern?

Also, Pico, the keylogger is stopped because you can, let's say for example, only allow internet access to firefox.exe and/or ie.exe. The keylogger is almost always (unless I'm mistaken) going to be some sort of executable, so if an un-permitted .exe file is running in the sandbox, it SHOULDN'T be able to "call back home" with the logged keystrokes....or am I thinking too simply?

 

Sandboxie is the foundation of my current security set-up.

It has been problem-free and 100% stable for me since day one install.

 

Anything removed from the sandbox on my machine gets scanned with Antivir, MBAM, SAS and if possible uploaded to VirusTotal or Jotti. Since I can't analyze malware, scanning is my only option to be relatively sure my downloads are safe. Well, that and downloading from a reputable source.

When running Sandboxie, it can be setup so only certain apps can run and/or have internet access. It can also be setup to block certain files, folders or drives from anything that may be running in the sandbox.

I'm not an expert, but I renamed a piece of malware to firefox.exe and it would not run in the sandbox. Firefox.exe is permitted in my setup. It passed my simple test .

 

Sandboxie is one of the best ever security apps.

Defensewall, Geswall, Returnil, Shadow Defender and maybe a couple of others are way up there as well.

You should still employ images or similar as a decent backup though.

 

I completely agree. This is true for any sandbox/virtual system, they are almost 100% safe if you don't write anything to disk from the sandbox/virtual session.

There is also specific malware that will target sandboxes and virtual systems which can eventually be analyzed by AVs companies, and protect the sandbox from attack (Killdisk is one exemple). A lot of these programs have active support behind (Sandboxie, Returnil, Shadow Defender) which will 'UPDATE' the program against dedicated malware in a similar style to AVs. Question is how long are they going to bother doing it?

The possibility of new malware attacking the sandbox/virtual system is always there, but admittedly quite unlikely, as malware writers are more interested in attacking computers with very common configurations (the majority). The bottom line is that the AV is still the only tool that can give a name to malware because it has been examined by specialists. One could also use HIPS to stop systematically anything executing, but they won't name the malware, and you won't know if it is malicious or benign.

 

Same can be said of GeSWall and DefenseWall. Guys SBIE is good, no need to dwarf into fanadoring, with some fantasticalling, It could lead to fanaticalling and we all know where fanaticalling leads to. Does not make sense.

Cheers Kees

(I will be happy to explain this Dunglish = Dutch English)

 

No1 Sandboxie Fanboy and proud to say so!

 

Lol, same here. Kees does have a point though, we needn't act as if SBIE is the end all, be all of security (even if it is, hehe), DW and GW both excel at what they do, but neither allow you to "run naked and wild" as it were like SBIE can. I'm aware there are a few nasties that specifically target these virtual solutions, but they are so few that they'd almost have to be on the system on purpose and not by some "drive-by", IMHO. Right now, SBIE, Returnil, and similar apps are the Linux of the security program world. Will that change someday? You betcha.

 

For 98 percent of users out there, a simple combo like Eset and Sandboxie will be all they ever need. I agree with Peter because one thing about Sandboxie, when it closes all is gone. For my kids, the above combo keeps them safe, and me to.

 

Please forgive my obtuseness but i must be clear on this.
Downloads go to sandbox where they may be scanned and cleaned if needed?
Then moved to a folder to save, or install if i desire?
Either with free or paid version of SBIE?

 

yes...with a default(dir) installation it is enough to context scan c:/sandbox