Whats your opinion on Sandboxie

Discussion in 'sandboxing & virtualization' started by Frog01, Dec 21, 2008.

Thread Status:
Not open for further replies.
  1. Frog01

    Frog01 Infrequent Poster

    Joined:
    Dec 20, 2008
    Posts:
    25
    Location:
    Vancouver B.C Canada
    :isay: Whats your opinion in Sandboxie! Ill say its really good and my computer is fast and it works well with Avira. What do you think?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049

    I think it's somewhere between the best and incredible. If you nose around here you will discover quite a few who feel that way.

    Don't know if you played with configuration, but if you have registered, you can really lock down your computer.

    Pete
     
  3. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    Well said! :thumb:
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    As long as you have some sort of firewall in place and, at least in my opinion, a good antivirus (whether or not an AV is needed is a hot debate), SandboxIE is probably the last security program you will ever need. I'll go further although I know I'll get arguments, you can forget HIPS, you can forget real-time antispyware, forget it all. Every possible infection/problem you can get is wiped away with the closing of the browser (if SandboxIE is configured to empty after the browser is closed...which is a recommendation).

    The paid version is configurable to hell and back, but even the free version will utterly destroy anything thrown at it by emptying the sandbox...now that's protection and power.
     
  5. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    +1 :)
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Amazingly brilliant.:thumb:
     
  7. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    No argument from me, dw426.
     
  8. Frog01

    Frog01 Infrequent Poster

    Joined:
    Dec 20, 2008
    Posts:
    25
    Location:
    Vancouver B.C Canada
    I totally agree with you man!:D Well the thing I really like about Sandboxie is that........ If theres a virus in your computer and its in the sandbox all you need to do is delete the sandbox. Unless theres a keylogger then it can the hacker can still see your typing even if its in the sandbox. Thats why I have Keyscrambler.

    Note: Always make sure to download everything in the sandbox unless your 100% sure that the file is safe!
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Keyloggers can actually be stopped cold. I believe this is only in the paid version, but you can set SandboxIE to deny internet access to EVERYTHING in the sandbox except for programs you explicitly permit, such as the browser.
     
  10. Frog01

    Frog01 Infrequent Poster

    Joined:
    Dec 20, 2008
    Posts:
    25
    Location:
    Vancouver B.C Canada
    Oh..... I see. Really cool!:cool:
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Besides that if one does not plan on downloading,under restrictions can be restricted to anything in the sandboxie can't not start/run other then programs selected such as IE,Fox etc.
     
    Last edited: Dec 21, 2008
  12. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I don't feel safe without it. :)
     
  13. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Well that's not entirely true, I mean sth could hijack the browser so giving Internet access to the browser, would be Internet access for the keylogger as well.
    Hope I'm not wrong on this.

    Of course one can delete the contents of the Sandbox and start browsing with a fresh one or use Keyscrambler:)
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    SBIE will isolate malware away from my main computer, but it will not DETECT malware, per se.

    If I download something & want to keep it & install it, I will have to eventually remove it from SBIE's cloistered protection. Upon doing so my computer becomes vulnerable.

    Using other security applications (HIPS, Antivirus, etc) in conjunction with SBIE offers me a good possibility of detecting malware before &/or after* removing it from SBIE.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    *I have heard that some malware will detect that it is sandboxed; hence will not manifest its nefarious nature until it is removed from the sandbox. Someone please verify or correct me on this.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I understand what you mean, however, would not scanning a file you download with a good AV/AS (even just an on-demand one) cover that particular area of concern?

    Also, Pico, the keylogger is stopped because you can, let's say for example, only allow internet access to firefox.exe and/or ie.exe. The keylogger is almost always (unless I'm mistaken) going to be some sort of executable, so if an un-permitted .exe file is running in the sandbox, it SHOULDN'T be able to "call back home" with the logged keystrokes....or am I thinking too simply?
     
  16. Sandmann

    Sandmann Registered Member

    Joined:
    Dec 21, 2008
    Posts:
    5
    Location:
    California
    Sandboxie is the foundation of my current security set-up.

    It has been problem-free and 100% stable for me since day one install.
     
  17. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Anything removed from the sandbox on my machine gets scanned with Antivir, MBAM, SAS and if possible uploaded to VirusTotal or Jotti. Since I can't analyze malware, scanning is my only option to be relatively sure my downloads are safe. Well, that and downloading from a reputable source.

    When running Sandboxie, it can be setup so only certain apps can run and/or have internet access. It can also be setup to block certain files, folders or drives from anything that may be running in the sandbox.

    I'm not an expert, but I renamed a piece of malware to firefox.exe and it would not run in the sandbox. Firefox.exe is permitted in my setup. It passed my simple test :thumb: .
     
  18. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Sandboxie is one of the best ever security apps.:thumb:

    Defensewall, Geswall, Returnil, Shadow Defender and maybe a couple of others are way up there as well.

    You should still employ images or similar as a decent backup though.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I completely agree. This is true for any sandbox/virtual system, they are almost 100% safe if you don't write anything to disk from the sandbox/virtual session.

    There is also specific malware that will target sandboxes and virtual systems which can eventually be analyzed by AVs companies, and protect the sandbox from attack (Killdisk is one exemple). A lot of these programs have active support behind (Sandboxie, Returnil, Shadow Defender) which will 'UPDATE' the program against dedicated malware in a similar style to AVs. Question is how long are they going to bother doing it?

    The possibility of new malware attacking the sandbox/virtual system is always there, but admittedly quite unlikely, as malware writers are more interested in attacking computers with very common configurations (the majority). The bottom line is that the AV is still the only tool that can give a name to malware because it has been examined by specialists. One could also use HIPS to stop systematically anything executing, but they won't name the malware, and you won't know if it is malicious or benign.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Same can be said of GeSWall and DefenseWall. Guys SBIE is good, no need to dwarf into fanadoring, with some fantasticalling, It could lead to fanaticalling and we all know where fanaticalling leads to. Does not make sense.

    Cheers Kees

    (I will be happy to explain this Dunglish = Dutch English)
     
    Last edited: Dec 22, 2008
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    Lol, same here. Kees does have a point though, we needn't act as if SBIE is the end all, be all of security (even if it is, hehe), DW and GW both excel at what they do, but neither allow you to "run naked and wild" as it were like SBIE can. I'm aware there are a few nasties that specifically target these virtual solutions, but they are so few that they'd almost have to be on the system on purpose and not by some "drive-by", IMHO. Right now, SBIE, Returnil, and similar apps are the Linux of the security program world. Will that change someday? You betcha.
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    For 98 percent of users out there, a simple combo like Eset and Sandboxie will be all they ever need. I agree with Peter because one thing about Sandboxie, when it closes all is gone. For my kids, the above combo keeps them safe, and me to.;)
     
  24. Sam Hell

    Sam Hell Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    44
    Location:
    my desk
    Please forgive my obtuseness but i must be clear on this.
    Downloads go to sandbox where they may be scanned and cleaned if needed?
    Then moved to a folder to save, or install if i desire?
    Either with free or paid version of SBIE?
     
  25. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    yes...with a default(dir) installation it is enough to context scan c:/sandbox
     
Loading...
Thread Status:
Not open for further replies.