Which? Sandboxie, BufferZone Home or DeepFreeze

Discussion in 'sandboxing & virtualization' started by Dooku, Dec 26, 2006.

Thread Status:
Not open for further replies.
  1. Dooku

    Dooku Registered Member

    Joined:
    Aug 19, 2006
    Posts:
    6
    Hello,

    Any users here have experience with any of these "sandbox" programs Sandboxie, BufferZone Home and DeepFreeze?

    Want to buy one of those 3....or please suggest any "sandbox" program out there I don't know about.

    Is there any major difference between them, options, ease of use....?

    Regards
    Dooku
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This seems to describe in general what a "sandbox" is:

    In that context, Deep Freeze would not be considered a "sandbox" because it does not create an isolated, or virtual, environment. Rather, you are working in the actual, not a virtual or isolated environment. Any changes made to a protected (Frozen) partition on the hard disk are discarded upon reboot.

    As far as ease of use, there could be nothing easier, because once Frozen, the partition never changes. You just go about your business.

    For home use, however, there are other considerations that make DF a bit bothersome on systems where the user makes frequent changes/installation of programs, etc., since you have to Reboot Thawed - install/make changes - reboot Frozen.

    Also, DF requires at least 2 partitions - one Thawed - since you want your own files to be saved, and not discarded.

    regards,

    -rich


    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: Dec 26, 2006
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    ShadowUser is another option. Excellent program. Stable. Effective. Simple to use & understand.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Why not consider DefenseWall also it is a HIPS using virtualisation
     
  5. EASTER.2010

    EASTER.2010 Guest

    ShadowSurfer is every bit as formidable also. Enable Shadow-Mode and every infiltration, local user change, etc. gets dumped as though they never occured at all in the first place. Am extremely impressed and pleased with it's technology/safety from outside influences. Be careful you DISABLE it though, i once went on a freeware tare and collected a whole hosts of good ole programs only to find after a reboot i lost them without a single trace. Yes! ShadowSurfer is that good!
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: sandboxie is free, BZ home is as well, whereas DF is paidware. I would go for DF, Shadowuser(or Shadowsurfer). and BZ pro. As far as Sandboxie is concerned, there are some reports about leakage of malwares into system files. Con of DF is that there is no feasibility to save any changes in Frozen State; While Shadowuser(Shadowsurfer) is cabable of. Con of SU(SS) is the compatibility issue w/ some imaging apps; while DF has no such concern. Safety of this isolation box is the most important aspect, you want it as airtight as possible. Do some research and then choose it carefully.:)
     
  7. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    So... which one is the best if during the virtualization or snapshot/freeze I got a rootkit? Will every of them succesfully remove it?

    And how about this one: Clean Slate
     
    Last edited: Dec 28, 2006
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    A rootkit is just malware which attempts to hide itself. In order to stay on
    the system it has to write to disk, just as any other malware.

    I put the question about rootkits to Deep Freeze support early last year (2005) when
    the articles spreading the fear of windows rootkits began to appear.

    They replied that since the rootkit needs to communicate with the hard disk, like anything else
    that writes to disk, it would be removed on reboot.

    My question was prompted by an article early in 2005 about the spread of rootkits:


    RSA: Microsoft on 'rootkits': Be afraid, be very afraid
    http://www.computerworld.com/printthis/2005/0,4814,99843,00.html

    Notice the article (and most since then) focus entirely on detection. Nothing wrong
    with discussing detection, but leaving out prevention leaves the general reader
    feeling rather hopeless.

    regards,

    -rich


    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: Dec 28, 2006
  9. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Only one that I know of, and until that person gives some of us testers this Houdini virus/worm I'll choose to believe that Sandboxie is excellent.
     
  10. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I'm not familiar with Shadowsurfer/user or DeepFreeze, but have used the others and finally settled on Bufferzone. The free versions, despite what they say at the Bufferzone site, work with every program with a simple right click of the mouse and a selection.

    So, you can download a single free version and use it for all your online activity. The latest free version is very much like Sandboxie in operation.

    As a very safe surfer, I can't comment on effectiveness. I can say that, using ccleaner, after emptying my buffer of collected cookies and junk at the end of the day, ccleaner could almost be retired.

    *edit* There is a free version of Shadowsurfer available. I'm tempted to try it. On the other hand, I finally after weeks got this computer where I like it and hesitate to start changing things again.
     
    Last edited: Dec 28, 2006
  11. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Could you point us to the free version of 'Shadowsurfer'?. Thanks
     
  12. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Which product you choose should depend on 2 things, your needs and $. Some are free, others not!. Deepfreeze is payware and works best on a Static System. As too is ShadowUser/Surfer but is more flexible though still requiring reboots. I've settled on Bufferzone because i can achieve the same level as Deepfreeze, ShadowUser without the required reboots. Just open the GUI and select 'Clean The Bufferzone'. There is a free and pay version.
     
  13. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Free version is available at

    http://www.storagecraft.com/download.html

    Free license for Shadowsurfer. Enter coupon code 'SURFER'

    I might just download it and give it a try.

    A question for the more experienced. Does Shadowsurfer conflict in any way with Bufferzone and, if not, would it a bit of overkill to have both running?
     
  14. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    That offer which i tried previously, does not appear to work any longer. Can you give it a try?.
     
  15. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Worked for me. Am downloading as I type this. You have to fill out the order form and type SURFER into the coupon space, and it shows up $0.00 cost, then just download.

    So, now I have a $29.95 freebie .exe sitting on my desktop and have to decide whether I want to use it.
     
  16. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I got to the final step where you have to choose payment method and it kept saying 'invalid'. What did you enter on that final page?.
     
  17. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Let's see. In the order form there is a thing for credit cards and for phone number. I put in an old phone number that we no longer have and checked that. It let me download after I did that.

    I haven't installed Shadowuser yet, but am assuming I'll get an activation key in my email, or maybe the coupon code will work.
     
  18. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    I tried with the phone option and I got the Key by mail. :D
     
  19. vhick

    vhick Registered Member

    Joined:
    Jan 21, 2006
    Posts:
    224
    Location:
    Noypi.........
    i put a other phone numbers and im download it right now...;)
     
  20. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Hmmm, I got the order confirmation showing it was free, but NO activation key.

    *edit* scratch the above. The key went to junk mail. Good thing I didn't delete it without checking.

    Now, questions from Shadowsurfer users. I rebooted and the desktop came up saying shadowmode. The help file recommends partitioning the hard drive. Is that necessary, or am I still protected without doing it, as long as I reboot regularly. I do that anyway, since the computer is turned off every night.
     
    Last edited: Dec 28, 2006
  21. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    i will chime in on this. Bufferzone Pro is what i settled on. i first tried Geswall, as i liked it's premise of preventing damage to the system. it may not know malware from a bowl of spaghetti, but it doesn't need to. at it's core is trusted and untrusted. untrusted stuff does not get near system resources period. where i ran afoul of Geswall is Adobe 8 Pro and it's pain in the neck licensing app; Flexnet kept getting zapped. there are rules creation capability with Geswall, and i completely fell from the truck when attempting to decipher what "Resources" Adobe needed to survive. still have not received a reply from Geswall's pretend support apparatus.

    next up....Defensewall. tested great in every independent test i read about it. it was compatible with Outpost Pro 4.0.x.x (sigh) and my other security programs. enjoys near fanatical support from Iilay (sp?). allowed me to print and was fine with Adobe 8 Pro. my issue with Defensewall is i never understood how it did what it does. Geswall i got it: prevent system damage, through trusted and untrusted apps configured through application rules (which i did not get). Defensewall suffers from a minimalist GUI and exceptionally weak documentation. Defensewall i believe does some sort of privilege restriction for apps, and seems to allow stuff to get to system files, for which there is a roll back feature. for me Roll Back is danger, danger! there is no way i would not eventually step on my crank with it. simply put i could not shake the feeling that Defensewall did what it does with "smoke and mirrors".

    next......Bufferzone....free, then Pro. first off Bufferzone did not get along with Outpost Pro 4.0.x.x! they went after one another from moment one. a reformat had to occur to break them up. went with Comodo firewall, and Bufferzone generally does not object (oh and it does not like Windows Firewall either BSOD) for some reason trustware decided to add a weak FW to Bufferzone that i am believe is only strong enough to cause conflicts. i just deleted the preinstalled rules, so i am assuming it is no longer acting as a FW.

    what i enjoy about Bufferzone is conceptually i understand it. at it's core is the trusted/untrusted paradigm, untrusted apps can "see" system files, but any write attempts get re-directed to a copy of that resource which is placed in the Bufferzone. so the untrusted app is fat, dumb, and happy, "believing" it is carrying out it's mission (whatever that maybe) and system files and trusted apps remain unmolested. also untrusted apps cannot see the contents of any "confidential" files. by default in PRO that includes MY Documents, and can also be hand selected by user, as can a designation of "Forbiden" which cannot be accessed by anything?!?! have not enabled that!

    i have grown to luv this little red-band surronding my browser! in fact as i was typing this i completed a scan with AVG 7.5 free AS diddy, and had 8 tracking cookies relegated to the Bufferzone harmlessly tracking Nothing! btw all scanners real-time and on-demand operate outside of the 'zone, but do scan and clean inside. also in Pro by default all drives, and all P2P, and all IM, and all Chat software are 'zoned. so all potential attack vectors are 'zoned and secured. the only con so far is Windows Update (manual) i simply made a copy of ie.exe, pasted it to another folder, renamed it, and copied to the desktop, and so for the rare occassion i want to go online without the Buffer, i can. someone on this or another board suggested this and it works to perfection. windows update auto function is a trusted app and runs normally.

    lastly, Bufferzone Pro is currently working with the following apps on my system without conflict:

    NOD 32 ver. 2.5
    Cyberhawk ver. 1.20.39
    Comodo FW ver. 2.3.6.81
    AVG 7.5 Free AS On Demand
    A Squared Free 2.1 On-Demand AT & AS

    long winded yes, helpful...i hope so (i think i'll take a nap now)!


    Mike
     
    Last edited: Dec 28, 2006
  22. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Not long winded at all, when written so skillfully, an excellent and informative read.!!_____________
    ___________________________________________________

    Sandboxie was not for me, the Report: "Eight Security Sandboxes.." led me to BufferZone {FREE} and it does a great job without any problems.

    I have used version 1.90 since September, there is a version 2.10 now, but I could not see any advantage to 'Upgrade' a tool that is working so smoothly.

    Co-exists with the apps in my Signature below (Windows Firewall is active as well) without conflict and no perceptable load on system.:)
    .
    I just did a Manual Windows Update and the Internet Explorer was within the Red Border but the download and install of MediaPlayer[11] was automatically done outside of a Red Border. Am sure that I have had success with that in the past as well, now install of an updated DirectX had to be done outside of BZ (used Firefox) and ImageShack's IE Toolbar needed BZ off for its install.
     
    Last edited: Dec 28, 2006
  23. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  24. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    I just did a Manual Windows Update and the Internet Explorer was within the Red Border but the download and install of MediaPlayer[11] was automatically done outside of a Red Border.

    yes it is incredibly smart. i reinstalled with much trepidation my Office 2003 apps via CD Rom which is 'zoned and to my complete delight it installed as trusted!

    (Windows Firewall is active as well) without conflict and no perceptable load on system.:)

    now that is a complete surprise! after i reformated to seperate Outpost & Bufferzone, i initiated Windows Firewall to keep the boogaloos out while i reinstalled Bufferzone and got continuos BSOD until i finally rebooted to Safe Mode to disable Windows Firewall. after that i was able to boot Windows all the way to my desktop. after which (while holding my breath) i installed Comodo (which i don't really like, but not anxious to try anything else). i would truly like to go back to Outpost Pro as my firewall.


    Mike
     
  25. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Thanks, that worked!.
     
Loading...
Thread Status:
Not open for further replies.