Would Sandboxie prevent getting Anti Virus 2010?

Discussion in 'sandboxing & virtualization' started by ratchet, Dec 17, 2010.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    I am a long time paid Sandboxie user but unfortunately my children aren't. My youngest daughter is a medical student and was going to sites prepping for an anatomy test and caught AV 10. If she would have been surfing in the sandbox I assume it would have contained it. Is that correct? The closest I ever get to any malware is the occasional warning from WOT so I'm not entirely sure just how good Sandboxie is.
     
  2. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    Yes it is...
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Ratchet

    I've thrown a lot of nasty stuff at Sandboxie, and it for sure contains it. Bare in mind your system might appear as though its infected, but reboot, delete the sandbox and voila, clean as a whistle. I don't run any AV or AS and haven't in over a year.

    Pete
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Yes, I feel that Sandboxie would block Antivirus 2010.

    I have my web browser sandbox set to Automatically delete its contents when I close the web browser.

    I have both Start/Run and Internet Access Restrictions and have only seen one "for sure" attempted malware execution and of course it was blocked by Sandboxie. I closed the Sandboxie message about the attempted malware execution and closed the web browser to delete its contents.
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    If you enable start/run restrictions for your sandbox, AV 10 most likely
    wont even run but if it does it will be contained and gone when you delete
    the contents of the sandbox.

    Bo
     
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Have only browsers having internet/running privileges and enable dropped rights with sandbox deletion when all content that is sandboxed is closed and your not going to have ANYTHING get on your PC as long as you know what NOT to take out of the sandbox when exiting.
     
  7. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Thank you for all the replies. I believe I'm going to install it on my daughters PC at Christmas and "teach" her how to use it.
     
  8. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Pete,
    I have to ask this.
    Is there a difference between defaultbox, delete sandbox and reboot, empty sandbox?
    I can so easliy see me having done this wrong for quite awhile.
    Thanks.
    Hugger
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    If you delete the contents of the sandbox, everything inside is gone. You
    do not need to reboot. I don't know why Pete mentioned "reboot" but its
    not needed to clean the sandbox. I only know one instance that you need
    to reboot to clean the sandbox and it has nothing to do with malware,
    it has to do with files being locked inside the sandbox. If that happens
    you might have to reboot in order to be able to clean the sandbox after
    you reboot.
    Pete, please correct me if I am wrong about something here.

    Bo
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    All AV 2010 samples I have are SB/VM aware and won't run in those environments.

    A clone of AV 2010 has just been released Internet Antivirus 2011 and drops a rootkit.

    No need to reboot to empty the sandbox.
     
  11. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Thanks, guys.
    I easily can see myself doing it wrong for a few years and then wondering what happened when my pc self destructed.
    Hugger
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    No Bo, you absolutely correct. The reason I said that is in testing I found one sample(Don't remember which) which appeared to take over your computer. You really looked infected. It took a reboot to regain control, and then the computer was fine, as opposed to being owned.

    Sandboxie won't prevent what some malware can appear to be doing, but the system itself is indeed protected.

    It works!

    Pete
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Ah yes, I forgot that some screenlockers can do exactly that.

    Sandboxie Forum
     
Loading...
Thread Status:
Not open for further replies.