Windows 7: Sandboxie vs (Free)

I think I've read enough on Sandboxie to understand what it does. Two questions:

1. Wouldn't it be redundant to run Sandboxie and Microsoft Security Essentials?

2. Is there a comparable free software to Sandboxie?



Thanks,
Jack

It's not redundant to run MSE (or any other AV) with Sandboxie. Sandboxie creates a reserved space in the file system and presents a fake registry and fake C drive for anything running in the sandbox. So, if you do stumble upon something ugly, it can "only" affect the sandbox and not the rest of your hard drive. There is no guarantee that an AV is going to immediately catch something before it can do damage to your system.

I'm not aware of anything else just like Sandboxie. I tend to run a virtual machine and do questionable stuff there...but that's a lot more effort than running Sandboxie.

If you look around you can find some utilities that isolate your browser, which is where most stuff comes in. That and email. I don't think there's a Sandboxie Clone though. I have version 3.46 and I stopped updating after that since the later versions allow the author to kill your license by remote control, so to speak. 3.46 and earlier the registration can't be undone because he suspects you got the key from somebody else. (I paid for my Sandboxie but I also don't like the idea that the new scheme requires some indeterminate periodic phoning home to keep the software working. I don't like buying software that dies when the programmer's company goes out of business, so that's my main objection. Not that I think he's going to hit the kill switch on me.)


In any case 3.46 is stable enough for me. I don't use it all the time anyway since I make image backups several times a week using Macrium Reflect. Sandboxie is good if you want to follow a link but you're not sure the other end of the link is going to be safe, such as a link to a "funny" video. Run the default browser in Sandboxie as an extra precaution. I'm not a believer in running real-time av as it tends to mess up the functioning of the machine esp if you are running other stuff on and off at the same time. At some point you have to run code on the CPU. If you wear too many rain coats in the shower you never get wet.

Other utilities of the Returnil type that "undo" all changes by rebooting are ok if you want to play around with settings or test some non malicious software. But knowledgeable nasty malware authors know how to hose your bootup, which kills the fix you are counting on. You are better off having backup images with a bootable cd that launches the image restore program.

Macrium Reflect has a good free one but you can see a bunch at:
http://www.thefreecountry.com/utilit...e-backup.shtml

Depends on how sandboxie is used. E.g. I run the browser sandboxed on one of my machines but malware can come by different channels- email programs, infected file transfer from usb drives etc. Then, an AV comes in handy. Also, sandboxie leaves the decision (about what is to be sandboxed) to the user.

An interesting alternative is defensewall. DefenseWall automatically sandboxes your browser, email program, instant messaging, FTP utility and any other program it considers untrustable (contrast with Sandboxie). Read more.

SoftSphere Technologies, the official site of the DefenseWall HIPS - Host Intrusion Prevention System - sandbox your browser, e-mail, IM, IRC, P2P for secure Internet work. Anti-Spyware, Anti-Rootkit, Anti-Malware, Anti-Keylogger, Anti-Virus. Defence

SandBoxie and DefenseWall are a good combo - Gladiator Security Forum

I tried a few HIPS type programs. I don't remember for sure if DefenseWall was one of them since it was awhile ago. I didn't notice one that didn't give off funky side effects after a few times opening closing my apps. Also as I mentioned any real knowledgeable hack is going to kill your booting mechanism and go beneath this type of defense. That's one reason I never use "Browser Helper Objects" since that's what hosed my system.

The short of it is, if you really need an image backup anyway, then why surf with a prophylactic all the time? They're way less than perfect and have to reduce machine performance by definition. Also I think they give a false sense of security. People tend to surf into hazardous waters just to see if the protection resists the intrusion.

If I found a seemless one I might try it, but all the ones I tried, even the paid version trial editions, I got weird action in my browser. I couldn't see running that all the time. But everyone has different comfort levels. I think what's really needed is a system image that's burned into firmware, not flashed. You have a configured system with your base apps burned into a chip. If things get hosed, you power down, power up, then hit the "Re-Image" button to lay that back on the HD. It would just save messing with external drives. But that would be more for like an office where there were hundreds of machines with a standard set of apps. Then people would just back up data.

edit: but since the author of Sandboxie is recommending av in combination with Sandboxie for 64 bit sytems there may be a good reason to do it. Esp. if you could configure it in such a way as to minimize the performance hit. But some authors like the author of BD Rebuilder won't even listen to your issues if you are running av. There's just no way to tell if the program has an issue or the av is interfering when you have 2 or more variables in the equation. I would never try to do video conversions or other intensive stuff with av on. Then again I don't have a CPU with more than 4 cores to try it. Maybe if you have enough horsepower you can eat the performance hit. These are just my prejudices gained from experience. Not some scientific study or anything.