returnil & sandboxie freeware

[the dummy]

Ive been useing this combo for sometime now, and i havent found any malware able to bypass as of yet. So why do you need antivirus, hipps, bb, firewalls, etc?

 

[Bill2]

Sandboxes and other virtual environments have their place but I would say only for testing purposes or for developers. E.g. when you run your browser, it makes changes to your system- registry settings, internet caches, browsing history etc. Plus downloads including any malware and spyware install themselves onto your hdd. When you run the same thing in a sandbox, all those changes still appear to be happening, but they're never actually permanently written to disk- when you exit the browser and the sandbox, all those changes disappear.

So what if I want to save all the history or make a persistent change? Yes, if you mean the user decides to do all the "risky" browsing in sandboxie, thats a good idea. But then these days, malware comes in so many shapes and sizes and from so many sources that its impossibe to categorize risky or safe. So should I run in sandboxie all the time? Thats not a feasible idea.

Thats where an AV comes in. A good layered security with an AV, firewall and on-demand scanner will save you from all kinds of attacks wherever they may be coming from- the user doesnt have to take the dicey decision of what to browse in a sandbox and what outside.

Also, Sandboxie runs only in 32 bit windows. Plus there is a bit of a learning curve about handling a virtual environment. I'll need to do some R&D but i think there are some malwares designed for sandboxes as well. A sandbox is also not a firewall, it cant save you from hacking attacks. Even in a sandbox, your IP address remains unchanged and is visible.

 

[the dummy]

I am running windows 7 64, but thank you for your reply.
You maybe right about the rest.

 

[Bill2]

I am running windows 7 64

Full disclosure: The 64-bit edition of Sandboxie provides a reduced level of protection compared to the 32-bit edition of Sandboxie.
This shortcoming is the result of a new security feature introduced in 64-bit editions of Windows, called Kernel Patch Protection. This feature aims to protect the core of Windows (the kernel) by regularly performing self-checks to detect changes.
The problem is that a stock Windows kernel does not provide all the facilities necessary to implement a security solution such as Sandboxie. On 32-bit Windows, Sandboxie can dynamically enhance the Windows kernel to provide the missing functionality. This is not possible on 64-bit Windows, due to the Kernel Patch Protection feature.
It should be noted, however, that even with this disadvantage, the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software.
Additionally, in order to compensate for this disadvantage, the 64-bit edition of Sandboxie enables the Drop Rights setting by default. This setting may need to be disabled before software can be installed into a sandbox.

Source: Sandboxie - Notes About 64 Bit Edition

​

 

[malexous]

At the very least, a firewall should be used to keep intruders/hackers out.

Unless you use the Restriction settings of Sandboxie and/or the Anti-Execute setting of Returnil, there is nothing stopping malware from downloading, executing and performing certain actions such as keylogging.

I wouldn't recommend using a computer without at least a few (on-demand) anti-virus/anti-malware. Any website can be hacked and there is no way you can know that a certain download is safe (without viewing every single byte of code).

So should I run in sandboxie all the time? Thats not a feasible idea.

Many users do. There are easy ways of saving any created or changed file with Sandboxie.

 

[Bill2]

Many users do.

I guess there are people who prefer technical solutions to a little bit of common sense.

 

[malexous]

Common sense is enough?

Sandboxie - Quick Recovery

Sandboxie - Immediate Recovery

Sandboxie - Applications Settings

 

[Bill2]

Common sense is enough?

It would appear so- for most people. AFAIK, most people work in a real environment and use AVs, firewalls etc. combined with common sense to keep themselves safe. What about you- do you work in a sandbox all the time?

 

[malexous]

What's wrong with replacing that AV with Sandboxie? For starters, it is more reliable, historically.

 

[Bill2]

What's wrong with replacing that AV with Sandboxie? For starters, it is more reliable, historically.

Nobody said theres anything wrong, we're only discussing pros and cons. If the OP is happy with sandboxie, I'm happy.

But tell me, when you make a hole in sandboxie to save changes etc. permanently, isnt that also an entry door for malware?

 

[Jaxryley]

But tell me, when you make a hole in sandboxie to save changes etc. permanently, isnt that also an entry door for malware?

And what if you go the other way and close holes in the sandbox where only Firefox can run and connect to the net.

Not a single one of those Matousec or comodo's tests have a hope of running.

A default sandbox used as per instructions will keep you much safer than any realtime AV/AM.

Throw in Returnil for those just in case scenarious where you may double click an exe sample instead of dragging/dropping to an archive which I have done a few times after handling several gig of samples.

And always have images as backups regardless of your setup.

Here's an app that has just released a free version that is a cross between rollback and imaging which I only started using/testing today.

Keriver 1-Click Restore Pro

Keriver 1-Click Restore Pro 2.0 is already released - Wilders Security Forums

 

[malexous]

By the way, Sandboxie is shareware; not freeware.

But tell me, when you make a hole in sandboxie to save changes etc. permanently, isnt that also an entry door for malware?

Of course. Which is why I would use Quick Recovery, Immediate Recovery and/or Applications Settings (only the necessary files are allowed to be accessed unless you allow access to the entire folder).