Hi guys. I noticed on the Sandboxie forum that Sandboxie might be bypassed. Do you guys know if there are any good alternatives to Sandboxie? Thanks for any suggestions. I hope I posted this in the right place.
Sandboxie or a better alternative?
- Thread starter MalwareBeater
- Start date
Littlebits
Retired Staff
- May 3, 2011
- 3,893
I believe some of you are just paranoid, I love Sandboxie but I never use it in real-time, only to test unknown programs. I rather just use a basic AV, UAC and WinPatrol. If you have something on your system that isn't trusted then sure run it in Sandboxie or get rid of it. For using your browser in Sandboxie, I see no need to since other methods for protection are more simple. If you watch what you download and install you shouldn't get infected by just browsing the web. If you happen to accidentally stumble upon an infection and your AV doesn't detect it then UAC will detect it. Simply don't allow unknown process to run when prompted by UAC and the malware infection will be blocked. That is much easier then having to keep configuring programs to run correctly in Sandboxie. In order for any malware to be successful at infecting your system, it will have to add or edit system startup processes, registry entries, services, drivers or dll injections, etc. All of these methods are detected by UAC at default settings. Most are detected by WinPatrol and some AV's.
Sure if Sandboxie is configured correctly, it can be used without an AV and still provide protection, but who wants to do all that work just to get it configured correctly? Not me, I rather spent that time doing something more productive. Some users even add HIPS programs and Sanboxie with an AV which is an complete overkill. They probably spent more time configuring their security software then what they spend doing common tasks on their computer. Keeping your computer safe from malware infection is really not that hard. First your actions are the most important what you download and install will be the most contributing factor if you get an infection or not always pay close attention to the installer for bundled adware which is usually not detected by AV's when using online installers, second use a good AV, third always pay attention to UAC and never approve unknown processes. Forth, use a secure browser with security add-ons. Five, always keep your Windows updated (Windows Updates and software updates). Six, always have a backup plan just in case something goes wrong sometimes not malware related.
Enjoy!!
Sure if Sandboxie is configured correctly, it can be used without an AV and still provide protection, but who wants to do all that work just to get it configured correctly? Not me, I rather spent that time doing something more productive. Some users even add HIPS programs and Sanboxie with an AV which is an complete overkill. They probably spent more time configuring their security software then what they spend doing common tasks on their computer. Keeping your computer safe from malware infection is really not that hard. First your actions are the most important what you download and install will be the most contributing factor if you get an infection or not always pay close attention to the installer for bundled adware which is usually not detected by AV's when using online installers, second use a good AV, third always pay attention to UAC and never approve unknown processes. Forth, use a secure browser with security add-ons. Five, always keep your Windows updated (Windows Updates and software updates). Six, always have a backup plan just in case something goes wrong sometimes not malware related.
Enjoy!!
Gnosis
Level 5
- Apr 26, 2011
- 2,779
The biggest reason I use Sandboxie is because everything is held prisoner; drive-by downloads, many things that CCleaner would normally have to remove such as temp files, potential grayware, and anything else that is potentially a hassle of a pest. Also, I don't have to sweat leaving my PC online all night (while asleep) since my browsers are Sandboxed. Sanboxie is like running CCleaner and Old Timer Temp file cleaner before the fact.
I don't use it all the time either. In fact, right now I am surfing naked. (TF BB is on though)
So let us hope that MT is malware free! :0
I don't use it all the time either. In fact, right now I am surfing naked. (TF BB is on though)
So let us hope that MT is malware free! :0
Umbra Corp. said:i have enough knowledge to be AV-less but i will surely feel bored if my computer stop talking to me
You know Umbra, once I did get bored and uninstalled Sandboxie, it lasted two days....by then my good sense came back and reinstalled SBIE. Personally, I have to be strong not to get into the installing uninstalling kind of game that we can fall into when we come to forums where people talk about all kind of software. Thats why programs like Shadow Defender and TimeFreeze comes very handy for me as they allow me to play a little. But yes, not making changes to your computer can become a little boring, I admit that.
@Littlebits, I don't know why you always say that SBIE is a hard program to use when is not. I remember you and I talking about our moms in PMs a couple years ago, I guess you remember, right? I ll mention a little about what we talk about then for our friends here. My 76 years old mom lives in the States, when she come to visit down here, she uses SBIE and she doesn't even know what SBIE is. When I ask her, what AV are you using mama? She looks at me with a face that says. "I don't know what you talking about son", but when she uses my computer, she knows that all she has to do to use the internet is click on the IE shortcut that I placed in the desktop with her name on it. I hardly ever get a question from her, she is running sandboxed and doesn't even know it.
Bo
Gnosis
Level 5
- Apr 26, 2011
- 2,779
If anyone wants to use Sandboxie, just remember:
"drop administrative rights"
"delete contents when sandbox is closed"
"quick recovery"
I am not nearly as proactive as Bo, yet just those three simple tweaks make me secure as I need to be with TF L5 BB bringing up the flank.
I think it is really awesome that AV's are now using the "auto-sandbox" to analyze potential false positives/malicious files in a controlled environment that won't let anything get out of control while the AV is PROCRASTINATING. LOL
"drop administrative rights"
"delete contents when sandbox is closed"
"quick recovery"
I am not nearly as proactive as Bo, yet just those three simple tweaks make me secure as I need to be with TF L5 BB bringing up the flank.
I think it is really awesome that AV's are now using the "auto-sandbox" to analyze potential false positives/malicious files in a controlled environment that won't let anything get out of control while the AV is PROCRASTINATING. LOL
Gnosis said:
The settings mentioned by Gnosis are pretty much the only settings that ought to be changed when someone starts using Sandboxie. I know people using SBIE for years that are still using it like that and don't get infected. The only thing that I ll add, for convenience, the user should set the sandbox to be able to save bookmarks while running sandbooxed. Littlebits, you don't need to spend hours setting nothing. Lets give Tzuk some credit, the default settings sandbox that he created is well balanced (Security/Convenience) to make it easy for new users to use.
Bo
Umbra Corp. said:
About the reading stuff. During the three days before I installed DefenseWall, I read about 20 hours about the program. There was nothing that could be found in the internet that I did not read. After 20 hours, I was ready and when I installed the program, I knew everything there was to know about it.
Very true Umbra, people don't read enough and that's a problem.
Bo
- Mar 14, 2013
- 110
There is no better alternative or replacement for sbie. So I stated the next best thing - similar alternatives even if that means lower quality, effective products.bo.elam said:Amit, he asked for a better alternative not just a replacement.
Seriously, there is none. In the past, I seen other people ask the same question and is always the same, they are looking exactly for Sandboxie but elsewhere. That wont happen. If you want what SBIE does, you got to use Sandboxie. No alternative.
In my opinion, the only other program that does sandboxing as good as Sandboxie is Defense Wall. But Defense Wall does things differently than Sandboxie. So, MalwareBeater, there you have it, Defense Wall is it.
Bo
I don't think DefenseWall could be counted as it's sandbox technology is technically different. But generally speaking DefenseWall is very powerful and solid sbie alternative.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
@Bo for older people who really don't do anything but basic web browsing, email, playing online games, etc. Sandboxie maybe a perfect solution especially for those who like to click on everything.
But for people who like to download files, install programs and games, it takes awhile to learn how to recover files out of the Sandboxie. Does your mother know how to recover needed files? Does she know how to delete content? or configure programs to run out of Sandboxie? Does she know how to update Sandboxie? Anyone can use Sandboxie for basic browsing and simple tasks without any questions but for a user to get a full pc experience, they would have to learn how to do all of the above in order to get their installations, programs, downloads, etc. to work correctly.
Of coarse setting up an Guest account on your pc would give you the same protection.
Don't get me wrong Sandboxie is an excellent program, the main problem is most users will never learn how to use it to its full potential. The users who do know how to use it to its full potential should know how to avoid malware through other means. Still I love to use it when I want to try an unknown software or want to try a software without installing it. Also good to make portable versions of software when there is no portable versions available. For users who want to learn how to use a sandboxing software then Sandboxie is the best option. It is the best of its kind, more easy to configure and use for those who want to learn. However in the future I would like to see it be able to tell what to run sandboxed and what to not run in a sandbox. Like an auto-sandbox option to help novice users who are not willing to learn. Kind of like the auto-sandbox feature in Avast that checks for digital signatures then will sandbox programs without digital signatures or fake digital signatures and allow programs signed by trusted vendors. There really isn't no reason to sandbox every program, only the ones that are suspicious or potentially dangerous.
Thanks.
But for people who like to download files, install programs and games, it takes awhile to learn how to recover files out of the Sandboxie. Does your mother know how to recover needed files? Does she know how to delete content? or configure programs to run out of Sandboxie? Does she know how to update Sandboxie? Anyone can use Sandboxie for basic browsing and simple tasks without any questions but for a user to get a full pc experience, they would have to learn how to do all of the above in order to get their installations, programs, downloads, etc. to work correctly.
Of coarse setting up an Guest account on your pc would give you the same protection.
Don't get me wrong Sandboxie is an excellent program, the main problem is most users will never learn how to use it to its full potential. The users who do know how to use it to its full potential should know how to avoid malware through other means. Still I love to use it when I want to try an unknown software or want to try a software without installing it. Also good to make portable versions of software when there is no portable versions available. For users who want to learn how to use a sandboxing software then Sandboxie is the best option. It is the best of its kind, more easy to configure and use for those who want to learn. However in the future I would like to see it be able to tell what to run sandboxed and what to not run in a sandbox. Like an auto-sandbox option to help novice users who are not willing to learn. Kind of like the auto-sandbox feature in Avast that checks for digital signatures then will sandbox programs without digital signatures or fake digital signatures and allow programs signed by trusted vendors. There really isn't no reason to sandbox every program, only the ones that are suspicious or potentially dangerous.
Thanks.
@Littlebits, nice post, you make a lot of good points. You are right about SBIE being perfect for the older person that don't install anything and not so for the one that does. The one that does install new programs needs to learn some basics about security, otherwise he/she will get infected, using SBIE or not. Thats my opinion about that.
But for people that comes to security forums, that's a different story. Learning how to do basic stuff like recovering files or saving bookmarks while running sandboxed is very easy. Those were the first things that I wanted to learn when I installed SBIE for the first time along knowing what to do if my AV detected a virus while using the sandbox. After 30 minutes, I had the answers to the first 3 questions that I had about SBIE and I was ready to go. Before the day was over, I had also learned how to delete the sandbox. I mentioned plenty times that I am not a computer guy but that hasn't prevented me from learning how to use the sandbox. If its been easy for me, its got to be easier for younger more computer inclined people that come to forums.
By the way, you can recover files bypassing sandboxing, making recovery unnecessary. I prefer not to use the setting but if you want to try it, set your download folder to be accessible by programs (your browser, for example) running in the sandbox.
Sandbox settings>Resource access>File access>Direct access and select your download folders.
Littlebits, thats available now. It is one of the features that you get in the paid version. Its called Forced Programs. Myself, because of that feature and the Forced folders feature, I am able to use SBIE the way I do. Whenever I click on a file or a program, the program opens sandboxed in its own sandbox, separated from the rest of the system and other programs. It works great. If I click on a video or my Download folder or a USB drive, programs run sandboxed. Thats how you get most out of using SBIE. Sandboxie is a lot more than a browser in a sandbox.
I recommend SBIE all the time because I seen what it has done for me but that doesnt mean that I believe is the only way to go. I think people has to look and find their own way. Keeping a computer clean is very easy, just have to do a little bit of learning.
Best regards
Bo
But for people that comes to security forums, that's a different story. Learning how to do basic stuff like recovering files or saving bookmarks while running sandboxed is very easy. Those were the first things that I wanted to learn when I installed SBIE for the first time along knowing what to do if my AV detected a virus while using the sandbox. After 30 minutes, I had the answers to the first 3 questions that I had about SBIE and I was ready to go. Before the day was over, I had also learned how to delete the sandbox. I mentioned plenty times that I am not a computer guy but that hasn't prevented me from learning how to use the sandbox. If its been easy for me, its got to be easier for younger more computer inclined people that come to forums.
By the way, you can recover files bypassing sandboxing, making recovery unnecessary. I prefer not to use the setting but if you want to try it, set your download folder to be accessible by programs (your browser, for example) running in the sandbox.
Sandbox settings>Resource access>File access>Direct access and select your download folders.
Littlebits said:
Littlebits, thats available now. It is one of the features that you get in the paid version. Its called Forced Programs. Myself, because of that feature and the Forced folders feature, I am able to use SBIE the way I do. Whenever I click on a file or a program, the program opens sandboxed in its own sandbox, separated from the rest of the system and other programs. It works great. If I click on a video or my Download folder or a USB drive, programs run sandboxed. Thats how you get most out of using SBIE. Sandboxie is a lot more than a browser in a sandbox.
I recommend SBIE all the time because I seen what it has done for me but that doesnt mean that I believe is the only way to go. I think people has to look and find their own way. Keeping a computer clean is very easy, just have to do a little bit of learning.
Best regards
Bo
- Mar 15, 2011
- 13,070
I've remembered in a funny side that my classmates before used sandboxie as not for security reason, but to used as another program for execution in playing games. :lol:
However isn't really a widespread software since the common knows even today are AV's either free or paid thus only people who experience on virtualization type will encourage others to use for protection and teach them.
However isn't really a widespread software since the common knows even today are AV's either free or paid thus only people who experience on virtualization type will encourage others to use for protection and teach them.
bo.elam said:
If you want to go by personal experience, I've never had an infection in all of my years of computing. (My first computer) With any product, or even no product at all.
So my personal experience proves that malware is a myth. It's impossible to infect your computer.
:biggrin:I could more than likely get by just fine without any security products because I know what I'm doing. So why do I use Sandboxie and a security suite? (A suite in which I spend 0 hours a day updating and scanning with...)
Safety net. Just in case...
Nobody is knocking the way you run your security setup Bo. They're just voicing their opinions.
Sandboxie is a great tool, but even its author doesn't feel it's a replacement for an AV product. Running it by itself is completely your prerogative. If you feel safe, then that is all that matters.
Gnosis, the features that are added to Sandboxie when you purchase a license are Forced programs and Forced folders:
http://www.sandboxie.com/index.php?ProgramStartSettings#program
http://www.sandboxie.com/index.php?ProgramStartSettings#folder
Additionally, in the free version you are allowed to use only one sandbox at any time but in the paid version you can run programs in multiple sandboxes at the same time. That allows the user to create and use more than one sandbox. By doing so, isolation works better because you separate programs not only from the system but also from from other programs. Using separate sandboxes also allows you to set it up depending on the program and the purpose for the sandbox. For example, on my USB drive sandbox, only 4 programs are allowed to run and none can connect. In that sandbox, programs are blocked from accessing sensitive information. If you are using the free version and you try to run something in another sandbox, you ll get this message from Sandboxie.
http://www.sandboxie.com/index.php?SBIE1303
This features make sandboxing automatic as the user dont have to do much thinking to get programs running sandboxed. Its as easy as it can be. Getting a license was a no brainer for me, On top of all this, the license is lifetime with no ifs and or buts like some programs have and it can be installed in as many computers as you personally own.
Gnosis, now you know what to do.
Bo
http://www.sandboxie.com/index.php?ProgramStartSettings#program
http://www.sandboxie.com/index.php?ProgramStartSettings#folder
Additionally, in the free version you are allowed to use only one sandbox at any time but in the paid version you can run programs in multiple sandboxes at the same time. That allows the user to create and use more than one sandbox. By doing so, isolation works better because you separate programs not only from the system but also from from other programs. Using separate sandboxes also allows you to set it up depending on the program and the purpose for the sandbox. For example, on my USB drive sandbox, only 4 programs are allowed to run and none can connect. In that sandbox, programs are blocked from accessing sensitive information. If you are using the free version and you try to run something in another sandbox, you ll get this message from Sandboxie.
http://www.sandboxie.com/index.php?SBIE1303
This features make sandboxing automatic as the user dont have to do much thinking to get programs running sandboxed. Its as easy as it can be. Getting a license was a no brainer for me, On top of all this, the license is lifetime with no ifs and or buts like some programs have and it can be installed in as many computers as you personally own.
Gnosis, now you know what to do.
Bo
Heffe, I have never said that people should use Sandboxie instead of an antivirus. Please, find one post of mine from anywhere where I recommend to people to stop using an AV. You will not find one. Advising people to stop using an antivirus is wrong and I don't do it. At the same time, there are reasons why it is probably safer to use SBIE on its own instead of using 2, 3 or 4 other applications along SBIE.
The link about using SBIE along an antivirus is how Sandboxie should be used when you first install it. It would be naive and stupid using it differently. The perfect scenario is to have your AV detecting known threats and Sandboxie taking care of the ones that the AV don't have a signatures. That is the perfect way of using SBIE.
Even after using SBIE for some time, if a user installs a lot of stuff or the computer is shared, an antivirus should be run along SBIE. In my house, computers are like toothbrushes, very rarely anyone not even my wife touches my computers. In my particular case, I never planned it to be without an antivirus, the day that I took the AV out I made the decision on the spot, I knew I was ready and it didn't feel like nothing. Being ready is something that you know it inside, you feel it. You cant recommend it.
You know how people say sometimes, "Oh I feel naked". Myself, I have never felt naked because I don't use an antivirus, if I ever did, I would put MSE back on. In my case I am safer because I do things how I do them and despite being a dummy guy about computers, I can do it. Telling people that you can go without an AV is not the same as advising people to drop using one. Some of you guys don't see the difference but there is a difference.
Bo
The link about using SBIE along an antivirus is how Sandboxie should be used when you first install it. It would be naive and stupid using it differently. The perfect scenario is to have your AV detecting known threats and Sandboxie taking care of the ones that the AV don't have a signatures. That is the perfect way of using SBIE.
Even after using SBIE for some time, if a user installs a lot of stuff or the computer is shared, an antivirus should be run along SBIE. In my house, computers are like toothbrushes, very rarely anyone not even my wife touches my computers. In my particular case, I never planned it to be without an antivirus, the day that I took the AV out I made the decision on the spot, I knew I was ready and it didn't feel like nothing. Being ready is something that you know it inside, you feel it. You cant recommend it.
You know how people say sometimes, "Oh I feel naked". Myself, I have never felt naked because I don't use an antivirus, if I ever did, I would put MSE back on. In my case I am safer because I do things how I do them and despite being a dummy guy about computers, I can do it. Telling people that you can go without an AV is not the same as advising people to drop using one. Some of you guys don't see the difference but there is a difference.
Bo
- Status
Similar threads
-
- Question
