Battle Deep Freeze,Sandboxie and Shadow Defender?

Status
Not open for further replies.

Moose

Level 22
Thread author
Jun 14, 2011
2,271

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I used to run both SD & sandboxie at the same time, when i first booted my system, i would manually run all updates, the turn on SD and open my browser in sandboxie.. Chances of anything making it through both were quite slim ;) Although im sure most would call this overkill "including myself", but it was light and effective, and i was not running an AV when doing so. I did how ever have a on demand for checking files.

those of us you who work/play with malware on a regular basis knew of the risk. i can't call being prudent and safe as an overkill specially if the AV is off or any protection for that matter
 
  • Like
Reactions: Behold Eck

jimipre

Level 1
Verified
May 30, 2014
38
From the Browser in the Box, here are the listed features:

BASIC CHARACTERISTICS
  • Can be used with Windows XP and Windows 7
  • Comes with: VirtualBox 4.0.16, hardened Linux Debian 6 and SELinux and Firefox
COMFORT
  • Transparent usage with no deviation to a normal direct browser operation
  • Simple installation without special knowhow
SECURITY
  • Browser execution takes place in separated virtual machine with own operating system
  • Downloaded files are first scanned and then provided to user
  • Configurable security polic for copy & paste, download, upload and printing
  • Secure download and uplaod
  • Secure copy & paste
  • Secure printing
  • Reset to certified initial snapshot upon each start of the browser
  • Configuration data of the browser can be stored and retained for restart
 

Moose

Level 22
Thread author
Jun 14, 2011
2,271
SandBoxie! At this point in time with CyberFox to many problems! For example, playing video's on YouTube. Flash Player, problem ect..
Sandboxie being by pass! Conflict with Malwarebtyes Anti-Malware. And so forth.....
Shadow Defender is the way to go!
 
  • Like
Reactions: Xtwillight

Kent

Level 10
Verified
Well-known
Nov 4, 2013
468
Author Pegr @ Wilder Security!

Here are some points to consider that may help you decide. Sandboxie and Shadow Defender are different types of virtualization, and it helps to have an appreciation of how each works.

First a general note about virtualization. Virtualization prevents the system from becoming permanently infected by malware and ensures perfect cleanup, with no traces of any malware remaining outside of the virtual environment; but it doesn't, by itself, prevent malware from running within the virtual environment, with the possible risk of data and identity theft.

Furthermore, there will always be some files and folders that the user won't want virtualized (in case of data loss as a result of forgetting to save changes to data before exiting the virtual environment). These may be a potential target for ransomware, e.g. Cryptolocker.

Virtualization is a useful layer to contain system change but shouldn't be thought of as a complete security solution. Some kind of additional protection is also required. This can be real-time AV/AM, or can be HIPS, policy-restriction, anti-execution, etc, according to user preference.

Sandboxie
Sandboxie is an application sandbox that works at the file system level, but only for those applications that the user chooses to run in the sandbox. Sandboxed applications have all file system and registry writes redirected into the sandbox container folder, isolating them within the sandbox. Sandboxed applications also have to be isolated from interacting with unsandboxed applications in ways that would allow sandbox security to be breached. Isolating sandboxed from unsandboxed processes introduces some complexities.

1. Application software updates can sometimes break sandbox functionality, which means that Sandboxie has to be kept updated to cope with the consequences of software changes in applications that are candidates for sandboxing, e.g. browsers. Unless a lifetime license was previously purchased before the Invincea takeover, keeping Sandboxie up to date will mean purchasing an annual license.

2. Sandboxie compatibility settings may be required for Sandboxie to work smoothly alongside some other security applications and utilities. There may be also a few applications which simply aren't compatible.

3. Sandboxie has to prevent the installation drivers and services within the sandbox, and cannot be used to test software that installs a driver or service.

One of the major plus points of Sandboxie is that it also has a rich set of policy-restriction features that can be applied to applications running in the sandbox. It is much more than just application sandboxing, which means that Sandboxie can be used as a complete security solution for the containment of untrusted applications.

Shadow Defender
Shadow Defender is lightweight virtualization that works below the level of the Windows file system to virtualize entire disk partitions. As a minimum this should include the system partition. Changes are virtualized by redirecting all disk sectors writes on a shadowed partition to a hidden temporary cache. Shadow Defender can be thought of as sitting between Windows and the running applications. This has some consequences.

1. Providing applications are making normal Windows file system calls (direct disk writes are prevented), Shadow Defender will handle disk sector redirection without the application being aware of Shadow Defender's existence. This is a simple and robust mechanism. Shadow Defender does not need to be kept up to date to cope with software changes in applications. Furthermore, the license is lifetime, covering all future software updates.

2. No software compatibility settings are required for Shadow Defender to operate smoothly alongside other security applications and utilities. The operation of Shadow Defender is invisible to applications running at the level of the Windows file system.

3. As all system changes are discarded when rebooting to exit Shadow Mode, Shadow Defender restores the system to a previous known state in order to eliminate unwanted change from whatever cause: malware infection, system crashes, etc. It's about more than just protecting the system against infection by malware.

4. Because the entire system partition is virtualized in Shadow Mode, all processes are running within a system-wide sandbox. No process isolation between sandboxed and unsandboxed processes is needed. Software that installs drivers or services can be tested using Shadow Defender, providing that it does not require a reboot to complete the install.

5. Because Shadow Defender virtualizes the entire system partition, care needs to be taken to ensure that changes to data aren't accidentally lost when rebooting. If the data folders are located on the system partition, Shadow Defender can be configure to permanently exclude them from virtualization. Alternatively, data folders can be moved to a separate data partition, if there is one. (As an alternative to folder exclusions, changes to data files can be committed manually but it does mean remembering to do it to avoid data loss.)

Unlike Sandboxie, Shadow Defender does not have any added real-time protection features beyond virtualization. This makes it essential to supplement Shadow Defender with additional real-time protection.

Finally, because they operate differently, they can be used together. Sandboxie can provide the additional real-time protection for sandboxed applications that Shadow Defender lacks, whereas Shadow Defender enables the system to be kept in a constant state that can also be useful for software testing.

Hope that helps.
Great info :):):)
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
882
I am very interested in knowing if anyone has tried:

Returnil System Safe Free
InmunOS
Browser in the Box (BIB)

Browser in the Box, was developed for the German government by Sirrix AG. It is free for personal use. I just found it yesterday, and I am very intrigued by it.
  • Can be used with Windows XP and Windows 7
  • Comes with: VirtualBox 4.0.16, hardened Linux Debian 6 and SELinux and Firefox

It is one click install, but it is a huge download (473,000kb). it is also, one click to get up and running. Inside windows you click on the icon and Virtual box opens Linux and FireFox runs inside of Linux which is inside of Virtual Box.

Since there are few Linux viruses, and you are virtualized it seems like the most secure way to surf the web. I plan on installing it this week and giving it a try. My fear is that it will slow browsing dramatically, but I don't really know for sure. Given that it was created for the German government, it is probably well designed.

The link below is in English, and the website has User Manuals, and other free software. Another one by Sirrix AG, that looks interesting is called Trusted Desktop. Most of the pages load in English, however I did have to use Google translate on the download page to make sure that I was clicking on the correct link. I don't know how many other languages the website is in, but I suggest using Google Chrome, and having Google translate enabled if you speak something other than English or German.The manual from the English website downloaded into an English PDF, and it indicated indicated that there was a way to get Avira antivirus installed into BIB. Other than that, it appears to be one click installation.

http://www.sirrix.com/content/pages/BitBox_en.htm


InmunOS comes from a Spanish website, and the English website is a little bit choppy in its wording. It is also free for virtual use, and they claim it will always be free. However, it looks less integrated than Browser in the Box. The link is below, but now the website appears to be down, but it was up and running yesterday.

http://www.pentest.es/inmunos.php

I plan on trying Browser in the Box soon and I will post what I find here. Again, please let me know if you have tried either of these virtual browsers.

I have used all versions of Returnil and a great piece of software it was in it`s day. The RSS 2011 free version that you were refering to
was a system wide virtualisation program that flushed the C drive at reboot.It also boasted a virus guard, antiexecutable and a virtual disk for saving data to on the C drive.Which all sounds great except that the virus guard was powered by Fprot,not the best, the antiexecutable did`nt work and it was heavy on resourses over 80 mb which was a lot back in the day.I have to say though that the virtualisation component was always top notch and I found the GUI pleasing to the eye.

I suppose I use my own version of Returnil i.e. Sandboxie,NVT ERP(free) and ToolwizTimefreeze on demand.

Great thread bye the way.;)

Regards Eck:)
 
  • Like
Reactions: Moose
H

hjlbx

Salutations,

Anyone tried Time Freeze and doe it protect MBR (Master Boot Records)?
Also, opinions on Browser in the Box (BIB)?

Kind regards,

Time Freeze - never used it as once I found Shadow Defender that is all I needed, but TF is reportedly a good alternative to SD.

I think BiB is nothing more than a really expensive Sandboxie... I looked into it before, but decided not to pursue.

Best,

HJLBX
 
  • Like
Reactions: Moose

Moose

Level 22
Thread author
Jun 14, 2011
2,271
Salutations,

Just trying to figure out why most individuals are using Time Freeze? Or a combination of Sandboxie and Time Freeze?
Instead of not using Sandboxie and Shadow Defender?
 
H

hjlbx

Salutations,

Just trying to figure out why most individuals are using Time Freeze? Or a combination of Sandboxie and Time Freeze?
Instead of not using Sandboxie and Shadow Defender?

Time Freeze and Sandboxie = both freeware ($0)

Shadow Defender = $35 for Lifetime License

So, I think some people use Time Freeze purely because it is freeware.

Shadow Defender, I think, is better product.
 
I

illumination

2hhkgo5.jpg
lol, you may want to place that Kali in a virtual environment as well, a few of them tools you may not want running loose on your host machine :D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top