Disinfecting PC's Without the Need for Tedious Security Software

[Gnosis]

This theory tech we are discussing is about 30 years ahead of its time. It is like Mr. Scott going back to the 20th century after a "slingshot around the sun" and handing over the matrix for transparent aluminum for some really thick plexiglass in exchange. The plexiglass is the equivalent to our current realtime security methods. Look at it that way.
I am the Klingon Bird of Prey; I am a little glitchy, but I can be somewhat useful, but I am not the Excelsior. It can be a challenge for humans to understand my Klingon speak. haha
Jack is Captain Kirk and Fabian is Spock.

 

[Gnosis]

EVERYONE,

Don't be shy. Jump in and give your two cents. This is not about being an expert, but about ideas, and several knowledgeable members will be ready to chime in if our ideas are too aggressive for the technology and methods of the day. Even if you think your statement or question might be humorous, don't hesitate, because it could spark an idea in any of us.

 

[Ramblin]

Staying malware free is not as hard as it this thread make it sound. I have been without a real time antivirus for over two years, I am not even carrying a on demand scanner in my system and despite not being a computer guy, I am not getting infected.

Our friend Fabian might say, that I have been lucky. Well, how long do I have to go without getting infected before we call it something else other than luck. In my opinion, is not luck, is just that SBIE works better against malware than antiviruses do.

Since I started using Sandboxie four years ago and building my security around it, I don't see malware coming around anymore. Sure, SBIE is not an anti keylogger so it doesnt detect them but other than that, SBIE does better than real time antiviruses against all other threats. In addition to SBIE, I am using NoScript, nothing else.

Bo.

 

[illumination]

Staying malware free is not as hard as it this thread make it sound. I have been without a real time antivirus for over two years, I am not even carrying a on demand scanner in my system and despite not being a computer guy, I am not getting infected.

Our friend Fabian might say, that I have been lucky. Well, how long do I have to go without getting infected before we call it something else other than luck. In my opinion, is not luck, is just that SBIE works better against malware than antiviruses do.

Since I started using Sandboxie four years ago and building my security around it, I don't see malware coming around anymore. Sure, SBIE is not an anti keylogger so it doesnt detect them but other than that, SBIE does better than real time antiviruses against all other threats. In addition to SBIE, I am using NoScript, nothing else.

Bo.

Sandboxie is a stout program there is no doubt, but as mentioned in earlier post's, how would you know 100% you have no infections without any scanners to detect them?

 

[Fabian Wosar]

Our friend Fabian might say, that I have been lucky.

Why should I say that? Sandboxing through virtualization like Sandboxie is a very effective way to prevent your system from being infected as long as you can protect all major points of entry. If you never share USB sticks and the only way files can get onto your computer is through your browser and mail client, sandboxing both as well as all programs you download can be very effective.

My argument never was that you need a real-time AV and a firewall or a HIPS. I just listed them as they are the most common types of security software people use. My argument was that just because you have a quick and easy way to return your system to a known good state doesn't mean malware can't effect you and that you can throw all security precautions overboard .

 

[Gnosis]

I am pondering about a program that checks for "false logic" from system image to system image as those restore points are being created.

 

[Ramblin]

@Illumination, I know my system is clean because, 1) The behaviour of my computers don't change, day after day, they behave the same way. Remember, I avoid installing new software in my computer. In my old XP, I haven't added anything new in over two years. In my new W7, I added exactly what I have in XP and uninstalled the programs that came with it that I have no use for, 2) I do run scans sometimes, that's the main purpose that I use Shadow Defender for. Sometimes I run HMP, MBAM or Emsisoft. They never find anything.

@Fabian, yes, I open ALL files that I download from the internet in a sandbox. Even after they been around my computer for a while, I still open them in a sandbox. In other words, I never stop using the sandbox.

I open all files and programs in a sandbox, including my EMail client, Video players, PDF Reader and also sandbox my USB, CD and DVD drives.

Fabian, basically, everything that I do whether using the internet or not is done in a sandbox.

By the way, i like Emsisoft, I also believe that it is an excellent program.

Bo

 

[Exterminator]

Here is a direct Quote taken from SBIE "frequently asked questions".

Do I need other solutions if I use Sandboxie?

Sandboxie may be your first line of defense, but it should certainly be complemented by the more traditional anti-virus and anti-malware solutions. These solutions can let you know if your system does become infected in any way.

Typically, those other solutions employ various forms of pattern matching to discover malicious software and other threats. Sandboxie, on the other hand, quite simply does not trust any software code enough to let it out of the sandbox.

The combination of the two approaches should keep malicious software -- which is serving the interest of other unknown parties -- out of your computer.

Personally this is the approach I take with the use of SBIE

 

[Ramblin]

Here is a direct Quote taken from SBIE "frequently asked questions".

Do I need other solutions if I use Sandboxie?

Sandboxie may be your first line of defense, but it should certainly be complemented by the more traditional anti-virus and anti-malware solutions. These solutions can let you know if your system does become infected in any way.

Typically, those other solutions employ various forms of pattern matching to discover malicious software and other threats. Sandboxie, on the other hand, quite simply does not trust any software code enough to let it out of the sandbox.

The combination of the two approaches should keep malicious software -- which is serving the interest of other unknown parties -- out of your computer.

Personally this is the approach I take with the use of SBIE

...and it is the way I recommend most people to use SBIE. When I dropped using an antivirus, it was not something planned, it just happened one day after a bad AV upgrade. At that moment, I was ready to go without it and just didnt look for a replacement. In other words, I made the decision to stop using one on the spot.

In a post, a couple of days ago, I mentioned that I have an strategy. I follow one that has worked for me. Its easy to without an antivirus but you need to follow certain rules, like not using cracks or installing any software just because it sounds like a nice program.

I also mentioned, uninstalling unnecessary plugins, to me doing that in addition to not installing unnecessary software is the most important part of my strategy. If I am careful about what I install, I wont get infected. That has proven to be the key for me.

Bo

 

[Plexx]

(...)If I am careful about what I install, I wont get infected. That has proven to be the key for me.

This applies to anyone who uses any security solution or none.

 

[Ramblin]

Well, that's not true. If you are browsing a infected website or opening an infected USB drive, if your AV doesnt detect malware, you are dead.

On the other hand, when I am browsing a infected site or opening an infected USB drive from a friend, the infection is gone when I delete the sandbox.

See the difference. You and your antivirus fails but the sandbox keep the system intact. You got infected without having to install anything.

Bo

 

[illumination]

@Illumination, I know my system is clean because, 1) The behaviour of my computers don't change, day after day, they behave the same way. Remember, I avoid installing new software in my computer. In my old XP, I haven't added anything new in over two years. In my new W7, I added exactly what I have in XP and uninstalled the programs that came with it that I have no use for, 2) I do run scans sometimes, that's the main purpose that I use Shadow Defender for. Sometimes I run HMP, MBAM or Emsisoft. They never find anything.

Well that is good, i took it from your post of no AV or on demands on your system that you did not scan it.

Everyone has their own approaches, and personally i prefer a layered approach, and a part of that layered approach is virtualization, although i do not depend on it solely, nor would i depend solely on any of the other products, but combined, they do the job.

 

[Gnosis]

I have TF Level 5 activated at all times with Malware Defender HIPS on standby, but I don't allow MD to start with my PC. I usually use Sandboxie as well, esp. when surfing at random with search engines.

 

[Ramblin]

@Illumination, I know my system is clean because, 1) The behaviour of my computers don't change, day after day, they behave the same way. Remember, I avoid installing new software in my computer. In my old XP, I haven't added anything new in over two years. In my new W7, I added exactly what I have in XP and uninstalled the programs that came with it that I have no use for, 2) I do run scans sometimes, that's the main purpose that I use Shadow Defender for. Sometimes I run HMP, MBAM or Emsisoft. They never find anything.

Well that is good, i took it from your post of no AV or on demands on your system that you did not scan it.

Everyone has their own approaches, and personally i prefer a layered approach, and a part of that layered approach is virtualization, although i do not depend on it solely, nor would i depend solely on any of the other products, but combined, they do the job.

In my opinion, any approach is OK as long as it works. Mine works for me, I haven't gotten infected in over four years. Should I change anything?

If 1 piece of malware had escaped the sandbox in this four years, I would be doing things a little different.

Believe it or not, I am very relaxed doing things the way I do them. If I felt naked, I would be using an antivirus. I feel safer going without an antivirus because I know that Sandboxie is at its best since I am avoiding potential conflict by not having another security software.

Does it make sense?

Bo

 

[illumination]

@Illumination, I know my system is clean because, 1) The behaviour of my computers don't change, day after day, they behave the same way. Remember, I avoid installing new software in my computer. In my old XP, I haven't added anything new in over two years. In my new W7, I added exactly what I have in XP and uninstalled the programs that came with it that I have no use for, 2) I do run scans sometimes, that's the main purpose that I use Shadow Defender for. Sometimes I run HMP, MBAM or Emsisoft. They never find anything.

Well that is good, i took it from your post of no AV or on demands on your system that you did not scan it.

Everyone has their own approaches, and personally i prefer a layered approach, and a part of that layered approach is virtualization, although i do not depend on it solely, nor would i depend solely on any of the other products, but combined, they do the job.

In my opinion, any approach is OK as long as it works. Mine works for me, I haven't gotten infected in over four years. Should I change anything?

If 1 piece of malware had escaped the sandbox in this four years, I would be doing things a little different.

Believe it or not, I am very relaxed doing things the way I do them. If I felt naked, I would be using an antivirus. I feel safer going without an antivirus because I know that Sandboxie is at its best since I am avoiding potential conflict by not having another security software.

Does it make sense?

Bo

Feeling relaxed about not getting an infection in 4 years "understandable", should you change anything, not if it is working for you. As far as conflicts go with sandboxie, it has been around for a long time, and i have not seen any conflictions with it and most Av's..

My only question earlier pertained to whether or not you scanned it from time to time to "make sure". Im a better safe then sorry kinda guy..

 

[Ramblin]

Scans are very rare and never because of a Am I infected? kind of question.

For the first two years that I used SBIE, I scanned like most people do. Once a week but after a while scans became rarer and rarer. Eventually, they became a little boring. Finally, I stopped doing them.

So now, when I want to try something, I use Shadow defender and at the same time before or after trying the program, I might run a scan by HMP and/or MBAM. That way, I know if the program I am trying is clean.Thats the main reason for doing that scan but at the same time it confirms what I know, the system is clean.

Bo

 

[Deleted member 178]

i always use a minimum 2 virtualization softwares on my layered approach, Sandboxie & Shadow Defender are the "must-be-there", they complement each other perfectly. I still using traditional AVs to detect any threat that want to sit on my system, and if you observed, they integrated also some policy-based Sandboxes (Emsisoft IS with "runsafer" and WSA with "Safestart").

I think i still using an AV because i found Emsisoft perfect for my needs, if it was not so good i will surely run my system without any RT AV.

 

[Ramblin]

As far as conflicts go with sandboxie, it has been around for a long time, and i have not seen any conflictions with it and most Av's..

Earlier today, I missed talking about this. it will help you understand why I prefer to use SBIE without an antivirus. In the quote, you say that you haven't seen any conflicts between Sandboxie and most antiviruses.

Illumination, I know you like SBIE, OK, but using the Sandboxie UI, please navigate to:
Sandboxie Control>Default Sandbox>Sandbox settings>Applications>Security/Privacy.

In there you see a list of more than 60 security or privacy programs including Emsisoft, Norton, Avast, Avg and Avira. Do you know what being in that list mean? Do you know why Tzuk created those settings for?

Each of those programs have a known conflict with SBIE, those settings were created to make Sandboxie and those programs work better. Using the setting doesn't guarantee that the conflict is really fixed. If you think about it, there can be unknown conflicts and those are the worst kind.

For example, if I was using an AV along SBIE, while browsing, the antivirus could detect something and while I attempt to delete the sandbox, the AV keeps a lock on the file that was detected and the sandbox is not allowed to delete.

If something like that happened to me, it wouldn't even make me blink because I understand whats happening and I know what to do. But the only way to be certain that I can avoid that kind of situation is not to run anything along SBIE.

Also, I like my sandboxes to open and close fast, no delay. Now, I don't know how many antiviruses you have used since you been using SBIE but even though I don't use any, I can tell you that some allow SBIE to delete and open faster than others. Since I open almost all programs that I use in a sandbox, this is important to me.

To top it all, sometimes an AV might be getting along great with SBIE but all of the sudden after an AV or SBIE upgrade, something breaks. I hate that kind of stuff, is nobody's fault but it brings stress. Not using an antivirus, keeps my stress level low.

Bo

 

[Gnosis]

Sandboxie is a great tool, but I envision an eclectic collection of agile software and super fast hardware that will allow a one click operation that will set in motion a hd wipe followed by a OS re-install with a recent system image in minutes, or seconds. What will be left is an OS with your custom setting, document, programs etc., and the only tweaking to be done is to catch up on reintroducing aspects that were lost in the few days or week delay in realizing you are infected, thus grabbing an image from a little it earlier in cyber time. This futuristic OS and system image pack will come equipped with a universal program that tests for OS false logic, as well as false logic in all popular apps and programs of the day, as to ensure your system image restore points are legit and completely intact with the exception of a couple of corrupted programs being deleted due to the rollback process previously eliminating the infected period of time. With hardware and software advances, this will all happen in under 2 minutes.

That said, I have to admit that Sandboxie is about the most exciting thing going on right now when it comes to preserving a clean system.

 

[Gnosis]

If you have the technology, transparent aluminum > plexiglass.