Hi guys. I noticed on the Sandboxie forum that Sandboxie might be bypassed. Do you guys know if there are any good alternatives to Sandboxie? Thanks for any suggestions. I hope I posted this in the right place.
Sandboxie or a better alternative?
- Thread starter MalwareBeater
- Start date
Raul90
Level 14
- Feb 5, 2012
- 658
I like Sandboxie and will keep on using it. As compared to the sandbox of Avast / Comodo and the former SafeRun of KIS 2012 (though they differ --just termed as sandbox)
BufferzonePro turned freeware but it's been a long time since it has been updated and development seemed to have stopped already. Tried to use that with Comodo way back 2010 but could not get it to work. BZ's firewall seems to have trouble with Comodo's hips even if you have set both to exclusions. I would get a freeze that I have to reboot to no avail. BZ forums was also of no help to me. Was able to run Avast IS with Bufferzone and was okay. BZ sandboxes 'svchost.exe' I remember.
There was GesWall but also underdeveloped..to bad it was a promising application.
BufferzonePro turned freeware but it's been a long time since it has been updated and development seemed to have stopped already. Tried to use that with Comodo way back 2010 but could not get it to work. BZ's firewall seems to have trouble with Comodo's hips even if you have set both to exclusions. I would get a freeze that I have to reboot to no avail. BZ forums was also of no help to me. Was able to run Avast IS with Bufferzone and was okay. BZ sandboxes 'svchost.exe' I remember.
There was GesWall but also underdeveloped..to bad it was a promising application.
bo.elam said:
Your enthusiasm for Sandboxie is great Bo, but nothing is 100%. Stating otherwise is a grandiose claim that has no bearing on reality.
To the point, Sandboxie has been bypassed before. In fact, fairly recently with the Gapz trojan, Sandboxie has a vulnerability. Tzuk himself has mentioned that version 3.x is vulnerable to this exploit, while version 4.x is not.
tzuk said:
I like Sandboxie and use it every day, but I still take other precautions because I know that nothing is bulletproof. In my opinion, to assume otherwise is folly... :s
Yes Heffe, nothing is 100%, we all know that. Also, everybody has been reading the thread that you linked....
...but let me ask you, Name ONE person that you know or heard that has been infected by Gapz trojan while using Sandboxie.
Just one would be enough, please.
You will not find one. By the way, as I said in my previous post, my enthusiasm for SBIE is due to what SBIE has done for me and others, that is real.
Bo
...but let me ask you, Name ONE person that you know or heard that has been infected by Gapz trojan while using Sandboxie.
Just one would be enough, please.
You will not find one. By the way, as I said in my previous post, my enthusiasm for SBIE is due to what SBIE has done for me and others, that is real.
Bo
HeffeD said:All I said was that there was a vulnerability...
Yes, a vulnerability that, 1) has never been used to infect anyone and 2), a vulnerability in version3, a version that is being phased out.
Who cares Heffe?
Anyway, I guess you cant find anything about anyone that got infected with this ah vulnerability while using SBIE, right? Do you care wondering why is that... or you still assuming things.
Bo
Though i think Sandboxie is an excellent program, im inclined to take what the owner/creator suggests, based upon his own responses to these questions, i figure he knows best.
Sandboxie FAQ
Sandboxie FAQ
bo.elam said:
I'm not quite sure what the problem is here, Bo. You make a statement saying that nothing is going to be able to break out of Sandboxie. I say that nothing is 100% and point out the current vulnerability. Plain and simple! No nefarious, Sandboxie is insecure type comments, pitchfork waving or anything of the sort. I simply pointed out a fact.
So what is the problem? Have I misrepresented something? Did I say that people were being infected? Did I say that people were going to start getting infected? No, I don't believe I did. I even posted Tzuk's quote where he states that he feels the possibility for infection due to this vulnerability is low.
You also keep stating that I'm making some sort of assumption, but I have no idea just what it is that you feel I'm assuming...
Do I care that there's a vulnerability? Sure! I think everybody should be concerned if there are any known vulnerabilities in their security setup, regardless of how minor these may be. Am I particularly concerned about said vulnerability? Not in the slightest! Did you miss the part where I said I use Sandboxie every day? (I'm even running the -gasp- vulnerable 3.76 as we speak!
) I'm sorry that my comments have apparently offended you to such a great degree, Bo, but I stand behind what I've said:
Nothing is 100%, Sandboxie currently has a known vulnerability in the 3.x versions, and I feel it's wise to have another product as backup in case your main line of defense fails.
If you still feel that I need to defend my comments more than I already have, then I apologize in advance for disappointing you.
Your post above sounds fair to me, I even agree with most of what you are saying and disagree with very little. But you got me upset in post#22 when you say things like: "Stating otherwise is a grandiose claim that has no bearing on reality", Heffe, my reality is different than yours, I do security different than you and it works. It is not fair for you to call it grandiose.
It is true that in another part of your post you said, "I like Sandboxie and use it every day" but you also said, "but I still take other precautions because I know that nothing is bulletproof. In my opinion, to assume otherwise is folly... Confused".
Heffe, that was not nice. If you like to believe the myth that 25 applications are needed to maintain your system intact, I got no problem with that but in the meantime, because I take care of my security differently, while you spend a couple hours everyday either updating, upgrading or doing scans with the arsenal, I am having fun using the internet and the computer as I don't have to do any of that. Its a great benefit, you just cant see it.
There are a lot of reasons why I feel safer and more relax by not using any thing else other than Sandboxie and NoScript. Please, lets not go over that again, I don't want to get banged up again by the Antivirus club that roams around here.
Peace Heffe.
Bo
It is true that in another part of your post you said, "I like Sandboxie and use it every day" but you also said, "but I still take other precautions because I know that nothing is bulletproof. In my opinion, to assume otherwise is folly... Confused".
Heffe, that was not nice. If you like to believe the myth that 25 applications are needed to maintain your system intact, I got no problem with that but in the meantime, because I take care of my security differently, while you spend a couple hours everyday either updating, upgrading or doing scans with the arsenal, I am having fun using the internet and the computer as I don't have to do any of that. Its a great benefit, you just cant see it.
There are a lot of reasons why I feel safer and more relax by not using any thing else other than Sandboxie and NoScript. Please, lets not go over that again, I don't want to get banged up again by the Antivirus club that roams around here.
Peace Heffe.
Bo
Some of the statement can easily be discarded.
if the sandbox is set to deny either internet connections or the execution of all programs except the one you specifically chose, it will not happen.
just execute the file/registry keys in the sandbox and check what is created or modified.
also Sbie is not an AV but you can add BusterSandbox addon to scan the content of the sandbox.
normally you should close any windows before you remove an external storage device, so if you set Sbie to empty the sandbox when it stop you will not have any problems.
The first rule is to know how a product works to use it properly.
if the sandbox is set to deny either internet connections or the execution of all programs except the one you specifically chose, it will not happen.
just execute the file/registry keys in the sandbox and check what is created or modified.
also Sbie is not an AV but you can add BusterSandbox addon to scan the content of the sandbox.
normally you should close any windows before you remove an external storage device, so if you set Sbie to empty the sandbox when it stop you will not have any problems.
The first rule is to know how a product works to use it properly.
@Member, is funny how you guys that dont realize that keeping a computer clean is something that's actually very easy to do are all the time bringing up that an antivirus should be used along Sandboxie whenever I participate in a thread that I talk about SBIE. In this thread, you are the second member that do it (I am not talking about our good friend Heffe).
To avoid more confusion from you guys in the antivirus club, I believe 1) Sandboxie is not a replacement for an antivirus and 2) no one should set dropping using an antivirus as a goal.
Despite what I just mentioned, some of us that have used Sandboxie for a long time have found that you can actually use SBIE on its own and be safe. Some us, including myself, believe based on our personal experience using SBIE, that we are actually safer by not using anything else since using other security products could conflict with Sandboxie when you least expect it. To me, this is very important.
I talk before about some of the benefits of not using scanners. Think about this for a moment. If you spend a couple hours a day updating, upgrading, rebooting and scanning the computer everyday, that amounts to 730 hours a year of wasted time. That's 730 hours that I spend in the internet doing what I really like doing. Best of all, the computer remains intact, not only from viruses but also from the wear and tear that security products causes to computers.
Personally, I never planned to drop using antiviruses, it just happened one day after a bad upgrade from my favorite antivirus. After the upgrade, I uninstalled the AV and didn't look for a replacement. I was ready and didnt feel anything different. That happened over two years ago and never look back. What I am going to say might sound incredible but is true, if I install an antivirus, I feel unsafer and restless. I am very relaxed taking care of security the way I do it and could never go back to doing it like you do it.
A little over a year ago, I went a little farther and went ahead and also dropped using on demand scanners. It just normally fell into place. The best part of all this is that Im not a computer guy. Many of you guys here and in other security forums are years ahead of me about computer knowledge, what makes me different is that I dont swallow the myth that you need a ton of applications to remain safe. My personal experience is proof that its a myth.
Bo
To avoid more confusion from you guys in the antivirus club, I believe 1) Sandboxie is not a replacement for an antivirus and 2) no one should set dropping using an antivirus as a goal.
Despite what I just mentioned, some of us that have used Sandboxie for a long time have found that you can actually use SBIE on its own and be safe. Some us, including myself, believe based on our personal experience using SBIE, that we are actually safer by not using anything else since using other security products could conflict with Sandboxie when you least expect it. To me, this is very important.
I talk before about some of the benefits of not using scanners. Think about this for a moment. If you spend a couple hours a day updating, upgrading, rebooting and scanning the computer everyday, that amounts to 730 hours a year of wasted time. That's 730 hours that I spend in the internet doing what I really like doing. Best of all, the computer remains intact, not only from viruses but also from the wear and tear that security products causes to computers.
Personally, I never planned to drop using antiviruses, it just happened one day after a bad upgrade from my favorite antivirus. After the upgrade, I uninstalled the AV and didn't look for a replacement. I was ready and didnt feel anything different. That happened over two years ago and never look back. What I am going to say might sound incredible but is true, if I install an antivirus, I feel unsafer and restless. I am very relaxed taking care of security the way I do it and could never go back to doing it like you do it.
A little over a year ago, I went a little farther and went ahead and also dropped using on demand scanners. It just normally fell into place. The best part of all this is that Im not a computer guy. Many of you guys here and in other security forums are years ahead of me about computer knowledge, what makes me different is that I dont swallow the myth that you need a ton of applications to remain safe. My personal experience is proof that its a myth.
Bo
bo.elam said:
Hate to pop your ego button, but i did not post in this thread just because of you.. I had already responded to the OP about the thread from sandboxie forum, then of course seen the "usual battle" starting, and voiced my opinion just as you have, but i forgot, your better then me and everyone else, we are not allowed to voice without crap being said, or fanboy name calling like some do.
P.S. i do believe it is foolish to run nothing but a sandbox!
illumination said:
Coming from you, I ll take the above as a compliment rather than an insult. Thanks.
By the way, if you are going to talk about SBIE, you should learn SBIE talk. It is wrong to say, "I do believe it is foolish to run nothing but a sandbox!" but it would have been proper if you had said, "i do believe it is foolish to run nothing but programs in a sandbox!".
To learn the difference, there is no other way but to learn. Page 1 is a good place to start:
http://www.sandboxie.com/index.php?GettingStarted
Bo
Earth said:
Yes, it is a benefit that makes a difference. In my case, those 730 hours affords me the time to do all the reading I want and still spend quality time with my wife. When I turn on my computer, I don't spend any time updating or upgrading anything. I always let the machine idle for 4 minutes and I start doing whatever I want right after that. Cant be much better.
Bo
- Oct 23, 2012
- 12,527
I hardly spend a couple hours a day performing those tasks.
Start up scan .......Done automatically
Security Software updates.......Done automatically
Windows Updates......Notified automatically...... 30 seconds to review them.....Click Install.....Running in background.....go do something else
Windows updates complete.......might require reboot......32 seconds
There is no way that I spend 730 hours a year performing these tasks
Anyway I thought this poll was about replacing SBIE with a similar product for which I voted No.
Start up scan .......Done automatically
Security Software updates.......Done automatically
Windows Updates......Notified automatically...... 30 seconds to review them.....Click Install.....Running in background.....go do something else
Windows updates complete.......might require reboot......32 seconds
There is no way that I spend 730 hours a year performing these tasks
Anyway I thought this poll was about replacing SBIE with a similar product for which I voted No.
- Status
Similar threads
-
- Question