App Review Sandboxie vs an API Exploit redux

[cruelsister]

A follow-up video on Sandboxie was obviously needed. Also as a comparison by the end of the week Comodo Firewall reviewed under the same conditions will be published. I'll refrain from any comments until then. except for a quote made bt FleischmannTV on the other thread:

"Hey my program doesn't work in Sandboxie..."
"Well, you shouldn't have ticked DropMyRights, fool."

"Hey, this malware escapes Sandboxie..."
"Well, you should have ticked DropMyRights, fool."

 

[Deleted member 178]

As i said , default sandbox is permeable, it is why tighter tweaks must be done after installing Sbie.

in the custom sandbox , you can even go farther by "blocking access" to any partitions/folders from anything running in the sandbox.
this kind of setup i'm using for my Downloads Folder's profile.

 

[cruelsister]

I totally agree with you. As I stated a number of times, Sandboxie is a fine program, and I am certainly a proponent of virtualization. My intention was far from doing a hatchet job on SB, but instead to make the typical user aware that SB can't just be used as an install-and-forget type of application, and most assuredly not as a "leave it at default and everything will be fine" type of security solution (I'm sure you were as horrified as I was with the "just tick the drop Rights box" method that many had advocated).

I think that your Primer on the use of SB is new knowledge for many of its fans and you certainly deserve much credit for taking the time to present it. Our goal here should be to make sure fellow members are protected from malware, and sometimes highlighting certain issues may be presented in an alarming manner.

(and thanks for correcting the typo!)

 

[Deleted member 178]

i corrected another one in the title

yes , Sbie is not for beginners (even if they want it to be) , some knowledge of how Windows works (and most precisely, how a file is accessed or what it access) is necessary. Also an intensive reading on Sbie's forum is a must do.

As you said, here i try to make sandboxie easier to understand and manipulate for our members.

 

[Mr.X]

Concerning indeed. From now hackers will turn eyes to Sandboxie to bypass it. I guess. Everything changes no doubts at all.

 

[Moose]

Salutations,Friends!

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21539

Would you feel comfortable adding a antivirus? For a layering your security?
With Sandboxie and Comodo Firewall? Or other security software?

Kind regards,

 

[jamescv7]

One of the rare situation which that should properly take attention but totally interesting, still Sandboxie contains a lot of features which by better tweaks will avoid any intrusion of lapses. As always its pretty fine for executing programs on the go without any harm as possible.

 

[Deleted member 178]

Salutations,Friends!

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21539

Would you feel comfortable adding a antivirus? For a layering your security?
With Sandboxie and Comodo Firewall? Or other security software?

Kind regards,

Comodo and Sbie is a no no because something in comodo hampers Sbie to load.

Personally i reached a stage where i dont need any Realtime AVs, just using default-deny apps (anti-exec), anti-exploits and virtualization tools. i want my system swift and lean.

My actual setup is almost perfect to me, just need a more sophisticated firewall.

 

[Moose]

Sorry, I meant separate with a antivirus! For each Comodo and/or Sandboxie! Not both on the same PC! But you answer the question in detail.

Appreciated!

 

[Overkill]

Overkill, someone over there who uses Sandboxie everyday and run many programs in the sandbox, ought to tell Cruelsister that most programs that one has installed in their system, will run sandboxed perfectly fine with Drop rights enabled. Drop rights is not supposed to stop programs that are installed in your system from running in a sandbox. But Drop rights stops programs (in SBIE, whether they are good or bad doesn't make a difference) from installing in the sandbox. Thats one clear thing that the setting does. And its exactly what I use it for.

Tell him that Sandboxie doesn't work like Comodo. Sandboxie is not supposed to tell the user anything about any sandboxed files and is not supposed to let (quoting him) "good files through while stopping any malicious activity" Sandboxie doesn't work like that. Sandboxie treats all files, good or bad, the same way.

http://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-68#post-2515289

 

[cruelsister]

Overkill- That was exactly the point of the video (which it seems the folks at Wilders somehow missed). By not differentiating natively between valid and malicious files leaves it up to the user to decide what is good or bad (so basically a coin-flip, which is not optimal method of prediction). As to most programs running fine with Drop Rights enabled, I had no issue finding one to backdoor with a trojan. Extensive knowledge of how to configure SB may have helped, but honestly answer how many users have this knowledge? I would hope that many would prefer a more elegant solution.

But more importantly, I assure you that in my case it's a "Her" and most certainly not a "Him".

 

[Overkill]

I meant no disrespect to the lady. I thought it was a he who likes folk music of the good kind.
https://en.wikipedia.org/wiki/Cruel_Sister_(Pentangle_album)

http://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-68#post-2515594

 

[cruelsister]

None taken.

 

[Deleted member 178]

flaw fixed

http://malwaretips.com/threads/sandboxie-v5-01-xx-beta-with-w10-support-update-tread.47895/

 

[cruelsister]

Ah- The power contained in my delicate fingers!

 

[Deleted member 178]

Ah- The power contained in my delicate fingers!

and the power of my hammer to smash them