Mis-understandings about Sandboxie

View previous topic View next topic Go down

Mis-understandings about Sandboxie

Post by ssj100 on 25/4/2010, 02:02

The following is a post as part of a dicussion on Wilders (be careful what you read on Wilders - there is a lot of mis-information there...but I guess most forums suffer from this issue) about running both Sandboxie and Shadow Defender:

http://www.wilderssecurity.com/showpost.php?p=1665752&postcount=7862

I don't think there is a case of one being better than the other. Personally I don't like "sandbox" type programs like Sandboxie, but that is just a matter of preference.

My point was that if you are in Shadow Mode with SD, then Sandboxie seems redundant to me. Any changes done to the system won't be kept anyway, so you don't really need Sandboxie in that case. I think running both is not needed and a waste.

Firstly, you can indeed make a case that Sandboxie is redundant if you are always in Shadow Mode with respect to the virtualisation mode of protection (although this can be easily argued against by stating that Shadow Defender got bypassed a couple of times in the past where Sandboxie held strong).

Secondly, there appears to be a failure of TheIgster to understand Sandboxie's full protection scope. Not only does Sandboxie individually virtualise your chosen application(s), but it also acts as an "anti-executable" (with start/run restrictions) and a "firewall" (with internet access restrictions). Furthermore, Sandboxie protects areas of your computer from being "spied" upon by your malware threat-gates (with Resource Access restrictions). Need I go on?

I'll mention one more aspect of Sandboxie that is not a feature of Shadow Defender - the ability to discard changes without restarting the computer.

As you can see, Sandboxie is not redundant at all, even when used with Shadow Defender, and is in fact a very unique application!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Mis-understandings about Sandboxie

Post by Singlemature on 25/4/2010, 12:24

partially agreed with both points,if you don't require a high level security,just virtualisation mode of protection is enough and easy to use.
But these programs like SD were bypassed several times in the past like ssj100 mentioned,cause once drivers were loaded,there are unlimited possibilities to do anything including breaching virtualisation programs for sure.

Singlemature
Valued Member
Valued Member

Posts : 31
Join date : 2010-04-22

View user profile

Back to top Go down

Re: Mis-understandings about Sandboxie

Post by ssj100 on 25/4/2010, 12:54

Indeed. I also believe that once anything is able to be executed (if initial execution is allowed), then the possibilities are there to breach even classical HIPS and software like DefenseWall. That's why my main security arsenal is a combination of anti-execution (SRP) and containment (Sandboxie).

If anything is able to bypass (a tightly configured) SRP (never been a reported case of real-world malware that can do this), then it would still need to bypass Sandboxie's start/run restrictions and containment mechanisms.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Mis-understandings about Sandboxie

Post by Guest on 26/4/2010, 10:41

There is an old Irish Proverb that says:
"Faith and reason are like the two shoes on your feet,you can go further with both,than with one."

I see neither ShadowDefender not Sandboxie as being in any sense redundant.
There are things I can not do on a granular level with ShadowDefender,
I can with Sandboxie,yet I feel the need for ShadowDefender for MY setup..

Regarding Iggster, the bottom line is :(His own words)
1:"Personally I don't like "sandbox" type programs like Sandboxie, but that is just a matter of preference."
2: A look at the tests he has conducted (since shut down by Wilders) proves he is a faithful blacklister/signature detection man.

Nothing wrong with that,but hardly objective about system or application virtualization.
nice enough guy though.(i like the Terry O'Quinn avatar!!


noor

Guest
Guest


Back to top Go down

Re: Mis-understandings about Sandboxie

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum