# Sandboxie - Miracle or Myth ?



## John Bull (Jan 23, 2011)

This thread is not a plea for help, it is a statement of what my Sandboxie has done for me over 6 months and a bulletin to new users on what a marvelous security program SBxie is.

I would like other SBxie users to give their comments on what I find is a miraculous program that appears to protect our systems with absolute infallibility.

I have had SBxie for around 6 months now - the free version where I get the nag panel up every few times I use it. But a mere nag panel is nothing compared to the benefits that this unique program gives.

During the time I have had SBxie, I have had alerts by my security systems, but it never matters, nothing gets out of the sandbox - it is all deleted on FF shutdown. I have never had a single intrusion get past SBxie in all that time, not even a tracking cookie. It makes my AV and FW kind of redundant. All my regular scans by, AVG, HMP, MBAM, Emsisoft AM come up with nothing. Using SBxie seems a waste of time having all these other security programs.

Can any other users of SBxie comment on this fantastic program ? It should not be too difficult.

John


----------



## Cookiegal (Aug 27, 2003)

Although it is very good to use it and will likely keep you safe, see this link from the Sandboxie website where they say themselves that it is not 100% foolproof and should never be the only line of defense. See items 4, 5 & 6 in particular.

http://www.sandboxie.com/index.php?FAQ_Virus


----------



## aka Brett (Nov 25, 2008)

While no product is 100 foolproof..Sandboxie does offer a good "layer" of protection.
I did some self testing with it several weeks ago...while using a virtual machine..so in effect I basically had nothing to lose..I tested it as follows.
Went to the latest known links that were malware sites..I would make it through a few links then the browser would stop responding etc..in other words I would hit as many links as I could before the browser was unable to continue.
I then emptied the sandbox
Scanned with malwarebytes and hitman pro.
They always showed clean.
Rinse repeat for several cycles.
Nothing was found outside than sandbox.
This isnt a 100 percent conclusive test however.
Some infected files will detect a virtual machine and fail to execute
Not all infected files are detectable...some take days to be detected by vendors.
100 to 150 intentional links hit while sandboxed is hardly a comparison to the huge amount of viruses out there.

But I can say this..It did do its job when I tested it.
Those same links ran outside of the sandbox badly infected the virtual machine...with some av products it would be as low as the 3rd or 4th link before windows was hosed.

I can say that sandboxie does offer a good level of protection.

It saved me the other day from infecting my host...I typed in a simple search term of an actress in google images as I was in disagreement with someone who the person was we saw on TV.......both had black hair anyway...First hit...A rogue

The current AV product{very highly rated} I had installed didnt detect it ..upon submission of the file most products didnt detect it..days later that has changed though..but last I checked it was at about 50 percent.

Without saying I was quite alarmed and a little nervous about this rather smart file.
I was concerned about my OS..later it was determined to be clean through the use of advanced tools.

Sandboxie had did its job in preventing this somewhat advanced file from infecting my OS.
But as we speak you can be sure that there are people that are creating files or attempting to that will write outside of sandboxie.

It is a good product...testing software{without effecting the OS} is valuable to many.
Running a web browser while surfing is just one of the many uses.
I also have pdf files open sandboxed as there has been a history of problems with them.
Same with .doc files I open them sandboxed.

Something to consider is the 32 bit version is much more effective than the 64 bit version.
As 64{OS} has its own protection system that prevents 64 sandboxie from using the same method of protection as 32 bit.

So in a nutshell..do I 100 percent trust it?...No...as nothing is 100 percent foolproof.
It is a good supplement to to add to ones other products to protect the PC..and a very good line of defense while on the internet.

Times change at first it was simple viruses.....fast forward through time we have trojans worms and rootkits.

As the people that create these files catch up....they basically only take the effort to create files to infect the large quantity of machines...{such as windows verses mac}
When sandboxie and virtual machines become the norm..more effort will be applied by these jerks to also infect these machines
Sandboxes and virtual machines will evolve from "good layer of protection"...to just another layer of protection.

As of now I still consider it to be the most valuable line of defense and worth the effort of using....AV products in the event something did manage to write outside the box number 2.

I would also like to mention that...if one does pick up an infection and it is contained in the sandbox...you still have the risk of keyloggers etc...until you empty the sandbox that "session" is infected as far as the browser is concerned.

Therefore one shouldnt rely on sandboxie alone for protection....you still want your AV product to tell you that have have landed on a bum site,before you lets say enter your password to your yahoo mail 5 minutes later


----------



## Elvandil (Aug 1, 2003)

There are other programs, similar, some better, some not. SafeSpace is one of them. It virtualizes whatever you want and all children of that process, and its options and protection are superior to that of SandboxIE, which is also a good "layer". Returnil, DeepFreeze, TimeFreeze and others can virtualize the entire operating system. Microsoft's own Steady State is among those and very good. Altiris Software Virtualization Solution is one I use frequently. Programs appear when run, files and shortcuts where they belong, and looks to all appearnaces to be a "normal" program, except that it runs in a sandbox, almost impervious to malware (and easily replaced if compromized). But when shut down, it disappears.

Browsing in virtual machines (Parallels, VMWare, VirtualBox, etc.) is also a path to safety. Scanned downloads can be saved in a shared folder to be accessed by the host OS later, and any malware is at least confined to the VM. A snapshot reversion removes any infections and spares the main OS. (I wouldn't recommend VMWare's Browser Appliance, however, just for browsing. It is really Ubuntu with a browser, so you may as well go all the way and just install another OS as a VM for all your VM needs.)

"Portables" are another solution. A portable program does not need to be run from something external, and those that are virtualized offer safety even when run from a folder on your machine. Lately, I have favored portables over normal installations whenever they were available (or I made them myself with Xen, Cameyo, or VMWare).

There are solutions for just about any imaginable scenario. Because I have frequent incremental Acronis images made, I am not especially careful about avoiding malware on the net. I often take risks. But it has been a long time since any malware was detected on my machine by scanners.

Having security "layered" affords better protection than the sum of the layers individually (as *aka Brett* has implied)..


----------



## John Bull (Jan 23, 2011)

What excellent posts made by Aka and Elvan. Direct user information of such quality and great detail is not easy to come by. Both these posts show how thorough the writers have been in testing SBxie`s capabilities to the limit. Well done !! 

I do hope more posters take part in this SBxie discussion, I personally find it fascinating and am sure that many other readers will, including guests.

It is not uncommon for any SBxie thread to extend to a large number of posts since the subject is dear to the hearts of those who use it and attractive to those who do not. I have seen a SBxie thread go into the 300`s.

John


----------



## Elvandil (Aug 1, 2003)

Maybe I didn't emphasize it enough, but I think SandboxIE is a great tool and the chances of its security being exploited very small. I just wanted to point out that there are other, even more inclusive alternatives. 

I have SanboxIE installed. I just haven't had occasion to use it yet.

But unfortunately, I don't believe that this discussion belongs in this forum. It is not a techincal problem. I'm going to move it to "Tips and Tricks" for now. If someone believes that another forum is more appropriate, I'm all ears.


----------



## Stoner (Oct 26, 2002)

Hi John Bull 

I've been using Sandboxie for several years and think it's definitely worthwhile, but as others have posted......it's additional protection -----> an extra layer of protection.
Having an updated system with a good firewall and antivirus/antimalware app is still important for good security.

Even so....the biggest security issue is the surfing habits of the user.


----------



## mydogtoby (May 9, 2005)

I wouldn&#8217;t be without Sandboxie. I also use Folder Protect as an extra layer of protection. It protects folders with a password and has a stealth mode that makes it invisible to intruders.


----------



## valis (Sep 24, 2004)

Stoner said:


> Even so....the biggest security issue is the surfing habits of the user.


Yup. As has been proven time and again, you just can't fix stupid.


----------



## RaZkaL413 (Dec 21, 2010)

I have been using Returnil Virtual System for quite a while now and have had zero problems. I like the feature that creates a virtual hard disk and if you want to keep a program or file you downloaded you have the choice of erasing it via restart or keeping it on your virtual hard disk. The 2008 version is the easiest version to use and it's FREE!!!:up:


----------



## aka Brett (Nov 25, 2008)

RaZkaL413 said:


> I have been using Returnil Virtual System for quite a while now and have had zero problems. I like the feature that creates a virtual hard disk and if you want to keep a program or file you downloaded you have the choice of erasing it via restart or keeping it on your virtual hard disk. The 2008 version is the easiest version to use and it's FREE!!!:up:


I have the guest pc set up with it....reboot and the machine is just the way it was before they got on it
Not practical though for what I use a pc for as I do want to keep my changes....but not the ones that weren't intended...Most of us get nailed while surfing the net basically so a sandboxed browser being "restored" at will eliminates the unexpected infection.


----------



## Stoner (Oct 26, 2002)

aka Brett said:


> ..........................................Most of us get nailed while surfing the net basically so a sandboxed browser being "restored" at will eliminates the unexpected infection.


This has been my experience.
I also like being able to whitelist the apps that are allowed to run, and connect to the Internet, from within Sandboxie.


----------



## aka Brett (Nov 25, 2008)

Stoner said:


> This has been my experience.
> I also like being able to whitelist the apps that are allowed to run, and connect to the Internet, from within Sandboxie.


I havent messed with those settings yet.as I mainly run the browser sandboxed...I also sandbox my pdf viewer {foxit reader}..but they dont need internet access.
So in theory what you are doing is denying any malware that may be in the sandbox from having internet access{if you pick up any}

If I wanted to only allow only firefox to access the internet do I just add this file to the list?


----------



## Stoner (Oct 26, 2002)

aka Brett said:


> ..........................
> 
> If I wanted to only allow only firefox to access the internet do I just add this file to the list?


I go Sandboxie....ShowWindow>Sandbox>Default> Sandbox Settings>Restrictions............ and insert the apps I allow to run in Sandboxie and the ones I grant access to go online.
Note: plugin-container.exe is a Firefox element that needs to be allowed or some elements of Firefox won't work in the 3.x versions.


----------



## aka Brett (Nov 25, 2008)

Stoner said:


> I go Sandboxie....ShowWindow>Sandbox>Default> Sandbox Settings>Restrictions............ and insert the apps I allow to run in Sandboxie and the ones I grant access to go online.
> Note: plugin-container.exe is a Firefox element that needs to be allowed or some elements of Firefox won't work in the 3.x versions.


Got it:up:
Piece of cake


----------



## aka Brett (Nov 25, 2008)

You might be interested in this
Forces an application to open sandboxed


----------



## Stoner (Oct 26, 2002)

Good idea.


----------



## Juli007 (Feb 22, 2010)

I use Avast 6 with Sandbox built-in. *I LOVE IT*. I always schedule it to run when the PC is turning on. I rate it *10 STARS*.


----------



## aka Brett (Nov 25, 2008)

Juli007 said:


> I use Avast 6 with Sandbox built-in. *I LOVE IT*. I always schedule it to run when the PC is turning on. I rate it *10 STARS*.


Will it sandbox the browser but still let you maintain history and favorites?
Recover files downloaded to original folder?
Is it light?
That is what I like about SB ...very light easy and efficient.

I could be swayed away with something else better though


----------



## Stoner (Oct 26, 2002)

I guess I'll find out more about the Avast sandbox when I update to version 6 permanently....and read the help files.
I installed it briefly, but didn't like the warning it posted about my Corel calendar being malicious and needing to be sandboxed.......it isn't, so I reverted back to version 5, not liking to see bugs/false positives jump out so early.

I'm not finding much about the Avast6 sandbox's options.
Does it whitelist what is allowed to be run in the sandbox along with a browser session?
Does it whitelist what is allowed to access the internet through a sandboxed browser session?
Those are strong points for Sandboxie, imo.


----------



## Juli007 (Feb 22, 2010)

Stoner said:


> I guess I'll find out more about the Avast sandbox when I update to version 6 permanently....and read the help files.
> I installed it briefly, but didn't like the warning it posted about my Corel calendar being malicious and needing to be sandboxed.......it isn't, so I reverted back to version 5, not liking to see bugs/false positives jump out so early.
> 
> I'm not finding much about the Avast6 sandbox's options.
> ...


However, like it. You want a antivirus without sandbox or one without it?


----------



## Stoner (Oct 26, 2002)

Juli007 said:


> However, like it. You want a antivirus without sandbox or one without it?


I put more importance on the abilities of the individual products than the convenience of bundled software.
So it just depends on how well the Avast 6 sandbox compares to Sandboxie as to whether I'd use it.

So far, I haven't found much information about the available options in the Avast 6 sandbox.


----------



## aka Brett (Nov 25, 2008)

Stoner said:


> I put more importance on the abilities of the individual products than the convenience of bundled software.
> So it just depends on how well the Avast 6 sandbox compares to Sandboxie as to whether I'd use it.
> 
> So far, I haven't found much information about the available options in the Avast 6 sandbox.


Same
I have sandboxing with kaspersky..I dont use it as it doesnt have the flexibilty of sandboxie


----------

