Sandboxie to the rescue

[yabbadoo]

When Microsoft pulls the plug on supporting Windows XP in April 2014 with over 40% of businesses and 40%+ of the non-Western world heavily committed to XP and resistant to change, Sandboxie for the ordinary home user will be the saving grace.

Western industry and commerce will be reluctant to upgrade to Win 7 or 8 due to the excessive financial investment involved and will have to rely on their main security systems. The other two thirds of the world do not have the money to throw away on the luxury of upgrading and will continue for many years to come with XP.

I use Sandboxie all the time to open my browser. Being a virtual environment, I do not need any more of MS`s incessant Windows security updates. Although technically an AV is not necessary with Sandboxie, I do have AVG 2014 and a good Firewall. All bugs and other nasties in the sandbox are automatically exterminated on browser closure.

So as for April 2014 and MS`s withdrawal of support ? Who cares, I certainly don`t and expect to be using my XP trouble free for years to come. All due to Sandboxie and the unique genius and generosity of Tzuk.

XP will not be the deciding factor for me to upgrade to Win 7, it will be when my computer dies of old age, with grateful thanks to Tzuk and his wonderful Sandboxie.

[Mr.X]

Absolutely true your words, except the myth Sandboxie is going to cover the whole thing. IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

[Peter2150]

Absolutely true your words, except the myth Sandboxie is going to cover the whole thing. IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

The only problem with Defensewall is it is heading toward obscurity. No X64. I use Appguard and Novirusthanks ExeRadarPro along with SBIE, and I do feel well protected. Both these apps are being kept up to date even with Win 8.1 x64

Pete

[ssj100]

IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

I disagree. What makes you think DefenseWall provides a "deeper kind of protection"? In my opinion, (for example), adding in DefenseWall to Sandboxie results in less protection, due to potential for conflicts and increase in attack surface. I experienced such a conflict first hand when I was experimenting with security setups a few years back.

[Username]

First, I think the number are rather exaggerated for most real companies can afford both a new OS (be it *nix, W7/8 or Mac) and new hardware (say, i5/x4), let alone they have favorable "upgrade-transition";

Second, it's but wrong to pose any software (including SBIE) as the single and only "cure-it-all"; it's simply not true;

Third, as a rule, the default OS settings are rather weak, so better configuration (e.g. no auto-*) can prevent, diminish and mitigate most security issues--without any third-party software and hardware.

Shortly, a test machine under a little configured Xp SP3 x32 with a free SuRun (aka better UAC) and a free SBIE has been working behind a hardware router for over five years till the hardware was decommissioned: no antivirus installed, no trojans/viruses either.

Indeed, a decent HIPS (e.g. Comodo's or now-abandoned ThreatFire) would be a plus, yet as it was revealed, not working as Admin greatly reduces possible threats and suffice. About a dozen of configured no-AV machines proved the concept.

The only possible drawback (except possible incompatibility) of SBIE is that depending on the configuration and environment it still may allow malware to get and send users' passwords/data--compromise the real system. If one is aware and does something to compensate then it's a snowball chance in hell to get compromised--only run a malware as Admin.

Actually, I do believe it's about the user's habits than software limitations

[bo.elam]

In my opinion, (for example), adding in DefenseWall to Sandboxie results in less protection, due to potential for conflicts and increase in attack surface.

I agree. I stopped using DW even though both programs seemed to work very well together. Choosing what to keep and what to drop was easy.

Bo

[Username]

I really doubt that it's ok to compare these different end-point products with different features and purpose: SandBoxIE might be considered as a very lightweight counterpart of DW, yet considering deeper knowledge and understanding, SBIE may be more preferable or not.

SBIE works locally (for sandboxed apps only) whule DW runs globally--for all apps.
SBIE is more transparent for the system/user, however DW is rather restrictive and even intrusive.
Comparing the defensive features, in SBIE a decent malware still can 'steal' data from the host system (yet cannot compromise it otherwise) whereas DW can prevent such actions both in and out of the security perimeter.

Once again, it's the user's knowledge and habits what makes the big difference.

[yabbadoo]

I did not post my OP to inspire a discussion on security and the individual merits of AV programs, I am sure that Tzuk would not want that on his Forum.

I posted it as a seasonal tribute to Sandboxie and one of the most unsung and remarkable security heroes in computer history and to emphasise the insurance that Sandboxie will provide when XP is effectively dumped by MS in April 2014.

Tzuk and his Sandboxie have provided hundreds of millions of ordinary users with a security system which is unbelievably easy to use and as close to perfection as is economically practical, at an extremely low cost to the average customer.

Nothing on this Earth or beyond it is perfect - perfection is an impossibility, but Sandboxie comes very close to practical limits at a cost that hurts nobody.

Every single AV program available is permanently out of date, since they rely on ever growing data bases. They are like a dog chasing its tail and are out of date the moment you update them AND most of them cost a lot more than does Sandboxie.

These AV`s do rely on Windows security patches as a backup, but the whole combination is really a hotch-potch of engineered hope.

With Sandboxie, we have no regard to data bases or for that matter Windows security patches. All we have is a virtual environment - a sandbox - where all the bugs and hackers can have a good time and when the browser is closed, all these nasties are exterminated. They have gone nowhere near our beloved PC residing safely outside the sandbox.

It does not matter how many holes there are in a bucket, so long as there is no water allowed in it.

So by pure coincidence, MS`s withdrawal of support for Wndows XP in April 2014, means absolutely nothing to a Sandboxie user. They can continue enjoying their XP with no trouble at all for many years to come or until they personally choose to upgrade.

My sincere best wishes to Tzuk and all Sandboxie users for a Very Happy Christmas and a Healthy, Successful and bug-free New Year.

[Mr.X]

IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

I disagree. What makes you think DefenseWall provides a "deeper kind of protection"? In my opinion, (for example), adding in DefenseWall to Sandboxie results in less protection, due to potential for conflicts and increase in attack surface. I experienced such a conflict first hand when I was experimenting with security setups a few years back.

How about using Sandboxie just for browsers and DefenseWall for the rest?

[Nix]

IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

I disagree. What makes you think DefenseWall provides a "deeper kind of protection"? In my opinion, (for example), adding in DefenseWall to Sandboxie results in less protection, due to potential for conflicts and increase in attack surface. I experienced such a conflict first hand when I was experimenting with security setups a few years back.

True...

Example: DW protected "Download folder" + "Download folder" as SBIE forced folder run any Microsoft Office files = conflict; don't know if the same implies on the new DW update.
Have to pick one over the other, chose SBIE instead w/ AppGuard. To be fair DW has great protection,easy to use, though not having x64 is a set back, and a bit heavy on the system.

How about using Sandboxie just for browsers and DefenseWall for the rest?

It's ok, but you'll miss the benefit of the HIPS and FW if browser are unguarded by DW

[yabbadoo]

With XP now relying entirely upon auxiliary security programs, can our members comment on using the indomitable Sandboxie in combination with Returnil ?

I have read posts from experienced users who have used these two security programs in combination successfully. It does sound a formidable security package that makes MS updates rather superfluous.

I have had MS updates switched off since December 2013 with no detectable adverse effects.

[bo.elam]

Hi Yabbadoo, if you like to use a Light virtualization program along Sandboxie, instead of Returnil, I recommend you take a look at Toolwiz TimeFreeze (free) or Shadow defender (paid). I have used both and like both, I use SD in my XP and W7. Returnil comes with some kind of antivirus and since you are using an AV, its probably better not to use Returnil to avoid the possibility of a conflict.

In my case, I use SD for testing programs and Sandboxie for security but you can use either of the two programs that I mentioned at the same time with Sandboxie without problems. No conflicts.

Bo

[yabbadoo]

Hi Yabbadoo, if you like to use a Light virtualization program along Sandboxie, instead of Returnil, I recommend you take a look at Toolwiz TimeFreeze (free) or Shadow defender (paid). I have used both and like both, I use SD in my XP and W7. Returnil comes with some kind of antivirus and since you are using an AV, its probably better not to use Returnil to avoid the possibility of a conflict.

In my case, I use SD for testing programs and Sandboxie for security but you can use either of the two programs that I mentioned at the same time with Sandboxie without problems. No conflicts.

Bo

Hello again Bo,

Thanks for that information, I will look up Toolwiz Timefreeze and try it. Don`t really wish to dump my AVG 2014, I have been with AVG a long time now and never had a problem, but I will keep Returnil in mind as a reserve program.

Bo, I have read many of your posts for a few years now on several Forum`s and always find them very informative, constructive and helpful. One of the best posters I have ever come across.

It is now 23.17 on 7 April as I type. I will wait up until the clock strikes midnight and see if my PC turns into a Pumpkin.

Mis mejores deseos querido amigo
Yabbadoo

PS - I have installed TT and like it. Nothing has gone bang yet. At present I am using Sandboxie with TT enabled. Yes Bo, I like it. Thanks.

[Lumberjack]

Absolutely true your words, except the myth Sandboxie is going to cover the whole thing. IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

Absolutely true your words, except the myth Sandboxie is going to cover the whole thing. IMO there's a need for a deeper kind of protection, at kernel level, such as DefenseWall. Then you will be fully covered.

The only problem with Defensewall is it is heading toward obscurity. No X64. I use Appguard and Novirusthanks ExeRadarPro along with SBIE, and I do feel well protected. Both these apps are being kept up to date even with Win 8.1 x64

Pete

First, I think the number are rather exaggerated for most real companies can afford both a new OS (be it *nix, W7/8 or Mac) and new hardware (say, i5/x4), let alone they have favorable "upgrade-transition";

Second, it's but wrong to pose any software (including SBIE) as the single and only "cure-it-all"; it's simply not true;

Third, as a rule, the default OS settings are rather weak, so better configuration (e.g. no auto-*) can prevent, diminish and mitigate most security issues--without any third-party software and hardware.

Shortly, a test machine under a little configured Xp SP3 x32 with a free SuRun (aka better UAC) and a free SBIE has been working behind a hardware router for over five years till the hardware was decommissioned: no antivirus installed, no trojans/viruses either.

Indeed, a decent HIPS (e.g. Comodo's or now-abandoned ThreatFire) would be a plus, yet as it was revealed, not working as Admin greatly reduces possible threats and suffice. About a dozen of configured no-AV machines proved the concept.

The only possible drawback (except possible incompatibility) of SBIE is that depending on the configuration and environment it still may allow malware to get and send users' passwords/data--compromise the real system. If one is aware and does something to compensate then it's a snowball chance in hell to get compromised--only run a malware as Admin.

Actually, I do believe it's about the user's habits than software limitations

I really doubt that it's ok to compare these different end-point products with different features and purpose: SandBoxIE might be considered as a very lightweight counterpart of DW, yet considering deeper knowledge and understanding, SBIE may be more preferable or not.

SBIE works locally (for sandboxed apps only) whule DW runs globally--for all apps.
SBIE is more transparent for the system/user, however DW is rather restrictive and even intrusive.
Comparing the defensive features, in SBIE a decent malware still can 'steal' data from the host system (yet cannot compromise it otherwise) whereas DW can prevent such actions both in and out of the security perimeter.

Once again, it's the user's knowledge and habits what makes the big difference.

It is a pure myth that SBIE does not protect as deep as DefenseWall, on kernel level as well, and it does and can protect the whole thing.
With SBIE you're fully covered, if you know how to configure it it does have restrictions for everything.