New Sandboxie Review

If you want to say something nice about Sandboxie
Post Reply
Unknown_User_405
Posts: 0
Joined: Wed Dec 31, 1969 7:00 pm

New Sandboxie Review

Post by Unknown_User_405 » Wed Sep 13, 2006 10:15 am

Ian 'Gizmo' Richards just reviewed sandbox programs in his recent Support Alert Newsletter. 'Our' Sandboxie did great. Here's his review...Slim Jim
EDITORIAL

This month I'd like to show you my (Gizmo Richards) test results for sandbox programs. Of the eight programs I tested, four provided excellent protection against malware while the other four flopped badly. Only one program of the eight passed all the tests with flying colors.

Sandbox programs are security products that allow you to run programs in a kind of virtual PC or sandbox created on your real PC.

The aim is clear: to isolate malicious programs from infecting your real PC by confining them to the sandbox.

The most common application for sandboxing is web browsing. By running your browser in a sandboxed environment your real PC cannot get infected by malicious sites and infected downloads.

Well that's the promise; as we shall see, only half the sandbox programs tested delivered on this promise.

I managed to locate eight sandbox programs. Actually I found quite a few more that looked like sandboxes but were actually programs that allowed you to reverse any changes in your systems. These "go-back" programs are actually quite a different class of product and I'll look at these separately in the near future.

To evaluate the sandboxes I used a series of seven different tests based on my own standard tests and additional tests from kareldjag.over-blog.com.

The first test was the most important: could the sandbox protect the "real PC" from infection when browsing to a hostile "drive-by download" web site?

Four products passed this test with flying colors. These were:

SandBoxie
GreenBorder
(censored)
ShadowSurfer

The four products that flunked the "drive-by download" test were:

Altiris SVS
GeSWall
VELite
Virtual Sandbox

As these last four products failed the most important test, I didn't evaluate them further.

The next test was to try to terminate the sandbox using a program running within the sandbox. A sandbox really needs to pass this test otherwise its protection may be rendered useless by aggressive malware running in the sandbox.

All four programs did well and resisted most of the different termination methods I tried. SandBoxie failed one test which involved rebuilding the Service Descriptor Table (SDT) and then termination with Diamond Computer System's Advanced Program Termination utility. This is an obscure attack and I've communicated with the developer of SandBoxie so that he can cover this small hole in its otherwise excellent defenses. A fix is on the way.

In fact, the four top products passed most of my tests - an impressive performance. However only one managed to pass all seven.

That product was GreenBorder and based on that performance I'd have to rate it at the top of the pack. It was also one of the best implemented products.

It was also the most expensive. Now that really surprises you doesn't it? :>)

Sandboxie is the cheapest product of the four; it's free. More accurately it's donationware. However it provides great protection and hopefully the developer will soon fix its one small weakness.

In truth, all four products are excellent and get my hearty endorsement. They will provide robust protection for your PC against the most hostile malware.

Do you really need one of these products? It depends on your risk level.

If you are a low risk user who only rarely installs programs, doesn't use P2P networks and only browses to well known web sites then you don't need a sandboxing program. You can instead rely on your normal anti-virus, anti-spyware and firewall software to protect you.

However if you are a higher risk user then a sandbox program will provide you with the level of protection you really need.

There is another caveat. I know from subscriber letters that these sandbox programs can cause problems on some PCs.

In fact, if you have one of these troublesome PCs, none of these products may work. These cases however should be in the minority; most folks won't have any problem at all. Certainly I haven't. But remember to backup before installing any of these programs

In this brief editorial I've only covered the main findings of my tests. For a full analysis and more detailed product guidance check out the full report on the Support Alert web site.
http://www.techsupportalert.com/securit ... zation.htm

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest