|
Protect against malware by running suspicious software safely
|
|
The following comments relate to this news article:
article published on 4 September, 2009
We added a couple of new entries to our Guide section lately. One of these new guides is a relatively simple guide on running potentially harmful executable files safely in Windows. It could be useful for running .EXE files found on file sharing sites or networks, or any program you are otherwise suspicious about.
It utilizes freeware software that some of you more safe users will already ... [ read the full article ]
Please read the original article before posting your comments.
|
Senior Member
|
4. September 2009 @ 03:01 |
Link to this message
|
|
Interesting. I suspect this wouldn't protect you from a piece of malware that dug up sensitive information from the user's hard drive and sent it back to its master though?
|
|
Advertisement
|
|
|
|
Staff Member
|
4. September 2009 @ 06:10 |
Link to this message
|
Originally posted by nonoitall:
Interesting. I suspect this wouldn't protect you from a piece of malware that dug up sensitive information from the user's hard drive and sent it back to its master though?
Well a program can access the Internet and can read from the hard drive so it is a possibility but that's generally where a firewall, or at least something with Program Control to manage what programs are allowed Internet access comes into play. Also, it's very easy to just terminate the program with Sandboxie, as you would probably be suspicious if you run it and you don't see anything happening. The point here about running possible harmful files with this software is you prevent an infection weeding into the system.
|
Senior Member
|
4. September 2009 @ 07:14 |
Link to this message
|
|
Yeah, I know. This does appear to be an effective means of protecting the system itself from harm. I think I'll stick with virtual machines for shady program usage though. :-P
|
Staff Member
|
4. September 2009 @ 07:54 |
Link to this message
|
Originally posted by nonoitall:
Yeah, I know. This does appear to be an effective means of protecting the system itself from harm. I think I'll stick with virtual machines for shady program usage though. :-P
Ye that would be the safest way for sure but there are just two disadvantages, firstly its not as easy, and secondly, depending on the system, if you try to run certain software in a virtual environment you might get a performance hit, whereas with Sandboxie, the program runs normally, Sandbox just controls what where it writes to the HDD. I think a setup of Sandboxie + Firewall with program control and you have a very good system there to keep safe :-) I've been meaning to put up a program control guide for a while, I just can't settle on the right software to go with, it has to be free, and it has to not be annoying ;-)
|
Member
|
4. September 2009 @ 08:40 |
Link to this message
|
I have been using this program forever. If you don't care to have virtual machines etc you cannot beat this program. It does not bog down your system at all. You will not really notice any change as far as functionality and you can run anything in the sandbox. I know I like to try out different programs and such that I have hard of. It can be a hassle if you hate it and uninstall and crap is still left in your registry. Everything you run in the sandbox will not have an effect on your registry settings. You don't like what you've installed? Just delete the sandbox and everything is gone. I run my browser in the sandbox. I don't even bother with having antivirus software anymore because I do everything in the sandbox and there is virtually no chance of me getting a virus.
This message has been edited since posting. Last time this message was edited on 4. September 2009 @ 08:41
|
|
ahiah9
Member
|
4. September 2009 @ 09:15 |
Link to this message
|
I don't even bother with having antivirus software anymore because I do everything in the sandbox and there is virtually no chance of me getting a virus.
Wow... I've been using Sandboxie for about 3 years, but still have the AV. PC use without that just seems a little to... Mac? :p
|
Member
|
4. September 2009 @ 09:27 |
Link to this message
|
Originally posted by ahiah9:
Wow... I've been using Sandboxie for about 3 years, but still have the AV. PC use without that just seems a little to... Mac? :p
I don't have a mac. The only reason I have had antivirus software was because sometimes other people (family) use my machines and they don't have good sense. Antivirus software is not the necessity people think it is. Most of the time people get infected because of their own ignorance. People opening up attatchments sent from people they don't know or messaging programs etc. Also they seem to like IE which is a virus waiting to happen. I have set up the more commonly used programs to execute in the sandbox to stop something like that from happening. My brother can't seem to stay away from those damn porno sites, using IE no less lol.
|
|
Mez
AfterDawn Addict
|
4. September 2009 @ 12:01 |
Link to this message
|
Looks great! I will need to down load this puppy before I forget.
I ALWAYS disable the network before I do anything that try to use the internet. In fact I only enable when I need it. I have gotten a warning once after installing some software. It complained that the internet was down when nothing should have been doing that. I couldn?t find the Trojan for a good long time. Finally I made a very nasty call to the software company. I assumed it had a virus. They confided that it was only trying to register the software. I uninstalled the software and I never saw the message again.
By not starting up with the network off, you insure your firewall ect is fully up and running before you get internet access. I do not wish to get auto updates for anything. They cause much more troble than the solve. If I have a problem then I update otherwise I do not. I have had far less if any incompatibility problems since I wised up.
I do not trust firewalls much. I keep an IP blocker as well. I gives me the creeps how much info gets blocked I assume because the firewall let it in. There is all sorts of add ware trying to spy on you to say the least.
This message has been edited since posting. Last time this message was edited on 4. September 2009 @ 12:06
|
|
SoCalSRH
Member
|
4. September 2009 @ 12:34 |
Link to this message
|
|
cool. i've never heard of this before. i'll give it a try. thanks for the review/guide dela.
|
|
joe777
Member
|
4. September 2009 @ 14:13 |
Link to this message
|
Quote:
as you would probably be suspicious if you run it and you don't see anything happening.
He he he he he he How many time have folks read comments on sites saying "I ran the keygen and nothing happened, this keygen doesn't work"
And then you see a comment saying "oh yes it works, but not in the way you imagined it to" ET PHONE HOME.
Anyway if your a gamer then run a dual-boot with windows for your games and *nix for virus free computing, well almost virus free but you get the picture eh. However sandboxie has been around for some time and is a hell-of-a good idea for folks that want to be safe and not sorry. Well done, for informing the community of this great little app.
This message has been edited since posting. Last time this message was edited on 4. September 2009 @ 14:14
|
Senior Member
2 product reviews
|
4. September 2009 @ 15:48 |
Link to this message
|
As others have said, Sandboxie is a great tool for keeping a malware-free system. I usually run all of my browers in a sandbox for this purpose.
|
Staff Member
|
4. September 2009 @ 22:18 |
Link to this message
|
Originally posted by SoCalSRH:
cool. i've never heard of this before. i'll give it a try. thanks for the review/guide dela.
Originally posted by joe777:
Well done, for informing the community of this great little app.
Cheers guys! :-) I actually have been using it myself for quite some time now and I think I added it to my list of stuff to do when I saw that it had less than 2,000 downloads on AfterDawn - people just aren't really aware of it, which is a shame.
|
|
rvinkebob
Member
3 product reviews
|
4. September 2009 @ 22:52 |
Link to this message
|
|
I'm surprised I just found out about this. I always had to run malicious software through qemu or VMWare but this is far easier and much more practical.
Thanks very much for this!
|
Staff Member
|
4. September 2009 @ 23:15 |
Link to this message
|
Originally posted by rvinkebob:
I'm surprised I just found out about this. I always had to run malicious software through qemu or VMWare but this is far easier and much more practical.
Thanks very much for this!
You're welcome. It really does help, especially if run in conjunction with a program control-enabled firewall.
Any of you guys have any suggestions for related items I can put up. Have been thinking of some virtualization stuff, some encryption stuff etc.
|
|
jony218
Suspended due to non-functional email address
|
5. September 2009 @ 03:38 |
Link to this message
|
I've used sandboxie before but was unsure of it's effectiveness and the setup can be a little complicated. Right now I just use "returnil" virtual system(freeware), for me it's much simpler, when enabled it places the entire c: drive into virtual mode(this process is immediate). Any virus/malware encountered will only live in the virtual world. The only drawback is you need to reboot to come out of virtual mode.
Sandboxie is more of a software for people who have a good understanding of security threats and will setup sandboxie accordingly.
Sandboxes and virtual systems are the only security software that can defeat (or at least make non-permanent) virus/malware. Anything that bypasses your firewall/antivirus probably won't make it through a virtual system.
|
|
FreqNasty
Newbie
|
5. September 2009 @ 06:38 |
Link to this message
|
A word of note - Sandboxie will not run on 64 bit Windows unfortunately.
|
Staff Member
|
5. September 2009 @ 15:28 |
Link to this message
|
Originally posted by FreqNasty:
A word of note - Sandboxie will not run on 64 bit Windows unfortunately.
I never mentioned that in the guide, I'll add that in now.
|
|
dorkydork
Suspended due to non-functional email address
|
11. September 2009 @ 11:19 |
Link to this message
|
|
This only solves half the problem. If it can still connect to the internet and send data back home how is that safe from stealing your passwords or reporting key presses?
If this program added in a network monitor that tells you when it's making a network call and inspects the data for you AND let's you inspect it and stop the call then you've got a great program.
The whole Windows environment needs all it's software to run like this all the time. Let the user see exactly what everything is doing in his or her system.
|
Senior Member
|
11. September 2009 @ 15:03 |
Link to this message
|
That's what the firewall is for and does. We sure don't need any more of that AUC crap and most people aren't going to understand what they are even looking at if we did lets say a packet inspection.
I ran Sandiebox for a long time but finally gave up on it as it's too much bother for the minimal protection you may get from it. Most malware/trojans lay dormant for some time so you won't catch them in the sandbox any how. You can run antivirus on them while in the sandbox but even AV packages won't protect you fully and these days all of the false positives makes it hard to even trust your AV protection.
I'm testing a new AV Suite Avast!Professional Family Pack - antivirus for home networks and it has a sandbox in it that you can add whatever browser you want to it. It looks intersting, it is cheap, it will push updates as you get 1 server & 10 workstation licenses with it. So that is the direction I will go in, once again I wasn't impressed by Sandboxie.
|
|
Advertisement
|
|
|
|
senator29
Junior Member
|
11. September 2009 @ 16:01 |
Link to this message
|
for those concerned with the transmission of personal information from malware within sandboxie, yes a firewall either hardware or software that monitors for personal data is best bet.
but i have had a few programs that sandboxie alerted me of suspicious file access and internet communication and blocked it. you can even set it so a sandbox has certain resources before executing the program
|
