New Sandboxie release question | Gen-Tech | Forums

A A A

Please consider registering
guest

Log In Register

Register | Lost password?
Search
Advanced Search
Advanced Search:

— Forum Scope —



— Match —



— Forum Options —




Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
New Sandboxie release question
Topic Rating: 0 (0 votes) 
March 2, 2010
10:08 PM
Wheezer
dotTechie
Forum Posts: 786
Member Since:
May 28, 2009
Offline
1
0

I was going to download and install the new Sandboxie release tonight. It now supports windows 7, 64bit. But then I saw that there was a "Notes about 64bit edition" page.

I went to the page and read it. After taking two asprin for the headach I got reading the page, because of my inability to understand what I was reading, I found myself left with a question.

Is installing this version worth having? Or is it just going to make my computer crash? Or does all that other stuff they're talking about fix the stuff that doesn't work? Or maybe it's time to forget about Sandboxie and try something else?

I'm wondering if some of you with more tech knowlege than me could take a look at the page, then give me your opinion.

The page is at: http://www.sandboxie.com/index…..BitEdition

Thank you!

                       wheezertech.forumotion.com
March 2, 2010
10:45 PM
Ozzie
Novice
Forum Posts: 0
Member Since:
May 6, 2009
Offline
2
0

Hey there, Wheezer! I used to use Sandboxie, but a couple of years ago switched to Geswall (http://www.gentlesecurity.com/). It, too, virtualises the browser. I find it preferable to Sandboxie. You can set the security level on it. It really is a set and forget program. I have mine set at the medium level and there has never been a problem. If I download anything it is automatically sandboxed, no matter what the file size. If I am happy with it, I just copy and paste the file to take it out of the virtualisation. I noticed recently that it is also protecting UTorrent – so anything that I download via UTorrent is also automatically sandboxed (that has been a recent development). You can choose to run your browser protected or unprotected, whatever suits. But it's definitely worth a look as an alternative to Sandboxie.

Hi-diddly-ho, Ozzie must go … See you round, dotTechies!
March 2, 2010
11:25 PM
AlanR
Disciple
Forum Posts: 205
Member Since:
February 25, 2010
Offline
3
0

Ms. Ozzie.

 

Which version of GeSWALL are you using? Freeware or Pro.?

I could not find any comparison of the two on the GentleSecurity website – do you know advantages/drawbacks between them.?

 

Hope this does not keep you from your tome-work. WinkLaughLOL

SEEK (Google) and yea shall find. Ars Longa, Vita Brevis.
March 3, 2010
5:26 PM
karen
Washington, DC Metro Area
dotTechie
Forum Posts: 878
Member Since:
November 1, 2009
Offline
4
0

Wheezer – maybe this will help…

Basically, 64-bit versions of Vista (service pack 1) and Win7 are "natively" more secure than the 32-bit versions.  In 64-bit versions, the kernel (the heart of any OS) is more protected from tampering.

Programs like Sandboxie were originally designed to work by inserting code that can "watch" other code into the kernel.  64-bit windows does not allow this; in fact, it sees it as malicious behavior and crashes the computer.

So Sandboxie has done some work-arounds that are not perfect because some programs could possibly communicate outside of the sandbox.

 

One thing that the webpage does mention is that some Win7 flavors (Pro and Ultimate) have the ability to run programs in XP compatiblity mode.  So in this case, if you really want to use Sandboxie and want the more total protection that the 32-bit version offers, you can download and install the 32-bit version and set it up to run in XP-compatibility mode (right click on the program and the compatibility mode is somewhere in the Properties.

March 4, 2010
4:20 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
5
0

Wheezer said:

I was going to download and install the new Sandboxie release tonight. It now supports windows 7, 64bit. But then I saw that there was a "Notes about 64bit edition" page.

I went to the page and read it. After taking two asprin for the headach I got reading the page, because of my inability to understand what I was reading, I found myself left with a question.

Is installing this version worth having? Or is it just going to make my computer crash? Or does all that other stuff they're talking about fix the stuff that doesn't work? Or maybe it's time to forget about Sandboxie and try something else?

The page is at: http://www.sandboxie.com/index…..BitEdition

Thank you!

 

Hi Wheezer! Smile

The 2 aspirins were fully justified; Smile There are 2 reasons:-

  1. the html is not written in a simple manner. It is "geekspeak"; not "plainspeak" Frown
  2. the html does not say if sandboxie "should" or "should not" be used. It says "can be used", it does not say "should be used". There is a huge difference between "can" & "should" as you know. The guy who wrote decided the "can" part. That was the easy part. Only Wheezer can define the "should" part………which is the more difficult part.  Frown

Wheezer Sandboxie should definitely not be used on your Win7 64 bit machine. Having answered you, let me know throw out the jargons & explain. Wink

Simple Stuff:-

  1. There are only 2 things essentially – files & registry. Bad boy apps screw up both. AV's etc are nothing but sentries & medicines to catch & remove pests. Since some pests are cleverer than AV's they can neither be caught or cured.
  2. Sandboxie is like a huge barricade. Whatever is downloaded inside that barricade can't get out of it. So "bad boy apps" inside the barricade cannot screw up your files or registry. So you are safe even if you have a "bad boy app" inside your barricade rather than outside your barricade. Barricaded aka Sandboxied apps have their file settings & registry settings totally seperate & different from the file settings & registry settings of your main comp. Got it?
  3. So now there is only one simple question does Sandboxie provide you a good strong barricade or not?

 

It provides a lousy barricade in your context aka Win7 64bit. *Therefore avoid Sandboxie totally like you would avoid plague*. Again "simple stuff explanation":-

  1. The innermost core of your OS is the kernel just like your innermost core is your soul. If the core gets screwed or the core goes nuts everything gets screwed up
  2. 64 bit OS has a more secure core. It keeps out anything which tries to fool around with it – ironically it even interprets Sandboxie's helpful intentions as "tampering" or "intrusion". Ironical but true. So do not go for Sandboxie.
  3. This core also can be fooled. To use an analogy if an app (aka Sandboxie) wears a perfume e.g. musk. All those workarounds are the "can" part rather than the "should" part. *Stay away from it Wheezer*.
  4. Look at it logically. If the Microsoft team wanted the core to be buddy buddy with Sandboxie they would have coded Win7 64 bit core to behave accordingly & perhaps even live with Sandboxie as "man & wife". They (Microsoft) didn't.
  5. Ok you'll ask – then why were the workarounds offered. The work arounds were offered for reasons not all of which were noble. Haven't you noticed the following things Wheezer:-
    1. Fewer apps run in Win7 on date vs Vista or Xp. Do you think the Win7 team is able to sleep well at nights? So what do those guys do. They try to find out how an app can "buddy up to the core" aka let it wear musk perfume, possibly a lovely red veil, hair styled this way rather than that etc etc. What a lot of BS!
    2. 64 bit Win7 is not performing as well as 32 bit Win7. Read what Ashraf himself has said on this. So the guys at Redmond get even more desperate & sleepless. They provide tweaks
    3. By tweaking Win7 64bit or Sandboxie or both you could screw up either or both. Why take the chance?
    4. You've read our forums & main blog. 2 people (Samuel) & (Conn09) say that it is safer to buy Win7 only after Win7 Service Pack is introduced. Samuel indicated in the European Vigilance case or was it the OS dottechie survey (I don't recollect – read Samuel's last remark at least; its on the end of that thread btw). Samuel is very sharp like other dottechies & he is also very simple in putting things.
    5. Similarly you could screw up things by running in compatibility mode & ratcheting down. Compatibility mode running is no magic remedy or snake oil btw – refer main blog O&O disk defrag for reference. Fiddling around with Kernel for security is pretty high fallutin stuff dear friend. Please avoid it.
    6. Why add to your problems? Why be a guinea pig (leave those animals only to Animal Planet). Don't let them into your home. Keep Sandboxie out my dear dear friend.

So now what to do. 2 solutions:-  Smile

  1. Use something else. Choose something which loves getting married to the Win7 64 bit core & which would not ever seek a divorce from it simply because it loves that core with its entire heart & soul. SmileThis is preferrable or
  2. Use Locutus solution – partition your laptop for 2 OS. One would be Win7 64 bit. Another one could be either Win7 32bit, Vista or Xp. You are a careful & intelligent person. You also have dottechies by your side always. Chances of a bad boy app shafting you are bleak

Don't get carried away by nearby well meaning friends telling you that Win7 64 bit is a clever bloke who has a hopper which can hop from 64 bit apps to a 32 bit apps & back based upon a feature functionality. The best proof I can offer is even the US govt still uses WinXp. Even if no one else is smart the govt always is. Mind you they hadn't shifted to Vista either

OS "hopping between 32 bit & 64 bit" is better avoided for now till the OS stabilizes worldwide.

That's my suggestion dear friend. The humour was to only wipe off the after effects of the 2 aspirins rather than adding to them. Wink All the best

Ramesh Smile

 

March 4, 2010
6:30 AM
Ozzie
Novice
Forum Posts: 0
Member Since:
May 6, 2009
Offline
6
0

AlanR said:

Ms. Ozzie.

 

Which version of GeSWALL are you using? Freeware or Pro.?

I could not find any comparison of the two on the GentleSecurity website – do you know advantages/drawbacks between them.?

 

Hope this does not keep you from your tome-work. WinkLaughLOL

 

Hi AlanR! I use the freeware version. It does the job. I know I saw a comparison somewhere, but alas the "tome work" (brilliant!) means I can't search for it right now. Basically the Pro version enables you to protect a range of different things on your comp, rather than just your broswer. I will endeavour to find the exact list later on. But as I said, the freeware works just fine for my needs.

Hi-diddly-ho, Ozzie must go … See you round, dotTechies!
March 4, 2010
1:30 PM
Wheezer
dotTechie
Forum Posts: 786
Member Since:
May 28, 2009
Offline
7
0

Karen, I like your explanation. That's what I was looking for. Altho I got the impression that running it on my system probably wouldn't be the best thing to do. Which is ok, better to find out now than later.

I want the protection, but not a crashing computer.

I read Ozzie's suggestion, but when I went to the GeSWall site and read about it, I found myself wondering if it is really a vertualization program. I got the impression that it just watches the changes made to a computer and then un-does them if there is a problem.

If I'm right, that deosn't sound like protection. Because if a program has access to the inner workings, why couldn't it plant something in there that would alow it to work around GeSWall?

So now I'm wondering if Returnil (free version) might be a better way to go? From what I read in Ashraf's articles it sounds pretty good.

What-cha-think?

And if I'm wrong about GeSWall, please let me know.

(Karen & Ozzie: Check your PM)

                       wheezertech.forumotion.com
March 4, 2010
2:08 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
8
0

 

In my opinion, Sandboxie on a 64bit machine is still a great security layer as opposed to having no restriction or sandboxing especially for browsers. Just harden your sandbox settings so that only the programs that you want will run and have internet access. If enumerating all the programs one by one sounds a bit tedious, you can go to sandbox settings > restrictions > start/run access and add "*.exe" , minus the quotes. That setting basically places a restriction that only programs on the machine will run and not malware that is accidentally downloaded inside the sandbox through your browsing.

 

With regards to GesWall, I believe they don't have a 64bit version just yet. DefenseWall doesn't have one as well so for now you're limited to either use Sandboxie 64 or not.

 

@Wheezer

GesWall is policy virtualization and is not as transparent as Sandboxie is i.e. with Sandboxie, the file changes can be viewed by simply going to the sandbox folder and browsing its contents.

With GesWall, you launch a program under its supervision and it runs with very limited rights. Say you launch and surf with your browser, the cache and downloaded files are exactly where they're supposed to be but is monitored by GesWall which limits what they can do on your pc.

March 4, 2010
3:48 PM
karen
Washington, DC Metro Area
dotTechie
Forum Posts: 878
Member Since:
November 1, 2009
Offline
9
0

Wheezer – I'm not sure how much more help I can be.  I've never used Sandboxie, GesWall, ReturnNil, etc.  I'm not sure how they compare to each other or the differences in their technologies.

I just use a "naked" browser to surf the net.  Well, I do have the native Win7 firewall, Avira Pro, and run AdBlock Plus and NoScript with FF3.6.  So maybe a partially clothed browser.Laugh

If you really want to be safe, use either a virtual OS (see Locutus's blog posts on using VirtualBox) or even a Live CD (i.e., bootable) linux flavor.

March 4, 2010
10:18 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
10
0

karen said:

Wheezer – I'm not sure how much more help I can be.  I've never used Sandboxie, GesWall, ReturnNil, etc.  I'm not sure how they compare to each other or the differences in their technologies.

I just use a "naked" browser to surf the net.  Well, I do have the native Win7 firewall, Avira Pro, and run AdBlock Plus and NoScript with FF3.6.  So maybe a partially clothed browser.Laugh

If you really want to be safe, use either a virtual OS (see Locutus's blog posts on using VirtualBox) or even a Live CD (i.e., bootable) linux flavor.

I too operate without virtualization or for that matter with this genre of app for the present. Earlier I hadn't found Sandboxie satisfying me, did not know about Geswall & hadn't tried Returnil. I'll now re-explore this matter for my machine

RameshSmile

All RSS
Forum Timezone: America/Los_Angeles

Most Users Ever Online: 253

Currently Online:
22 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

phoenix_rising: 899

karen: 878

Wheezer: 786

yourpalal: 647

PCbasics: 612

ebony: 548

Member Stats:

Guest Posters: 9

Members: 7523

Moderators: 0

Admins: 3

Forum Stats:

Groups: 3

Forums: 17

Topics: 2192

Posts: 15804

Newest Members: faynella, thben7, bekend, asrok, condor, alexluz

Administrators: Ashraf (1741), Locutus (1886), amnesia (270)