Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

sandboxes

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Mon Dec 20, 2004 10:21 pm    Post subject: sandboxes Reply with quote

And no, not the kind you played in as a kid. Wink Out of this list from Eric Howes' site, does anyone have any recommendations or feedback on any of them?

https://netfiles.uiuc.edu/ehowes/www/soft3.htm

Quote:
Sandbox Utilities & Script Defense

Abtrusion Protector
http://www.abtrusion.com/

Abtrusion Protector Personal Edition
http://www.abtrusion.com/

ewido security suite
http://www.ewido.net/en/

Finjan SurfinGuard Pro
http://www.finjan.com/products/surfinguard.cfm

Finjan SurfinGate
http://www.finjan.com/products/index.cfm

Finjan SurfinShield
http://www.finjan.com/products/surfinshield.cfm

pcInternet Patrol
http://www.pcinternetpatrol.com/downloads/pcip.php

Prevx
https://www.prevx.com/

RegRun
http://greatis.com/security/

ShadowSurfer
http://www.shadowstor.com/products.html

System Safety Monitor (SSM)
http://www.kormushkin.narod.ru/
or http://maxcomputing.narod.ru/ssme.html
or http://www.webattack.com/get/systemsafety.shtml

Worm Detector
http://www.kl-soft.com/wd.php

WormGuard
http://wormguard.diamondcs.com.au/


Or others not listed there.

Edited to add: What I'm really looking for is something that I can use while downloading, installing and testing malware, not to warn me about it, but to give me the ability to go back to where I was before getting infected in case the removal tools don't completely remove everything. It looks like ShadowSurfer would do that. But I don't want something that will run all the time, only when I want it to.

TIA.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Longboard
Newbie


Joined: 04 Oct 2004
Last Visit: 04 Mar 2006
Posts: 9
Location: Sydney,Australia

PostPosted: Tue Dec 21, 2004 5:39 am    Post subject: Reply with quote

You might already know, but are these helpful
http://www.winrollback.com/
and Deep freeze or Freeze X http://www.faronics.com/australia/product.asp

Can lock your system while allowing testing then restore.

Be interested to see what you think Smile
_________________
Never seek to know for whom the bell tolls...
Back to top
View user's profile Send private message
Moore
Moderator


Joined: 31 May 2004
Last Visit: 22 Jul 2013
Posts: 758
Location: 같.MooreLand.같

PostPosted: Tue Dec 21, 2004 8:42 am    Post subject: Reply with quote

Hi Suzi..

I know Regrun Gold will allow you to save multiple snapshots / profiles of your registry for restoring later.

I use an older version of Roxio Goback Deluxe as my last resort against anything I cant stop [ not much Twisted Evil ] , a 100 times better than microsofts system restore , has saved me many times from reinstalling. Goback runs in the background though and it's now owned by Symantec , so not sure if its gotten any better or worse.

Shadow Surfer does sound good and Deep Freeze has also been recommended to me.

Also how about Vmware ? I know I saw something good about using this somewhere round the forum.. Wink

Will be interesting to see what other options there are.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Tue Dec 21, 2004 9:01 am    Post subject: Reply with quote

Eric, since you have scripting controls like DCS Wormguard mentioned, shouldn't the other script controls like ScriptSentry be listed there too?
BTW DCS has a process filter available too;
ProcessGuard
http://www.diamondcs.com.au/processguard/index.php?page=download

BTW Suzi, process filtering/firewalling and sandboxing aren't really the same thing as most products mentioned here don't actually allow initiation 'inside the box'. Most would never understand the distinction tho. Smile
Back to top
View user's profile Send private message Visit poster's website
Tank863
Security Expert


Joined: 28 Feb 2004
Last Visit: 19 Jul 2009
Posts: 155
Location: Philadelphia

PostPosted: Tue Dec 21, 2004 1:49 pm    Post subject: Reply with quote

Suzi,

If you can remember way back... I was recoommending the use of the free version of Finjan's Surfin' Guard Pro.

Once Finjan ironed all the bugs out of it, they removed the free part of the equation...

But it is still a program that I use and recommend.

I can honestly say that the computers that I work on, and have installed Finjan SG Pro onto, they have never had an infection....

It is a combination of products that I use... but Finjan has been one of them...

Wink
_________________

Microsoft MVP
Windows Security
2005
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Tue Dec 21, 2004 7:39 pm    Post subject: Reply with quote

Thanks for the info and links. I think what I really want is one of the apps like WinRollBack, Deep Freeze, ShadowSurfer.

Moore wrote:
Quote:
Also how about Vmware ? I know I saw something good about using this somewhere round the forum

I saw that too about Vmware and I went to the site briefly. It looked to me like a network app, not just for one PC, but I could be wrong.


Mikey wrote:
Quote:
BTW Suzi, process filtering/firewalling and sandboxing aren't really the same thing as most products mentioned here don't actually allow initiation 'inside the box'. Most would never understand the distinction tho.

I think I understand what you mean but if you'd like to elaborate, that would be good too.


Tank863 wrote:
Quote:
If you can remember way back... I was recoommending the use of the free version of Finjan's Surfin' Guard Pro.


I do remember that and I still have a quote from one of your posts at computing.net one of my web pages. Smile

I'll see which ones have trials first, then post back about what I use.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Tue Dec 21, 2004 8:58 pm    Post subject: Reply with quote

Suzi,
I'm using SSM, and it is one sweet program.
Unless I'm not reading your post right, you're looking for something that can monitor the entire installation process and tell you what files, folders, reg keys, etc have been added, changed, etc.
I use "Install Spy" and "In Control 5" for monitoring installations. Both seem pretty good. If a system reboot is required by the installation, In Control is better for those. I don't have links for either anymore, but I do have copies if you're interested.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Wed Dec 22, 2004 11:11 am    Post subject: Reply with quote

suzi wrote:
I think I understand what you mean but if you'd like to elaborate, that would be good too.


Well, let's see if I can do it without getting my tang tungled. Smile

Process filtering/firewalling provides a blanket layer over the sys by blocking any initiation not previously cfged and controlled by admin. A trojan, like any of the so called FW tests that require you to initiate in order to "test", is a good example of how the calls are blocked;



This 'blanket' gives us a perception of perimeter, sphere, or 'box' producing exclusion/protection...the main conception of boxing and the common referral as 'sandboxes'.

Sandboxing, on the other hand, is a relatively old concept that differs only marginally with process filtering. A sandbox would let you run inside the 'box' while using all sys resources, yet virtually isolated. It would insure that all 'work' remain in the sandbox untill you decide to make permanant. From your original post, I understood this to be what you seek. The need for which BTW was why I got prematurely excited about sandboxie a couple months ago. Smile It would give many more folks the freedom to do research at home on their personal machines. Unfortunately, the entire concept of sandboxing is very problematic to say the least.

Sorry if this is a bit over-simplified. I probably shouldn't have even mentioned it as the distinction really isn't of much consequence. I just thought that with your particular needs, the mention might add some insight....


Last edited by mikey on Wed Dec 22, 2004 11:22 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Wed Dec 22, 2004 11:18 am    Post subject: Reply with quote

Thanks Mikey. That helps me and I'm sure it will help others too. That's essentially what I thought, so you confirmed it. Yes, sandboxing is what I want. I thougt I remembered you posting about a sandbox app previously, but I couldn't find it.

What happened to sandboxie? Did it not turn out to be what you expected?

When you say the concept of sandboxing is problematic, what do you mean? I understand it can be tricky to use the apps and potentially problematic if you are not paying attention to what you are doing.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
war59312
Junior Member


Joined: 21 Dec 2004
Last Visit: 04 Mar 2006
Posts: 20
Location: U.S.A

PostPosted: Wed Dec 22, 2004 11:29 am    Post subject: Reply with quote

I use WinRollBack Private to roll back changes.

http://www.datapol.de/dpe/prod/winrollback/index.html
_________________
God Bless America
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Fri Dec 24, 2004 12:17 pm    Post subject: Reply with quote

suzi wrote:
What happened to sandboxie? Did it not turn out to be what you expected?

When you say the concept of sandboxing is problematic, what do you mean? I understand it can be tricky to use the apps and potentially problematic if you are not paying attention to what you are doing.


Problematic in the dev sense. To build a method to confine and control all action inside a subset of the shell is a pretty high expectation...tho you would likely be correct about user competence as well. Smile

As for sandboxie; He's got a new upgrade. I'm sorry to say that I haven't taken time yet to check it out. A ware such as this and being new means giving it a bit more attention than the clock allows lately. If you want to give it a look, you can find the DL and his forum here; http://www.sandboxie.com/ It's on my 'to do' list tho. Smile
Back to top
View user's profile Send private message Visit poster's website
Ad/Subtract
Newbie


Joined: 12 Sep 2004
Last Visit: 24 Mar 2005
Posts: 7

PostPosted: Thu Mar 10, 2005 8:43 pm    Post subject: Reply with quote

Has anyone checked out the latest version? It's reported to be compatible with any browser or software running. Seems like an ideal shield for internet travel, without picking up parasites that may want long term relationships with you or your box.
http://sandboxie.com./
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Thu Mar 10, 2005 11:28 pm    Post subject: Reply with quote

There is a discussion about it here that you might find helpful:

http://www.dslreports.com/forum/remark,12802027~mode=flat
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Ad/Subtract
Newbie


Joined: 12 Sep 2004
Last Visit: 24 Mar 2005
Posts: 7

PostPosted: Sat Mar 12, 2005 7:51 pm    Post subject: Reply with quote

Thanks a lot. I had trouble running Firefox in Sandboxie until I uninstalled ZoneAlarm and installed Kerio for firewall protection. Now I'd like to see how Sandboxie stands up to a test like Eric Howes is doing with the Adware apps. Perhaps this will satisfy many user's requirements for safe internet surfing, regardless of their browser of choice, without concern for longlasting malware relationships. Who knows, if this app has the power, multiple antiadware apps may no longer be required.
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Sun Mar 13, 2005 4:28 am    Post subject: Reply with quote

Ad/Subtract wrote:
Who knows, if this app has the power, multiple antiadware apps may no longer be required.


Several of the products mentioned in the first post like AP & SSM already make malware scanners practically obsolete. Add content filters like AdShield with Proxomitron and an endpoint packet filter and you will be virtually impregnable. The trick is getting folks to realize that control isn't a one button fix and forget situation.

I've been trying not to talk badly of sandboxie untill it has had a chance to dev some more but, IMO it's no where close to being a sure fire situation. At the very best, it could be used by experts along with monitors to study malware. However, because of the way it handles events, even that is limited because signatures need to be deved from real world scenarios...as the common user would encounter them. That's not what you see with sandboxie.

Also, as you yourself have pointed out, AdSub, it has yet to proove itself even in a normal enviornment...much less with malicious components added to the mix.

IMO It is not yet ready for prime time use. But I encourage those with tech expertise to continue to give him feedback.

JMO


Last edited by mikey on Sun Mar 13, 2005 4:29 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
muf
Warrior


Joined: 22 Apr 2004
Last Visit: 09 Mar 2008
Posts: 73

PostPosted: Sun Mar 13, 2005 4:28 am    Post subject: Reply with quote

My take on the apps i've tried from that list.

Finjan SurfinGuard Pro - This has stopped a lot of dodgy executables, scripts, ActiveX and downloaded files from running. It even stops things like Leaktest, based on it's behaviour. Leaktest is not dangerous(but the way it behaves is). SG Pro recognises the behaviour as dangerous and stops it. So if it was a real malicious app trying the same technique then it would have protected you. It's record for stopping known threats without the need for signatures is very impressive.
Here's a few of the recent threats it proactively protects against.
http://www.finjan.com/SecurityLab/AttackAndExploitReports/default.asp

RegRun - If you want a complete suite that protects everything form the registry to the file system then this is it. Great. So great that i upgraded from the standard version to the Gold version within two weeks.

System Safety Monitor (SSM) - Didn't like this. Too obtrusive. It pops up with an alert if you break wind. Well ok, maybe not that temperamental but it's constant pop-up alerts annoyed the hell out of me and i ditched it.

WormGuard - Great for protection against malicious scripts and worms(of course). I've had numerous times when it's popped up stopping something because of the content. You can allow or stop at your own choice. Look at some of the content and when you see things that are virii associated and you are just running a screensaver you downloaded then you get the choice to stop it and then you can delete the little bugger. It's all heuristic based, so no definition's needed. Takes up no resource as it hooks into the OS. Very nice addition.

Hope this helps.

muf
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Sun Mar 13, 2005 5:28 am    Post subject: Reply with quote

muf wrote:
System Safety Monitor (SSM) - Didn't like this. Too obtrusive. It pops up with an alert if you break wind. Well ok, maybe not that temperamental but it's constant pop-up alerts annoyed the hell out of me and i ditched it.


As an admin, I personally prefer the network control of AP over SSM but all process filters need to be cfged. Unless you are one of those who constantly loads new wares, you will rarely ever see any action after the initial tedious set up.

Again, real control is not a one button premise. Smile
Back to top
View user's profile Send private message Visit poster's website
Moore
Moderator


Joined: 31 May 2004
Last Visit: 22 Jul 2013
Posts: 758
Location: 같.MooreLand.같

PostPosted: Mon Mar 14, 2005 4:35 pm    Post subject: Reply with quote

I've seen quite a few bad reports about Finjan products , but they were based on older versions , hopefully they have improved them with the help of their new research team.


Lately I've been testing the latest versions of Tiny firewall pro from 6.5.44 - 6.5.62 and I'm liking what I see very much , although I cant say I will ever be replacing my trusty Outpost with anything else.

I think I mentioned Tiny in another similar thread , but since it's very good I think it cant hurt to add it here as well.

The sandbox features in Tiny's windows security module are very similar to using SSM/Processguard/Regrun , and packaged all in the one program..

> TINY Link <

Tiny allows you to create application groups for installed programs which you can use to set restrictions on what access they have to various functions in the operating system itself. You can then restrict / control your browser and any other program from DLL and code injection , services installs and registry changes etc ..
> Windows Security Features Link <

Theres also a track and reverse feature which you can use to log installation activity -
> Track & Reverse liNK <

Quote:
Track'n Reverse is a unique engine - capability - literally allowing turning the clock back. Track'n Reverse allows to undo all changes to files and registry (the most important parts of your system) done by selected application or any application started (spawned child applications).

Track'n Reverse engine is particularly suitable to protect the computer against the malicious spyware and trojans brought with the installations of various software programs. Install the trial software, look what it does and when you want to get rid of it click a mouse and see Track'n Revert cleaning your computer reverting all changes to your files, registry and completely wiping up the application from your computer.


I think it's a very powerful system they have produced , always being fine tuned with every new release.

Obviously setting up a program like Tiny that has complete control over your operating system can take a while to fully set up , but for those that want to be in control it's a very good option.

Quote:
muf wrote:
System Safety Monitor (SSM) - Didn't like this. Too obtrusive. It pops up with an alert if you break wind. Well ok, maybe not that temperamental but it's constant pop-up alerts annoyed the hell out of me and i ditched it


SSM is still one of my favourite programs for stopping trojan and malware hijack installs dead in their tracks.

As Mikey mentioned , with programs that have that much power , you need to spend a little time to configure it to reap the full rewards it offers... I still prefer using Blockpost for blocking the known IPs to begin with .. but for the unknown hijacks SSM is great. Cool
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Back to top
View user's profile Send private message Visit poster's website
jlowell
Warrior


Joined: 06 Nov 2004
Last Visit: 13 Feb 2006
Posts: 128

PostPosted: Mon Mar 14, 2005 5:28 pm    Post subject: Reply with quote

Hi suzi,

You might want to take a look at Norton Go Back, I believe it meets all of your criteria. I have NGB on this machine as part of the Norton SystemWorks program but it refuses to cooperate with an aging DOS boot manager I've chosen to employ so I can't use it. It involves dealing with the installation as a phenomenon of the disc, but, somehow, the manner in which the boot manager tries to locate the installation partition after NGB goes into action becomes tangled, so I rely upon back-ups Ghosted from a device on another network computer instead. But I've got three discs and five OSs on this thing, it's complicated. In circumstances where Windows is the only installation, NGB ought to work perfectly well.

jlowell
Back to top
View user's profile Send private message
Ad/Subtract
Newbie


Joined: 12 Sep 2004
Last Visit: 24 Mar 2005
Posts: 7

PostPosted: Fri Mar 18, 2005 8:03 pm    Post subject: Reply with quote

Mikey, regarding Sandboxie:

I think you're correct, but most people on the Net don't want a hi-tech fix. They want the minimum to surf safely. That means minimizing the number of apps to achieve the goal, and maximizing the safety of cruising whatever web page is referenced by...let's say...a Google search for "Your need of the present." If you happen to land on a grungeware site, are offered the latest "you must have this toolbar" click option, or "absolutely require our ..." if you click here option; then the option to dispose of this garbage after surfing the Net is a welcome option. If this app does not live up to its promises, that is a different story. From what I understand of it's developer, its worthy of a trial by those of the best in the business. What do you think?
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Fri Mar 18, 2005 8:55 pm    Post subject: Reply with quote

Ad/Subtract wrote:
From what I understand of it's developer, its worthy of a trial by those of the best in the business. What do you think?


I don't know what to say except to repeat what I've already said. I'm certainly not going to recommend it to the general public. There are much more reliable proactive products around.

mikey wrote:
Ad/Subtract wrote:
Who knows, if this app has the power, multiple antiadware apps may no longer be required.


Several of the products mentioned in the first post like AP & SSM already make malware scanners practically obsolete. Add content filters like AdShield with Proxomitron and an endpoint packet filter and you will be virtually impregnable. The trick is getting folks to realize that control isn't a one button fix and forget situation.

I've been trying not to talk badly of sandboxie untill it has had a chance to dev some more but, IMO it's no where close to being a sure fire situation. At the very best, it could be used by experts along with monitors to study malware. However, because of the way it handles events, even that is limited because signatures need to be deved from real world scenarios...as the common user would encounter them. That's not what you see with sandboxie.

Also, as you yourself have pointed out, AdSub, it has yet to proove itself even in a normal enviornment...much less with malicious components added to the mix.

IMO It is not yet ready for prime time use. But I encourage those with tech expertise to continue to give him feedback.

JMO
Back to top
View user's profile Send private message Visit poster's website
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Fri Mar 18, 2005 9:04 pm    Post subject: Reply with quote

When I first started using SSM, it did alert on every process and every system component. How far that will go depends on what you set it to alert to. I spent a couple hours, starting every application from every possible location and made rules for each one. The hardest part is remembering all of them, especially ones launched by other applications. It's rare I see an alert now, except on the items I want alerts on. It does alert whenever an executable is updated, something of a pain when you run multiple scanners, but its abilities outweigh the inconvenience for me. This is one app I will buy when it's out of beta. For computers with multiple user accounts, SSM could be a goldmine, once you set it up. A lot of the apps I've seen discussed here don't run on my old box, but SSM does very well. I wish sandboxie did. I'd love to try that one.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Ad/Subtract
Newbie


Joined: 12 Sep 2004
Last Visit: 24 Mar 2005
Posts: 7

PostPosted: Fri Mar 18, 2005 9:48 pm    Post subject: Reply with quote

Mikey,

I'm willing to go out on a limb here. I value your opinion, but I think that the internet addicted users that you serve need an app that lives up to its promises. In my opinion, as and average user, this app has great utility for the average user in its current state, and I would recommend it. Others (DSL Broadband) have documented that Sandboxie has effectively dealt with malware installation on websites such as warez.com. So far, Sandboxie has not failed ANY challenge, and the problems addressed to the developer TZUK have been rapidly addressed. This app is definitely worthy of intensive scrutiny while it is still free.
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Sat Mar 19, 2005 5:34 am    Post subject: Reply with quote

@ AdSub;

While I'm sure that your motives here are completely on the high road and have nothing to do with any interest in marketing this product as part of your conglomeration, your comments still do not sway my thinking at all.

I've already stated that I don't want to publically review this product untill it has had a chance to mature some. I wonder why you can't respect that.

The tool, while being a very good effort so far, still has probs. It does not play well with the other resident & peripheral wares already installed. And the sandbox itself is still not foolproof yet. One example of that can be found by running the so called test described here; http://www.spywarewarrior.com/viewtopic.php?t=11406 In addition to what your eyes will tell you, I suggest you also run sys snapshots outside the sandbox...InCtrl5 will work fine. That so called test will give you a visual not afforded by many of the new generation of malwares that can still mask policy changes even from the tools designed specifically to root them out.

Quote:
Several of the products mentioned in the first post like AP & SSM already make malware scanners practically obsolete.

Quote:
IMO It is not yet ready for prime time use. But I encourage those with tech expertise to continue to give him feedback


When & if I'm ever ready to recommend this to the general public, I'll let you know. Untill then,

Quote:
I value your opinion, but I think that the internet addicted users that you serve need an app that lives up to its promises


I'll continue to recommend the products I KNOW do what they promise and there are now several that afford more comprehensive protection than this one.
Back to top
View user's profile Send private message Visit poster's website
jimmytop
Warrior


Joined: 27 Feb 2005
Last Visit: 18 Jun 2007
Posts: 62

PostPosted: Fri Apr 08, 2005 11:51 am    Post subject: Re: sandboxes Reply with quote

suzi wrote:
Edited to add: What I'm really looking for is something that I can use while downloading, installing and testing malware, not to warn me about it, but to give me the ability to go back to where I was before getting infected in case the removal tools don't completely remove everything.


Here's another option that sounds interesting (never tried it though):
http://www.pcreview.co.uk/reviews/Miscellaneous/HD_Guard_Pro/

However, I would personally recommend Microsoft Virtual PC (or VMWare but I've only used VPC). I test all security software, and anything else that I want to install, on a base Win XP SP2 Pro virtual machine first - before ever putting it on my "real" machine. When I'm done testing, I just click "Turn Off and Delete Changes" and the next time I reboot the VM, it's back to the same base clean install that I started with, and I can test the next software. It's like having another machine, purely for test purposes, that you can revert back to any previous condition, whenever you want. I maintain several VM's for different tasks. Like I said, one is just a test VM.

A fully functional, time limited trial is available from Microsoft and I encourage anyone to give it a try if they're interested in this kind of stuff.
Back to top
View user's profile Send private message
Jay
Junior Member


Joined: 22 Mar 2005
Last Visit: 09 Dec 2006
Posts: 13

PostPosted: Wed Apr 13, 2005 12:10 pm    Post subject: Re: sandboxes Reply with quote

suzi wrote:
And no, not the kind you played in as a kid. Wink Out of this list from Eric Howes' site, does anyone have any recommendations or feedback on any of them?

https://netfiles.uiuc.edu/ehowes/www/soft3.htm


TIA.


Hi Suzi,

Can you add "SpyWall" to that list?

It is a browser sandbox/firewall integrated with
anti-spyware.

http://www.trlokom.com/product/spywall.php

Regards,
Jay
www.trlokom.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Wed Apr 13, 2005 9:53 pm    Post subject: Reply with quote

Hi Jay,

Welcome to Spyware Warrior. Smile That list I originally posted is maintained by Eric Howes and I'll mention it to him.

Best regards,

Suzi
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Peter2150
Newbie


Joined: 14 Oct 2004
Last Visit: 22 Apr 2006
Posts: 8
Location: Washington DC

PostPosted: Mon Apr 18, 2005 4:43 am    Post subject: Reply with quote

Hi All

The closest thing to a Sandbox I use is Raxco's First Defense-ISR. In a way it is similiar to Goback without the lmitation of a finite history. (you can lose your ability to goback if you work with large files or to much time passes) FDISR, which does require adequate disk space, allows you to make a snapshot of your complete c: drive, and you can then boot into this snapshot. Once there you can install and run software, modify your system, even totally screw up your system to the point it won't boot. No worry. Just boot back into your primary snapshot and you are back to normal. About a 3 minute copy and the other snapshot also is restored to the same state as the primary. You can use the alternate snapshots just like a sandbox.

Pete
Back to top
View user's profile Send private message
Moore
Moderator


Joined: 31 May 2004
Last Visit: 22 Jul 2013
Posts: 758
Location: 같.MooreLand.같

PostPosted: Tue Apr 19, 2005 9:49 am    Post subject: Reply with quote

Hi , sounds good Pete. Cool I'll have to check it out.

Goback is definitely annoying when it loses the information to go back to.. I have had that many times through too much disk activity , usually at the times when I really needed it. It has also saved me from a OS reinstall more times than I can count, so it has its good and bad points.

I've been running Deepfreeze for a week or so and its another very powerful alternative. I think it's already been mentioned a few times , and it works very well.

All system changes will be reverted back to the original saved state upon reboot while in the freeze mode , even formatting of the harddrive can be reversed. If you need to make any system changes you just reboot into thawed mode.

http://www.faronics.com/html/deepfreeze.asp
http://www.faronics.com/html/DFStd.asp
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |
Back to top
View user's profile Send private message Visit poster's website
Mind control 01
Warrior


Joined: 11 Sep 2004
Last Visit: 03 Feb 2009
Posts: 156

PostPosted: Sat May 07, 2005 2:01 pm    Post subject: some more ! Reply with quote

Hello Suzi
Are these any good to you ? http://www.snapback.com/ & http://www.forensics-intl.com/safeback.html I found them in my antihacker tool kit book, remembered this post, I hav'nt used them yet, My back up is a cloned hard drive Rolling Eyes , One other thing I found is http://www.export.gov.il/Eng/_Articles/Article.asp?CategoryID=535&ArticleID=1021 is this a multi vm machine thing ? I think you could have some fun with this tool if you can get infected & not worry Laughing .
Back to top
View user's profile Send private message
Yar_
Junior Member


Joined: 21 Mar 2005
Last Visit: 05 Aug 2005
Posts: 41
Location: New England

PostPosted: Sun Jun 05, 2005 7:31 pm    Post subject: Do any of these applicatiosn give you full reporting func. Reply with quote

I'm lookinf at this topic and can;t find the exact solution I want.

Basicly want a sandbox which allows files to be installed, tracked, monitored, md5'd, all in one report. Any hints or suggestions? Or am I going to have to build this one myself?

Question
_________________
Search, Find, Identify, and Destroy Malware.
Back to top
View user's profile Send private message
Yar_
Junior Member


Joined: 21 Mar 2005
Last Visit: 05 Aug 2005
Posts: 41
Location: New England

PostPosted: Thu Jul 14, 2005 6:13 am    Post subject: Just so you know. Reply with quote

I still haven't found a good enough program to do everything I want so I have begun building a new one. Whether or not I actually finish this is another question. If anyone else has an ideas that aren't on the list let me know.

Cool
_________________
Search, Find, Identify, and Destroy Malware.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group