You are here

Using TB inside Sandboxie --- what recovery settings

9 posts / 0 new
Last post
pwright2
Offline
Last seen: 1 year 9 months ago
Joined: 2006-04-22 18:39
Using TB inside Sandboxie --- what recovery settings

Is anybody using Thunderbird Portable inside Sandboxie? What settings do you make so that emails and installs are not lost when sandbox closes and you don't have to spend all evening clicking 'overwrite file' verifications? Sandboxie has standard settings for regular TB but TBP is invisible to it.

-----Paul-----

John T. Haller
John T. Haller's picture
Online
Last seen: 11 min 50 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Unnecessary

It's unnecessary to use something like Sandboxie with portable apps.

Sometimes, the impossible can become possible, if you're awesome!

pwright2
Offline
Last seen: 1 year 9 months ago
Joined: 2006-04-22 18:39
Ummm, not so true.

I picked up a very nasty ZLOB trojan last week while using Firefox Portable. If I had been running it inside Sandboxie, it would have gone away as soon as I shut FFX down. So now, after restoring an imaged partition, I'm running FFX inside Sandboxie and I should be protected against my own stupidity. The site provided settings for Portable FFX that work pretty well. It has settings for regular TBird but not portable. I suspect that with some work I can figure it out but thought someone here might already have it worked out.

So why do you feel that portable apps are immune to infection?

-----Paul-----

pwright2
Offline
Last seen: 1 year 9 months ago
Joined: 2006-04-22 18:39
Oh, I know the answer

It just hit me. It is something we have clashed over before. What you think of as portable apps and where you worry about stealth and such, I simply think of as modular apps, where everything is in one place and easily moved, copied, etc. I use them from the hard drive of my laptop, though I typically carry a copy on my thumb drive also.

Anyhow, since Sandboxie isn't portable in itself, it doesn't work with apps used portably (unless SB is already installed on the machine being used and configured to work with the portable app).

(1) I bet there are a lot of people using them like me and maybe one has answers.

(2) If Sandboxie WAS a portable (probably not possible), it would be a valuable addition for FFX and TB.

-----Paul-----

John T. Haller
John T. Haller's picture
Online
Last seen: 11 min 50 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Incorrect Argument

If you picked up a trojan, then it infected the EXE. You run *ANY* piece of software on a foreign computer that is infected and you run that risk.

If you're somehow carrying Sandboxie portably, then THAT EXE would pick up the trojan.

The point is that whatever you run on another PC of unknown security can pick up something and you should scan your drive before running it on another PC.

Sometimes, the impossible can become possible, if you're awesome!

pwright2
Offline
Last seen: 1 year 9 months ago
Joined: 2006-04-22 18:39
Explained by someone smarter than me.
John T. Haller
John T. Haller's picture
Online
Last seen: 11 min 50 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
90 Minutes?

It's 90 minutes and I don't have the time for that.

The bottom line is that anything you run on an infected PC can get infected. If you have a portable Sandboxie on your flash drive and run it on an infected PC, then it gets infected. If you then run that on your local PC, it spreads. That's the way it works. So, after you use a PC like a public PC, you scan your drive when you get it home before you run anything and the infection is caught and dealt with before it spreads. Nice and easy.

If you're saying you have Sandboxie on your LOCAL PC and use that to run your portable apps, then you're just sidestepping the problem since you may have an infected drive, won't know, and will be spreading it to other PCs you use... which is highly irresponsible and will likely get you into lots of trouble at work or school.

Sometimes, the impossible can become possible, if you're awesome!

pwright2
Offline
Last seen: 1 year 9 months ago
Joined: 2006-04-22 18:39
Transcript

http://www.grc.com/sn/sn-172.htm

Start about half way down, where they interview the author. They do talk a lot of trash in the beginning.

Anyhow, upshot is that Sandboxie acts sort of like a virtual machine (though it is not one) and when you shut down Sandboxie, everything you have done inside it disappears. If a virus installed itself, it disappears also.

There are limitations. If you download a piece of software and save it outside the sandbox and then later run it outside the sandbox, it can install a virus that will persist. But if you simply click a link while browsing which installs some piece of malware, when you shut down, it is gone.

Sounds miraculous. Gibson is pretty smart and seems to think it works. YMMV.

Working with email programs is more difficult since, if you don't set up exceptions properly, every time you shut down, the newly downloaded email disappears. That's what I'm trying to figure out.

-----Paul-----

p.s. If you go to http://www.grc.com/securitynow.htm the transcripts are available in other forms, if such is desirable to you. It is episode #172.

Midseven
Midseven's picture
Offline
Last seen: 15 years 2 months ago
Joined: 2008-01-31 00:27
There's a limit to protect yourself from Internet..

Hello pwright2,

I clearly understand Sandboxie purpose but running FF portable in it is simply useless (from my point of view). You have to ask yourself how far you want to protect yourself from Internet applications? There's a side where software protection is really important but there's also a part where the user have to be careful. You know where I'm going... Anyway, to get a virus from using FF is very difficult since you basically have to download the virus. Even there, antivirus (free ones like AntiVir from Avira) would take it away immediately.

If you want to go to extreme, you could simply run a virtual machine (and do whatever you want in it) or install a software like DeepFreeze where modified files are not kept at next reboot.

Log in or register to post comments