Could You Use "Sandboxie" To Run Your Client?

[seafarer124]

Would "Sandboxie" be  an option to be secure and safe?

http://www.sandboxie.com/

[1714498741]

1714498741

[John (John K.)]

Nah, Sandboxie's more geared towards keeping stuff from getting out from the box then to keeping stuff from getting in. 

[MysteryMiner]

Wrong again. Sandboxie is humble attempt to prevent stuff from making permanent changes to PC instead of preventing it from accessing data on host filesystem or phoning the data from host computer to remote server. I experimented a lot with sandboxie and found the whole idea totally useless. For isolation of dangerous processes full virtualization like VMware Workstation is required. And virtualization will not protect secrets in event when host operating system is compromised by malware.

[payb.tc]

For isolation of dangerous processes full virtualization like VMware Workstation is required. And virtualization will not protect secrets in event when host operating system is compromised by malware.

and keep all your vmware or virtualbox images inside truecrypt containers

[MysteryMiner]

and keep all your vmware or virtualbox images inside truecrypt containers

Why? If my host OS is compromised everything is goatsed. I use full disk encryption in case of hardware theft. Additional layers of encryption inside this full disk one are pointless, it degrades convenience and performance with no real additional security.

[payb.tc]

Additional layers of encryption inside this full disk one are pointless, it degrades convenience and performance with no real additional security.

well duh, but like you know, i never said anything about 'additional', because i don't do WDE.

[b!z]

Wrong again. Sandboxie is humble attempt to prevent stuff from making permanent changes to PC instead of preventing it from accessing data on host filesystem or phoning the data from host computer to remote server. I experimented a lot with sandboxie and found the whole idea totally useless. For isolation of dangerous processes full virtualization like VMware Workstation is required. And virtualization will not protect secrets in event when host operating system is compromised by malware.

Do malicious processes escape the sandbox or make permanent changes to the system? No. That's what Sandboxie is for.

If you don't want malware recording keystrokes or calling home, don't leave it open in Sandboxie.

Of course, there are better ways, but I think Sandboxie is still useful in some cases.

[payb.tc]

Wrong again. Sandboxie is humble attempt to prevent stuff from making permanent changes to PC instead of preventing it from accessing data on host filesystem or phoning the data from host computer to remote server. I experimented a lot with sandboxie and found the whole idea totally useless. For isolation of dangerous processes full virtualization like VMware Workstation is required. And virtualization will not protect secrets in event when host operating system is compromised by malware.

Do malicious processes escape the sandbox or make permanent changes to the system? No. That's what Sandboxie is for.

If you don't want malware recording keystrokes or calling home, don't leave it open in Sandboxie.

Of course, there are better ways, but I think Sandboxie is still useful in some cases.

i think what mysteryminer meant is that on a malware-compromised host, the actual sandboxie exe might be compromised, and do all sorts of nasty things that 'regular' sandboxie wouldn't do, including let certain malicious processes escape and make permanent changes to the host.