Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Anonymous Surfing Service
- Antivirus for Android
If this sounds like you then click here for more details
Best Free Browser Protection Utility
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
There's a scumware plague at the moment. All it takes is a visit to one malware site or a "loaded" shareware install, and next minute your Internet Browser homepage has been changed, your default search setting altered, unwanted ads pop up on your screen, rogue software are nagging you to pay, your passwords have been stolen, and worse. Traditional antivirus software and antispyware software are being overwhelmed by the rapidly increasing amount of virus, spyware and other malware. That's why a different approach to combating these threats is necessary. Instead of technologies that are reacting to malware, we need proactive technology to protect our computers. These browser protection utilities can greatly increase your defenses against drive-by downloads and vulnerabilities. I took a look at several applications that are vital in the fight against unwelcome and harmful intruders. |
|
Discussion
|
|
Usage is remarkably simple. To start a sandboxed browsing session, you just click the "Sandboxed Web Browser" icon on your desktop (or the Sandboxie icon from the Quick Launch tray) and this will launch your default browser in the sandbox. You can then use it in the normal way to browse to sites or download files. By default, files that are saved in the Desktop, My Documents or Favorites will have a prompt to ask you whether you want to save the file permanently. I suggest you add your default downloads folder to the Quick Recovery settings so files saved there will be automatically saved to your real hard disk, saving you the trouble of manually recovering files. The advantage is clear: any virus, trojan, worm, spyware or adware threats that "infected" your PC while browsing will be eliminated. Sandboxie allows for in-depth configuration which increases security. For example, you can set it to block access to your personal files, or only allow certain programs to run or connect to the internet in a sandbox. A recent feature of Sandboxie also allows you to run sandboxed programs in a Limited User Account, similar to DropMyRights, for even greater security. This should also prevent most keyloggers from running. However, there are some downsides to this approach. Firstly, if you want to update your browser addons/widgets, you'll need to open an un-sandboxed browser and do it from there. This also applies to bookmarks but you can configure Sandboxie to automatically retain those. Secondly, Sandboxie is not designed to detect or disable keyloggers. You can get around this (mostly) by always empty your sandbox before you log in to important sites (such as sites involving financial transactions). Thirdly, some people find the nag screen inconvenient, which appears for five seconds before a sandboxed application opens. Sandboxie works fine with all browsers and most software applications, including e-mail clients (though this requires special configuration), instant messaging clients, Bittorrent clients and games. However, it won't work with system software (software which installs a system driver).
1. Can read but cannot modify trusted resources. Known applications also have preconfigured rules so those applications can run properly. In effect, files which you download will not be able to access critical areas on your computer, similar to a Limited User Account. So any malware which you inadverdently download cannot execute and damage your computer. GesWall also allows for detailed customization where you can configure the restrictions of untrusted applications. A user at Wilders Security Forum has some interesting configuration tips for Internet Explorer 8. Just like Sandboxie, updating applications is a problem and you need to open an un-isolated browser. The good news however is that updating addons/widgets and bookmarks are no problem in GesWall. GesWall also does not fully track files which are saved, which means if you move an untrusted file to another partition, GesWall will not be restricting the new file. This is not a problem with computer that have one partition. Also, when I browsed to some sites that require Javascript my browser would sometimes freeze, seemingly randomly. This was solved by opening GesWall and lowering the security level to low. My computer felt a bit more sluggish running GesWall compared to Sandboxie. Overall, GesWall provides excellent security, and is a worthy alternative to Sandboxie. A Limited User Account is an alternate method to protecting your computer. It provides very secure system-wide security, though it is admittedly not very usable if you regularly install new software. SuRun is a very useful application to allow you to run certain applications with Administrator privileges. There is a tutorial on how to use SuRun. A Limited User Account doesn't protect against user-mode malware, but you can implement Software Restriction Policies to block those attacks. DropMyRights and SetSafer allows you to set certain applications to run under a Limited User Account, though you need to manually create the shortcuts. Online Armor Personal Firewall's RunSafer is another option which I really like. It is very easy to use; you just select a program and click "Run Safer" and the program will now run with with restricted priviledges. Tall Emu has an explanation and video on how to use RunSafer.
Returnil provides a different type of protection compared to Sandboxie or GesWall. It is an excellent solution for those who have limited uses of their computer, for example for users who just browse the web. Also, if you have a separate partition for your data then Returnil is particularly useful because you don't have to worry about losing data which you just saved. Returnil can also be used in conjunction with Sandboxie or GesWall. Like all security software, you should have a backup of your hard drive and all your files before you install one of these applications. Please help us by rating this review |
|
Have Your Say
|
|
Please visit our freeware forum to share and discuss your views and get advice on free security software, including antivirus software. There's also a poll where you can vote and discuss your browser protection utility. To post in the forum you need to register first but that's quick and immediate. |
To learn more visit its forum and its online help.
To learn more visit its forum,
To learn more visit its forum.
|
Editor
|
|
This category is maintained by volunteer editor JonathanT. Registered site visitors can contact JonathanT by clicking here. |
|
Tags
|
|
sandbox, browser security, browser protection |
Back to the top of the article
- Article type:
Printer-friendly version
Comments
Sandboxie has just started to cause webpages to hang/freeze when I am browsing.One tab or more open in FF 9-it doesn't matter. "The program is not responding" box appears and I have to close out with task manager. It has never done this before. Any ideas on this? Thank you.
It is possible that other security software that you are using is conflicting with Sandboxie. If you are using many programs for security, that is likely.
I also use Firefox sandboxed and have never experienced any issues. You should check for possible conflicts and read this thread on Firefox already running and not responding, for clues.
http://support.mozilla.org/en-US/kb/Firefox%20is%20already%20running%20b...
Bo
This editor is currently taking a few weeks time out. Please post your query in our forum where there is an active Sandboxie community.
This is discouraging!So what do you suggest we do to minimize data theft from our PCs? Is it possible to delete that personal info without a reformat and/or HD wipe?
Hi Shelly, you can use Sandboxie to keep you clean and if you are really worried about Privacy, add some privacy tool to your browser. Uninstalling unnecessary addons, Plugins and getting rid of Java will help also.
Start using a Sandboxed browser on a restricted sandbox that has some privacy tool installed and you should be fine.
Bo
Recommending that Shelly could get rid of her addons is one thing if she isn't using them, but getting rid of Java is a whole different story. You failed to mention or to tell Shelly that once she gets rid of Java that half of the websites she visits won't work. No more weather radar, etc. If that was the case there wouldn't be any since of even having a PC because it wouldn't do much without addons, Java, Flash, Silverlight, etc. Having a good firewall and HIPS, antivirus, and using a identity theft program to enter your personal ingo in is a good idea to protect yourself against identity theft and getting ripped off if your worried, and monitor all cookies and scripts allowing only what is necessary and yes definitely installing WOT will all keep you safe and of course Paragon Backup or Macrium to create a good backup just in case. I agree Sandboxie is a good program but I personally don't like the restrictions it gives either. To trust Sandboxie enough to quit using an antivirus? That's going a little to far. Sandboxie isn't Linux and can be compromised. If Sandboxie was that good then trillion dollar businesses would be closing there doors from no more need of creating antivirus programs, malware, firewall, etc. I mean, yea, opinions very in all but to go without protection because your using a sandbox? Nothing is that fullproof. Look at how quick Windows 7 received a loader...
You say "that once she gets rid of Java that half of the websites she visits won't work", I hate to tell you but you are wrong. Personally, I have not used Java for a little over two years and ALL the sites that I go to often, work well without Java. None gets wrecked to make it unusable and only one I could see a reason to use Java on it.
A user like myself, that don't have a need for Java, should get rid of Java but at the same time if a user like Shelly has a need for it, then that user should have Java. By not having Java on board, your computer is safer so if you don't have a need for it, it does not make sense to have it on board.
You say that you don't like the restrictions on SBIE, well that means that Sandboxie is not for you but most of us do like the restrictions and using them is what makes Sandboxie a powerful program. Sandboxie will keep programs or files that are run under the supervision of Sandboxie from making permanent changes to your computer. The restrictions will allow only certain programs to start/run and connect to the Internet in the sandbox and you can protect your computer from identity theft by blocking files and folders from being read by sandboxed programs. If you get use to running most applications sandboxed, the only changes that your computer will suffer is what you allow. Nothing gets in, nothing gets out unless you allow it. It can not get any better.
For the first 2 years that I used SBIE, I ran an antivirus along it but last December after an upgrade by my AV that was not good on my computer, I decided to go without it. It was not planned, it just happen but the good thing is that I was ready. Not having an AV don't make my heart pump any harder.
In my opinion, SBIE on its own, works better than any security setup, even one that would include the programs that you mentioned. Sandboxie is not and should not be seen as a replacement for an antivirus but some of us feel better and safer by not using one.
Bo
First of all, I would like to thank you for your answer, Mister bo.elam.
Yes, we can disable Java[Script] on many websites. Although, in order to view Google ads on a website - including this one -, we will need to have JavaScript enabled in our browsers. :))
By the way: can you please tell us your opinion about using an encrypted connection with Google servers?
"Yesterday [October 19th, 2011], Google announced that, rolling out to all users over the next week, users who are logged in, will be hitting https://www.google.com as oppose to http://www.google.com – and it’s that little ‘s’ that has a lot of people in my business worried."
http://www.faronics.com/2011/google-goes-encrypted-–-but-are-things-really-as-private-as-they-say/
Will he have more privacy? And what about the "Searching Tool-bars" from almost all the browsers: will they be "https-enabled", by default, in their future incarnations?
My opinion about what the article says means nothing as I don't worry about privacy. I really cant recommend any privacy tools as I have never installed any. Find something that will protect your privacy, that makes you feel good and use it along SBIE.
You mention Javascript. I use NoScript and use it to block pretty much everything that it can be blocked, including any ads like the ones you mentioned. If you worry about privacy, in my opinion, you should not care about viewing Google ads. I love NoScript, maybe not as much as Sandboxie but I love it and recommend it.
My setup is Sandboxie and NoScript. Nothing else. Get rid of Java if you dont use it often and do the same with unnecessary plugins, addons and ActiveX.
Thats pretty much what I do to keep clean, it works for me as I don't get infected. What I do makes me feel very relax when browsing or doing anything with the computer. I know its not for everybody but works for me.
Wolf man, you should feel lucky that you "discovered" the sandbox. For me, discovering SBIE is the best thing that ever happened while using the computer.
Bo
"Autocomplete Feature Leaves Browsers Vulnerable"
http://news.softpedia.com/news/Autocomplete-Feature-Leaves-Browsers-Vulnerable-229705.shtml
Sad, but true: most of the browsers allow the stealing of personal informations, through Autocomplete feature. At least this is what the researchers from Minded Security Labs claim.
"The proof of concept, unfortunately, is easy to integrate in any web game placed into a simple HTML page. By making a game in which the user has to press the up and down arrows on his keyboard, what seems to be a simple on-line app, turns out to be a highly effective data stealer.
It can practically steal ANY information you ever typed inside a browser, including account names, search words and a lot more." (!!)
With Returnil and Sandboxie we can protect our browsers from almost any infection. But those two applications cannot protect us from personal data theft.
Using a restricted sandbox and blocking access to sensitive folders and files keeps your personal data safe. By using restrictions, only certain programs are allowed to run and connect to the internet. Blocking access to folders and files forbids any access to them by programs that are sandboxed.
It might not be perfect but it works. Read this links and start using a restricted sandbox.
http://www.sandboxie.com/index.php?RestrictionsSettings#startrun
http://www.sandboxie.com/index.php?RestrictionsSettings#internet
http://www.sandboxie.com/index.php?ResourceAccessSettings#file
Bo
BufferZone...oeo? lol
Can a knowledgeable user of Sandboxie comment on whether it is adequate "straight out of the box" for use on a laptop with no real time AV or do tweaks need to be made for top security? I also have SAS realtime, IE9, a paid antilogger, SpywareBlaster, Trend Micro Browser Guard and scan with Hitman Pro, TDSS Killer, Norton Power Eraser and MBytes.
For me, the answer is yes but if you really want to get the most out of Sandboxie, then you must use start/Run/Internet restrictions. By enabling this restrictions, your sandbox will become tight and it will be harder for anything to escape the sandbox as only what you allow Start/Run/internet access, will have it.
If you are using the restrictions and you go to a site that starts downloading malware, it wont be able to do anything as it wont start or run. It would do nothing and most likely you will not even know that you were close to being infected.
What I recommend you do, IF this is your first taste of Sandboxie, use it on default settings for a few days, so you ll know what a default settings sandbox is about and then start making changes. That way you ll be able to compare how things work in a unrestricted and a restricted sandbox.
About the antivirus. You should not look at SBIE as a antivirus replacement even though in a year or two, you might feel like dropping it. I don't use anything but SBIE but I recommend you, a new SBIE user, wait until you get to know Sandboxie. Anyway, you will know when its the time to drop using an AV as at that time you wont feel the urge to do scans every day or every week and you wont feel scare or naked because you are not using one.
Those are tell tale signs that clearly will tell you if you are ready or not to become part of the No AV club.
Use SBIE every day and you wont need any OD scanners neither. I only use HMP.
Enjoy the sandbox.
Bo
Thanks for a great reply. I will probably have more inquiries as I use SB more.
Zane, I ll be around, if there's anything else that you like to ask about SBIE.
Bo
I have just found another article about websites we (generally) trust and visit almost every day, whose Administrators implement all sorts of mechanisms that automatically transmit web advertisers: our names, user IDs and email addresses. Here it is:
http://news.softpedia.com/news/Advertisers-Get-Our-Personal-Information-From-Trusted-Websites-227131.shtml
One quote from the article: "From a legal perspective, identifying information leakage is a debacle. Many first-party websites make what would appear to be incorrect, or at minimum, misleading, representations about not sharing Private Informations".
Because it seems that this problem - the lack/theft of privacy - is aggravating (see Microsoft's marketing campaign "Windows [7]: Life Without Walls"), I will ask once again: how can we protect, even in a small measure, against the "tracking mechanisms", at the browser level?
A reply from someone who is able to intelligently answer would be much appreciated! Anyone? Thank you.
How can we protect our browsers from the following "threat"?:
"They're collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior (...)"
The quote is an excerpt from the article titled "Cyber Threats More Dangerous than Cyber Criminals", article signed by Security technologist and author, Bruce Schneier. The article is available here:
http://news.softpedia.com/news/Cyber-Threats-More-Dangerous-than-Cyber-Criminals-223387.shtml
Unfortunately, no Sandboxie and no Returnil can help us, in this respect...
Is there an uninstaller for Returnil? If not what is the best way to uninstall? I have heard it is quite difficult to do manually. Thanks
Use the uninstaller in add/remove programs. I never read that Returnil was hard to uninstall. Actually most of what I read about Returnil is pretty good.
Bo
In my experience, now that BufferZone Pro is free, it is hands down the best and most complete virtualization software suite available and should be listed as such in "Best Free Browser Protection Utility" list, although it is a protection suite that protects more than just the browser.
I was having trouble with Sandboxie on my XP SP2 laptop(I can't upgrade this one to SP3. I get BSOD every time and have to reload the OS. After three tries I gave up), and my XP SP3 laptop. IE, for one thing I couldn't delete the sandbox most of the time without rebooting because the Reghost file would lockup and prevent it. This is a problem many others have with Sandboxie.
So when I found out that BufferZone Pro is now free, I gave it a try and I am so impressed that I won't even consider returning to the free LIMITED version of Sandboxie.
The GUI is slick and much more intuitive than Sandboxie. Plus you can lock your files from prying eyes and include protection from external devices. It has schedulers adjustable levels of protection and more.
My laptops are older one with 500meg memory and 1.7 and 1.8 gig processors, and I notice very little slow down of the systems - fifteen to twenty seconds longer boot time and a little slower response when initially connecting to the internet after after emptying the buffer zone. No lockups. Nothing but smooth sailing.
Besides Sandboxie, I have also tried Geswall and Returnil and as far as I'm concerned they can't hold a candle to BufferZone. All I'm waiting for now is the soon to be release v4.0 which will support my Win7 X64 laptop.
Can you elaborate more on why in your experience Returnil does not hold a candle to BufferZone?
In all fairness, I should add that it has probably been a couple years since I tried Returnil and there could be a big improvement since then.
I think it probably comes down to whichever program you feel most comfortable with and gives you the best performance. Right now I'm sold on BufferZone.
It's been a while but as I remember the free version of Returnil is feature limited and it requires a system reboot to purge the temporary data which is inconvenient. The antivirus is basic and really unnecessary since you should still run a full featured AV. BufferZone has other features like the ability to hide your files from online snooping, and the Privacy Zone for sensitive operations like online banking. As a personal preference I just like the feel of BufferZone over the other virtualization offerings.
The BufferZone home page includes a Security Test. When I ran it using Sandboxie it returned a complete list of all the files in My Documents. After installing BufferZone I ran the test again, and it didn't find any.
BufferZone automatically includes My Documents and Outlook Mailbox as Confidential files and you can add others. I never ran this security test with Returnil or Geswall, so it would be interesting to hear the results from someone.
jlhns I ran your security test and it wont do nothing when using SBIE, restricted and configured as most of us do. It wont even run, just sits and do nothing.
Sure, if I run your trojan/test on default settings, it might read whats designed to read but it will be gone when the sandbox is deleted. Malicious files like your test will not make any changes to the real system even on a default setting sandbox.
Convenience? Nothing is more convenient than SBIE. I am sure BZ is a decent program but people that use BZ can not even save bookmarks. Bad, get it fix. Lucky users, like me, that use SBIE can do anything that we want using SBIE. We can block any program that we want from running, like the test, or block access to any file or folder in our computer. So if I want to block access to My Documents and Outlook Mailbox, it can be done so no program running under the supervision of SBIE can read whats in there.
Problems using SBIE? Even though I never had one, when people have a problem, they go to the forum and guess what?. The user not only gets help from a alive forum but also get it from the man himself, Tzuk. The developer of Sandboxie. On the other side, the BZ forum is dead and its been dead for a long time. No help for users, means the program loses users every day.
Bottom line, nothing escapes the sandbox and is done in a very convenient way so its easy to learn, use and the protection that we get is unmatched. Testimonials from the people that use SBIE, like myself, abounds in the internet, not so for BZ.
Bo
One more thought Bo, I just checked the BZ forum, and it certainly isn't as busy as SBIE, but perhaps the reason is that there just aren't as many questions or problems.
;)
Oh,come on, please. If you like I ll take a little ride to that forum and I ll get for you some posts that NEVER got an answer about a question or a problem and some that got the answer, the only answer......2 months later.
Thats not the right way of doing things. Dare me and I ll get those posts for you, it wont take me more than a couple of minutes to get you some links to those posts.
Look, I am sure BZ is a nice program but the grandaddy of sandboxing programs, it is Sandboxie. i have a feeling that you really like to use SBIE. If I am not mistaken, do as I suggested on post#80170. It should work for you.
Bo
Bo, I have done some configuring and restricting with Sandboxie, but never did get into blocking read access to my files, which I just now did for MyDocs on the one laptop I still have with SBIE. The BufferZone security test now fails on that one. That's what the test was all about, to see if it could access and read files that you want to keep confidential. To me, the intuitive BufferZone GUI for dummies like me makes these operations so much easier.
As far as the bookmarks/favorites go I can save them by going to
Start>Favorites>right click on the favorite I want to save and then click on 'Move out of Bufferzone' on the popup Context Menu. That saves it into the real list. Granted it's not as transparent as SBIE, but it works with a little effort, and I don't need it that often. BufferZone Pro 4.0 should be out soon. We'll see what that brings.
As far as I know, the problem I had with Sandboxie has never been solved even though Tzuk was involved with it. I found this thread at the forum: http://www.sandboxie.com/phpbb/viewtopic.php?t=7969&highlight=
The reghive would lock up and prevent the sandbox from being deleted. The only thing I could do was reboot to release the reghive and then delete the sandbox. This problem would happen on one of my XP laptops daily. It just became frustrating.
Another thing about the difference between Sandboxie and BufferZone Pro is the free version of Sandboxie is limited whereas BufferZone is unrestricted.
jlhns, files locking and preventing the sandbox from deleting, do happen sometimes but is not something that happens often. On my case, this year, it has happened once. Thats it. No big deal. Is not something that happens every day or every week and the solution is easy, rebooting.
I remember reading on one of your posts that you mentioned that you are still on SP2. Probably that is the reason why you had problems using SBIE. If you are on SP2 and want to use SBIE, use an older version of SBIE, not the latest one. On that computer, you mentioned that you had problems updating, thats why you had problems using SBIE, I am pretty sure.
The SBIE free version is limited but not the security that provides. Security wise, both versions gives you the same protection.
I use the registered version but I could run and open everything sandboxed as I do even if I used the free version. A little more thinking is required and things dont work as automatic but remember, the security is the same and when you use the free version, you can be sure that when you delete your sandbox, you are clean.
Post new comment