From: "Gary Britt" 

I took a look at the sandboxie home page at www.sandboxie.com and it
appears what sandboxie does is filter or intercept all writes to hard disk
and puts all writes into a special hidden from the windows API file
controlled by Sandboxie.  It also intercepts writes to the registry.  Then
when the sandbox is closed all writes to disk made during the browsing
session that in theory were all re-directed to the special sandboxie file
get cleared by the sandboxie file being cleared.

It wouldn't appear to have segregated virtual memory and I'm sure it could
be exploited more easily, at least an in memory exploit, than a true
dedicated VM with segregated memory.  However, in googling it I didn't come
across any bad reviews of it.  Seems like it would offer some protection a
lot more than nothing.  I'm leaning towards something like that or a Linux
VM running on windows for browsing.  The combination of Linux plus a VM for
browsing might be as safe as one could easily get.

What do you guys think about all this?

Gary


"Robert Comer"  wrote in message
news:453d067c$1{at}w3.nls.net...
>> If you get malware in a Browser VM and if the only thing you use that VM
>> for is browsing does it matter?
>
> Some of the malware types actually compromise your ability to browse other
> sites and that's where having an easy way to clean the slate is pretty
> nice.
>
>> Ever heard of or tried this supposed non-VM browser isolators like the
>> one called "sandboxie".  They are supposed to accomplish
for running your
>> browser what running the browser in a VM would accomplish?
>
> IE7 on Vista has a protected mode kind of like that -- I'm undecided on
> just how isolated these things can be.
>
> --
> Bob Comer
>
>
>
>
>
> "Gary Britt"  wrote in message
news:453cfab6{at}w3.nls.net...
>> If you get malware in a Browser VM and if the only thing you use that VM
>> for is browsing does it matter?  I mean it might matter in terms of
>> spying on your browser habits but otherwise won't the malware be limited
>> to what it can see inside the VM?  If the only thing it can see or
>> interact with inside the VM is the browser then does it matter?
>>
>> Ever heard of or tried this supposed non-VM browser isolators like the
>> one called "sandboxie".  They are supposed to accomplish
for running your
>> browser what running the browser in a VM would accomplish?
>>
>> Gary
>>
>> "Robert Comer"  wrote in message
>> news:453cc7d1{at}w3.nls.net...
>>>> But suppose I add a site to "Favourites".  Does
that get lost, too?  Is
>>>> there an alternative method where I can save the new favourite but
>>>> still have "undo disk" perform its magic?
>>>
>>> Yes, it would get lost too, and no, there's no easy way around that.
>>> You'd have to be very specific about your actions to add the shortcut
>>> without doing anything else in the session, then write the changes to
>>> disk.
>>>
>>> Of course you could keep all your shortcuts on a web page somewhere else
>>> out on the web.
>>>
>>> --
>>> Bob Comer
>>>
>>>
>>>
>>>
>>>
>>> "John Beamish"  wrote in message
>>> news:op.thvjar00m6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>>>> But suppose I add a site to "Favourites".  Does
that get lost, too?  Is
>>>> there an alternative method where I can save the new favourite but
>>>> still have "undo disk" perform its magic?
>>>>
>>>> On Mon, 23 Oct 2006 01:50:24 -0400, Rich Gauszka

>>>> wrote:
>>>>
>>>>> Microsoft has a nice feature ( 'undo disks' ) in Virtual PC to
>>>>> facilitate a
>>>>> browser sandbox. You could probaly do something
similar in VMware
>>>>> using a
>>>>> 'linked clone'
>>>>>
>>>>> http://www.devx.com/vmspecialreport/Article/30377
>>>>>
>>>>> The single most valuable feature of using a virtual machine for
>>>>> browsing is
>>>>> the undo capability. Microsoft implements this with
its undo disks
>>>>> feature.
>>>>> The idea is simple: Whatever takes place in the guest
machine, such as
>>>>> inadvertently downloading spyware, is written to
another file instead
>>>>> of the
>>>>> principal virtual hard disk file where the OS and
applications are
>>>>> installed. When the browsing session ends, the guest
machine is turned
>>>>> off
>>>>> without saving any of the changes that occurred while
it was running.
>>>>> The undo disks feature is off by default, so you must enable it.
>>>>>
>>>
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5