JauntePE vs Sandboxie for browser security (sandboxing)

Discuss anything related to portable freeware here.
Message
Author
-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

JauntePE vs Sandboxie for browser security (sandboxing)

#1 Post by -.- »

I've been running portable firefox inside a jpe sandbox for about 1-2 months now and had no problems and liking it so far.
Now that I've used this for a while and having used sandboxie in the past with firefox, I'm almost ready to drop the sandboxie/firefox combination. I'm just wondering if anyone has any reasons not to? lol.

What I like about jaunte/firefox is it runs without having something else in background like sandboxie does. Plus I can fit it on a flash drive and run it without starting a portable sandboxie...

I've got a firewall so I know what is coming/going so that feature of sandboxie I don't need since I can block/allow connections with firewall. Aside from that, is there anything else that sandboxie can do that jaunte cant? I mean just related to browser security. I've tested it and it does stop toolbars from installing outside of sandbox so system still stays safe. One thing I've seen is extension/firefox passes through jaunte but that is only because I've set it to do that. Plus I don't mind it so much since I can just delete profile folder and use a back up of it from FEBE.

edit: here's my firefox setup for time being, I've modified the ahk launcher but still basically the same.
http://www.portablefreeware.com/forums/ ... =10&t=6426

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#2 Post by Napiophelios »

If you just mean to portabilize the program or appdata folders
then I would say use the JauntePE setup.
For overall security I think you are better off running sandboxie
just incase you do encounter something malicious while surfing the web.

I have never thought to rely on JPE to be a security tool;
would be nice to know how it would handle sandboxing some serious malware.
I guess it would be like any other child process it redirects huh?

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#3 Post by -.- »

it seems to redirect the child processs to sandbox
I thought to use jaunte because I read somewhere a long time ago that the same technique is used to sandbox is used by both... they both inject a .dll to the start of the code when launching programs that redirects it to sandbox. I can't testify to it as I don't know how it works exactly but I've read it while jaunte was still being supported

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#4 Post by Napiophelios »

well if they function equally in a similar if not exact manner
I would choose the setup that uses the least of my system's resources.
but I would have to agree there is no need for both :)
JPE would also be a good choice just because you can manipulate the jauntePE.ini file
if need be and all your redirected files will be kept close to the launcher.

crownixx
Posts: 403
Joined: Sat May 12, 2007 6:26 am

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#5 Post by crownixx »

If we just talk about the JauntePE technology that use redirection to isolate changes into a sandbox folder, I think JauntePE can be use as a security tools to browse website safely. Redllar had that idea when he introduce total sandboxing by using _Greener.ini and _Greener2.ini configuration in the JPE Quickie
[Build]
Description=Full portablization for a normal application
Applications=
Usage=This is a "greener", i.e., "stealthier", version of the Normal3 configuration. It keeps more changes out of the real registry and the real file system but has the potential to cause some as-yet-unknown problems since it has only been tested with a few applications to-date. It is only recommended for use by advanced JauntePE users. Concerning the registry, this configuration attempts to redirect HKLM\Hardware, HKLM\Security, and HKLM\System changes, whereas the Normal3 configuration does not. Concerning the file system, this configuration attempts to redirect all "Documents and Settings" changes, whereas the Normal3 configuration does not.

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#6 Post by -.- »

oh, adding to browser security but I later decided to not use, you could in addition to jpe pass firefox through dropmyrights.exe if on an admin account. This also helps a bit but since I have it redirecting to sandbox I didn't feel like I needed it.

edit: after missing around with testing its sandboxing abilities, I've found that JPE has a bit of a problem. I'm not sure if its just me but I cant get it to do what I want.
I want it to sandbox entire C:\ Drive so I put it into fileinclude but then I want it to exclude anotherr folder on C:\ drive and it wont. I cant figure out how to get the file exclude to supersede the file include in priority...

another thing I cant figure out is how to get it to sandbox sub folders while leaving the parent folder unsandboxed like example below
C:\ (Sandboxed) Temp fix is using dropmyrights to force things to not save here though.
C:\FolderA (Unsandboxed)
C:\FolderA\AllOtherFolders (Sandboxed)

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#7 Post by Napiophelios »

I dont think JPE redirects root drive by default;
I think any folder to be redirected in the root drive
has to be a special folder:

[SpecialFolders]
C:\Folder A=.\DriveC\Folder A


It would be a hassle but maybe just appoint special folders
for all the sub folders (like the example but for each one)
But dont actually create a SpecialFolders setting for the root folder
that you dont want sandboxed.

but if you sandbox all of C:\ then all sub folders
I think would also be sandboxed regardless of your
"exclude" or "SpecialFolders" settings.

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#8 Post by -.- »

yea I thought that might be the case :S hoping not though lol

I can add the folders to be included but I dont know the folders name... I mean I want it to sandbox folders that could be created in the unsandboxed folder... so at this time I dont know what folders name would be since they dont exist yet

crownixx
Posts: 403
Joined: Sat May 12, 2007 6:26 am

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#9 Post by crownixx »

Objective:
-.- wrote:I mean I want it to sandbox folders that could be created in the unsandboxed folder
"-.-", you need to have a clear purpose in order to get your objective. JauntePE offer flexibility to design our sandox folder. Just try to make your design simpler and you don't need to get the headache. I dont get your purpose yet but i will simply separate sandbox and unsandbox into two separate folder

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#10 Post by -.- »

My purpose is I want to put a sandboxed firefox on flash drive, when I save files I want it to go to root directory, but then everything else goes to sandbox so I know I keep computer clean. I just dont want to go hunting through sandbox for files I downloaded so having them go unsandboxes only to that root folder is what I want. I just cant figure out how to unsandbox a parent folder while sandboxing sub folders. And I'll be adding programs/docs to flash drive each in folder so I want tthose to be sandboxed too but I wont know their names until I add them. And also don't want to modify the jaunte.ini each time I add a folder

crownixx
Posts: 403
Joined: Sat May 12, 2007 6:26 am

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#11 Post by crownixx »

-.-, sorry but i still have problem to digest your needs there. But if i took from your first example
C:\FolderA (Unsandboxed)
C:\FolderA\AllOtherFolders (Sandboxed
I simply understand from above is you want "Folder A" to be unsandbox but at the same time you also want it to be sandboxed.

Or

you want "Folder A" to be unsandbox for files but at the same time you want it to sandbox any potential created folder that can be any name(?)

I think it is impossible to design "Folder A" for such requirement, even for Thinapp.
For jauntePE, the rule that redllar set is any [FilesystemInclude] will override [FilesystemExclude] settings.

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#12 Post by -.- »

you want "Folder A" to be unsandbox for files but at the same time you want it to sandbox any potential created folder that can be any name(?)
that's what I'm trying to do I think.

The C:\FolderA path is something Im using to test sandbox, this will be on F:\ (flashdrive) at the end.
What I want is for it to allow me to save things to F:\ but sandbox anything that isnt to just F:\ including other folders in F:\.

Best I can do right now is just leave an unsandboxed folder on F:\ for downloads, but if I do this the F:\ is still unsandboxed but other folders can now be sandboxed. I just wanted to skip the download folder and save directly to F:\ but I cant get it to sandbox other folders by default if I include F:\ in the exclude

lyx
Posts: 84
Joined: Mon Feb 15, 2010 1:23 am

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#13 Post by lyx »

I do not have experience with JauntePE, but i do know how i would do it in ThinApp - perhaps JPE has something similiar:

In ThinApp, you can define which drive-accesses should be sandboxed, and which shouldn't - for the thinapped application.

In this case, i would sandbox only C:

The result:
- All accesses to C: get virtualized in the applications sandbox
- All other accesses happen normally

crownixx
Posts: 403
Joined: Sat May 12, 2007 6:26 am

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#14 Post by crownixx »

-.- wrote:What I want is for it to allow me to save things to F:\ but sandbox anything that isnt to just F:\ including other folders in F:\.
it can't work that way

JauntePE can't figure what things you want to save and what things are not. Only you have the control to save the files that you wanted. So why not try the idea below:
Sandbox everything in F:\ except folder "F:\MyPersonal"
This way, you can sandbox any files or folders in F: but only "MyPersonal" folder can be used to save your things without being sandbox

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: JauntePE vs Sandboxie for browser security (sandboxing)

#15 Post by -.- »

crownixx wrote:
Sandbox everything in F:\ except folder "F:\MyPersonal"
This way, you can sandbox any files or folders in F: but only "MyPersonal" folder can be used to save your things without being sandbox
this is my problem though lol. I can't add F:\ to the filesysteminclude and F:\MyPersonal to filesystemexclude, because the f:\ is include, the mypersonal is also sandboxed even though I put it on the exclude list

Post Reply