Program Virtualization As Security Solution

Ritho · 15. Sep 2010, 03:27 PM

After reading this thread where Jante PE is mentioned, it got me to thinking about some other application virtualization products, and their possible use as a security products because they use sandboxing technology or something similar.

There are several very expensive application virtualization products on the market such as ThinApp, boxedapp, xenocode, and others that package installed programs into viritualized packages that then can be run on any machine without installation.

For years I used the free SVS (Software Virtualization Solution from Altiris now owned by Symantic) to capture programs into layers. It was one of the free solutions for this type of virtualization. However with early versions at least SVS could easily leak to the base system so it was of no real use for security. Athough Altiris had done some work on that aspect of it, and perhaps Symantic has continued work on that in its SWV product but I am not sure.

Jaunte PE is designed to do a similar thing, but there are a few other very new freeware products with similar capabilities.

Cameyo
Evalaze

Note: I believe all of these are in alpha or beta status.

bo.elam · 15. Sep 2010, 05:17 PM

Its great that we now have more options for virtualizing applications but
I can not see any reason why to use something like Jaunte instead of
Sandboxie, since is easier to use and if the application installs Sandboxed,
then you can be sure almost 100% that nothing will leak to the system.
Ritho, if you can, tell me why I should look at something like this if I use
SBIE for application virtualization and Time freeze for system virtualization.

Bo

Ritho · 15. Sep 2010, 05:34 PM

Well this thread was designed to spawn a discussion about the benefits of using products such as these if any benefits actually exist.

I was mainly wanting to hear other peoples opinions and thoughts on the subject.

I suppose the main advantage I can see is that this type of virtualization would be totally portable, and you could use it on anyones machine without installing Sandboxie.

A secondary benefit might be that because the file systems and such are also virtualized for these apps it might protect you if you are using a computer that is infected with malware that spys on your browser use age. I am not sure whether this would be true or not. It would be interesting to test, but I don't no how to go about it. Perhaps someone like ako would be able to test something like that.

bo.elam · 15. Sep 2010, 06:47 PM

The benefits are very easy to weight because when the application is
virtualized by Sandboxie, and hopefully by these other apps, it is isolated
from the rest of the system and when you delete it, all changes are gone
without affecting the real system, not making permanent changes to it.
Last night I installed SAS using Time freeze and after scanning, I just did
a re boot and everything was gone, nothing remained of the program.
To me, and I am no expert, virtualization is the way to go and even though
it should not replace the Anti virus in the PC, it should be added as a layer.
I have been using SBIE for almost 2 years and since, nothing and I mean
nothing has gotten thru, SAS has not even detected a cookie when I scan
with it. Scanning(full/complete) my computer has become very rare and
that is because virtualization works.
I think everybody should start using some type of virtualization and is good
that, there are more available now than a couple of years ago. They not
only will keep users safe but are fun and easy to use.
Bo

eyeb · 19. Sep 2010, 08:08 PM

I use Jaunte in order to keep the system clean/portable apps. I use it with firefox for same reason with the security issue as an added bonus. Remember Jaunte is made to sandbox programs to keep system clean, the security of it is something that came as a result. Sandboxie was developed with the goal of sandboxing for security. I think Jaunte doesn't lose to sandboxie in terms of sandboxing but because it was developed with a different goal, Jaunte cant be "harddened" or restricted. Not to say that this cant be accomplished but it requires using Jaunte with other tools to do this. But I like not having to install sandboxie when I want a sandboxed browser on a computer that isn't mine.

I've tested cameyo and it doesn't seem that great yet but it is in development. Aside from sandboxie/jaunte for virtualization, I'd probably just use virtualbox for complete os sandboxing.

edit: I've tried boxedapp before as well, and I wouldn't say it is made for sandboxing because it packs files/registry into a single .exe but it doesn't allow for changes to those files afterwards. You could accomplish this using the SFX on 7z or winrar

Awgeewhiz · 20. Sep 2010, 12:49 AM

If virtualization is so safe and secure, why have not OS makers like Microsoft and other just make it a feature of the run time system?

Or an add-on option?

bo.elam · 20. Sep 2010, 02:32 AM

Quote:

Originally Posted by Awgeewhiz

If virtualization is so safe and secure, why have not OS makers like Microsoft and other just make it a feature of the run time system?

Or an add-on option?

Maybe they will, someday. After you use it for a while, you realize that
it works and that everything that you read about it is actually true.

Bo.

MidnightCowboy · 20. Sep 2010, 09:30 AM

Quote:

Originally Posted by Awgeewhiz

If virtualization is so safe and secure, why have not OS makers like Microsoft and other just make it a feature of the run time system?

Or an add-on option?

Imagine the cost in terms of lost jobs and other economic considerations if there was no need for PC security?

wdhpr · 20. Sep 2010, 11:19 PM

Quote:

Originally Posted by Ritho

After reading this thread where Jante PE is mentioned, it got me to thinking about some other application virtualization products, and their possible use as a security products because they use sandboxing technology or something similar.

There are several very expensive application virtualization products on the market such as ThinApp, boxedapp, xenocode, and others that package installed programs into viritualized packages that then can be run on any machine without installation.

For years I used the free SVS (Software Virtualization Solution from Altiris now owned by Symantic) to capture programs into layers. It was one of the free solutions for this type of virtualization. However with early versions at least SVS could easily leak to the base system so it was of no real use for security. Athough Altiris had done some work on that aspect of it, and perhaps Symantic has continued work on that in its SWV product but I am not sure.

Jaunte PE is designed to do a similar thing, but there are a few other very new freeware products with similar capabilities.

Cameyo
Evalaze

Note: I believe all of these are in alpha or beta status.

Question

I went ahead and downloaded and installed Cameyo, seemed to work better on my computer.
Anyway By creating a package of a virtual application cant it write information to my hard drive and if it can, how can this still protect my system.
Thank you in advance

Wdhpr

eyeb · 21. Sep 2010, 01:32 AM

cameyo is suppose to sandbox any writes from it... but from what I can tell, it doesnt work

15. Sep 2010, 03:27 PM	#1 (permalink)
Ritho Foundation Editor Join Date: Apr 2008 Location: Planet Earth Posts: 1,391	Program Virtualization As Security Solution After reading this thread where Jante PE is mentioned, it got me to thinking about some other application virtualization products, and their possible use as a security products because they use sandboxing technology or something similar. There are several very expensive application virtualization products on the market such as ThinApp, boxedapp, xenocode, and others that package installed programs into viritualized packages that then can be run on any machine without installation. For years I used the free SVS (Software Virtualization Solution from Altiris now owned by Symantic) to capture programs into layers. It was one of the free solutions for this type of virtualization. However with early versions at least SVS could easily leak to the base system so it was of no real use for security. Athough Altiris had done some work on that aspect of it, and perhaps Symantic has continued work on that in its SWV product but I am not sure. Jaunte PE is designed to do a similar thing, but there are a few other very new freeware products with similar capabilities. Cameyo Evalaze Note: I believe all of these are in alpha or beta status. __________________ The smallest good deed is better than the greatest intention.

15. Sep 2010, 05:34 PM	#3 (permalink)
Ritho Foundation Editor Join Date: Apr 2008 Location: Planet Earth Posts: 1,391	Well this thread was designed to spawn a discussion about the benefits of using products such as these if any benefits actually exist. I was mainly wanting to hear other peoples opinions and thoughts on the subject. I suppose the main advantage I can see is that this type of virtualization would be totally portable, and you could use it on anyones machine without installing Sandboxie. A secondary benefit might be that because the file systems and such are also virtualized for these apps it might protect you if you are using a computer that is infected with malware that spys on your browser use age. I am not sure whether this would be true or not. It would be interesting to test, but I don't no how to go about it. Perhaps someone like ako would be able to test something like that. __________________ The smallest good deed is better than the greatest intention.

20. Sep 2010, 12:49 AM	#6 (permalink)
Awgeewhiz Full Member Join Date: Jul 2010 Location: USA East Coast Posts: 94	If virtualization is so safe and secure, why have not OS makers like Microsoft and other just make it a feature of the run time system? Or an add-on option? __________________ I started out with nothing and still have most of it left.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

15. Sep 2010, 05:17 PM	#2 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	Its great that we now have more options for virtualizing applications but I can not see any reason why to use something like Jaunte instead of Sandboxie, since is easier to use and if the application installs Sandboxed, then you can be sure almost 100% that nothing will leak to the system. Ritho, if you can, tell me why I should look at something like this if I use SBIE for application virtualization and Time freeze for system virtualization. Bo

15. Sep 2010, 06:47 PM	#4 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	The benefits are very easy to weight because when the application is virtualized by Sandboxie, and hopefully by these other apps, it is isolated from the rest of the system and when you delete it, all changes are gone without affecting the real system, not making permanent changes to it. Last night I installed SAS using Time freeze and after scanning, I just did a re boot and everything was gone, nothing remained of the program. To me, and I am no expert, virtualization is the way to go and even though it should not replace the Anti virus in the PC, it should be added as a layer. I have been using SBIE for almost 2 years and since, nothing and I mean nothing has gotten thru, SAS has not even detected a cookie when I scan with it. Scanning(full/complete) my computer has become very rare and that is because virtualization works. I think everybody should start using some type of virtualization and is good that, there are more available now than a couple of years ago. They not only will keep users safe but are fun and easy to use. Bo

19. Sep 2010, 08:08 PM	#5 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	I use Jaunte in order to keep the system clean/portable apps. I use it with firefox for same reason with the security issue as an added bonus. Remember Jaunte is made to sandbox programs to keep system clean, the security of it is something that came as a result. Sandboxie was developed with the goal of sandboxing for security. I think Jaunte doesn't lose to sandboxie in terms of sandboxing but because it was developed with a different goal, Jaunte cant be "harddened" or restricted. Not to say that this cant be accomplished but it requires using Jaunte with other tools to do this. But I like not having to install sandboxie when I want a sandboxed browser on a computer that isn't mine. I've tested cameyo and it doesn't seem that great yet but it is in development. Aside from sandboxie/jaunte for virtualization, I'd probably just use virtualbox for complete os sandboxing. edit: I've tried boxedapp before as well, and I wouldn't say it is made for sandboxing because it packs files/registry into a single .exe but it doesn't allow for changes to those files afterwards. You could accomplish this using the SFX on 7z or winrar

21. Sep 2010, 01:32 AM	#10 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	cameyo is suppose to sandbox any writes from it... but from what I can tell, it doesnt work