Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 29. Mar 2013, 02:33 PM   #81 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Quote:
Originally Posted by DunkanAidaho View Post
SandBoxie is popular software and malware writers can make trojan that will be able to escape SandBoxie.
Personally, I've never had any malicious software escape the Sandbox and infect my system. Do you have specific examples, or can you point to examples of viruses or other malware that have escaped the Sandbox or Sandboxie to infect a system?

Thanks
__________________
T
Taurus is offline   Reply With Quote
Old 29. Mar 2013, 02:49 PM   #82 (permalink)
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by Taurus View Post
Personally, I've never had any malicious software escape the Sandbox and infect my system. Do you have specific examples, or can you point to examples of viruses or other malware that have escaped the Sandbox or Sandboxie to infect a system?

Thanks
I do not have big malware's archive. That was theoretical thing. Sandboxie is a good software. I know its weakness. I guess I know how to avoid its protection on newer x64 OSes. But I do not want to develop malwares. I do not want to help someone to develop malicious software.
My note was do not think that it's enough to have Sandboxie to protect self against various attacks. Some Users think that it is enough.
Anyway, Sandboxie's author did great job
DunkanAidaho is offline   Reply With Quote
Old 29. Mar 2013, 04:14 PM   #83 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,336
Default

Quote:
Originally Posted by DunkanAidaho View Post
I know its weakness. I guess I know how to avoid its protection on newer x64 OSes. But I do not want to develop malwares. I do not want to help someone to develop malicious software.
It's good that you don't want to help people with malicious intent. But, if you have discovered vulnerability in Sandboxie, why not write to its developer about it, and inform him? It will help in keeping the product secure.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 29. Mar 2013, 06:15 PM   #84 (permalink)
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by Anupam View Post
It's good that you don't want to help people with malicious intent. But, if you have discovered vulnerability in Sandboxie, why not write to its developer about it, and inform him? It will help in keeping the product secure.
I think he knows it. I read info on his site that some his components are not so strong on 64bit OSes. It is hard to solve all security issues for sandbox or firewall software. In additional I have limited ability to share my ideas because I can be involved in other secure projects.
P.S.
I do not know firewall that does not have leaks on 64-bit OSes.
But I am sure that good HIPS software (on your choice) + SandBoxie is not bad thing
DunkanAidaho is offline   Reply With Quote
Old 29. Mar 2013, 06:23 PM   #85 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by DunkanAidaho View Post
I guess chances to have BSOD from SandBoxie's driver or firewall's driver are the same. SandBoxie is popular software and malware writers can make trojan that will be able to escape SandBoxie. Also, you can be infected via flash drive, CDROM or software that you download from internet. I think you do not run all software inside SandBoxie (e.g. installers)
Hi Dunkan, chances of getting a BSOD because of the Sandboxie driver are slim, the rare times that I seen people get one after installing Sandboxie is due to a conflict when they use too many security products at the same time. In my case, after four years of using Sandboxie, I never gotten one.

I don't know if you are aware but you can open USB drives, CDs or DVDs sandboxed. To do that, all you have to do is run a sandboxed Windows Explorer and use it to navigate to those drives. There are multiple ways how that can be done. You can even create a shortcut for the sandboxed Windows Explorer and place it on your desktop or taskbar to make it easier to open one. Doing that works great for the free version.

Myself, I run all programs and files in a sandbox but most people using the free version are not going to do that even thought it can be done. So, for them and most users, using an antivirus like MSE along Sandboxie works great. In my opinion, that's enough protection as the antivirus takes care of known threats while Sandboxie can handle the ones that are unknown to the AV,

In my case, the only files that I download from the internet that are not run sandboxed are installers. Over the past two years, I only installed one new piece of software in my computer when I decided to switch the light virtualization program that I use. So, new installs don't create problems for me.

Using SBIE on its own is not for everybody, for example, if a user do a lot of new installs or the computer is shared, then definitively that user should have additional security, like using MSE along Sandboxie.

Bo
bo.elam is offline   Reply With Quote
Old 29. Mar 2013, 06:33 PM   #86 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Quote:
Originally Posted by DunkanAidaho View Post
I think he knows it. I read info on his site that some his components are not so strong on 64bit OSes. thing
Hey Dunkan, lets talk real world situations. Do you know of anyone that has gotten infected (while using SBIE), that uses a 64bits machine? I mean anyone, that you know personally or that you found him reporting an infection in the internet. I am talking about real infections, not theories.

Bo
bo.elam is offline   Reply With Quote
Old 29. Mar 2013, 06:35 PM   #87 (permalink)
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by bo.elam View Post
Hi Dunkan, chances of getting a BSOD because of the Sandboxie driver are slim, the rare times that I seen people get one after installing Sandboxie is due to a conflict when they use too many security products at the same time. In my case, after four years of using Sandboxie, I never gotten one.

I don't know if you are aware but you can open USB drives, CDs or DVDs sandboxed. To do that, all you have to do is run a sandboxed Windows Explorer and use it to navigate to those drives. There are multiple ways how that can be done. You can even create a shortcut for the sandboxed Windows Explorer and place it on your desktop or taskbar to make it easier to open one. Doing that works great for the free version.

Myself, I run all programs and files in a sandbox but most people using the free version are not going to do that even thought it can be done. So, for them and most users, using an antivirus like MSE along Sandboxie works great. In my opinion, that's enough protection as the antivirus takes care of known threats while Sandboxie can handle the ones that are unknown to the AV,

In my case, the only files that I download from the internet that are not run sandboxed are installers. Over the past two years, I only installed one new piece of software in my computer when I decided to switch the light virtualization program that I use. So, new installs don't create problems for me.

Using SBIE on its own is not for everybody, for example, if a user do a lot of new installs or the computer is shared, then definitively that user should have additional security, like using MSE along Sandboxie.

Bo
Hi Bo,
I agree with you.
This schema should work good in your case.
DunkanAidaho is offline   Reply With Quote
Old 29. Mar 2013, 06:47 PM   #88 (permalink)
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by bo.elam View Post
Hey Dunkan, lets talk real world situations. Do you know of anyone that has gotten infected (while using SBIE), that uses a 64bits machine? I mean anyone, that you know personally or that you found him reporting an infection in the internet. I am talking about real infections, not theories.

Bo
I do not know people who was infected while using Comodo, Tinywall, Online Armor and so on But that does not mean that it is impossible. In real situation chances to get infection are low even on any not protected system.
DunkanAidaho is offline   Reply With Quote
Old 29. Mar 2013, 07:31 PM   #89 (permalink)
Member
 
Join Date: Mar 2013
Posts: 14
Default

As option browser inside Virtual Machine (e.g. free VMPlayer) can be used for safer internet browsing
In this case 'Unity', Suspend / Resume features are useful
Disadvantage: it is not comfortable for usage
Advantage: Kernel Patch Protection does not decrease protection abilities of software. Seems VMPlayer has anti-keylogging features
DunkanAidaho is offline   Reply With Quote
Old 12. Apr 2013, 05:11 PM   #90 (permalink)
Senior Member
 
eyeb's Avatar
 
Join Date: Sep 2010
Location: Planet X
Posts: 887
Default

Anyone else notice a dllhost.exe keep opening up in their sandbox? I noticed it after this week's windows updates :S

edit: nvm, it was my firefox profile, no idea what caused it though but i restored an older one

Last edited by eyeb; 12. Apr 2013 at 05:16 PM.
eyeb is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 02:04 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.