I‘m wondering if I’m missing the point in the empty the buffer zone function. I launched IE outside the buffer zone and cleared the cache, all offline files, history, cookies etc. I then launched it within bufferzone, verified cache was clean and then did a fair amount of surfing. After a while I then looked at the cache and as expected there were lots of cookies, images,etc from all the sites I’d visited, etc.

I then used the empty bufferzone option and selected registry and files and would have expected that the IE history and the cache would have been emptied. Well the IE history was cleared but all the site cookies and graphics from visited pages were still there? I opened IE outside the buffer zone again and the cache from my surfing from within the bufferzone was all present and I was expecting it all to be cleared?

Anyone else found this? Or I have I misunderstood Buffer zone?

Hello

I have used the latest Home version for approx. 2 months now and out of concern with your post, i did an experiment myself using IE6, Firefox 2 and CCleaner.

Firstly, i cleaned the Bufferzone and disabled it via the tray icon. Then i ran CCleaner twice. Opened IE6 and went to 10 websites and clicked a link on each site and also ran 2 video clips!. Exited IE6 and opened CCleaner and the entries took up most of the screen. Ran it twice again. Next, i enabled Bufferzone and repeated the process, same websites, same links. Closed IE and cleaned the Bufferzone. Ran CCleaner and nothing was present. Enabled View Hidden files and folders and could not find anything from these browsing sessions.

I then repeated this same procedure with Firefox and disabled 'clean on exit'. And achieved the same results. If you don't have it, install CCleaner(without toolbar) and try what i just did. Let us know the results.

Do you recall if you had emptied your Temporory Internet files etc. since install of BufferZone?

I have been using BufferZone {free} for IE since September'06 and did not 'clean' until the end of December,
which seemed to 'choke' BZ version 1.90 :o

Removed 1.9 and installed version 2.10 and have used BZ 'clean' (with all checks) several times and did see one instance where a stack of IE cookies remained inside my Temporary Internet Files Folder (with no red border). I have since used CleanUp (http://www.stevengould.org/software/cleanup/download.html) and deleted Cookies, Temps and Prefetch, those cookies are all gone now and no others have appeared. Could those have been 'left-overs' from before my v2.10 install?

My BZ's 'Red Border' Folders do not contain a thing from prior to last 'cleanBZ' and all IE cookies are within Red Border Folders.

I use an un-BZ'd Firefox over 99% and never open IE outside BZ, but do you suppose IE could have retrieved files from your Temporary Internet?

I use CleanUp (http://www.stevengould.org/software/cleanup/download.html) but perhaps any removal of your non-BufferZone Temporary Internet Files would prevent that.

The "CCleaner" (http://www.ccleaner.com/) that tobacco referred to has been well spoken of on many sites lately and would likely be a superior tool than my old CleanUp.

I didn't actually disable BZ in systray, I just opened IE outside of BufferZone. I'll try again by disabling it when I do the initial cache clean.

I do use CCleaner but on the test partition I hadn't installed it but I will to ensure a thorough cache clean.

I'l report back how it goes.

I tried a clean install of bufferzone and launced IE6 that had a completely clean cache. Browsed a few sites and checked the cache had lots of cookies and jpgs etc. I used the empty bufferzone button and all it seemed to do was remove the history. The whole cache of cookies and web pages, jpgs etc were still there.

I disbled protection and launched IE6 without bufferzone protection and the cache accumulated from within bufferzone was still there.

Unless I'm missing the point, this is a bad bug as I am able to launch a non-isolated browser session that can still access a cache that may well contain malware obtained during a 'protected' bufferzone surfing session?

This makes me realise and appreciate what a good program sandboxie is !!

See this Wilders post (partial text below): (http://www.wilderssecurity.com/showthread.php?t=161629)
-{ Quote: "....just ran BufferZone’s ‘Empty’ and left all my temps in place, then a system scan showed that absolutely all those ‘tracking-cookies’ were gone with no additional CleanUp of temps needed.

BufferZone’s Virtual contained 0 bytes, 0 Files and 23 empty Folders and my Red Bordered C\Documents\...\Cookie Folder has just one file; INDEX DAT modified on ‘Empty’ time." }-

Also see that I had seen a problem similar to what you are describing with BZ Version 1.90. BZ 2.10 is working perfectly for me now.

No doubt that different combinations of Security Software will react badly and this is why it is fortunate to have a choice.

I am a believer in the 'Layered Security' approach and for My System, SandboxIE allowed malware to jump out of the 'box' and disable my AntiVir.

This does not mean that SandboxIE would not be a better choice for Your Particular Setup. :)

On my system BZ 2.1 is still leaving my IE6 browser cache intact even after emptying the bufferzone. I notice that the IE cach created in the red bordered folders under C:\Virtual are removed but the actual browsing cache is still being created and stored in the standard IE6 cache location (C:\Documents and Settings\username\Local Settings\Temporary Internet Files) and none of these folders are red bordered so they remain intact after cleaning.

I have tried the same test with Firefox v2 and the complete cache is cleared completely when emptying the bufferzone. Oh well, I prefer FF anyway so this isn't a big issue for me.

Thank you for the above information.

My C:\Documents and Settings\username\Local Settings\Temporary Internet Files Folder was full after running BufferZone Empty.

Ran CleanUp and it was down to just four very old files, opened IE inside BufferZone and it filled right back up. (Saw no cookies.)

What solves this best for me was to open IE Internet Options and add a check on the

-{ Quote: "[ ]Empty Temporary Internet Files Folder when Browser is closed." }-

This instantly resulted in a completely empty Temporary Internet Files Folder upon closing IE (without 'empty BufferZone' being done).

Did the same with 'History' and they are now empty as well.

I only feel that I need BufferZone for my 'low privacy' IE required operations and run Firefox with all its security extensions enabled but never sandboxed.

Don't see any Temporary Internet from Firefox, the 'History" icon opens Firefox History, but don't know where it is stored, there is a Firefox Cache with 40MB in 468 files.

For cleaning I'm quite happy with CCleaner rather than using BZ but I was more focussing on what I believe to be a short coming in BZ by allowing the IE6 cache to be created in the real location rather than the virtual one - seems a bit odd.

I'm the same, I don't know where FF stores it's cache but I do know that all history and cookies are removed by BZ, but I need to check if the actual cache is removed also.

I'm trying to reproduce this again in IE6. Could you please list again the exact paths where you are finding things that haven't been cleaned?.

As for firefox, open it and make sure that clean on exit is 'Not' checked. Then in the address bar, type in about:cache This will show what is not only in memory but also cached on the disk. Surf a few sites and then close and empty the Bufferzone. Open firefox and enter about:cache again. You should only see entries from whatever page firefox opened to.

-{ Quote: "...where FF stores it's cache...need to check if the actual cache is removed " }-Type about:cache into address block.

see this page; http://kb.mozillazine.org/Browser.cache.disk.parent_directory

You can also enter (in address box) for more detail:-{ Quote: ""...
* about:cache?device=memory — Lists memory cache entries.
* about:cache?device=disk — Lists disk cache entries.
* about:cache-entry — Shows information about a cache entry. Used in about:cache links. Requires parameters. " }-more from here:http://kb.mozillazine.org/MozillaZine_Knowledge_Base:Searching
____________________________________

@ tobacco,

From my BufferZones IE visit to excite.com IE Temp was empty, but I found 20+ in

C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files

things like "getSponslinksAuto.js" or "doubleclicks..." "GIF's" "JPG's" "HTM's" "JSP's" "JScript Script File's"

(I am not even allowed to copy from that folder and have no idea if they could be of any bad effect.)???

-{ Quote: "I'm trying to reproduce this again in IE6. Could you please list again the exact paths where you are finding things that haven't been cleaned?.

As for firefox, open it and make sure that clean on exit is 'Not' checked. Then in the address bar, type in about:cache This will show what is not only in memory but also cached on the disk. Surf a few sites and then close and empty the Bufferzone. Open firefox and enter about:cache again. You should only see entries from whatever page firefox opened to." }-

Hi tobacco, the exact path I'm referring to is the same as the one Pilotart has listed
C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files

I believe this is the normal location for IE6 cache so I would expect that IE6 wrapped by BZ should not be writing cache to that location but only to the Virtual one?


Thanks to you and Pilotart on the tip for checking FF cache. I'll give it a try later.

I use Outlook (2002) for my Email Service and also have Outlook retrieve my Hotmail.

Opening Outlook and downloading regular Email does not create anything in
-{ Quote: "C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
" }-however accessing 'Hotmail' does create two or three HTM files in that folder, opening one Email (from HP in HTML) adds 30 'GIF's and 3 'JPEG's
a subsequent visit to a BufferZoned IE 6 adds additional files. edit:- Looking at an Outlook Email (html w/ graphic) also adds files.

Opening with a "about:blank" adds one 225Kb CAB file for ImageShack in the Un-BufferZoned Temp IE Folder (along with its 492Kb DLL within 'Virtual' Folders).
Going to excite.com adds many more, but these are not 'cookies' but rather they seem to be graphics to make your next opening faster.
I do not have any 'speed your internet' as I prefer a fresh load every visit.

My BZ Virtual Folders also have a Temporary Internet Files Folder, why can't BufferZone limit the BZ'd IE to that Folder (it does not 'empty on close' but that would be Ok).

Firefox does not seem to use the Temporary Internet Files Folder at all and my 'BufferZoned" Internet Explorer 6 is now set to empty the Temp on close.

If Outlook is open when I close IE, it does not empty the folder, but if Outlook has been closed, then closing IE succeeds in clearing the Temp Folder.

I am not qualified to comment on any possible dangers from BufferZone allowing Internet Explorer to add to my non-virtual Temporary Internet Folder,
but it certainly raises the question for 'security experts' to address.???

I agree. I tried FF cache and have been able to ascertain that the FF cache is populated only in the virtual FF cache folder and not the original one and is emptied successfully when emptying the bufferzone.

There certainly seems to be some sort of limitation or bug when using BZ with IE6.

I have also re-created this issue with IE6 which i hadn't noticed before as i rarely use that browser. I have reported this issue to the developers and will let you know when i hear something.

Thanks a lot tobacco

Thanks to q1aqza for noticing and posting about this *apparant hole* in the BufferZone, as well as for tobacco's research and assistance.

Had been of concern to me (only use BZ for my IE6) as there had been a post on the AntiVir Forum (http://forum.antivir-pe.de/thread.php?threadid=17338) listing a dozen "...
AntiVir has detected 'TR/NoClose.R' in the file C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\X8T5FTHR\mc-dubs2[1].htm ...'s

I had first tried C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
(from right-click - BufferZone) Confidential: - hide from BZ as well as Forbidden: deny all access.. with no effect.

Then I went into Local Security Settings and "Disallowed" C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
which kept Outlook from writing to it, but not the BZ'd IE.:gack:

Went back to Administrative Tools and removed that entry, made no other changes; but???

Now I have a different "...C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPZROLKA... etc. etc. etc.
or a similar structure as was seen within the 'Virtual Folders' structure and my BZ'd Internet Explorer is doing nothing that I can see outside of the Virtual Folders. ;D

I will keep a lookout and report any actions seen beyond the Virtual structure. :lurking:

-{ Quote: "Thanks to q1aqza for noticing and posting about this *apparant hole* in the BufferZone" }-


I've received a response from Bufferzone after asking them to check into the findings in this thread and have been assured that it is not a security breach or bug. Instead of summarizing, i will quote the responses.


-{ Quote: "Sorry for the delay with the IE temp files answer

We allow writes only to the index.dat file, the actual temporary files are written to C:\virtual\...

The Explorer window does not show the actual file listing – but it shows the content of the index.dat file. " }-


I then asked if this is a security risk!


-{ Quote: "The answer is that this is a tradeoff between security and usability. The entire system interacts with the index.dat file and some system services (and as a result, IExplore) would not function properly if the index.dat file were virtualized.



Since the index.dat file only contains references to other files (which *are* virtualized), there is no security risk resulting from not virtualizing this specific file, in favor of a healthy, usable Internet Explorer." }-

So i will accept that unless someone more knowledgeable than myself shows me different.

Thanks tobacco.

I'm still a little sceptical as I'm sure I saw all the jpgs and gifs etc all listed in the normal IE folders. Also, if the main files are virtualised why don't they clear when the buffer zone is emptied and the index.dat updated accordingly?

I'll have another look at this when I am at home.

-{ Quote: "(on January 28th, 2007, 01:13 AM)
Thanks to q1aqza for noticing and posting about this *apparant hole* in the BufferZone, as well as for tobacco's research and assistance.

...............

Then I went into Local Security Settings and "Disallowed" C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
which kept Outlook from writing to it, but not the BZ'd IE.:gack:

Went back to Administrative Tools and removed that entry, made no other changes; but???

Now I have a different "...C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPZROLKA... etc. etc. etc.
or a similar structure as was seen within the 'Virtual Folders' structure and my BZ'd Internet Explorer is doing nothing that I can see outside of the Virtual Folders. ;D

I will keep a lookout and report any actions seen beyond the Virtual structure. :lurking:" }-Have been carefully watching that non-virtual Folder that had previously been collecting all those jpgs and gifs etc. -{ Quote: "C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
" }-The above structure had changed (itself) following my 'went into Local Security Settings and "Disallowed" and later removed that entry, on my next look the structure of
C:\Documents and Settings\{user}\Local Settings\... had been considerably modified.

There is now:
C:\Documents and Settings\{user}\Local Settings\Temp\Temporary Internet Files\Content.IE5\03K26VEP (plus \30YGOZFD, \87VUNAKR and \GPZROLKA)
The above Folders now contain all of my Outlook and MediaPlayer temp files.

Below this I now see another set of Folders:

C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files\Content.IE5\CDOWYEW5 (plus \GL0ZPXQC, \QYVVD4U9 and \W6054J2X)

This Folder (without the ...\Content.IE5\...) had been where Outlook had been previously storing temps before and also where my BZ'd IE had been adding the jpgs and gifs etc.. [Content.IE5] contains index.dat (208Kb) modified today, but last accessed on the 28th and desktop.ini modified 26th and last accessed on the 28th. This is all that has been seen within those folders since 28th of January.

______________________________________________

On January 30th, I had to enroll in an FAA required recurrent training course (chose www.americanflyers.net) and after having their Tech Support telephone to assist me, found that I had to use IE (or Netscape), but not Firefox (or Opera) ??? and I guess they need activeX or something::) to 'monitor' your study habits.:lurking:

She also had me go into ControlPanel/internet and further open IE's cookie habits.

After five instances of needing to copy/paste video URL's in MediaPlayer 11, the sixth popped up a BZ "first operation" and they now open directly within BZ. (Adobe 8's PDF's also open within BufferZone.)

Now I found that I needed to open IE's Tools; internet options... Temporary Internet Files [Settings] and increase "Amount of disk space to use" (for the BZ'd videos).

When I click on that [View Files], there first pops up a BufferZone box that says "VERCLSID is Protected by BufferZone" and then a Folder:
C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
but within BZ's Red Border, containing the BZ'd temps.
Opening the non-virtual Folders, shows no changes in content.

The ability to enter www.americanflyers.net's training program with a 'clean' IE and know that any interaction with their server will be limited to what is within BufferZone is comforting.:-* (As well as knowing that no other 'cookies' exist.)

I have limited my InternetExplorer for past three days, to www.americanflyers.net and training links within their "CFI Renewal Course" and I will not 'empty BufferZone' until after graduation.

Trying to accomplish this training within Sandboxie's crashing (on my system) or using a "return to.." application like Power Shadow (http://www.wilderssecurity.com/showthread.php?t=161735) (GoBack would accomplish that and allow recover of any recent files wanted) would not work for me at all.
___________________________________________________

I had mentioned on Thread; Which? Sandboxie, BufferZone Home or DeepFreeze (Which? Sandboxie, BufferZone Home or DeepFreeze)
that Windows Update as well as install of MediaPlayer[11] had been sucessful within BufferZone (had acted as 'trusted' and did what was needed outside BZ) but have now seen that MS Office Update must be done within an un-BZ'd IE.

At least it can be 'clean' prior to "Disable protection" and I was able to move the downloads out of Virtual Folders before Cleaning BZ, saving some 35MB re-download. (13 updates).

Guys,

Our previous versions indeed avoided the Temporary Internet Files directory, for performance.
In our upcoming 2.50 version however, we improved performance a lot and therefore removed the exception on that directory.
Now everything goes into the virtual tree. The only exception is the "index.dat" file (which only contains data indexing info, not files -- so no risk / burden whatsoever).

Btw, you seem to be very quite knowledgable of the product. You're welcome to join our current 2.50 Beta program:
www.trustware.com/virtualization/beta.html

Eyal Dotan
Trustware

Hi, nice to see BZ people here.

BZ 2.5 beta failed against XP Killer trojan, I have posted over ur forums.
I have seen that with many new versions something is broken that was fixed in previous version, examples are KillDisk virus and Martin,s Undetectable KeyLogger.

Also the delay in browser launch must be reduced, that,s the main concern for me.

I just want to say that the concept looks really great but I´m afraid that BZ slows the system down considerably, it´s a major resoure hog. And I don´t think that it plays well with other security software. If BZ could be made more lightweight (like Sandboxie) I would certainly consider to buy it. ;)

hello,

I signed up for the beta program Bufferzone 2.50.
However I never got a reply and I'm still waiting.
But I want to see if they really improved (the performance of) their product so I can decide to buy this program or buy another.
Can anyone help me get the beta to test?
Would be highly appreciated. ;D

http://www.trustware.com/beta/BzProBeta.msi

-{ Quote: "http://www.trustware.com/beta/BzProBeta.msi" }-


Thnx ! :thumb: :thumb:

Installed the beta version 2.50.17.
Indeed all temp(internet) files are now also in the sandbox (that's good).

However, when surfing I normally "disable protection" to save a bookmark (works fine in the 2.10.37 version). When I try this now it asks me whether or not I like to keep the "untrusted" program (Firefox). When I decide to keep it (because I want to save the bookmark permanently) the system shuts down "NT Authority/system : DCOM server process launcher terminated unexpectedly".
When I try this with Avantbrowser, Avantbrowser freezes, no system shutdown.
When trying this with IExplorer 6.0, IExplorer crashes, no system shutdown.
All in all, not a good sign.

Another option is to "surf out of the Bufferzone" this is no option (for saving the bookmark) as it opens a new browser ;-(
Furthermore I think when offering an option it should not crash your system (at least).

Anyone having the same problem(s) ???

That's why they call it "beta" :)

I just had a frozen Firefox when I tried to remove it from BufferZone, while it was open
and TrustWare said they were aware of that 'bug' and would fix it.

One easy way to save bookmark/bookmarks/Favorites etc. is to just open that "Virtual" Folder
and do it from there before "Cleaning" BufferZone.

A careful watch has seen no Temporary files created out of 'Virtual' tree for two months now in version 2.10-37
Only tested beta 2.50-17 for a week, but it was fine in that respect as well.

Murr's Board> Sandbox/Virtualization> BufferZone> New Beta page (http://www.murrsboard.aorax.com/index.php?topic=7.msg303#msg303).
_______________________________________________________________________________________________

Only "System Slowdown" seen is on FIRST open (while Bufferzone creates "Virtual Folder Trees")
and on Browser, following BZ-Clean.

Thnx Pilotart for the link to the "New Beta page" 8)

-{ Quote: "That's why they call it "beta" :)" }-
I understand, but I was curious if someone had the same issues.

I really like the program.
I used Virtual Sandbox (Fortres) before. After doing some test this BZ came out as most "bulletproof".:lurking:
VS had some issues keeping the trojans in..

VS is not good at all. The worst of all sandboxes I have used.

I tried the last few days a few sandbox/virtual/HIPS progs.
They all claim to be secure.
Greenborder and Bufferzone offer tests to prove you are "unsafe" and should buy/install their software.
Greenborder has a "thourough" testprogram passing all it's own tests (of course :dry:) however if you test Greenborder with the simple trojan test from Bufferzone it's seems to be "leaking".
This also goes the otherway around.
What does this tell me ?
The test are fake ? (they only check if you installed their software, if so it passes all tests)
Or the software is very dependend on how/which test you perform ?

BTW: I performed the Greenbordertest/ (http://www.greenborder.com/test/)
and the Bufferzone test (http://www.trustware.com/virtualization/Bufferzone_proof_of_concept.html) on several programs:
1. GesWall 2.51- GBtest: failed (on all accounts, warned however in orange for security breach)
BZ test : failed
2. Sandboxie 2.80 - GBtest: failed (passed Stealing Passwords, Remote Control by Botnets)
BZ test : failed
3. Bufferzone 2.50 beta - GBtest: failed (passed Stealing Files, Stealing Passwords)
BZ test : passed
4. Defensewall 2.0 beta - GBtest: failed (just warnings)
BZ test : failed (warnings)
5. Greenborder - GBtest: passed
BZ test : failed

All in all, virtual/HIPS is not enough you still need good antivirus/firewall soft ?
.

Ur reslts are probably wrong.
GW will pass BZ test if u make all of my documents folder confidential. GB test is buggy.
Moreover, both tests are failed by many mainly in areas of privacy that is not the job of sandboxes. If u want to test, try real malware. See the tests of AV comparatives.
BTW, sandboxes don,t replace AV or FW, they complement them.