Swordfish_
August 1st, 2008, 11:38 PM
First things first - that's my first post here - so Hello :)
is there any good alternative for SandboxIE?
Actually, sandbox is the last thing that's missing from my 20-program ;) security config, so now I am wondering which one(s) should I focus on...
I mostly need it for my p2p applications - yesterday, just because of being bored, I launched CurrPorts - and it showed me a lot of connections, where the program column was flagged as "unknown". What's interesting - there were also a lot of connections on the same ports flagged as "uTorrent". So - my point is - why some of the UT connections are visible from the CurrPorts "perspective" (in the sense, that CurrPorts sees the actual program) and some are not (in the sense that program is "unknown")? Is it just an innate characteristic of this program (or maybe a flaw in CurrPorts), or maybe it's something that should never happen?
Even more - after launching Process Explorer and terminating UT - CurrPorts still showed these connections (TimeWait mode). So, I rebooted - and now everything is going fine (connections that CurrPorts shows make sense - but now UT as well as any other p2p app is shut down).
So, my first idea - IF a p2p app would be compromised (which, on the other hand is unlikely in my case now, but, all things being the same, it just sparked some controversy in my mind - just some "what if?" questions), would sandbox (of course used in a layered security configuration) contain the leak (by this I don't mean downloading any malware/spyware/whateverware but more exploiting the vulnerability of the p2p app code holes) ? If not - then what? Applying some strict HIPS rules?
Or maybe just another approach?
Best Regards,
Adam
is there any good alternative for SandboxIE?
Actually, sandbox is the last thing that's missing from my 20-program ;) security config, so now I am wondering which one(s) should I focus on...
I mostly need it for my p2p applications - yesterday, just because of being bored, I launched CurrPorts - and it showed me a lot of connections, where the program column was flagged as "unknown". What's interesting - there were also a lot of connections on the same ports flagged as "uTorrent". So - my point is - why some of the UT connections are visible from the CurrPorts "perspective" (in the sense, that CurrPorts sees the actual program) and some are not (in the sense that program is "unknown")? Is it just an innate characteristic of this program (or maybe a flaw in CurrPorts), or maybe it's something that should never happen?
Even more - after launching Process Explorer and terminating UT - CurrPorts still showed these connections (TimeWait mode). So, I rebooted - and now everything is going fine (connections that CurrPorts shows make sense - but now UT as well as any other p2p app is shut down).
So, my first idea - IF a p2p app would be compromised (which, on the other hand is unlikely in my case now, but, all things being the same, it just sparked some controversy in my mind - just some "what if?" questions), would sandbox (of course used in a layered security configuration) contain the leak (by this I don't mean downloading any malware/spyware/whateverware but more exploiting the vulnerability of the p2p app code holes) ? If not - then what? Applying some strict HIPS rules?
Or maybe just another approach?
Best Regards,
Adam