http://www.hak5.org/episodes/episode-703

The only thing to learn out of that review is that the reviewer doesn't understand the concept of sandboxing, nor how to use Sandboxie. Watching paint dry would have been more educational than that.

Looks like they didn't use Sandboxie properly. For some reason, they started browsing dodgy looking sites unsandboxed. You can tell this because there is no hash symbol in their IE 6 window.

-{ Quote: "The only thing to learn out of that review is that the reviewer doesn't understand the concept of sandboxing, nor how to use Sandboxie. Watching paint dry would have been more educational than that." }-

I will settle for the paint after watching the review :D

i only remember the beginning of the vide(.)(.) :D

I find it hard to believe that I could ever be as annoyed as I was during that cartoon. I keep wondering why everything was referenced to ~ Snipped as per TOS (http://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_1) ~??

-{ Quote: "i only remember the beginning of the vide(.)(.) :D" }-
That's the only bit I bothered to watch,after the cute girl went off and those 2 clowns appeared I figured that at my age I couldn't afford to waste 20 mins of my life watching the rest ;D

and that dude doesnt know how to shave properlly;D
he is not clean cut to be on television:)

Good Grief

-{ Quote: "That's the only bit I bothered to watch,after the cute girl went off and those 2 clowns appeared I figured that at my age I couldn't afford to waste 20 mins of my life watching the rest ;D" }-
After 15 minutes of watching two guys babbling I stopped the video. :ouch:

I want my 15 minutes back. :(

I took Brummelchen's advice and watched only the first 15 perky seconds. Perky means lively right?

-{ Quote: "http://www.hak5.org/episodes/episode-703" }-
sorry to say but that is an incredibly stupid video... :thumbd:

Boring stupid video>:(

-{ Quote: "http://www.hak5.org/episodes/episode-703" }-
And the reason of this post/thread? ???

To show us what crap reviews/tests are floating all over the net? :P

Why the "sandboxie control" was not even running during the infections? :blink: :ouch: ;D ::)

Probably the CRAPPIEST test/review I ever watched!!!

Panagiotis

What a moron, he only needed to empty his sandboxie to remove the "installed" rogue :-X

First 15 seconds of that video is really nice....I gave them 10/10;D ;D

I fall in love with ......that Lady and Comodo :D

If it had been called "How not to test software and bore people to death in the process", I'd probably applaud it.

-{ Quote: "If it had been called "How not to test software and bore people to death in the process", I'd probably applaud it." }-

They are truly Mindless people....I don't know what they waana tell us??? ??? I guess they haven't visited COMODO forum, that's why they made this video.

he just needed to delete the sandbox and he would be impressed by now but i guez he didnt read enough to do or know how sandboxie works;D

did some buddy tested the comodo sandbox with real 0-day malware?

never saw a stupid review unprofessional just like that in my entire l life ;D

admit it you like to see the first 10 minutes of the video;D

-{ Quote: "admit it you like to see the first 10 minutes of the video;D" }-

YES 8)

They have a comments section folks....and no need to register to post. I'm sure they would appreciate some feedback ;D

-{ Quote: "They have a comments section folks....and no need to register to post. I'm sure they would appreciate some feedback ;D" }-

10x for mention it ;D just reply over there :)

Fire the dudes, well, the fella on the left is good for party laughs, so keep him for a bit. We HAVE to keep the girl though, simply because she is hotter tha.....*ahem*, well, look, just keep her. Anyway seriously, what the heck was that? It reminded me of the old "ScreenSavers" program if it was hosted in a frat boy living room by said drunken frat boys. All that video tested was my ability to overcome ADD...it failed.

I guess he took a lot of flack over Sandboxie and in the next episode he spent a few minutes responding.

Basically he acknowledges that it's strong protection, but his issue is with the default configuration, and I kind of see where he's coming from. The default config allows the user to save downloads out of the sandbox to the desktop (where most noob users download stuff to anyway) with just one additional "Recover" prompt. From that point on there is no protection if the download is run, since it is out of the sandbox. Which makes it kind of easy for a user who doesn't really understand Sandboxie to screw things up.

-{ Quote: "I guess he took a lot of flack over Sandboxie and in the next episode he spent a few minutes responding.

Basically he acknowledges that it's strong protection, but his issue is with the default configuration, and I kind of see where he's coming from. The default config allows the user to save downloads out of the sandbox to the desktop (where most noob users download stuff to anyway) with just one additional "Recover" prompt. From that point on there is no protection if the download is run, since it is out of the sandbox. Which makes it kind of easy for a user who doesn't really understand Sandboxie to screw things up." }-


Yeah....But really..

I used Sandboxie in default configuration for years before someone,ssj100,on these forums, took the time to hip me (and others)about its true potential.

Even so,I knew recover from sandbox=all bets off.

That is pretty basic.
Even then,recover-does not equal execute.

-{ Quote: "I guess he took a lot of flack over Sandboxie and in the next episode he spent a few minutes responding.

Basically he acknowledges that it's strong protection, but his issue is with the default configuration, and I kind of see where he's coming from. The default config allows the user to save downloads out of the sandbox to the desktop (where most noob users download stuff to anyway) with just one additional "Recover" prompt. From that point on there is no protection if the download is run, since it is out of the sandbox. Which makes it kind of easy for a user who doesn't really understand Sandboxie to screw things up." }-

I really don't see why things are "screwed up" with the default config. What is Sandboxie supposed to do besides asking whether or not to recover downloads? If Sandboxie is used the way it is meant to, meaning allowing the browser and the browser only to be run inside the sandbox and blocks drive by malware from running because of said config, it did its job. It isn't responsible for what users download themselves and remove from the sandbox.

It's not a Geswall or Defensewall-type application, it wasn't made to be. What the user does outside of it is the user's responsibility alone.

As much as I like Comodo, this review was a crock and was blatantly unfair to Sandboxie.

The reviewers are living proof of the age old truth that you don't have to have a long neck and feathers to be a goose.;D

CT

it is true but people will still make mistakes and wont care about it even if it mean to get infected:)

Hello,

I don't see any problems extracting a downloaded file [.exe, .rar, etc.] out of the Sandbox as long as you don't double-click on it to execute it. The file will be sitting at your Windows desktop or any folder where you downloaded it to.

Although, you need to know for sure from what source you downloaded the file in question. If it is a shady web site, a compromised web site or a site known to post cracks bundled with Trojans, my advise would be not to recover it and just empty the Sandbox unless you are planning to recover it to be run on a VM or else.

Regards,

Carlos

Very unfair to Comodo!

Sorry. I mean't unfair to Sandboxie. This review was a laugh.

@dw426:

"If Sandboxie is used the way it is meant to, meaning allowing the browser and the browser only to be run inside the sandbox and blocks drive by malware from running because of said config, it did its job."


Will all due respect as a Sandboxie user and fan,the configuration you cited my be "the way it is meant to" (be used),yet it is hardly the default setting.

@Dragons Forever:
Freudian slip?
Old habits/battles die hard,eh?

So what are these guys saying, that Sandboxie doesn´t offer any good protection? I´m sorry but I didn´t watch the whole video, was a bit lazy.

-{ Quote: "@dw426:

"If Sandboxie is used the way it is meant to, meaning allowing the browser and the browser only to be run inside the sandbox and blocks drive by malware from running because of said config, it did its job."


Will all due respect as a Sandboxie user and fan,the configuration you cited my be "the way it is meant to" (be used),yet it is hardly the default setting.

@Dragons Forever:
Freudian slip?
Old habits/battles die hard,eh?" }-

Agreed, it certainly isn't the default configuration. But, imho, Sandboxie really isn't worth a crap unless you change the default settings. I didn't use to feel that way, by the way, but I've since changed. That doesn't mean however that it has a problem with download saving. At the end of the day the user has to be the one deciding if the download is safe to commit to the disk, not Sandboxie.

-{ Quote: "The only thing to learn out of that review is that the reviewer doesn't understand the concept of sandboxing, nor how to use Sandboxie. Watching paint dry would have been more educational than that." }-


It's Kevin Rose grade technical analyses. Might as well go to G4TV or zdnet and asks opinions. A little bit of sensationalism with a whole lot of ridiculous fads.

None of them are protected on the windows loader level. There have been POCs on at least sandboxie and bufferzone where the host processes were vulnerable to injection, and jail-break was possible, even after that is patched they need to hide their processes so malware doesn't detect and bail so easily(even trojan-kits by noobs activly detects them currently and bails). IceSword inevertantly jail-broke sandboxie, not sure if they ever fixed it.

Also I don't like how people blindy slander and flame people who question the quality of a product. People I know who have made public proof of concept like for sandboxie were attacked for it both on sysinternals and the sandboxie forums. If you want to ignore concepts of software engineering expect proactive criticism, and resistance/ignorance only makes you look like a incompetent fool.

-{ Quote: "Agreed, it certainly isn't the default configuration. But, imho, Sandboxie really isn't worth a crap unless you change the default settings. I didn't use to feel that way, by the way, but I've since changed. That doesn't mean however that it has a problem with download saving. At the end of the day the user has to be the one deciding if the download is safe to commit to the disk, not Sandboxie." }-


Amen!!,to all said.

-{ Quote: "It's Kevin Rose grade technical analyses. Might as well go to G4TV or zdnet and asks opinions. A little bit of sensationalism with a whole lot of ridiculous fads.

None of them are protected on the windows loader level. There have been POCs on at least sandboxie and bufferzone where the host processes were vulnerable to injection, and jail-break was possible, even after that is patched they need to hide their processes so malware doesn't detect and bail so easily(even trojan-kits by noobs activly detects them currently and bails). IceSword inevertantly jail-broke sandboxie, not sure if they ever fixed it.

Also I don't like how people blindy slander and flame people who question the quality of a product. People I know who have made public proof of concept like for sandboxie were attacked for it both on sysinternals and the sandboxie forums. If you want to ignore concepts of software engineering expect proactive criticism, and resistance/ignorance only makes you look like a incompetent fool." }-


I agree. I also feel that with a properly configured Sandboxie sandbox I feel safe.
(Never mind I also run in ShadowMode of ShadowDefender 99% of the time)

At least for myself,I try not to "ignore" anything,but to evaluate it to the best of my ability,and seek the council of wiser heads,on this Forum.

That said,POC's that seem to defeat Sandboxie concern me.
(Just not very much.)

-{ Quote: "I agree. I also feel that with a properly configured Sandboxie sandbox I feel safe.
(Never mind I also run in ShadowMode of ShadowDefender 99% of the time)

At least for myself,I try not to "ignore" anything,but to evaluate it to the best of my ability,and seek the council of wiser heads,on this Forum.

That said,POC's that seem to defeat Sandboxie concern me.
(Just not very much.)" }-


To me the biggest problem is the fact you can detect a loaded sandbox DLL from a process inside these and as a malware author simply kill your process. Even incompetent trojan authors currently detect sandboxie and a lot of other environments using this method. I haven't seen a malware in 'the wild' yet that breaks out. It'll probably show up in an industrial kit first.

The reason that's important is statistically speaking the common user is going to get frustrated and risk running it on an open local system. Especially since most malware comes in off pirated software and media files that have malicious codec configurations. Sandboxie can easily hide their modules using what they already use for virtualization, the same applies to most of these engines, they don't use hardware virtualization.

thanks, xorrior, I see your point.

-{ Quote: "IceSword inevertantly jail-broke sandboxie, not sure if they ever fixed it." }-
Posted over at SB's forum four and a half years ago by TNT:
-{ Quote: "Icesword is able to execute its driver thereby getting outside the sandbox with ease, only on a system where Icesword itself had been executed OUTSIDE THE SANDBOX before (even though the Icesword executable has been closed), for the simple reason that its driver is still active." }-
SB Forum Discussion (http://www.sandboxie.com/phpbb/viewtopic.php?t=110&highlight=icesword)

-{ Quote: "To me the biggest problem is the fact you can detect a loaded sandbox DLL from a process inside these and as a malware author simply kill your process. Even incompetent trojan authors currently detect sandboxie and a lot of other environments using this method." }-

Solution for Sandboxie:

http://bsa.sandboxie.info/frameb.htm

Not mentioned there because it´s supposed you are using Buster Sandbox Analyzer, you must inject LOG_API.DLL.

http://bsa.sandboxie.info/frame5.htm

Edit Sandboxie´s configuration (open Sandboxie Control -> Configure -> Edit Configuration) and add next two lines to every sandbox you will be using with Buster Sandbox Analyzer:

InjectDll=c:\bsa\log_api.dll

OpenWinClass=TFormBSA

You can use LOG_API.DLL even if you just pretend to hide Sandboxie.

Resuming: To hide Sandboxie use Hide Driver + LOG_API.DLL.

-{ Quote: "IceSword inevertantly jail-broke sandboxie, not sure if they ever fixed it." }-

NO it DIDN'T. You should go back and reread the threads before making a foolish comment yourself.

-{ Quote: "I haven't seen a malware in 'the wild' yet that breaks out. It'll probably show up in an industrial kit first" }- Yeah well the way I look at it is either put up or shut up. I remember reading a post by STEVE in Texas about some active x they designed that completely killed the system, regardless of Sandboxie or any Security software but failed to provide any evidence except to the feds supposedly. (Frickin lol) Whatever.