Sandboxie technical tests and other technical topics discussion thread

CWS, you got infected because you were not browsing sandboxed. For the future, get used to doing all of your browsing and running all of your programs sandboxed and you will not get infected again. Make the words "Trust no program" mean something.

Bo

 

In 2011 I tested a Java malware against Google Chrome; it was able to infect the system. See post #43 in Java runs with different integrity level in Internet Explo. vs. low integrity Firefox.

 

I was wondering if disabling Chrome's built-in sandbox is a good idea for the sake of stability, performance, any potential conflict with Sandboxie, etc.

Pros...

Cons...

TIA

 

Holy Smoke - I was about to ask the very same thing! To expand upon the question, I would like to know if there are any benefits from using Sandboxie to sandbox internet browsing (with Chrome) instead of using Chrome's browser?

 

I asked first on Sandboxie's forums and this is the reply:
http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=20055

 

Hi Bo,

It's been my understanding that just using SBIE to launch your browser is insufficient (in that regard) unless you enable 'Drop Rights' under Sandbox Settings > Restrictions... Is that correct?

Cruise

 

I don't see how that reply addresses the question.

 

For me implicitly answers/addresses the question when Curt from Invincea says disabling it would make his life easier as he and his team have to deal with a lot of issues and struggle even more to adapt the program's code to fix them. Implicitly it's said that Chrome would run with much less compatibility issues, better performance, less errors and poses no security risk whatsoever. Otherwise he would tell me the opposite or make some remarks.

 

Respectfully, I'd rather have definitive answers rather than your interpretation.

 

Hi Cruise, in a PM a few months ago, Curt told me (paraphrasing) that their sandbox (Chrome's) isn't even needed under Sandboxie.

Bo

 

I don't believe using Drop Rights is indispensable but using the setting makes things tougher for malware to escape the sandbox. The setting is an extra hurdle. The only sandboxes where I don't use the setting are sandboxes that I use for testing programs.

Bo

 

Right Bo, but I was wondering if using Sandboxie instead of Chrome's sandbox provided any additional browsing security as compared to using Chrome's sandbox without using SBIE.

 

Yes, that's pretty much my MO, but since I use SBIE mostly for security purposes (together with Shadow Defender) I almost always have Drop Rights enabled. For me, SD provides better 'containers' for testing because it virtualizes the entire system volume (with the app) and also virtualizes my data. The only time I run an app inside Sandboxie for testing is when restarting my computer is inconvenient.

Cruise

 

I believe so. If you browse under Sandboxie, the whole browsing session is sandboxed. For example, if you are browsing the internet and all of the sudden a website that you are visiting starts downloading malware, the malware its contained, if you execute it, the malware might not even run but if it does, the malware runs sandboxed and install sandboxed. After you delete the sandbox, the infection is gone. Chrome its not going to protect you if you click Install. Another one, if you are using your webmail, I don't believe Chrome would protect you if you open an infected attachment (Cryptolocker) and you are using a vulnerable version of Adobe reader but Sandboxie does if you do. Or clicking on an infected Java applet, that's a mistake you cant do with Chrome and get away with it.

Bo

 

I also prefer Shadow defender for testing programs. For testing, what I mostly use Sandboxie for is for trying browsers or plugins, extensions, that kind of programs. I use Sandboxie a lot for temporarily installing plugins when I require them for something, after using them, I delete the sandbox. I like using SBIE that way.

Bo

 

Users don't necessarily get infected because they were not browsing "sandboxed". Not every
one uses a "sandboxed browser" for their security setup and yet they may not get infected.

There are several ways to make your browser more protected and these are discussed here on
Wilders Security Forum. Sandboxing is just one way to help protect browsers.

 

Plugins are sandboxed but if a plugin tries to access PC i.e. tries to, you'll be notified whether you want to allow this: disable sandbox. I have repeatedly written this many times here. And you'll be infected by just download sth and open it, not necessarily execute.

Yes.

No need to be naive to be fooled by social engineering. I'd be well fooled if I was attacked by advanced social engineering which often used in targeted attack, and even security experts admitted he's fooled. And I agree to your opinion, everyone can make mistake.

But even in that my poor example, at least he have to always display file extensions (including .pif which will not be displayed even when you unchecked "Hide extensions for known file types" on Win7 or check "File name extensions" on Win and be aware of RLO. e.g. You shouldn't open such name of file "Reports-from-James-PhD-Cantab.pdf".
I personally can't imagine "never download anything" unless he don't use internet or email at all, not to mention even just watching movie or opening document in a browser actually download files in temp folder, I often download documents either from email or browser, sometimes picture & executable, rarely movie & music. So I have much chance of being fooled by social engineering.lol

 

Yup, but I personally hope Chrome dev to make plugin sandbox enforcement default, not interactive.
While browsing SBIEd is quite secure, the reason I gave up making my girlfriend to use SBIEd firefox was recovery mechanism. i.e one more step to make real change (and have to understand what folder to recovery). Maybe I could make special sandbox for her which includes some direct access rules for e.g. bookmarks and USB drive, but I personally don't like the idea or direct access, so rather chose full-automated system for her, no prompt, no knowledge, no interaction.
For my own use, I always use quick recovery.

 

In that time Chrome didn't applied sandbox to plugins, and I even don't know --safe-plugins switch was available (I'm relatively new Chrome user).
Now plugins are sandboxed by default so that switch was removed, but user will get prompt when plugins tried to access PC. You can enforce sandbox (no prompt) through setting.

 

Hi Yuki, I don't like the idea of using Direct access either but I think for your girlfriend, using the setting would work out good if you set her up were only Firefox has Direct access to her Downloads folder. And make two special sandboxes for her, one for her browser (with Direct access to Bookmarks) and one for her downloads. Force the downloads folder and don't Start Run restrict either sandbox too much or at all so she doesn't feel inconvenient.

In my opinion, Sandboxie can be comfortable to use. I pretty much feel that I do everything that I do sandboxed like I would normally do if I was not running sandboxed. And I am not talking about browsing only, I am talking about all the programs that I run sandboxed. By using Sandboxie, I dont trade convenience for security at all. Thats how I feel, get the girlfriend enthuse about SBIE and eventually she ll feel that way.

Bo

 

The good thing about making mistakes and Sandboxie is that deleting the sandbox...erases our mistakes.

Bo

 

So if ALL plugins and Java flash player are ALL now sandboxed by default under Chrome's control, does it mean that Java malware and all other forms of malware and all forms of drive-by downloads (both with and without user interaction, and yes I know you don't need to mention exploits at all, since you already explained everything that needs to be explained) won't be able to infect the real computer system (PC) unless you allow it, since it will prompt you that if it wants to access your PC, which is outside outside Chrome's sandbox?

 

Bo, what about spyware that finds it way into the sandbox - what prevents it from running (while inside the sandbox), potentially stealing personal data?

Cruise

 

Start/Run restrictions and/or blocked access to certain folders in specific sandboxes.