SRP is not enough, you have to have basic antivirus? Hehe, that's a good one You can try to infect computer with best AV installed or with SRP properly configured, and you'll see which one is more efficient.
I don't deny that. But this thread is specifically about the Chrome sandbox and if Sandboxie can improve on it. Now we're generally talking about files which could be downloaded by any browser, your email client, your RSS app, etc. and if it's wise to run all those applications in Sandboxie. But this is beyond what we were discussing so far.
What I need to explain you every single detail Use your intelligence for a second, how many people download all kinds of stuff not because they want to but because they need to (part of the job and similar), so there are great chances that even most secure websites can contain malicious plugis, exes and etc. which are than downloaded because the user thinks it's the application he/she needs to have for their jobs or whatever-and it happens that this thing they downloaded and run it is malicious-people like you who don't download and run anything, are never going to infect themselves-almost, however those people who download and run those exes and similar, they can run something malicious and the game is over. And I said even those people who barely download and run anything-not even virustotal and similar can recognize, if that sample that my collegue gave me was on the net, virustotal would not recognize it and the story would be over-and every single time you download and run something you are in serious jeopardy, since you cannot trust any website no matter how secure it is and you cannot even trust virustotal 100% no matter how secure it is, since it could contain something that you want to download by the same name and yet it is malicious this is why you need Sandboxie on top of Chrome.
Laugh to yourself smartguy, if you are so smart, than why people do get infected with SRP-not because SRP is secure, because they need to run something to install something-for people like you who don't download and run anything at all, you are safe, but than again you don't need SRP either!!!!
And how many times do I have to point out my first post in the thread? You're stating the obvious as if I have no clue.
Sandbox inside the sandbox is a very bad idea, I already wrote that-it's like having and running an antivirus inside another antivirus-it's a bad idea. All I'm saying is that if you want to run and download something, no web-browser is good for you have to have something to try it in the safe environment-and people download and run everything all the time-this is crucial where Sandboxie is really needed. And yes, for many people to download and run something is a matter of their job or hobbies, they wouldn't just surf and donwload and run anything at all.
They can always upload it to Virustotal or run it in virtual OS. If they don't know what they are running and don't trust the source, no AV will help them. They will get their system infected sooner or later.
I'm not even sure that you understand me-why-because many people do actually download and run anything-hell, the only time I have never been infected and I never used anything to protect myself except the router and Windows firewall was because I didn't download and run anything at all, as soon as I needed to download and run something, I'd get infected even though virus total claimed the file was safe, and no web-browser could have protected me, as soon as I put Sandboxie on my computer I was safe again download/running nasty infections that I clicked and I actually thought they were benign, but they were malicious-it doesn't matter how experienced you are, it does not matter if you are an expert, you can never know if the file you are downloading and running is truly safe/secure/benign, this is why the best thing is to run the file inside Sandboxie to see how truly benign or how truly malicious file is.
But it doesn't matter how trustful the source is I remember I was one time actually downloading avir free and the website actually moved/loaded to another website where fake was shown-thank goodness, I was using Sandboxie-and yes that time I was on Chrome (with its built-in sandbox)-these are the situations I'm talking about. I have already psoted above to others why even virus total is not something you can trust 100%. However, the only true security here is virtual OS-but to be honest I'm too scared to use virtual OS-I'm not even sure how much ram memory I will lost, and also, I don't how to deal with any virtual OS-I'm not expert like Windows Security on these things. In october I'm going to buy completely new, fresh windows 10, and yes I'd like to virtual OS, but I don't know anything how to install and what to use, how to use and etc. This seems to complicated for me, for now.
OK, just wanted to point out that white-listing solutions properly used will usually be more efficient than black-listing. And congrats on your 1000th post
It's clear you're the one not comprehending what I've clearly posted, so any further discussion on this is futile.
Not necessarily. Hackers who manage to bypass Chrome's sandbox without using any kernel exploits, target vulnerabilities in Chrome itself, that doesn't mean that those attack vectors will also work against SBIE. And about "added attack surface", unless I'm misunderstanding, this is only relevant when hackers try to bypass Chrome via flaws in SBIE. While most hackers won't bother trying to do this, since they can use kernel exploits to bypass both Chrome and SBIE.
They are using the same mechanism (or architecture) when it comes to sandboxing, only it's enforced differently. As said before, if Chrome's sandbox is bypassed (by non kernel exploit), malware is still contained by SBIE. From what I've read, even if malware is launched by kernel exploit, it might still be interrupted by virtualization and sandbox hardening features like anti-exe, outbound access control and data protection. So it will have to actively target SBIE to get full control. So this alone makes it worth to run SBIE on top of Chrome.
Before opinions get the better of this thread yet again, I would like more people to give their thoughts on using AppContainer (Windows 8 mode).
No, you are the one who thinks that everything you download, check on virus total, and than run is always 100% safe in 100% cases-that+s where you are dead wrong, just ask those people who download and run things every single day-I know them myself, if there was not Sandboxie for testing, they would be infected, and not even virus total and similar websites can always recognize if something is a malware or not. The whole point of added attack surface is that it is increased every time you install an av, or firewall or anything else-basic security cannot protect you against all the bad things you are talking about, you need additional protections. And that link you gave me(http://www.pcworld.idg.com.au/artic...ducts_riddled_security_flaws_researcher_says/), is all about the bugs and security flaws in avs (av=antivirus/avs=antiviruses) mechanisms/architectures, sure but if everything that is written in that article is true, how come none of this has ever happened yet? That's obviously completely wrong hypothesis-it's better to have security with increased attack urface than to have no security at all and directly rely on basic Windows security mechanisms which is also dead wrong, because it is to unpractical and people no matter how tight they configure their Windows security mechanisms-hypothesis is one thing, the real life/world is completely another thing-there is a huge gap and a huge difference between hypothesis and a real life/world. You simply cannot surf the net all day long/each and every single day, and think that those basic Windows XP, 7, 8, 8.1, 10 basic security settings tweaked on maximum would be able to protect you-sorry but that's not enough especially for those who surf the net all day long, and also those who are downloading and running everything they need for their jobs on their computers-this is what is beneficial using Sandboxie on top of Chrome. However, like I said, I'm definitely against it now, because running one sandbox inside another sandbox is a double-edged sword-this is not about messing up untrusted integrity levels in both Chrome and Sandboxie, because this is simply not true-they both run in all Windows XP, 7, 8, 8.1 on equally low integrity levels (both Chrome and Sandboxie run on untrusted integrity levels), it very simple sandbox inside a sandbox is simply a huge problem and shouldn't be used by anyone at all-if you want to use Sandboxie on top of Chrome, you should simply disable Chrome's own built-in sandbox. Rasheed said it nicely: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-12#post-2510120
And why does not everyone realize these facts? Also, besides Sandboxie protects Chrome's broker process-which is unsandboxed and cannot be sandboxed and it is totally unrestricted: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-11#post-2509569 Of course in the following post Hungry Man will speak about increased attack surface-which has never been actually shown in practice, only in hypothesis: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-11#post-2509754 The fact is Sandboxie does protect Chrome's broker process that it is unsandboxed and 100% absolutely unrestricted, and this is another reason why you need Sandboxie on top of Chrome. But like I said-the only reason why none should use Sandboxie on top of Chrome-is that because they are both sandboxes, and they are using the same mechanism/architecture, but however Sandboxie on top of Chrome can be used-if you simply disable Chrome's own built-in sandbox.
And how is that different from what I've already stated? Click-happy users can sandbox Chrome all they want, but anyone with common sense can just run SBIE when they need to open (suspicious) executables. And don't you start quoting semantics SMH.
Simple, you said that Chrome, because of its built-in sandbox, does not need Sandboxie-because of these situations and reasons that both you, Rasheed and I were posting about the last 2 or 3 pages are extremely often, it is extremely needed for Sandboxie to run on top of Chrome or any other web-browser for that matter (of course if anyone wants this security approach in the first place, you can replace Sandboxie with other security solutions without any form of sandbox protection, that's a matter of anyone's personal choice, but Sandboxie is the easiest way to protect yourself against the mentioned situations and reasons); of course I also use AppGuard and HMPA as well.
I said what? Please continue onwards with your English lessons. Extremely needed is only an opinion without true basis on facts. I already posted my security setup that hasn't failed me in years, so stop pushing SBIE like a religion.
What I'm saying is not a matter of an opinion, it's a matter of real world/real-life facts, because real life/real-world situations the people are getting infected by running or downloading things that are suppose to be benign are not, there are plenty of these real-world/real-life examples, it's not my fault that you don't download and run anything at all, and than because of that fact you call this is my opinion-it's not my or anyone else's opinion, because it has happened to other people and it will always happen to all people, even to all experts as well (also Sully gave his own examples) who download and run whatever they download and run on their own computers. SBIE is not my religion and this is why everyone can choose their security approach but if you want to protect yourself from things that all web-browsers cannot (specifically download and running everything) even though you scan it on virus total you need a lot more than just Windows built-in security options. I simply use SBIE because it is the easiest for this form of protection to use in the first place, before SBIE I only had Windows built-in security without any av and similar (so yes, my attack surface was minimal), but when you start to download and run everything because your job demands no matter how much so-called increased attack surface is, you still have to protect yourself with security options that no Windows by itself can provide, so in situations like this Windows built-in security based on hypothesis of increased attack surface simply does not work at all and it is completely irrelevant. Because of the so called hypothesis the increased attack surface I will get infected, since I have nothing to protect me on my computer besides Windows built-in security mechanisms-oh please, give me a break, none is that crazy or stupid for that matter. Every normal person would install several different security options from vendors websites to protect themselves the best they can if they surf the net a lot, and download and run plugins, exes and everything else they need to download and run-the irrefutable fact is, Windows systems by themselves cannot give that additional form of protection, you still need to add like anti-exploit, antivirus, if you want sandbox protection with Sandboxie or other similar sandboxes, anti-malware and etc.
@CoolWebSearch In my real-life experience SBIE only helped me with one user who was happy clicker and run everything he wanted. Everybody else are quite safe without SBIE or any other sandboxing put in place. They don't run everything they come across on internet and they are quite safe with AV only. So I can assume that SBIE can be useful mostly for users with dangerous computing habits. I also don't know which job requires ordinary people to run everything they download from net. Malware researcher maybe? Another question: what if malware stays hidden when run under SBIE or Virtual OS? You can run it under SBIE an everything runs okay. When you put it outside SBIE and run it, you get your system infected. I know there are not many malware samples with this capabilities, but how would you protect your system from this kind of malware?
Yes, that's what I'm using (SRP). In that specific case relying only on sandbox would not protect your system.
I agree! And another aspect: CoolWebSearch's approach assumes that he can observe malicious behavior of software running in Sandboxie more or less immediately. In many cases this is not the case as that behaviour is often hidden or triggered only after some time. So this raises the question: How long must software (which was not marked as malicious by Virustotal) run in Sandboxie until it's safe to assume that it's not malware? Hours, days, weeks, months?
