A couple of more interesting articles about hacking competitions and vulnerabilities: http://www.zdnet.com/article/security-2014-the-holes-are-in-the-apps-not-the-operating-systems/ http://www.zdnet.com/article/more-bugs-more-bucks-pwn2own-and-pwnium-2014/ http://www.zdnet.com/article/teenager-hacks-google-chrome-with-three-0day-vulnerabilities/
@Rasheed187: I am interested in what exactly is your security setup. Especially if you're using Chrome, SBIE, and anti-exploit. I honestly don't see what SBIE adds on top of Chrome + HMP.A/MBAE/EMET, outside of reasons I've already listed. Especially if you were to add an URL Filter, script blocking, cautionary sense, and whatnot.
Think about it J L, instead of using all of that above, you could just use Sandboxie to sandbox Chrome and most programs that run in your computer. Only one program to update, no worries about conflicts, no scans and in the end, when you turn off the computer, its clean every time. Bo
I'll have to decline, since sandboxing Chrome is barely any different than sandboxing the downloads folder when I want to keep that browser. I don't sandbox programs I keep, unless they're highly sketchy (which I haven't done for a while now). Anti-exploit is just so much more convenient IMO, almost set and forget. SBIE on the other hand, needs a lot more setting up before forgetting. As for updates, while technically you can just update the system and SBIE while being fine security-wise (making setup a lot easier), I prefer updates most of the time for more than just security. Conflicts barely exists, and SBIE isn't free from them either. Scans barely take up any time, I just let them run in the background every month or so. And as for being clean every time, I'd better not win the hacker/malware jackpot that's like one in millions chance at least. Bo, I don't think we have to change each other's security and whatnot, everything is already setup to each other's preferences. I'm certain that any senior member here hasn't been infected for years now. If I really want to go KISS, third-party programs aren't even needed. In the end the result is the same, we don't have to worry about malware. P.S. Less doesn't always mean more simple, especially not as a generalization for everyone. It would actually take me more time setting up SBIE for my preferences than "all of that above".
J L, setting up Sandboxie is very easy. It cant be any easier than how it is. Once you set your sandboxes, you can forget about them. Most programs run sandboxed automatically, you don't even have to think much about anything. Bo
From what I remember: you need exceptions to save files, especially configuration changes like profile sync; compatibility ticks for some programs; a lot of tweaking just to get Chrome's auto-update working right; hardening if you really want to use SBIE to its full potential; etc. I install Chrome normally, install HMP.A, install uBlock, do less than 3 minutes of configuration, and don't have to worry about updating it. It's all automatic after that 5 minutes or so. It's not that setting up SBIE isn't easy, but rather why should I take up more time just to change for little to no benefit in everyday security?
I created this thread to get opinions on a subject that I have no experience in. I can't say too much because I have no experience in programming/sandboxing but alot of members here have quite a bit of knowledge so I just read the comments and make my own personal choice.
Sandboxie by default installs pretty much ready to go, the new user don't even have to change anything to recover files, all he has to do is remember to download into one of the folders pre set by Sandboxie as Download folders (like Downloads, Desktop). I can think of 6 or 7 different ways to save files out of the sandbox but there's no need to change any settings to do it. Compatibility, look at my list. Sandboxie works so nice with all the programs that I have in this particular computer, that I don't even need to use the one compatibility setting that SBIE suggests. Thats an empty list. Hardening. Sandboxie can be used as it comes, people here change settings the first day they test SBIE but regular users can use SBIE with default settings and be pretty safe. In my everyday life, my friends and relatives who are using Sandboxie, none changes settings. Most probably don't even know about Sandbox settings being available. Auto updates. I don't like automatically updating anything, that's one thing I don't like about Chrome. I know it can be disabled and I would if I used Chrome. By the way, J L, your list of reasons to use Sandboxie looks to me like the list that can only be made by someone who doesn't use SBIE and don't want to use SBIE. Greetings. Bo
Here is where are the problems with Sandboxie interfering Chrome-that's what Windows Security confirmed: Now how bad this is for Sandboxie protecting Chrome I don't know based on this, however..., look here what Windows Security said about Sandboxie/Chrome and Bromium labs testing: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/#post-2502237 After seeing all this, I'm fairly confused now-right now, I don't use Chrome at all, I use Firefox, Opera and IE for web-browsers all sandboxed under Sandboxie's supervision/protection.
I'm far from an average user, but even they would want to keep some new installation once in a while, save settings, update software, and whatnot. Look, our ways of computing are very different. Your setup is rather static, bu mine is quite dynamic. Therefore, something like SBIE wouldn't work for me on installed programs or anything I want to keep. Windows auto-updates.... But of course that's your choice. My list of reasons is reflective on what everyone learned in this thread: sandboxing Chrome in real-life doesn't make any more differences then what I've already listed. Sandboxing downloads on the other hand, is a very different story. Feel free to correct me with something substantive.
Agree with J_L, when I would have a live long license of SBIE, I would use it to force the download folder sandboxed and clear flash cookies automatically. When you don't have SBIE, you could use (free) SecureFolders to restrict folder access (e.g. set a deny execution on download folder and Chrome User folders and a read only to user folders and simply don't specify Chrome as a exclusion) and (free) Smart Object blocker to restrict access to executable objects. Sort of do it yourself on demand Firejail for Chrome on Windows
Kees, How can you use Sandboxie to clear Flash cookies automatically without sandboxing the browser? Bo
Now that you mention it, that is actually another reason to use SBIE... although sort of related to some of what I already listed. Can't believe I forgot privacy LOL, although I treat all the stuff they collect as public info.
Can you explain what do you mean by: controlling what Chrome accesses and isolating Chrome form the system; what do you exactly mean targeted by elite hackers (like Sandboxie is not targeted by elite hackers at all..., yeah right); what does it mean click-happy user and sharing computer with click-happy users-I have to admit I really don't know what exactly do you mean by these examples-can you please explain them? Sorry, but for me it's hard to understand this. I suppose you don't use Sandboxie over Chrome because of the fact you don't put yourself in situations like these at all, I guess Chrome you are using is not targeted by elite hackers, you are not a click-happy user (what this means), and you ar not worried about on what Chrome accesses and that's why you don't need to isolate Chrome from the rest of the system-I still don't know what do you mean by all these examples. From everything I read so far, Sandboxie does not make Chrome's sandbox weaker, actually it is equally strong, and if Sandboxie sandboxed Chrome is equally strong as Chrome without Sandboxie-what's the point of using Chrome inside Sandboxie in the first place at all to begin with?
Click happy users clicks too many things and execute whatever they want without caution. "Hardening" Chrome can prevent it from accessing your personal data or whatever. Isolating Chrome is basically installing it in the sandbox, instead of the real system. Note the star and brackets on #4.
It would be nice if Sandboxie could sandbox flash without sandboxing the browser. But that is not something that can be done. If you want to sandbox flash, you have to sandbox the browser. There is no way around that. The flash player exe can not be set as a forced program and forcing the Macromedia folder that handles flash cookies, wont do nothing either. Bo
OK, I understand, but I don't see any advantage in my case of Sandboxie on top of Chrome if you can isolate Chrome by simply hardening it in the first place-I'd like to know how to do it, although currently I don't use Chrome at all. Will this hardening Chrome isolate Chrome completely from accessing your computer permanently-so that you don't need Sandboxie at all to do that job? Will hardening Chrome completely disable Chrome accesses to your computer like it will with Sandboxie, so that you don't need to use Sandboxie to control and disable Chrome accesses to everything on the computer? The question is does hardening Chrome protect against click-happy users? I guess not. However what does it mean by targeted by elite hackers-it seems that Chrome by itself exactly because is targeted by elite hackers is also much more tested than Sandboxie-and that's a huge advantage-true or false? The main question really is can Chrome protect against this what Bo posted: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-5#post-2506278 http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=21411#p110798 http://arstechnica.com/security/201...mergency-flash-patch-for-hacking-team-0-days/ http://arstechnica.com/security/201...y-potent-enough-to-infect-actual-chrome-user/ Can you please comment this, J_L, Windows_Security, Safeguy, Hungry Man and etc.? This is the one case where Sandboxie does fully protect against this exploit (kernel-level exploit) from which no web-browser including Google Chrome and its built-in sandbox can protect against! So it is very good and very beneficial to have Sandboxie on top of Chrome and its own-built-in sandbox after all.
Isolating Chrome means you don't want to keep it on your system at all or allow it any access to your system. Controlling access means you want to keep Chrome, but don't want it to access some parts of your system. I don't know what you mean by hardening it in the first place without SBIE. There are few tools as convenient or powerful as SBIE for what I explained above. SBIE can protect against click-happy users as long you force them to use the sandbox. They may still execute outside of the sandbox, but if they notice what they first executed inside the sandbox is not what they want, that isn't as likely. As for the exploit and targeted by hackers stuff, I wouldn't know. You'll have to ask someone with more technical expertise.
OK, big thanks for your detailed explanations, J_L. As for the real-world kernel-level/kernel mode exploit, in my above post I posted some links you can read about this kernel-level/kernel mode exploit that not even Google Chrome and its built-in sandbox could protect against, and we all know damn well that Google Chrome is by faaar the most hardened general-purpose web-browser thanks to its state-of-the-art security/protection sandbox. However, unlike Google Chrome-the web-browser and its own built-in state-of-the-art security/protection sandbox, which both (both Google Chrome-the web-browser and its own built-in state-of-the-art security/protection sandbox) do not protect at all, not even the slightest against this above mentioned kernel mode exploit, Curt from Invincea confirmed that Sandboxie does fully protect against this above mentioned kernel mode exploit.
J L, running an installer in a sandbox that you think is suspicious for trying to figure out if the program is clean or not is a bad idea. Sandboxie do not hide itself from malware. If malware runs in the sandbox and can tell its running under SBIE, the malware wont do nothing to fool you into running the installer out of the sandbox. I know you like using SBIE this way but its not good. Bo
That's where VirusTotal and other analysis tools comes in play. Although I do admit to mostly just using VirusTotal and seeing how it runs in SBIE, it's more enough when you download pretty much only software you know and with my various blacklists. Security is nice and all, but I'm more into just using my computer as a tool these days instead of safeguarding it as something I can't live without. Anyhow, if the malware does try to hide itself from SBIE, that usually means it won't run. Then an average user would think that it's not working and wouldn't install it outside of SBIE. If it's a well-written trojan (extremely rare)... They still have to convince us that it's what we're looking for.
Just seeing how it runs in Sandboxie is fine. The problem is when you trust an executable just because it doesn't show signs of being malicious when run under Sandboxie. http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=21125&p=109266&hilit#p109208 Bo
On the contrary. Chrome does not advocate the use of a separate sandboxing program..Why would they....? Chrome has built in sandboxing so i see no sense in promoting the use of another utility...If they did it would somehow convey the impression that googles sandboxing is in some way ineffective on its own and any new reader to this thread would certainly get that impression. The prinicple of using sandboxie on a browser must simply apply to all browsers in general and not just google chrome specifically.Maybe chrome in a vanilla state is more secure than most browsers but google like most other browser companies do not insist on using other sandboxing programs.
I have answered this question at least 10 times already. SBIE adds the exact same as what it adds to any other browser, namely malware containment. Chrome is not unhackable, I've already provided numerous of links to proof that. But yes, if you're already running anti-exploit, you probably don't need SBIE, it's just one of your options, just like AV, HIPS et cetera.
You need to calm down, I'm not sure why you keep confusing yourself. The stuff that you're asking about has already been answered. The end conclusion is that it depends on the way you look at it. But there is a big problem with the "attack surface does matter" theory, as I already explained over here: https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-15#post-2512029 https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-15#post-2512030
