Sandboxie Versus Virtualbox Ubuntu

Discussion in 'sandboxing & virtualization' started by truthseeker, Sep 16, 2008.

Thread Status:
Not open for further replies.
  1. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    I think I agree with you, huangker. Linux is mainly ignored by malware writer due to it being such a small market share. Ubuntu has always been on top of fixing security holes that are found (as I'm sure are other distros) but that doesn't mean that some smart coder who is aware of the Linux procedures and structure couldn't find a way in. But, due to those procedures and structure, which I feel are quite secure, he would have to be very, very smart to do it.
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Uhm, unlike Windows/closed source, I can either fix and patch the thing myself, or hire someone to do it for me. With closed source stuff, you can usually just sit there and pray for the vendor to release a fix before you get exploited. If you are unlucky enough to use a product that's no longer being maintained, you are completely out of luck. And funnily enough, even in the unlikely case you actually could fix the closed source stuff yourself, the vendor will prevent you from doing so by some built-in "security" checks (see McAfee example below).

    How fast do the vendors react? Shrug; Microsoft releases updates once per month, yet some well known issues take years to fix. Some of them are really brilliant and totally rock - McAfee took 8 months (!!!) to fix an extremely easily exploitable insecure runpath bug in their VirusScan for Linux product, in addition totally failing to see the nature of the problem for the whole time. Complete failure and I'd definitely not pay for their products.

    Just my $0.02 :p
     
  3. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I do not have any support, only what I have read and heard people talk in linux and ubuntu irc channels on irc.freenode.net

    But I can say... With Ubuntu for example, most people get software through repositories, which tend to be built and signed by trusted maintainers. It'd be hard to see something malicious on the official repositories, (yet possible of course). Also the robust permissions system, non-system-level users, no IE integration, ability to separate components, chroot, etc.

    And correct me if I am wrong.. but don't some malware, spyware etc sit itself in the windows registry?
     
    Last edited: Sep 17, 2008
  4. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Ok Pete, thanks for your feedback :thumb:
     
  5. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Thanks vijayind, you brought up some valid and good points. :thumb:
     
  6. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    And because most malware writers use Linux :p
     
  7. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Not really.
     
  8. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    First hand knowledge there, truthseeker? ;).

    Later...
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Interesting but there is only one problem, if windows is infected (and it seems that it is by default or at the point when you activate/update it (sus malware, update/cert faking redirecting and so on..)) you only need to open your browser once in windows and not in vbox and all security is gone with just one click. So probably it is better to cage windows in a linux box.
    (another hint search engines are a very unsecure place for browsers home)

    I made once the test to cage open suse 11 in vista 64 but my vista sniffer showed me that the eye has no problem in catching the caged linux in the box traffic. Therefore I have to conclude that the root problem is hardware based or linux traffic can´t flow securely out of the windows box because tcpip already totally infected.
    If you use linux in a windows box you should make sure to never open your browser in windows otherwise they silently sabotage your linux in the box (or vbox internet interface) and this linux in the box won´t be able to connect to internet then they got you once again and you are forced to use windows if they already destroyed vital functions of virtual box (and sort of reinstall block by manipulating msiexec)

    IMHO windows no matter which version looks like the biggest backdoor itself,
    probably ms and nsa made a profitable contract. If you never look under the carpet you can work unworried with windows but once you see the network packets wandering through your browser its over and don´t think script block will help you against this mafia. Probably I need to create a rude content filter myself to block several miscreants by default until I never see again names and sh*tt* comparisons like öla < hòlÄ or Ep--P > hölA or sRU <BB.... in http network traffic.
     
    Last edited: Sep 18, 2008
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Can someone test the below?

    No idea if it works or not.

    Had to use an image as smileys were being created.
    Crash Linux.jpg
     
  11. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    This or similar fork bombs won't work as intended (i.e., crash the system) on most of current systems with decent default setup (user processes limited via /etc/security/limits.conf and PAM setup)
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Furthermore, why would you wanna do something like that?

    And as doktor said, if you limit the number of available processes (files etc) to the user via PAM - to let's say 500, the whole mess will end rather simply and without any major crash...

    Wanna crash any operating system? Delete a few key system files as root / admin, reboot and watch disaster. Why do that?

    Nothing can save the user from himself/herself. Intentional self-inflicted malice is a different story altogether.

    Mrk
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Very easy task since windows "mess" vista. Your choice: Kill wininit, kill svchost or winlogon. Windows XP was much more patient.
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I'm constantly and deliberately downloading/installing any and all rogue antimalware apps that I can get a hold of.

    Quite a few aren't being flagged at all over at Virus Total and yet Sandboxie has kept both my Vista and XP installs clean as a whistle.;)

    Why do I deliberately go after infections?

    Not to help anyone here as they don't need it but there are many outside of this forum that get infected everyday through lack of knowledge and experience and they're the ones I just may be helping through testing these rogues and uploading the results to an Antimalware author.
     
  15. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    This makes fun for a while.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I didn't make any blank statement.
    The truth is, if you want to know why it's different, you have to google and try it yourself.
     
  17. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    lol no :argh:

    The only thing I can write is "Hello World!" :D
     
  18. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    This made no sense to me. Can you elaborate please.

    Are you saying that if Windows is actively infected with a malware or keylogger, that it will affect the Linux Virtualbox guest session? Because what I have read and from personal test, Linux was not affected.
     
  19. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I would never type those characters in every day use anyway :p
     
    Last edited: Sep 18, 2008
  20. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,429
    Location:
    U.S.A.
    Franklin, excellent statement! :thumb:
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for trying it out.:)
     
  22. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    It successfully crashed Linux v2.6.25. (The OS completely freezes - reboot required to "fix." :))
     
    Last edited: Sep 18, 2008
  23. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for that Pseudo.:)

    I don't think it's anything to worry about as it's like a lot of tests posted around here which are user initiated and don't reflect on any auto malicious activity.
     
  24. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I wasn't refering to your statement and I do agree with your point.

    True some vendors are slack arse. I'm not sure what the problem is with Mcafee. Regarding ms, which bugs are you talking about?
     
  25. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Roughly 95% of users (it's an estimate, bear with me) don't understand the code used in Linux, or tons of other (and possibly closed-source/proprietary) packages installed on it; let alone know how to patch a specific bug. Can you really hire someone to do it for you?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.