Sandboxie and keyloggers

I saw here once where Sandboxie could be configured to stop keyloggers. How? I use IE7.

 

Bump. Bump.

 

There is an article about keyloggers,I dont think Sandboxie can stop all keyloggers installing,but will delete them on emptying the box
http://www.sandboxie.com/index.php?DetectingKeyLoggers

 

Even if it did intercept keylogers you would be vulnerable during the "infected" session if you did login to secured sites... It would perhaps remove the keylogger from the system after but it would do nothing as such to prevent it...

I would combine sandboxie with a HIPS or perhaps keyscrambler (I use both + Roboform...)

 

This while being effective, assumes most users know they have an infection they need to defend against and that they will remember to "Empty" the sandbox before doing their banking... It would be wise to prevent an infection by using an anti key logger together with your sandbox..

Personally I often login to secured sites during sand boxed sessions.

 

I think its common sense,if you are entering sensitive info,eg banking,to empty your sandbox prior,I have my sandbox set to delete automatically,upon termination of all sandbox activity,with a warning first,if there are recoverable files.So I dont have to remember to empty it.Also I surf sandboxed with DropMyRights,hopefully a keylogger couldn't run, even sandboxed.Although I'm no expert

 

Again, here comes grandma "fully protected" in her brand new sandbox... logging into everything after browsing the web all day... That's what scares me about it. Many users wouldn't think twice about login in, because of impatience or simply because they got into the habit of browsing the web in a sandbox and forget they are doing it... That is why in my recommendation Secured Web browsing I recommend to have one enabled...

 

Hermescomputers, do you actually USE Sandboxie?
It seems like you just have it there as a backup or something.

The reason I ask, is because you don't seem to realize how effective Sandboxie could actually be against keyloggers, without any other kind of protection needed.

I mean for one, you could do the simple method that Peter mentions, which is to just delete the sandbox, and you're done.

Second, you could just set your browser to access the internet, and nothing else, that way, regardless whether a keylogger is running or not in the sandbox, it wont be able to send any of its captured data out to anyone, so you are perfectly safe. I have personally tried this with many keyloggers, ones I've made, and ones i've downloaded, and every single time, regardless if it caught any information or not, it could never actually send the captured data anywhere. So when you delete the sandbox (whenever that may be) the keylogger and its captured data, will be gone, before the data was even able to be sent out to anyone.

Or third, in one of your sandboxes, you could just try setting only one file to run (such as your browser) and then any other files in the sandbox (example, keylogger) won't even be able to run in the first place!!

If any of that is too hard for you to do, then maybe you are the grandma here!

 

Hi Terror_Eyez,

I was waiting for someone to post about only allowing the browser internet access through Sandboxie. It's good to hear that it thwarts keyloggers too. However, what would happen if the keylogger was named firefox.exe or iexplore.exe?

innerpeace

 

I haven't checked how it appears in the configuration file, but in setting up the single program that can access the internet, you're given the choice of doing it by 'application name' or file name. With the file name you show path. Provided it's entered as a path and app in the configuration file (which I assume, but haven't checked) then you could have all kinds of keyloggers named firefox.exe or iexplore.exe. I wouldn't matter then.

 

Thanks Empath, I see the setting now. It's in the Sandboxie Control, click Sandbox, expand DefaultBox, click Sandbox Settings, expand Resource Access and then click Internet Access. If you read the two lines below the four buttons, it seems as if it will block the fake files regardless. Maybe Sbie uses a hash check of some kind. This is very interesting.

 

or if you are the only person using the computer you can just save the u/n and PIN in a txt file with a not so obvious name concerning its content and copy-paste with mouce.

 

As a few of you have stated there is a way within sandboxie to "configure" a single applications Internet access within the config of the sandbox and it appears to work well.

Unfortunately this setting is not active by default effectively rendering the sandbox a high risk with keylogers (only during the infected session as I have stated above).

In my experience anything not "default" is useless with granma!

 

Some types of keylogers yes... however many trojans also include keylogging functionality as well as remote viewing or even remote control... All contained within an executable smaller than 400k... Seen some even smaller.

 

The Anti Keylogger Test below shows that keystrokes can be captured when run sandboxed

Is it a worthy test for Sandboxie if set for only the browser to connect even though keystrokes are captured this info can't be sent out?

AKLT test

 

Peter I think it's probably because the only people that call me actually willing to pay for my services are usually the desperate ones... I get too see a lot of bad stuff

So I may be more "paranoid" than would be required under the circumstances... However my faith in Joe Average has wanned considerably over the years as I have seen them do the obviously dangerous and actually think it was the appropriate secured measure to do... Still baffles me to this day how the human brain being so powerful can do really such stupid things as some users actually do...

 

To say that a program is useless on the single basis of 'default settings' is beyond the most ridiculous thing I have ever read. TerrorEyes has it right-on as do most of the users here. I have always said that those in the computer-fixit-industry would be the slowest to give SandboxIE credit and the comments here prove that out. Fear mongering that uses 'GrandMas' surfing habits as a basis is becoming more and more prevalent now that a number of new products are supplanting the tired old failed products of the past.

HermisComputers states that because he is worried that Grand Ma is totally inept, he recommends that she visit his site for guidance. Well I went on that site and no one (not just Grand Ma) would be expected to do all that is recommended there.

Fear mongering that leads folks to needless worry creates situations like this; http://forums.wincustomize.com/?aid=175059
And is causing people to 'break' their computers.

Probably followed by a phone call to a computer fix-it guy for help. haha

 

And another thing you could do is install Keyscrambler. Works on both Firefox and IE and is free. Even if a keylogger could log your keystrokes. All it will receive is a load of gobbledygook.

muf

 

Well if I am ever targeted by a keylogger, I am going to treat that threat very seriously. I am going to assume that a Commercial Keylogger is after my information. (note the word Commercial) Can anyone guide me to a freeware anti-keylogger that would be of any help? I've never heard of one.

It's time to cut through the nonsense and provide some qualified answers for people. Otherwise why even have Computer Security as a job or as a hobby? As far as I know SandboxIE is the only product that provides even hope against a commercial keylogger.

 

Has anyone actually tested KeyScrambler to see how effective it really is?