Sandboxie and VMware

[kjdemuth]

Ok I know this is probably a easy question for all you sandboxie veterans. I have sandboxie and am trying to get VMware to run sandboxed. It says that the sandbox isn't big enough. I even increased the size of the sandbox but it still says it isn't big enough. I'm running windows 7 ultimate 32 bit on VMware. I hope I'm not the only one thats encountered this.

[Peter2150]

Quote:

Originally Posted by kjdemuth

Ok I know this is probably a easy question for all you sandboxie veterans. I have sandboxie and am trying to get VMware to run sandboxed. It says that the sandbox isn't big enough. I even increased the size of the sandbox but it still says it isn't big enough. I'm running windows 7 ultimate 32 bit on VMware. I hope I'm not the only one thats encountered this.

Frankly I don't see the point of trying to run VMware Sandboxed. I have VMware and I have Sandboxie, and I have Sandboxie installed on my VM machines. But running VMware in Sandboxie? That I don't get.

Pete

[J_L]

Tell me why you think this is necessary? Do you have proof that any real threats escaped out of VMware?

[kjdemuth]

Do I have any proof? No. Why do I need proof? I also don't need to explain my actions as to why I want to do it. So if you can't answer the questions then don't respond. Leave it to the real experts. Its a pretty straight forward question.

[J_L]

I'm sure the real experts will agree that it's unnecessary.

[kjdemuth]

Oh very witty retort. Again not really useful information. Of course I expect that.

At least a couple members (one former and myself) have sandboxied Virtualbox successfully, but I don't know if it's possible with VMWare. I've never tried and don't really want to. The sb + vbox attempt was for me nothing more than an experiment.

Quote:

Originally Posted by Peter2150

I have VMware and I have Sandboxie, and I have Sandboxie installed on my VM machines.

This approach is probably more practical.

Quote:

But running VMware in Sandboxie? That I don't get.

Ultimate security, maybe? ...there was recent mention in this forum of someone "witnessing" a potent malware that was able to jump out of the vm and into the real system, though I don't recall seeing any concrete evidence posted of that happening.

IMO, Sanboxing in a vm or a vm sandboxed are probably both overkill if it's meant for bolstering security. I'm running successfully vmware7 in my Win7 Standard account, which is bolstered by AppLocker. This is probably overkill, too, but it works gracefully with no stability issues.

[andyman35]

Purely from a security perspective running VMWare within SBIE may not offer much additional protection and on modern CPUs supporting Intel VT and AMD-V it could theoretically reduce security;however the OP may have other reasons for doing this as it wasn't stated exactly why.

Information is very sparse on the practicality of this,however it appears that Virtualbox runs ok so there mightn't be an overriding issue preventing it.I'm presuming that there is actually enough free space for SBIE to create a copy of VMWare and it's guest OS on the system in question.

*Edit* Virtualbox runs in SBIE perfectly well for me.

[Peter2150]

I run SBIE in my virtual machine as I have it configured exactly as my host. Since the folder of my small VM is over 60gb, and the big one is twice that size, even trying to run the in SBIE would be tough.

When I need extra protection for testing in the VM, I run Shadow Defender on the host, to further protect it.

I don't see sandboxeing VMware as extra protection, so maybe the OP has another reason, but since he doesn't say, I can't comment.

Pete

[kjdemuth]

The reason I wanted to run vmware sandbox was for some extra protection. I understand that its probably unnecessary and the virtual machine is probably very safe. I can't recall his name but that guy that had mentioned the malware that can jump out of a virtual into your host, might have made me a little paranoid. I have used shadowdefender on my normal host and then run vmware. I was just curious if it could be done with sandboxie.
I'm sorry for my previous rantings. I get upset when people just can't answer a question, without throwing in their two cents first. I've seen it more and more lately. People come here to get help, inquire and learn about security. Why should they get abused during the process? Snide comments should be left out of an answer.

@kjdemuth, what is the host O/S you are using?

[doktornotor]

Extremely weird idea. Just use sandboxie in VM, not the other way round.

[kjdemuth]

Quote:

Originally Posted by wat0114

@kjdemuth, what is the host O/S you are using?

Win 7 ultimate 32 bit

Quote:

Originally Posted by kjdemuth

Win 7 ultimate 32 bit

The setup I'm using should serve you extremely well; practically bullet proof and no 3rd party software introduced:

Quote:

Originally Posted by wat0114

I'm running successfully vmware7 in my Win7 Standard account, which is bolstered by AppLocker.

Even if you just go with AppLocker defaults, that will still bolster security considerably without the added complications of trying to fine-tune the rules.

Alternatively, you could even forgo Applocker, because the Standard account will more than likely be enough to thwart those pesky "ninja leaping" (as I like to call them) malware

Finally, if you have your entire setup imaged, then in the unlikely even something does go wrong, just restore the most recent image and you're good to go.

[Peter2150]

Quote:

Originally Posted by kjdemuth

The reason I wanted to run vmware sandbox was for some extra protection. I understand that its probably unnecessary and the virtual machine is probably very safe. I can't recall his name but that guy that had mentioned the malware that can jump out of a virtual into your host, might have made me a little paranoid. I have used shadowdefender on my normal host and then run vmware. I was just curious if it could be done with sandboxie.
I'm sorry for my previous rantings. I get upset when people just can't answer a question, without throwing in their two cents first. I've seen it more and more lately. People come here to get help, inquire and learn about security. Why should they get abused during the process? Snide comments should be left out of an answer.

Reason most of us were curious about your use it that helps answer.

I would consider the last version of VMware Workstation to by highly secure, and for normal use don't worry about it. However when I am testing stuff I know is dangerous, then I turn on Shadow Defender. Amazingly SD even reverts the VM machine back to it's current state, and that is with a 60+gb folder.

I would say that you are good to go with VMware, and running it on top of SD, if you are really doing something questionable, security wise.

I don't think the pain of trying to run in SBIE would be worth the gain, which I suspect is very small if any.

Cheers,

Pete

[J_L]

Quote:

Originally Posted by kjdemuth

I can't recall his name but that guy that had mentioned the malware that can jump out of a virtual into your host, might have made me a little paranoid.

If you're talking about SteveTX, he claims his mystery malware can break out of SandBoxie as well.

Don't get too paranoid unless he actually shows undeniable proof.

[shadek]

Quote:

Originally Posted by J_L

Tell me why you think this is necessary? Do you have proof that any real threats escaped out of VMware?

Why would you want to sandbox an environment that is already separated from your OS? Sandboxie might even prevent the applications running in the VM to work properly (or at least to fullest extent) and you'd end up in a scenario where the things you're doing in the virtual environment doesn't mirror the real environment outside the VM.

The only reason I kind find is if the VM-software you're using has a vulnerability. But the VM-softwares around are extremely safe these days.

[kjdemuth]

I think I'll just stick with running shadowdefender on my host system. Sounds like its too much of a pain and really not worth the effort. Thanks for all your help. Sorry for the short fuse.

[Peter2150]

Quote:

Originally Posted by kjdemuth

I think I'll just stick with running shadowdefender on my host system. Sounds like its too much of a pain and really not worth the effort. Thanks for all your help. Sorry for the short fuse.

HI Kjdemuth

I think you ended up at the right place, and we all get short fuses at times. As they say all is well that ends well.

Pete

[samy]

Quote:

Peter
I would consider the last version of VMware Workstation to by highly secure, and for normal use don't worry about it.

I am novice regarding Virtual Machines. i begun learning this subject only 10 days ago. I read a lot of threads in this forum which were very instructive. I installed VMware Player and use it to learn and test.
I was under the assumption that the V.M. is a "totally close" environment and totally safe for testing software, but when I saw the ease to 'copy and paste" programs and exe files from the host to the guest PC and vice-versa I have been surprised/disappointed.

My questions Peter are :
- To what extend is VMware safe in itself? as per the quote above.
- Is there any danger of the host computer becoming infected from an infected VMware guest machine?
- Testing a software which may "contain a code" on the guest, is there any danger (vulnerability) for this "code" running on the host?

Thanks

[Peter2150]

Quote:

Originally Posted by samy

I am novice regarding Virtual Machines. i begun learning this subject only 10 days ago. I read a lot of threads in this forum which were very instructive. I installed VMware Player and use it to learn and test.
I was under the assumption that the V.M. is a "totally close" environment and totally safe for testing software, but when I saw the ease to 'copy and paste" programs and exe files from the host to the guest PC and vice-versa I have been surprised/disappointed.

My questions Peter are :
- To what extend is VMware safe in itself? as per the quote above.
- Is there any danger of the host computer becoming infected from an infected VMware guest machine?
- Testing a software which may "contain a code" on the guest, is there any danger (vulnerability) for this "code" running on the host?

Thanks

HI Samy

I don't think you can ever put a number on anything, but it's extremely high, so in normal use I don't give it a thought.

When testing Malware, I do protect my host, but as of yet, I've never seen anything escape the VM. I use a VMware Workstation machine.

Pete

[DIgiDis]

I use VirtualBox, but I am sure VMWare is the same. I tend to think of VMs as sandboxes and use them as such. There is also the ability to make snapshots which comes in handy and functions sort of like Returnil.

I think its a good idea to protect a VM and something like Comodo IS should be enough. If, in the unlikely possibility, that some malware escapes a VM it would then still have to face the protection of the host machine.

To put things in perspective, I see many videos on youtube where people test various malware softwares against zero day threats in VMs and still none have jumped the VM to infect the host.

Lastly, if you are really worried about being infected, it is really easy to back up VMs and I would also have a routine of disk imaging for the host. I understand malware is getting pretty sophisticated, but I am very confident none are capable of jumping through time.

[samy]

Peter and DIgiDis thanks for your kind assistance.
I feel comfortable with the answers.
As I mentioned in my thread above I just wondered that regarding the ease to
copy and past executable programs between the host and the guest, a sophisticated malware could do the same using a hidden configuration.

Peter
which version of Shadow Defender are you using?
i am asking this question because of the issue regarding the new one (331) and detailed in
http://www.wilderssecurity.com/showthread.php?t=293075

thanks

[Peter2150]

Quote:

Originally Posted by samy

Peter
which version of Shadow Defender are you using?
i am asking this question because of the issue regarding the new one (331) and detailed in
http://www.wilderssecurity.com/showthread.php?t=293075

thanks

I am using 325. I downloaded 326 while site was still Tonys but never saw a reason to install it.

Pete

[BoerenkoolMetWorst]

Perhaps using EMET on the host to apply migitations to all VMware's processes might help to prevent them from being exploited and thus reducing the change of breaking out, I don't think that using EMET inside the guest will protect VMware, only the OS it runs.