How do sandboxes work?

Hi

Does sandboxes like Sandboxie, GesWall, DefenseWall, etc block untrusted programs access to the whole computer and allow specific directories or does it allow access to the whole computer except for specific directories?

Thanks

 

I can say only for DefenseWall- you second assumption is the right one.

 

Hi

Thanks for the reply. But wouldn't the first way be safer?

Thanks

 

As a matter of theory, it would be better to be as ristrictive as possible. If you are asking which is better, policy driven HIPS or sandboxes, that is a matter of preference. There is no right answer. I can say, for me, I prefer Sandboxie over DefenseWall because everything gets erased after the session is complete.

 

Theoretically- yes, practically it would be impossible to use such the HIPS and set up internal ruleset.

 

Hi

What's the internal ruleset?

Thanks

 

Hi

Light virtualisation sandboxes like Sandboxie also just allows everything except certain files/folders/registry keys right?

But the good thing about policy sandboxes are that it blocks malware from executing in the first place, like in Sandboxie you can have keyloggers to steal your data unless you have special configurations.

Thanks

 

Internal policies set.

 

Hi

But not all keyloggers need to install a driver, service or low level access right?

Are these rules secure?

under GlobalSettings

ProcessGroup=<restricted>,firefox.exe,Start.exe,SandboxieDcomLaunch.exe,SandboxieRpcSs.exe

in your sandbox

ClosedFilePath=!<restricted>,*
ClosedIpcPath=!<restricted>,*

Thanks

 

I guess you know the answer.

 

does this configuration protect your cookies from been reading or eating
and privacy or data stolen?

 

A simple solution is shown via the below link. Steps: (1) Open your browser in your sandbox, (2) open Sandboxie Control by right-clicking the icon in your notification tray, (3) right-click on the name of your running sandboxed browser and select Program Settings, (4) Select "This program is the only program in this sandbox that can access the Internet."

Sandboxie does not keep you from picking up a keylogger, but it's my understanding that with this setting, the keylogger cannot call home. And when you close the sandbox, the keylogger program is wiped out.

http://www.sandboxie.com/index.php?ProgramSettings

 

Peter,
Can that be achieved by using Sandboxie Control to make configuration changes or are manual changes via Sanboxie.ini required? (I'm not confident enough to try the latter.)

 

You can also check this thread.

https://www.wilderssecurity.com/showthread.php?t=212408

In terms of solutions to cookies, use an extension in FF like CS Lite.

 

I have a question, I'm trying to set up SandboxIE similar to how Hurst has it set up here: https://www.wilderssecurity.com/showthread.php?t=212408. However, my needs differ a bit. I use IE7, Firefox for browsing, PDF-Exchange for PDF views, and only Xion, VLC, and Zoom players for media. What I'd like to do is the following:

1. Run IE7 in the default box and enable it to view PDFs, embedded media, and be able to save bookmarks and downloads from the browser, while not allowing anything else and blocking access to data/folders that are not needed to perform those functions.

2. Run Firefox in a separate box with the exact same functions and restrictions, but being able to update extensions.

3. Run Xion, VLC, WMP, and IRFanview in a single box that allows only playing of files I already have. No internet access, no other data access.

I also use Emule/Bittorrent, so if there is a safer way to use both of those within sandboxIE (if they can be used within SandboxIE that is), I'm open to suggestions. I wouldn't ask for so much input if it wasn't for the fact that in looking at everyones .Ini files, I realize they are all completely different depending on programs used and where data is located.

 

Hi

What's ClosedIpcPath?

Thanks

 

Pete, I use Resource Access to make IE7 the only program that can access the internet and to block access to My Documents. But I don't understand how to use it to restrict the sandbox so only the browser can run and nothing else can even execute.