How do you test Sandboxie?

Just curious, there are security tests available for our hips, firewalls and antivirus...etc...but how about Sandboxie?

How can we tests this if it really works effectively for what it says?

Are there any sites that makes some simulations of malware, etc...with Sandboxie running? How good it is?

 

You can run a rogue or malware inside the box by removing restrictions from SB if they are in place and allow it to run inside.Example a Rogue AV will place a try icon on the system task and actually scan your pc as if iinstalled When your done delete contents of sandboxie and then check your C drive and or registry, you should not see anything left.Follow up with a scanner of choice such as MBAM.

I recommend you have have a clean image restore on hand just in case but everything I tested has never escaped,just be sure not to recover anything out of sandboxie to the system.

 

You can go one step further with some effort. Get Virtualbox or VMware and run sandboxie inside. From there test all you want inside sandboxie. If something does get out, chances are it isn't sandbox and Virtual aware malware. If it is, well then your ****ed. Then again you always have your image to fall back on as well.

 

Even Better to play it safer.

 

You never can be too sure. Right? I have VMware running with whatever software I'm testing. I then have my host system in shadow mode. I really hope nothing would make it past that. If it does then I probably shouldn't be playing with it then.

 

i dont test malware in a box - i'm no stupid - and i'm no malware specialist.
even with a VM it is possible to infect the host.

 

This is the best way. I'll test when malware I always use VMware Player, and my host I use Shadow Defender also always have a very recent picture Keriver 1-Click Restore Pro, in case something goes wrong.

Anyway, see this test: -http://www.youtube.com/watch?v=pcsCzty1tIQ-

 

Can you recommend any reputable sites that makes Sandboxie malware testing...just like those sites that performed tests for Antivirus?

 

While it is theoretically possible for the host to become infected by malware in a VM,with modern CPUs utilizing AMD-V/IntelVT technology not very likely.

If we look at a scenario of running malware within Sbie,within a VM,there are some very significant "hoops" to jump through.Not only must the malware "break out" of Sbie (extremely difficult when correctly configured);the malware must also be VM-aware and exploit a specific bug in the chosen VM software.Then it must bypass any security in place on the host system,all of this with the reduced rights and restrictions imposed by Sbie.

Leaving aside the fact that such a specifically targeted malware probably doesn't even exist (much better commercially to just make malware dormant in a virtual environment),the technical difficulties would be immense given the active development of Sandboxie and the likes of Virtualbox.

 

It is possible to test Sandboxie's efficacy without malware of course. It's motto is (or at least used to be!) - trust no program. It does not care whether a file is malicious or not it places it under the same restrictions regardless.

So if you want to know whether an app can get internet access when restricted from doing so, try it with any safe app you like. Similarly will it prevent an app from running when start/run restrictions are set to prevent it, try it with a safe app as Sandboxie will treat it the same way anyway.

Along the same lines if you want to know if anything can escape from the sandbox install something into the sandbox then verify there are no traces in the real system.

If you are asking how can I prove malware does not contain a sandboxie busting element then testing it in a VM or not (if you are brave) is the only way. The beauty of this little gem though is if you set it up right with some of the restrictions noted, and have mitigation against unwanted/uncontrolled execution of what you choose to let out of the sandbox, then traditional downloaded executable based malware cannot run in the first place.

Cheers

 

I am not sure if this can help or not, but just for good reading in virtualizations:

http://anti-virus-rants.blogspot.com/search/label/virtualization


http://seclists.org/basics/2006/Oct/380