Sandboxed scenario question!

Thanks to all of you, I installed and have been using Sandboxie since Friday 9/7.
A couple of months ago I received a panic phone call from daughter A. She was
checking her emails on daughter B's work notebook and opened an e-card with the
trojan/worm/virus or whatever was/is going around. Daughter B did have Norton installed
(don't really know if it was up to date but it apparently did work) and immediately the
comp went crazy with Norton and the malware firing away at machine gun speed, i.e. the
malware trying to "reproduce" with Norton text boxes informing and stopping it. My question is:
What would have happened if this had occured in Sandbox mode? Thank You!

 

Providing your email is sandboxed the worm would have stayed in the sandbox and upon deleting the sandbox terminated...

 

I'm no expert, but I read recently that sometimes some anti-whatevers can reach into the sandbox and quarantine/delete the malware. I'm told this is because they anti-whatevers work at a lower level than the sandbox. If Norton didn't respond, theoretically the malware would be rendered harmless to the system and deleted when the contents were emptied. I hope that makes sense.

If the malware installed in the sandbox, it could possibly steal information while it was running in the sandbox until the contents were emptied. It wouldn't harm the system, just grab information. Someone would have to confirm this and I believe there are ways to 'tighten up' sandboxie configuration to prevent this.

innerpeace

 

Interesting!

 

Indeed a possible scenario albeit I suspect the chances of this happening are fairly remote.
Bear in mind that by design SandboxIE keeps just about anything from getting on your system.
(I love the idea of surfing the dark side (if one is so inclined) with virtual impunity.)
It does not do as well preventing stuff from leaving your system.
Hence the rationale for outgoing protection, be it a FW w/ good outbound protection or a substantial HIPs proggie.

 

This was posted by Peter2150. https://www.wilderssecurity.com/showpost.php?p=1013701&postcount=38

This is one way to protect your sensitive information from being stolen. I haven't tried it yet as I often restore downloads and pics to a folder in My Documents. I'm not sure if that would cause problems or not.

Edit: I gave this a try and it worked. I did a quick test and went to Jotti in Firefox while sandboxed and couldn't browse My Documents. I also couldn't download to My Documents, so i guess I will have to start downloading to my desktop or find a way to exclude my download folder.

 

Definitely worth it and thanks for the tip. I kept reading posts of you mentioning it, so I did a search and found your config post. It's a great feature for added safety and privacy. Thanks

Cheers, innerpeace