Sandboxie and Kaspersky Internet Security

Good evening and happy new year.

I will soon give my laptop to my parents so as they can finally enjoying the formidable world of Internet browsing

Now I personally use Firefox + NoScript (besides other security tools of course) but there's no way my parents will learn to use NoScript to enable/disable scripts so I was thinking of installing Kaspersky Internet Security on their machine and SandboxIE, instructing the latter to always run Firefox in Sandbox mode.

My question is: Let's say they end up on a website with a malicious script, will Kaspersky, the antivirus part of it, block the script? Or it will run and then disappear after the browser - and hence the sandbox - is closed?

Thank you.

 

If they know what to NOT take out of the sandbox when it closes they should be OK. Also have only the browser have internet/running privileges and have it set to auto delete on exit.

 

Doesn't Kaspersky have some sort of sandbox program- safe run - or something like that? What if the browsers were set to open in that? I'm not sure how it would treat downloads they would want to keep though.

 

You can use KIS own sandbox -- Safe Run for Websites. It is very tough and has not been bypassed to date. Simply teach them how to open browser via Kaspersky interface and they will be completely safe against all types of threats (including script which will also be scanned by Web-Antivirus) because Safe Run settings are very restrictive and cannot be over-ride and works on principle of restricted privileges. On my system, Google Chrome is not even allowed to use its installed extension when run under supervision of Safe Run.

 

It does, but looking at some threads it seems it is still not as powerful as SandboxIE, though the thread is from 2009, so quite old. Does KIS have an "Always Run In SafeRun" mode feature like SandboxIE?

Thanks.

 

If the antivirus detects the script via either signatures or heuristics, then yes, it will block it because the scanning of Web content works at traffic level (so it doesn't matter if the browser is in the sandbox). Regardless, that doesn't really matter- if you have your browser sandboxed anything malicious coming from websites will be contained in the sandbox.

If the user does Online banking then I'd recommend using KIS Safe run for websites/Online banking mode (not to be used at the same time as Sandboxie because of conflicts) because it provides an additional layer of protection against threats on an already compromised system by denying access to browsers' memory/threads to unknown 3rd party applications (similar to Prevx SafeOnline)- which Sandboxie doesn't have.
On the other hand, if they don't do Online banking, using only Sandboxie will suffice- it's much more configurable and somewhat more safer/resilient compared to KIS sandbox (the latter having some issues with interpocess communication isolation ATM).

 

Perfect!

Thanks

 

Yes with a little edit to the shortcut you can. Take a look at this thread it explains how.

Save your money and just use the sandbox from Kaspersky. It is very effective and has saved my butt several times! Just one piece of advice if you are sandboxed and download something remember to save it to the sandbox shared folder.

Regards,
Cgeek

 

Nice.

Have you ever used Sandboxie, cgeek? I mean did KIS save you when Sandboxie didn't? I'm just trying to understand whether to go with KIS alone or both

 

It's worth mentioning that that method isn't the same as Forced programs in SandboxIE.
It will only sandbox the program if you launch it via that shortcut. If an unsandboxed application wants to start the application you created that shortcut trick for, it will start it outside the sandbox, since the shortcut isn't used. I.e if you're running Outlook outside the sandbox, and you've configured the shortcut for your def. browser as per the linked thread, when you click on a link in a email, the browser will start outside the sandbox (as opposed to SBIE Forced programs which sandboxes the program whichever way it's started).

 

3x0gR13N is correct this is the only drawback to using safe run for websites. But you could open Outlook and use safe run for applications. Which would sandbox or virtualize the entire computer!

@thehawkMT
I have used sandboxie in the past and it is a wonderful application. Since I have used KIS I stopped using it since it has it's own sandbox. I also used to have Returnil but yet again it is covered in KIS. The only other app I use alongside is Prevx Safeonline.

Regards,
Cgeek