Sandboxie technical tests and other technical topics discussion thread

I also haven't infected so far except only one non-harmful PUP which came with Softpedia's installer (which gave great lesson to me), but that do not have sense for me. I also only download repuｔable software from reputable source but always check at least sig. In general I never trust my decision and my narrow experience, or at least trying to be so. What happened to Pete, some arrogant people might lauge at it, can also happen to me. Psycology proved how people's confidence is actually slippery and how people is much more stupid than he/she think he/she is.

NO, code sig NEVER tell you if the file is harmful or harmless, see this.
And code sig is not SSL cert, they're different.

I also keep saying you can live safe even w/out 3rd party software. (e.g. this)
So even Avira is not NEEDed. But IMO it's another thing, well configured Windows is already layered security. And I clearly distinguish probability factor.
As I said some times, even possibility you come across common exploit is low. You may not come across even one single exploit during a year, or may come across dozens.
But once infected, it's game over so one have to balance risk and cost.

 

"Never infected" is such a sweeping statement, especially if they are the custodians/generators of valuable IP. Think Belgacom and other APT. Infection may never be spotted, that tends to happen if it's browser hijacks or ransomware.

 

Sure, Sandboxie as the first line of defense afterwards AppGuard and recently Zemana Antilogger. Just notice that I'm an amateur in security and is very long learning curve. So far, so good, however I really don't know how to test and make malware-proof my setup. I've just follow you guys in here and silently learn.

 

Bingo. We all think that we are correct about everything, religious beliefs, political, computer junk etc. It's called ego: "What? Me be wrong about anything? Doesn't everyone know that they should follow MY religion, MY political leaders, and MY computer setup?! "

Acadia

 

Even those times you hit exploits you have MBAE and HMPA3 for protection, besides every single time when malware wanted to install it asked me if I want to run, save or cancel (user intaraction/intervention), you don't have to be a genius to know what to choose (simply cancel and the party on your computer for malwares is over), when something like this happens.
Those drive-by downloads and file-less exploits are not a problem either if you have MBAE and HMPA3. The only protection you need are against infection in removable drives, that's all.
I also remember how FleischmannTV wrote on Sandboxie forums, how he was never infected even though he used/uses Mozilla Firefox and Google Chrome without Sandboxie or any other similar protection.

 

I didn't say that in order to discourage people from using any kind of security. I simply wanted to point out that the statement "I've been using program X for years and have never been infected" could very well mean that there simply hasn't been any infection attempt, hence it doesn't necessarily speak for the protection capabilities of program X.

 

I retested again using Windows 7 x64 in a virtual machine. When I disabled DNS Client service I got the same results as you did. When I enabled DNS Client service I got the same results as I got the first time (post #851). So indeed it's possible that a sandboxed process without admin privileges can change the hosts file (which normally needs admin privileges to change), and in some situations the changed hosts file can affect DNS resolution in a sandboxed web browser.

 

Thanks for re-testing!
I think the result indicates what made difference is DNS cache.
So far it seems all change we made affects sandboxed environment, so I wonder what parameter SBIE automatically protects.

 

First of all, I never use MBAE & HMPA at the same time. And those anti-exploit can't protect you from all exploits. Even when exploit is not meant to bypass them, nor using relatively new technique such as COP & JOP which erik admitted HMPA currently can't protect, some logic flaw vuln can't be protected by those apps, pedro admitted.

Only if you're always cool and never make any mistake in your decision, IOW if you are perfect man. Unfortunately I'm not, but if you think so go your way.

To prevent threats from USB, you firstly have to completely disable autoruns, always display hidden and system files, always display file extension including some extension which don't appear by just changing folder option, never double-click your USB drive icon and always use folder tree to navigate, and on top of all those learn about many and evolving social engineering techniques and keep your eyes open on latest security news. HMPA also blocks BadUSB but if you don't use it G-Data also offer dedicated tool. I admit forcing SBIE for every external drive eliminates most of those needs except BadUSB.

BUT why this is ONLY protection I need? How about malicious addons, especially ones which are becoming more and more problem on Chrome store as many reputable addons suddenly turn into malware when author changed? How about malicious update I described in here and there? How about script malware and macro virus which is arising again? Oh, I have strict control on all scripts running both on desktop and on browser and even on other apps and of course macro is disabled, so I'm 100% secure against them eternally? Where's guarantee of that? How about non-malware threats such as XSS, CSRF, clickjacking, HTTP header injection, DNS rebinding, or MITM by compromised cert? How you can say "only", is this cuz you know threats and intrusion well? I listed some threats but I don't know if it is all (maybe not).

All right, let's relax. Actually I don't recommend such hyper-protection for everyone. For novice user, I just tell some common sense security and install or recommend to install decent security suite, and make sure auto-update is enabled for OS and all vulnerable apps. (When I can, I add some extra work such as disabling unnecessary-for-him/her function which can be abused and/or tweak that IS.) This is IMO good compromise btwn risk and cost. But if you prioritize security, the balance differs. For me, half of security is just a hobby. However, for me personally settings which puts layered security on certain threat only while leaving hole for others looks like to equip multi-locks on your front door while back door or window is open. OTOH, it's true that we should consider probability to come across each threat, and acceptable cost varies on each individuals. So things come down to your preference after all.

 

I wonder what logic vulnerability bypasses both HMPA and MBAE?

You really don't get it, do you if I have never been infected in 10+ years before I started to use Sandboxie, than this experience speaks for itself, and I'm not alone, there are plenty of people, unless you visit porn and all kinds of hacked websites with all kinds of exploits, the only I truly visit are youtube, science and technology, comic book boards, science boards and here Wilder security forums. I'm also on facebook, but it looks like it even forgot my name as well, since I was not on facebook the last 3 years.

I don't what do you mean by BadUSB, so I'll skip but thanks for that link, I was actually looking for it. SBIE solves everything.

So, basically you are saying that I'm so stupid that I will install malicious add-on and get infected with it, no I'm not that stupid, I use NoScript for Mozilla Firefox and now uMatrix for Chrome, that's more than enough to handle this, you seem to by hyper-paranoid about everything, than I have to ask you if you are so scared of everything why do you even live int he first place? In this case, why you are on the net at all?

I'm just saying there are plenty of people who visit everything and they don't get infected-ever!!!
So where is the catch?
Sure Sandboxie sandboxing web-browsers and Microsoft Office and everything you need to browse solves everything, or almost everything.
I know what you said about Sandboxie and Chrome, but I still rather prefer Sandboxi sandboxing Chrome, I just think it's more secure, no evidence whatsoever, but simply just a feeling.

 

Then follow your way. I just said IN MY CASE whatever years I have not infected it's "so what?". It doesn't guarantee I won't infected in the future FOR ME.

Huh?? I mentioned fact that many completely legitimate and reputable addons turns into malicious addon suddenly by official 100% legitimate update. I rather surprised to see you don't know this well-known (of course in security community) fact. Whatever you're wise, you can't avoid it when you use one of affected addon. We know what addons have been so far affected but who knows next? Tho I believe (hope) at least uMatrix won't as gorhil will never sell or give his addon to anyone.
Hyper-paranoid? Maybe. But I don't have any trouble. Can you understand the meaning of "half of security is hobby for me"? Oh, but I fear I may install malicious addon myself too, Is this cuz I'm paranoid? Probably no, just because I don't 100% trust my decision or Ego in almost everything, at least trying to be so. But I trust my potentiality, aka my Self in certain psychological context. Anyway I will keep my eyes on latest social engineering technique to reduce such risk.

So you didn't read his post?
I think if 100 people use their PC w/out any security software a year, at least one (probably more) PC will be intact (I actually have heard some of such cases). It's hard to come across real exploit or malware in usual internet usage though I'm relatively heavy internet user. Even if you come across, those exploit kits are relatively picky and this is why aigle and I had trouble in exploit test as we had to setup exact versions of vulnerable software. So are those lucky people secure as they haven't infected?
BTW, I say/said nothing about your Chrome/SBIE things and won't. I just challenged your bold assumption in your statement. But I found it's waste of time, if you're so confident then go your way. I know proper usage of SBIE eliminates most of threats, tho not exactly all. Considering probability you come across such threat is extremely low, you'll be 99% safe. Fanny as you seemed to bit oppose about impact of 0day exploit which I claimed the possibility is extremely low in MBAE thread, but all right, security setup finally comes down to matter of preference anyway. Sorry for lose my tember a bit.

 

Fine, but what do you suggest me to have security setup like your own? What is your advice anyway?
You said you challenged my bold assumption, but I don't understand the point of it. I said in the link you gave me: everything you, Safeguy and Hungry Man said about Sandboxie sandboxing Google Chrome is also purely hypothetical, and the other sentence was: Against infected websites Google Chrome protects excellent based on your posts (I'm not sure even if this is true or not)-so which part did you answer, I assume that answered the part of Google Chrome that protects excellent against infected websites, again I assume.
But only if you download something from Chrome and run it you will be infected, supposedly infected websites cannot touch your computer since Chrome's sandbox is tough to beat, that's how I understood it.
Put Sandboxie over Chrome, and than nobody knows what would happen, however it excellent solution against malware infections and running malware inside Sandboxie, again this is how I understood it.
To be honest Peter's security approach seems to be the most compatible on what I and how I want to be protected.
Latest social engineering techniques and exploits?

 

Again, I never speak about Chrome thing in this thread again, at least with you.
Advice? Be modest and accept psychological fact that everyone is stupid, needless to say including you and me. A fatal vuln is people tend to think "I am special."
Other things are trivial.

 

Heck, even Albert Einstein made mistakes.
Acadia

 

Obviously, I have psychologically destroyed you, one word "Chrome" and run for your life, I have interesting psychological influence on people.

 

Words of wisdom, no doubts at all. We share the same opinion.

 

Not true, if you smart enough you won't get infected, that's really simple, I just know too many people who did not get infected ever in the first place.

and why would I get infected I don't use add-ons at all.

Maybe it is, but also I know a lot of people as well who do security and neither of them is so paranoid, and neither of them had any problems with infections, interesting, they only have one antivirus and that's about it.

What I bet is that you're totally wrong here, I bet none of these people is getting infected unless they do something wrongs by themselves. It's not about luck, it's about being wise and smart.

And I have challenged your paranoia, what I'm telling you are completely paranoid without any good reason, calm down. I use MBAE because I like it, interesting part was I was never hit by any kind of exploit and MBAE did not block any of them, obviously, there is no need to be that paranoid.

 

The reason why I use Chrome sandboxed under Sandboxie is because of the fact my parents click everything, yes I'm paranoid not because of myself and I know what I'm doing, it's about parents mainly.
And if you are paranoid like Yuki is, the best thing is to use properly configured Sandboxie on top of Chrome and everything else on entire Windows' computer system, since using properly configured Sandboxie eliminates very nearly all of the threats (though not exactly all of the threats).

 

Ahhhhh, and that is exactly what the baddies are looking for, folks who are patting themselves on the back. Once you pat yourself on the back and say, I am safe, I cannot be hacked, you are next. Yes, you know people who have never been hacked, but don't we all? With billions, literally, of folks out there, only so many can be hacked at a time. But I want myself to be safe once they get the time to come around to me.

Acadia

 

Typically the low hanging fruit. The funny thing is, and what it all boils down to, with all the hypothesizing going on in this now epic encyclopedic thread, the majority of people who are at least somewhat security conscious with their pc's are more likely to suffer a hardware breakdown or driver issue than a malware infection.

 

[Off topic:]
We can talk about it if you don't care as I'm big fan of Einstein.

(Sigh) You can't get sense unless everything is told in direct manner? in previous post I suggested your "assume" is wrong. I don't know how could you assume my saying "bold assumption" mean that "the answered the part or Google Chrome...".

Can't agree more!

 

Even security concious people make a miss as long as he is man. In that time he is not so different from novices. Assuming you can be always be careful is just a your belief which has been disproved in psychology.
And hardware breakdown or driver issue or others are completely another story, like when we speak about bird flu or BSE one suddenly bring up "You're more likely loose your life by car accident.".

 

Interesting, physics is my main hobby, I started to read it when I was 6.

Yes, I like direct approach.