Sandboxie

I run Chrome portable in Sandboxie. I tried running the original Chrome in Sandboxie but it didn't work for me although it seems to work for others. I posted in the Sandboxie forum but the various methods suggested didn't work. So I went back to Chrome Portable (from portableapps.com) which runs smoothly in Sandboxie.

As far as plug-ins go, I don't use the Adobe pdf reader on-line so that plug-in is disabled. And I also don't care for flash so that one is disabled too. So I don't have a problem and a solution either !

 

At the beginning I had the same experience. But in the meantime unfortunately I also came upon websites that will not work correctly within the sandbox if the plugin-container.exe does not have internet access too.

Concerning the disabling of the plugin-container.exe:

Is the plugin-container.exe of Firefox really a feature for protection/security or is it only a feature that shall assure a smooth operation of the browser in case that the flash player (or something similar) crashes within the browser?
If the second case is true, I also will think about disabling it.

 

I just followed RedDawn's link here *thanks Redawn* it solves the problem - disabled the plugin-container.exe altogether - no lag with streamed clips - browser seems to be working ok.

Going into about:config and setting dom.ipc.plugins.enabled.* to false, it wasn't enough, though. Youtube and a few other streaming clip sites didn't work for me. So I disabled the plugins as well. Changed all to false (as says in the link)

* dom.ipc.plugins.enabled.npctrl.dll (Microsoft Silverlight)
* dom.ipc.plugins.enabled.npqtplugin.dll (Apple QuickTime)
* dom.ipc.plugins.enabled.npswf32.dll (Adobe Flash)
* dom.ipc.plugins.enabled.nptest.dll (NPAPI test plugin)

This isn't a security feature (maybe it does enhance security? I haven't seen anything saying so) ... it's more a reliability fix for crashing browsers, from the press releases. I think a lot of people have the same idea that you have. If it doesn't improve security - it might be best to wait and see if it weakens the browser security. You can bet there are morons out there that are looking at this plugin-container change, and they're working on ways to exploit it.

 

Keyboard_Commando, thank you for your explanations.

 

After running Sandboxie for about two months, I have not had a micron of infection found by my scanners, of which I have 4 and use them ad-lib about 5 times per week.

John B

 

I'm glad you found something you like and works for you, John. Sandboxie has its moments for me, but overall, I've not seen anything out there paid or free that can make the vast majority of malware out there cry, and do it without driving the user insane.

 

The good thing about being a noob button clicking novice average user is that you go about life perfectly sane -- oblivious to the infections etc until they slow your system to a crawl. You pay the geek squad some hard earned $$$ and resume the process all over again.

Wasn't it nice to just click buttons before you know what you know now?

Sul.

 

The last time it was safe to be a button clicker was from about the year 2000 on back. But yep, those days were oh so sweet. The Geek Squad, more known to break your system than fix it, hehe.

 

Any thoughts on whether using running a browser fully in Sandboxie renders NoScript redundant, assuming one isn't bothered by one's browsing being tracked?

 

For me is redundant, indeed.

 

Thanks & keep up your good work! Seems to be much appreciated by quite a few folks.

 

In my opinion if you only look at the security perspective, then it is rebundant
but I personally use it because it makes browsing more enjoyable and keeps
away annoying flash ads that otherwise would open all the time. I almost never
see a pop up and that's NoScript blocking them. To me NS is like SBIE, I love
them both and would not browse without either program.

Bo

 

Hi Bo! My main concern is security, not privacy. As for the ads and flashies and even redirects, Privoxy takes good care of them across browsers (Chrome, FF, IE & K-Meleon).

 

I'm sure this has been pointed out before: within that sandboxed browser session, any script could be run, any keylogger/keyboard sniffer/network sniffer could be running, any redirect may work, any potential phish may work, websites will pick-up whatever they can, compromised web sites are still compromised, cookies will do as directed. ( subject to other precautions )

There would be no HD or system "access" outside the sb, and any downloads will not be permanent unless specified.
The system itself is safe, but "on top" of the sandboxed layer, what will be may well be !!, -also subject to other security measures in place in the sandbox and s'boxie set-up: ending the session and erasing will wipe the slate as required and return to 'native state' as per usual,

Echo that.
Of course NS will not be any panacea, but IMHO NS does/can have a role in the sandbox.

 

Longboard, in some ways both programs and developers are alike. When you
think about it there philosophy is similar because SBIE does not trust any
program and NoScripts does not trust any page. Like you I think NS has a role
in the Sandbox.

Bo

 

What role is it?

It can not be a security role because Sandboxie takes care of that 100%.

About privacy maybe?

 

I think bo elam refers to the role he already mentioned in his previous posting:

Indeed (primarily) this may be neither a security nor a privacy role, but I learned to appreciate this effect too:

Sometimes I find a little bit painful the necessity to allow scripts with NoScript when visiting a new website in order to be possible to view it correctly. But on the other hand I often realize how many flash ads etc. do not bother me simply because I continue to use NoScript even within Sandboxie. I think this is indeed a useful role of NoScript. (At least if you do not use other software to achieve this effect.)

 

That happens for reading too fast. Bad Buster, bad!!!

Yes, I agree that browsing is more enjoyable using add-ons like NS or ABP.

 

Ahh
No doubt about what you mean
..can still be phished, hijacked, recdirected, idenity stolen, credit-card details stolen etc etc..
NS will not stop all of that but still has security benefits as well as "convenience and enjoyment" factor..

 

My thoughts are this, malicious scripts can still run if you allow them to in the sandbox. Who cares if Sandboxie prevents actual damage from taking place on the real system, it can still cause havoc with the browser, it can still redirect to a malicious website and possibly cause malware to install, it can still send your data out, and so on and so forth. NoScript, if used carefully, CAN prevent all that. So, you have a sandboxed browser that not only keeps malware and other things from getting to your real disk, but, since the scripts were kept under control, they can't even run to TRY to access the real disk, or send you to another page and so on.

Sandboxie is one beautiful piece of software, gorgeous it is. But, a responsible user doesn't let bad things run period, not just within a sandbox.

 

Hey ! My most respected "dw". That piece of wisdom sounds as good an explanation of the art of mine detecting as I have ever heard. It sums it all up perfectly, a proverbial Bible of fact against fiction.

Who can argue with that precise summary of life in the trenches ?
I bet somebody will, but not me Brother, I`ve been converted.

John B

 

dw426 raises a point that intrigues me in his post No.270.

Threats IN = NIL, threats OUT = ?

Whilst I have become to regard Sandboxie as a pretty good stopper for flack coming in after all the posts in this thread, and sit back happy that my dust-free PC does not get covered in debris, he has a point.

What about data that can be stolen from within the sandbox outward bound ?

I do use NoScript and ABP and only stand them down manually by the Options for sites I trust. There are posters who have said that NoScript is redundant with Sandboxie.

Would some of our more experienced geeks please comment on the points made by dw426, plus my own ? Waiting to hear.

John B

 

The beauty of SBIE is that you can control the programs that run or have outbound access. Setting up a sandbox for a specific purpose is the best use IMHO.

For example, if I have 2 browsers, say Opera and FF. Opera is forced into its own sandbox, and only opera.exe is allowed to run and allowed outbound access. Firefox has its own sandbox as well, but it also allows perhaps adobereader.exe to run, and maybe also have internet access.

The granularity of SBIE is what I like best. I know that if I use Opera, it is segregated and very lonely being the only thing that can start in that sandbox. It also deletes its files once it closes. I can run any script, go anywhere, contract anything, and the next time I open Opera, all is back to a clean slate. It is where I do my transactions and other sensitive activities. It is its only purpose in life, and I only go to sites that I trust, such as my bank. Should my banks website become hijacked, most of my bases should be covered because no keygen.exe etc can run within this sandbox. It is the man-in-the-middle attack that leaves a gaping hole or a browser exploit.

Firefox is where I might go researching. It does not delete its contents on shutdown. Again, I don't care what scripts run or where browsing takes place, because no data is ever given when using Firefox like this. It has its own little environment that has nothing to give out that is of any value other than maybe cookies and mundane things of that nature.

Personally I have started installing browsers, setting the options, but not going anywhere. Then I install SBIE and force the browsers into thier respective sandboxes. Then I will start the browsing. In this manner I am assured that the browser profiles start clean, and when they then start in SBIE they are known to be clean. Deleteing the sandbox then is all that is needed to maintain that fresh and clean feeling.

Sul.

EDIT: Pete, you think along the same lines as I, and evidentily get your posts off much faster as well

 

I don't mean to spread "hyperbole", but, I'm under the assumption that without said proper configuration (by the way, what is proper configuration for a browser anyway? Flash, Java, all those need to run and have internet access if you wish to view that type of content, right?), whatever data is in the browser can be stolen. Let's say passwords and other log in items, email addresses, banking details, that sort of thing. Am I way off base here?