Sandboxie's "rootkit" problem not really a problem after all :)

Discussion in 'other anti-malware software' started by TNT, Nov 9, 2005.

Thread Status:
Not open for further replies.
  1. TNT

    TNT Registered Member

    Well, it seem that the Sandboxie's problem I outlined in my post some days ago is not really a problem, after all. After a little more time for some other tests, it turned out that IceSword is able to break out of Sandboxie only in certain conditions, NOT related to a Sandboxie "security hole".

    Essentially, Sandboxie DOES block kernel modules inside the sandbox. IceSword WILL fail to work inside the sandbox, UNLESS it's executed previously outside the sandbox, closed and then executed inside the sandbox: the fact that IceSword is able to bypass Sandboxie "sometimes" is related to the fact that IceSword's kernel module is still active even when you close its executable. Only in this case, with IceSword's kernel module active, it can bypass Sandboxie.

    In other words, Sandboxie will work with rootkits. :)

    Trackback here:
  2. Franklin

    Franklin Registered Member

    Thanks for the hardwork TNT.And good to see Tzuk has had a look.Maybe you two should team up and come up with the ultimate Sandboxie.:)
Thread Status:
Not open for further replies.