Virtual PC in XP Mode with Sandboxie

Discussion in 'sandboxing & virtualization' started by Windows_Security, Sep 22, 2014.

  1. Anyone tips on integration settings of Virtual PC or Sandbox settings?

    Combo launches surprisingly fast on a dual core pentium with 3GB RAM, after the trial period SBIE will problably wait for a few seconds.
     
    Last edited by a moderator: Sep 23, 2014
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    After a reboot, five seconds, only the first time you run something sandboxed.

    Bo
     
  3. Disabled as much standard components as possible (IE, WMP, OutlookExpress, etc)

    Intergration settings: Hibernate, not using the "undo virtual disk option" to purge changes (sandboxie does this faster/easier), not alloweing access to data drives, assigned 768 MB to virtual RAM

    Sandboxie settings:
    - Drop rights
    - allow only Chrome to start
    - allow only Chrome internet access
    - Block access to (other) virtual (data) disks

    Sandboxie Control (Remote) is visual as icon on the host

    First launch of XP Mode launches the Virtual PC and (thx Bo) in future five seconds SBIE free delay, consequtive launches from hibernated Virtual PC take less than 2 seconds.
     
    Last edited by a moderator: Sep 23, 2014
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,334
    Location:
    Italy
    Run of multiple programs with the free ver of SBIE:

    Immagine.JPG
     
    Last edited: Sep 23, 2014
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Sampei, you might not know, the free version allows you to use separate sandboxes for your programs. You just cant use more than one at the same time. If I was you, I would create a new sandbox, name it Thunderbird and allow Firefox, Thunderbird and perhaps your PDF reader to run in that sandbox. And the DefaultBox, use it for browsing, not email. Remember, isolation works better when you separate programs in their own sandbox. You ll be safer if you do that.:cool:

    Sandboxie control>Sandbox>Create new sandbox

    Bo
     
  6. Edit: disabled integration settings to increase colours from 16 bit to 32 bit (apparently this only works when disabling integration settings).
     
  7. Edit replaced Chrome for K-Meleon. Due to hardware virtualization, chrome does not display text as crispy as K-Meleon.
     
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    dudes - you talk about security in same sentence with XP? expecting what?
     
  9. No we are talking XP-mode, meaning the guest will be vulnerable due to end of life of XP, but

    Windows 7 host should be protected from guest OS:
    a) no integration (on data level)
    b) changed NAT shared to Bridge mode (selecting the name of the adaptor)

    Precautions on Guest
    a) hardened it with gpedit, XP-mode is a XP Professional (SRP default deny, etc)
    b) adding Sandboxie Free (running the application in XP as anonymous User)
     
  10. Nice thing about XP-mode is that it runs within a virtual machine and it is very easy to make a backup of your Virtual PC XP-mode image by killing vpc and copying all files to a sage location. So decided to play with it again.

    Installed Gupzilla and flashplayer, deinstalled/disabled all other programs/services to reduce size of the XP-Mode VM image. Added Software Restriction control (default deny) and run Gupzilla and Flash as basic user. Next added the registry tweak to get embedded updates until 2019. Seems to work, I would not do this on main XP, but in VM trashing the guest is part of the fun and without consequences.
     
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,334
    Location:
    Italy
  12. Gupzilla 14/17 on security, total score 86/100

    Settings altered
    - open startpage as home page, startpage as search engine
    - disabled all address bar options
    - disabled Java
    - enabled XSS
    - disable saving history
    - disabled downloads by selecting an alternative download manager without specifying one
    - enabled use defined location for download
    - allow storing cookies/delete them on close/vlock 3rd party cookies
    - javascript, don't allow access clipboard, open/close windows
    - disabled send referrer header, enabled do not track
    - enable tracking protection/ad-block/flash click to play
    - disables application extensions

    The default setting look rather odd.

    Running without SBIE, flash & gupzilla run as basic user with default deny as SRP and enabled the EPSMode trick through registry to get updates of embedded. Since Embedded is XP Pro without WFP, I disabled WFP (I thrash the VM when ready playing with it anyway).

    GesWall ruleset for GupZilla in XP-mode (should work for XP also)

    Untitled.png
     
    Last edited by a moderator: Oct 29, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.