Virtualization software

Discussion in 'sandboxing & virtualization' started by guest, Jan 19, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

  2. Jav

    Jav Guest

  3. guest

    guest Guest

    Thanks, I want to use one of this softwares with VirtualBox or VMware, for test some security software vs malware. There is any other option (combination)?
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i use sandboxie:D
     
  5. guest

    guest Guest

    If I execute a virus/trojan... in a sandboxed with sandboxie I can be 100% sure that the computer will be clean after?
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  7. guest

    guest Guest

    And the AV that I pretend to test will be able to detect (supposing that is able) the file even if the file is sandboxed?
    Anyway I pretend to make the test on Win7 x64 and sandboxie is still beta, maybe will not protect the system.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    for system 64 bit may not be that secure and also is beta:)
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Nothing is 100% certain. When I am playing with malware, I put my system in Shadowdefenders shadow mode and play in the VM ware VM machine.

    Yes Sandboxie is very secure, but why push your luck.
     
  10. guest

    guest Guest

    I am thinking in get deep freeze or shadowdefender, any suggestion?
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ShadowDefender, simple to use and works very well. Good support also.
     
  12. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Agreed. Shadow Defender is very light, very simple, and very effective.
     
  13. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I have ShadowUser but not installed. Was one of my favourites but is in need of an update to protect against new malware.

    I use DeepFreeze on one machine at home with AE2, great combo. DF comes in two versions and has many features to suit varied systems.

    I have ShadowDefender set up on another machine, trjam and n8chavez hit the nail on the head describing it.

    CleanSlate is quite interesting. Log off or reboot to revert changes, is adaptable and has security blocking exe, programs.
     
  14. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I take Peter's approach when I am playing in dangerous territory. Computer with Returnil activated and then doing the actual playing in a VM. Microsoft Virtual PC for me.
     
  15. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I have not tried deep freeze but I tried and like shadowdefender so that would be my uneducated pick.
     
  16. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    You're simply dumping the trojan and its tracks when the sandbox is deleted. So yeah you might be clean, but it will have attempted to do wrong, if you didn't notice the signs.

    Sandboxie leaves all the real-time safety in the hands of the user. So unless you've got the sandbox set to restrict certain behaviours - it won't. The trojan could possibly hijack and intercept anything else you have running alongside it inside the sandbox.


    There are no behaviour blockers as such with Sandboxie's default state - though it does have SandboxieCrypto.exe which is constantly checking the security certs of the sandbox contents. Other than this (SandboxieCrypto.exe), you are on your own - in real-time.

    So Sandboxie is definitely not rock tight in its default state, IMO.

    Sandboxie needs a lot of configuring to feel very confident about it. Nowhere near 100% real-time protection - Same for Shadow Defender - Sandboxie has at least the ability to prevent malware behaviour in real time. The horse may have already bolted unless you put blocking procedures in place - with virtualization.
     
  17. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    And what´s up with the 2 malwares bypassing Sandboxie I found past year?

    You lie when you say any software is 100% safe.
     
  18. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    When you say these malware bypassed SBIE,do you mean they were able to circumvent the access/write restrictions of a fully configured sandbox or was it left in a default state?
     
  19. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    I remember reading both topics concerning the poc's Buster found; they were able to touch the real sys thru execution in a defaultbox (no restrictions). However I think its very important that these poc's cant breakout, whether special configs are in place or not. SBIE is pretty good at blocking a poc from executing its payload in the first place, hence mitigates any dangerous code that could potentially bypass it.

    To test out sbie in action, one must intentionally surf to dangerous sites on the web and give an assessment of how well the protection fares.
    I dont have the technical experience to know if/or when sandboxie is bypassed, so I would encourage enterprising testers to assemble a large driveby test thread and report their findings on the sbie forum. :D

    @ Buster VM's are software too ;) but they dont have anti-executable protection - I think. So what would be more powerful: a restricted start/run/LUA/net access sandbox or VMware?
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    They are both great programs. Shadow defender is suitable for home users or rather for people who don't share their computer. The big difference is that SD will allow you to save files and folders from the shadow session whereas DF once in frozen mode won't allow any changes to be saved (you can always have another partition, drive, flash drive, unfrozen where you can save whatever). But all in all, Shadow Defender is unbeatable in terms of speed and versatility.

    If you wish to test DF, remember to keep the installer and password (if you set one) as without them, you might have to re image your system to uninstall it! Faronics are very good in such situations, but some people had bad experiences.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  22. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    The malwares were writing directly to disk. In a default box for sure, don´t know if they were doing it in what you consider a fully configured sandbox.

    They were not POC. They were normal malware. They were not even Sandboxie aware.
     
  23. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    In my opinion, a restricted VMWare: shared folders and network disabled.
     
  24. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I know in the enterprise version you can set a one time password and at4re have made an unfreeze utility.
     
  25. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    I have tried several different virtualization softwares in the past and have currently settled on Shadow Defender.
    Excellent piece of software, actively being developed with good support. :thumb:
    Give the trial a shot, chances are you will not be disappointed. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.