virutalization questions

Hi, my current security setup:

Comodo Internet Security with HIPS+ enabled
EMET 2.x (max. security, most programs added)
UAC at max level (with password protection) while using a standart user
Norton DNS
Hardware Firewall (soon DD-WRT)

I now thought about using sanboxie and do the following:

for each program (mail,browser,messengers) create an own sandbox. This should prevent that any password-stealer gets access to them and steals my data? More over, if i should open and infected mail/link/messenger exploit, nothing can happend to the rest of the system?

Is that theory correct? Will it cause performance loss? Or am I secure enough with UAC @max level + comodo av/fw/hips ? Normally UAC & Comodo should restrict access on but it could happen that i still allow a program to be runned as admin (this would allow them everything). However, sanboxie (or some other virtualization program) would "hide" the browser/mail/etc from the normal system.. so it cant be stolen?

Thanks

@edit:
I'm on win7 x64 with a dual core 2 duo 2,53ghz,4gb ram laptop.. 80gb SSD + 1tb HDD.
Sandboxed stuff would be on SSD.

 

Hi there,
Comodo can be awesome if you know how to set it up and interpret its warnings (I haven't used it for a long time). Sandboxie properly configured (restricting programs to access the internet and from starting within the sandbox) should also be very effective in protecting from data theft (I use it with these criteria). An outbound firewall is also a great weapon against outbound calls. I would agree that the combination of Comodo and Sandboxie properly configured would probably stop anything unauthorized from accessing the internet.

Sandboxie is a sandbox that can be tightly configured, "some other virtualizer" will not protect you from data theft.

 

well, i wouldn't restrict their internet access (i need internet with my browser & mail app ).

so i simply install the programs while sandboxing them?
If i move the sandbox folder to %program files% then UAC should also protect it?

 

What I meant is to allow access to the internet only to authorized (by you) applications, which means that any unknown program won't be able to connect to the internet. Same argument only more restrictive is to what you can allow to start and run within the sandbox. Any unknown program won't be able to start or do anything even inside the sandbox. If I missed something from your reasoning I'm sure someone else will be able to advice.

 

okay.. well i have a problem with this:

i just wanted to install firefox in the sandbox so:

i created a new sandbox, drag & dropped firefox-setup.exe onto that sandbox and the setup started. It asked for admin rights so i allowed sandbox to use admin rights. installation was fine.. then i wanted to run it and saw that most of my real-firefox-settings & addons were in the sandbox? I thought nothing from the outside should be able to get into the sandbox?

also it seems to use part of my real-firefox ressources.

 

I'm sorry but why would you want to install Firefox in a sandbox? One normally starts a browser in a sandbox or installs a new program in a sandbox to test it. I tend to think that firefox can be safely installed normally and consequently started in a sandbox.

I really can't work out your question, I'm sorry can you be more specific?

 

Okay so what I want is firefox (and other programs) to be completly virtualized and off from my real system. No settings, no passwords, no data of it on my real system. This should prevent any malware (which i execute on my realsystem) to read my passwords/data from firefox and steal them.

so i would put firefox in its own sandbox, thunderbird in its own sandbox, keepass in its own sandbox, messengers in their own sandbox, etc

why a one sandbox for each individual program? e.g. i open a malware with the sandboxed firefox.. the malware can only read data/password within the sandbox.. so maybe it will steal my firefox passwords but atleast it cant steal anything else as e.g. thunderbird is inside some other sandbox.

What I did: I dropped the firefox-setup.exe in the sandbox and it installed inside the sandbox. but when i ran it, firefox automatically loaded information from my real-system-firefox. e.g.: last session,addons,bookmarks,etc

I guess most people use a sandboxed firefox so their realsystem cant get infected by malware when opening a drive-by website. i want to do it the other way. if i infect my real system, i want my sensible data to be save inside a sandbox.

 

The way I understand your wishes is first to have a Firefox portable installer, you can have it on a USB thumb drive, and launch it sandboxed, once you are done you can delete the sandbox and unplug your flash drive, so nothing is ever written to your main HDD. This is probably best achieved with virtualizers like Shadow Defender (unfortunately hard to get nowadays), DeepFreeze (still actively developed), Returnil (see dedicated forum at Wilders) but they will not protect you from data theft while you are in a virtual session (although there are other applications that can specifically address data protection). I'm still wondering why would you want to install firefox in a sandbox, it is not necessary as long as you launch it sandboxed, every session will be deleted anyway when you delete the sandbox....

 

thats the thing.. i dont want to delete the session.. i want everything saved in the sandbox.. just as i have it on my real system now. but i want it sandboxed so other programs cant touch it (as they shouldn't be able to access something inside a sandbox).

already thought about portable apps.. but often they are not as well developed as the real-installation-solution. also when firefox.exe is runnign (on a portable device) and i execute some malware with my real-system, it still might be able to trace back the destination folder of firefox.exe and steal the data.