Sandboxie Versus Virtualbox Ubuntu

Ambient... your statement is much more concise than mine.... That's exactly what I wanted to say.... (you posted while I was trying to write my 'book').

Matthew

 

LOL And a long book at that I will try to read it all later when I have a spare 2 hours

 

Now... I really should go do something useful. I would have a lot more time in my day if I didn't read these darn forums so much....

Matthew

 

Matthew, I read your very very long post

And it seems it's off-topic. Because you talk a lot about time and money invested into learning a new OS such as linux.

But that was not the topic at all. The main topic is if virtualbox is more secure than sandboxie. Topic has nothing to do with if it's feasible, money wise, to install linux.

 

Hi Truthseeker:

Actually I think It was very much on topic for your very first post (and the supposed aim of this thread?):

You had three sentences/statements in post 1:

First Sentence:

I answered this question for by giving reasons why I believe I and most average computer users would prefer Sandboxie to your choice. That is why I "talk a lot about time and money invested into learning a new OS such as linux" as you say above.

Second sentence:

I agreed (several times) with your statement that Virtualbox + Linux would probably be more secure if correctly configured. I disagreed that it is 'better' or 'easier' as you stated by trying to show examples of why using Virtualbox + Linux is really not practical in the real world (not likely to be chosen by either small business's or 'average' home users). You made no attempt to give any examples about why your choice is 'easier to use' than Sandboxie.

Third Sentence:

I gave many different reasons in my post for why I think Sandboxie is a much more practical choice for most users than Virtualbox + Linux. I think the difficulty with learning a new OS, a new browser, a new gui (linux gui), Virtualbox, the system resources used by the host computer, the likelyhood that most folks would likely not use it on a permanent basis (quicker just to click on a browser icon to web surf) are all valid reasons for my choice (as are others I mentioned).

You stated in this post:

I'm sure what you meant was not that Virtualbox is more secure than Sandboxie, but that Linux running in Virtualbox as a guest os is more secure than using the Windows OS (little has been said about how Sandboxie works, or helps to protect a computer system). You also give no facts or proof that Windows is not secure if Sandboxie is used properly and installed on a clean (uninfected) system with a limited user account being used.

 

The proof is easy to give you. Download the zemana keylogger test program and test it in sandboxie and you will see for yourself that whatever is typed in sanboxie is picked up.

However, do the same running linux virtualbox and zemana keylogger test cannot detect it.

I rest my case

 

Great, you tested one API - now don't jump to conclusions based on that, or you could even use the screenshot function in Zemana's test.

 

Hi again:

Yes I agree (as I've said....many times already...gees) that running Virtualbox + Linux is probably more secure.

I tested your program and here is what I found:

1. I had to purposefully circumvent the security of windows in order to get your program to run (that is, I had to agree to run the .exe file from a popup on my screen. Do you have one that I can download and will bypass my security without my agreeing to have my security bypassed?).

2. Anything download from the web, websites visited, etc., would all be sandboxed. While I am visiting various websites, if there is any malware/keyloggers in the sandbox they are not able to permanently change anything on my computer. They can't change the registry, add themselves to startup, delete any files, or even 'peek' in the protected areas of my harddrive.

3. Before I go to my bank or do anything involving my credit card online, I first close out firefox. I have Sandboxie set to automatically delete everything within the sandbox when firefox is closed. Hence, there can be no keylogger running on my computer when I type the direct address for my bank into the url bar (if I were to do so).

4. I do not have to type my passwords. I use NIS2009's password toolbar, and also Keepass 2.05. The keyboard program was not able to intercept passwords from either program. (I use really crazy, impossible to remember LONG passwords with lots of symbols, etc).

5. I have NIS 2009 and Norton AntiBot running realtime which would catch the vast majority of 'bad stuff...' even in a sandbox

So to be compromised, I'd have to:

1. Agree to purposefully agree to run an unknown program (per windows popup).
2. Have a keylogger within my sandbox (which would be difficult since A. I close my browser out pretty often resulting in all the sandbox content being deleted, and B. I only allow Firefox to access the internet from that sandbox - that is, i have it set to only allow firefox and no other program to access the internet from that box. Even if a keylogger did get in there and somehow get a password... it wouldn't be able to upload it.)
3.Type the URL (I rarely have to type a url... I have a couple of hundred organized by topic/folder... so I just have to click)
4. Type in my password (which I don't do).
5. Turning off NIS 2009 and Norton AntiBot would also help me to be compromised.

Why would I circumvent or turn off the security features of my operating system in order to prove... it can be circumvented?

For my wife for instance... all I do is tell her to close firefox and reopen it before going to our bank online. She can then type or click a shortcut to go to the bank. Even if she had/has to enter the password, she would not have visited other sites, so wouldn't have a virus/keylogger in her sandbox.

She would also know not to allow strange popup programs to run.

Matthew

P.S. Remember... you quoted me when I said

 

So give me any keylogger that defeats and detects anything typed in a virtualbox linux session. Can you?

 

Just install this one:

http://www.virtualbox.org/wiki/Downloads

And then when that is installed, read the manual how to install linux of your choice as your guest. Mine is Ubuntu, but any other linux distro will do.

Then test any keylogger you want in your windows host, and please come back and post your findings.

Thanks.

I look forward to learning your results.

 

This thread is rehashing the same thing over and over again. Everyone has made their point painfully clear and it doesn't seem like we are getting any kind of agreement. Maybe it is time to draw it to a close.