Sandboxie and VMware

Ok I know this is probably a easy question for all you sandboxie veterans. I have sandboxie and am trying to get VMware to run sandboxed. It says that the sandbox isn't big enough. I even increased the size of the sandbox but it still says it isn't big enough. I'm running windows 7 ultimate 32 bit on VMware. I hope I'm not the only one thats encountered this.

 

Tell me why you think this is necessary? Do you have proof that any real threats escaped out of VMware?

 

Do I have any proof? No. Why do I need proof? I also don't need to explain my actions as to why I want to do it. So if you can't answer the questions then don't respond. Leave it to the real experts. Its a pretty straight forward question.

 

I'm sure the real experts will agree that it's unnecessary.

 

Oh very witty retort. Again not really useful information. Of course I expect that.

 

At least a couple members (one former and myself) have sandboxied Virtualbox successfully, but I don't know if it's possible with VMWare. I've never tried and don't really want to. The sb + vbox attempt was for me nothing more than an experiment.

This approach is probably more practical.

Ultimate security, maybe? ...there was recent mention in this forum of someone "witnessing" a potent malware that was able to jump out of the vm and into the real system, though I don't recall seeing any concrete evidence posted of that happening.

IMO, Sanboxing in a vm or a vm sandboxed are probably both overkill if it's meant for bolstering security. I'm running successfully vmware7 in my Win7 Standard account, which is bolstered by AppLocker. This is probably overkill, too, but it works gracefully with no stability issues.

 

Purely from a security perspective running VMWare within SBIE may not offer much additional protection and on modern CPUs supporting Intel VT and AMD-V it could theoretically reduce security;however the OP may have other reasons for doing this as it wasn't stated exactly why.

Information is very sparse on the practicality of this,however it appears that Virtualbox runs ok so there mightn't be an overriding issue preventing it.I'm presuming that there is actually enough free space for SBIE to create a copy of VMWare and it's guest OS on the system in question.

*Edit* Virtualbox runs in SBIE perfectly well for me.

 

The reason I wanted to run vmware sandbox was for some extra protection. I understand that its probably unnecessary and the virtual machine is probably very safe. I can't recall his name but that guy that had mentioned the malware that can jump out of a virtual into your host, might have made me a little paranoid. I have used shadowdefender on my normal host and then run vmware. I was just curious if it could be done with sandboxie.
I'm sorry for my previous rantings. I get upset when people just can't answer a question, without throwing in their two cents first. I've seen it more and more lately. People come here to get help, inquire and learn about security. Why should they get abused during the process? Snide comments should be left out of an answer.

 

@kjdemuth, what is the host O/S you are using?

 

Extremely weird idea. Just use sandboxie in VM, not the other way round.

 

Win 7 ultimate 32 bit

 

The setup I'm using should serve you extremely well; practically bullet proof and no 3rd party software introduced:

Even if you just go with AppLocker defaults, that will still bolster security considerably without the added complications of trying to fine-tune the rules.

Alternatively, you could even forgo Applocker, because the Standard account will more than likely be enough to thwart those pesky "ninja leaping" (as I like to call them) malware

Finally, if you have your entire setup imaged, then in the unlikely even something does go wrong, just restore the most recent image and you're good to go.

 

If you're talking about SteveTX, he claims his mystery malware can break out of SandBoxie as well.

Don't get too paranoid unless he actually shows undeniable proof.

 

Why would you want to sandbox an environment that is already separated from your OS? Sandboxie might even prevent the applications running in the VM to work properly (or at least to fullest extent) and you'd end up in a scenario where the things you're doing in the virtual environment doesn't mirror the real environment outside the VM.

The only reason I kind find is if the VM-software you're using has a vulnerability. But the VM-softwares around are extremely safe these days.

 

I think I'll just stick with running shadowdefender on my host system. Sounds like its too much of a pain and really not worth the effort. Thanks for all your help. Sorry for the short fuse.

 

I am novice regarding Virtual Machines. i begun learning this subject only 10 days ago. I read a lot of threads in this forum which were very instructive. I installed VMware Player and use it to learn and test.
I was under the assumption that the V.M. is a "totally close" environment and totally safe for testing software, but when I saw the ease to 'copy and paste" programs and exe files from the host to the guest PC and vice-versa I have been surprised/disappointed.

My questions Peter are :
- To what extend is VMware safe in itself? as per the quote above.
- Is there any danger of the host computer becoming infected from an infected VMware guest machine?
- Testing a software which may "contain a code" on the guest, is there any danger (vulnerability) for this "code" running on the host?

Thanks

 

I use VirtualBox, but I am sure VMWare is the same. I tend to think of VMs as sandboxes and use them as such. There is also the ability to make snapshots which comes in handy and functions sort of like Returnil.

I think its a good idea to protect a VM and something like Comodo IS should be enough. If, in the unlikely possibility, that some malware escapes a VM it would then still have to face the protection of the host machine.

To put things in perspective, I see many videos on youtube where people test various malware softwares against zero day threats in VMs and still none have jumped the VM to infect the host.

Lastly, if you are really worried about being infected, it is really easy to back up VMs and I would also have a routine of disk imaging for the host. I understand malware is getting pretty sophisticated, but I am very confident none are capable of jumping through time.

 

Peter and DIgiDis thanks for your kind assistance.
I feel comfortable with the answers.
As I mentioned in my thread above I just wondered that regarding the ease to
copy and past executable programs between the host and the guest, a sophisticated malware could do the same using a hidden configuration.

Peter
which version of Shadow Defender are you using?
i am asking this question because of the issue regarding the new one (331) and detailed in
https://www.wilderssecurity.com/showthread.php?t=293075

thanks

 

Perhaps using EMET on the host to apply migitations to all VMware's processes might help to prevent them from being exploited and thus reducing the change of breaking out, I don't think that using EMET inside the guest will protect VMware, only the OS it runs.