Sandboxie technical tests and other technical topics discussion thread

Sure they do, conscious peope make mistakes when they get drunk and than surf the net download everything.

 

How many? I know 100+ poeple who haven't infected (at least they claim) in certain period, both of real & online even after excluded Wilders, so what? As I sometimes mentioned in other threads some of them only use MSE, so what? You may hear the big news of millions of infection, then, if you can take simple math, calculate how much those millions of infection occupy in literally billions of internet user. The possibility is low, so you ignore it? Ok, I strategically take completely opposite attitude to I did in MBAE thread. One of my friend got an ill which is 1 in 100,000. I pay for fire insurance yearly, but I can avoid fire if I'm careful enough except arson (0day exploit), but arson is very rare in my country and always major cause of fire is human error, cigarette or other. I'm sure those victims assumed they're safe until they actually lost their house, and I read about such regrets. I haven't encountered even single person who had experienced fire in all my history, but when I was child I saw someone's house burning. So why I pay expensive insurance every year when I can avoid fire as long as I'm careful? Because human makes mistake, and result is catastrophic.

It seems your saying always lacks strictness. You had to add "except Noscript and uMatrix". Anyway, then, you can be infected by hacked software update (just to avoid misinterpretation: some of them were signed, so no different from official update.). At least I could be infected as I said in HIPS thread, tho fortunately it wasn't. Maybe you know how to? Or do you say "I don't use any software?" lol.

As I repeatedly said, one can live 99% w/out infection just by common sense + security suite + update. I'm just challenging your bold assumption that, "if you smart enough you won't get infected". I don't know you are aware that I haven't refered to nor advised about your particular setup. As I said in PM, I don't & won't. 50% of my setup is hobby, 50% rest is by fear of unexpected slip in. I only gives general advise about setup, and that is put any kind of fail-safe to minimize risk of human error. You can do it even only with SBIE (actually, with virtulization and script control are much better: bo's setup) depending on your usage, tho I personally even don't trust my custom (you can say this last part as paranoid).

Oh, well, please show me how you can be always perfect. In past math exam I got miserable score tho I actually could solve most of questions if it was usual. Maybe you know magic, but unfortunately I'm not and know I'm stupid (no sarcasm). And from my very limited knowledge about threats, I have enough reason to fear. Didn't I said even security expert admitted he was fooled by social engineering? Are you sure you're smarter than him? I don't know your job, but if you use computer in your corp and IF you allowed intrusion, you have to take (partial) responsibility about it.

Also situation is always changing. I see just after I said 0day is extremely rare for home user, we've seen two 0day for flash. Currently it doesn't change my stance as 2 is not many, but if it continues I'll have to change my stance. And you see anyway I use MBAE or HMPA, this is cuz I take them as kind of insurance. I don't and can't know future.

Of course I also don't meet exploit except testing, again so what? This is natural if you can calculate probability. As I said in MBAE thread risk is probability × damage. Well, damage by malware is not always catastrophic like fire, but who knows? If novice is infected, he'll be allowed to excuse, but if security conscious was infected, it will seem almost joke. Paranoid? So not trusting one's own decision is paranoid? Again, I don't refer to particular setup nor my half-hobby, I already said they are trivial. I just challenging your bold statement about being smart. I dislike AV industry's marketing gimmick which over-emphasize the risk of malware or exploit, but it's another story from assuming you can be always smart.

And top of all those, maybe the point in discussion should be SBIE can mitigate those human error, depending on how you use it, and this is what I emphasized as SBIE's merit which most other solution don't & won't provide at least in same way. Sorry for bit derailed from topic (I'm saying to all reader), but I couldn't ignore such bold statement when CWS commented toward me.

 

If this was the case, everyone would be infected by right now at least one time (by everyone I mean on conscious people, not on those stupid and lazy ones), but look they are not, they are freaks when it comes to surfing the net (I know a programmer who is like 24/7 on the net (he is always turned on the net, that's the need of his job), and he only has very basic protection plus Windows 8.1 hardened protection, and that's about it). But guess what in all 10+ years I have never been infected, unless I wanted to be infected. That only time I was infected on purpose to do real-world testing against exploits, malwares and everything else, no VMVare nor VirtualBox, everything was tested on the real Windows.

 

Physics is one of my hobby too, th of relativity is mathematically beautiful except it contains hundreds of items in the tensor equation (quantum mechanics OTOH, seemingly neat & clean but anyone who learned it should know it's actually dirty and technical) but that will be off topic.

Even w/out drunk, like Pete just being tired might be enough.

 

Again your wrong assumption. That is actually case but you have to consider probability. Probability he make mistake × the probability he can come across threat. Also remember fire insurance.

 

Your greatest problem Yuki is that everything you say is based on theory not on real-world evidences (that includes your previous posts on Google Chrome and Sandboxie issues), and the evidence is all I want to see instead of writing Bible-long thread about this-I challenge you to show me any kind of concrete, irrefutable (NOT virtual) evidence for your unsupported claims (again I'm talking about home users, not corporations and similar).
For home users, it will never going to happen, the only ones who are in real dangers are corporations, nuclear powerplants, you can't beat that.
This is why I ask why do you even live, if you are so scared of living in a first place..., so my approach standstill you won't get infected unless you work in some large facility that is important to country and similar stuff.

 

Again theory, nothing real to support.

 

What evidence? Psychology papers? Statistics for fire in my country? Can they be evidence that human is not perfect for you? For me they are and we will be able to give more evidence of that.

Or evidence that "smart enough" people can be infected/fooled/hacked? What is "smart enough" people? Do you think Pete is not smart so he was fooled? Or that security experts, well, if you don't care Google translation I'll be able to post the link after extensive search, was not smart? Also infection is definately matter of probability even after you run malware, you have to know it if you had enough test with proper way (UNLIKE Youtube amateur test, you should manually confirm that sample is truly malicious and proof of infection), or can you choose malware when you are fooled like "Ouch!, I'm fooled. Oh, but I don't like that malware as it can run on my system, hey, please give me another one!"? Are you aware of your proposition and can you see logic?
To support "people never be infected if he is smart enough", hundreds of example of not-yet-infected people is not enough at all. They well can be "happened to not-infected", and they may be infected future, so you also don't have any solid evidence. If you are also lover for physics you should be aware this basic logic. But actually to disprove the prop, I only need to give 1 example of "smart" people was infected or fooled. I gave 2 already, but MrBrian's report illustrates actually IT savvy can be infected not much different from novices. Sure there're some trivial problem in the paper, but more serious trick is: people call him "careless" after he infected! In front of such distorted and dirty trick, any evidence won't make sense unless you could clearly define "smart enough" with a way everyone agree (impossible).

What? You can calculate the probability yourself if you could get proper statistics. Oh, I see there're not many reliable statistics about infection, only Microsoft's one and some dubious AV vendor propaganda... Anyway, it is almost common sense that coming across real malware is quite hard in usual internet usage, which only you don't seem to share here. How many times you got warning (except FPs) from AV in last year? If it was 0 you couldn't get infected even w/out protection. If it was 2 or 3, again, most probably you wouldn't. If it was 5, maybe you could be infected. Also you know Rmus' test that he put his poor laptop under almost no guard except some exploit-tweak (it's no relevant here as we're focusing on other attack vector), make his family (supposed novices) use it certain period, and yet it was not infected. The probability is that small, search for this forum, we already discussed about that in other thread too tho you were not there. Oh, well, I know there're "genius" to be infected who somehow always collects malware (tho many of them are adware or PUP), but it also don't support your prop. It just means there're sub-category in "not smart" people who somehow often get infected. Other novices don't get infected so often.
But I guess you again interpreted what Acadia wrote in too much direct way.

Or can you show solid disproof that my saying that probability you get infected is small but not 0, and regardless of your expertise you can be?
We sometimes see here in Wilders, some member says "Product X saved me". So if he didn't had product X, could he get infected? Not sure, but at least he endangered. How do you think these Wilders' not uncommon claim. Maybe you'll say again "all of them are theory", yeah, you often can't distinguish facts and theory. It might be interesting for you that there's no solid proof or evidence of either theory of relativity or quantum mechanics. Yup, almost everything is (just one possible) theory.

 

Sorry to jump in, and please don't understand it as an attack, but now I find you quite unfair against Yuki.

He took so much time and effort to explain you so many things and now you complain ?
(1) Theory is always the basis, the ground and very important. Every real explanation needs a theory, so what? And a theoretical weakness of a security conmcept is one. Point.
(2) What you call "bible long" posts are very solid explanations and so they can't be given in two short sentences. (And that explanations which were mostly for you, because you asked him and he had the patience to answer!)

At least I enjoy many of Yuki's posts. They are quite solid and full of information. And I for myself learned several things from his posts.

Thatswhy I say: Thank you 142395 for your posts, which were full of theoretical background!

 

Thanks SLE, well, actually most of security vuln are just theoretical ones like this. (just an example. Search in CVE database and see how many of them were actually exploited.)
But nobody say "It's just theoretical one, so no need to patch, don't care!".

 

If the additional security Sandboxie - or any security software for that matter - provides, outweighs the added overhead on resources and added time the user spends attending to it on an ongoing basis (conflicts, pop-up messages, updating it etc...), compared to maybe one infection in many years on a system secured with a little less, but runs lean and fast over those years, with far less user attention required, which can be recovered from in a very timely and trivial manner with an image revert, then maybe it's worth it.

 

The irrefutable evidence is in millions of home users, who use only basic security to protect themselves, and it is not an assumption. Like you personally said, the real targets are very large facilities like NASA, nuclear reactors and government facilities, home users are of no interest whatsoever.
You are talking about psychology and statistis, first of all forget statistics, it's the stupidest and the most erronous way on valuating who is wrong and who is right, since it misses those most important, individual parts, I'm nost just talking about here computer security but also everything else, it's simply manipulating data without ever really seeing what's truly going on.

 

Theories without real evidences mean nothing and are nothing, and that's my whole point of argumentation, you can't really say something is real, if it's only stays in "a maybe" zone, "could be" zone, "would be" zone. something "that might be" is not the same as it is".
Someone mentioned Einstein, since physics is my hobby, I can tell you Einstein's general and special relativity would mean absolutely nothing if they have not been repeatedly both experimentally proven and proven in our everyday lives (and there are plenty of theories which will be always and forever unproven in physics), this is not something like maybe situation, it is what it is, it is how it is, the same approach should be in computer security.

 

Exactly, excellent points, it looks like many of the users forget these facts.

 

Perhaps the 142395 vs CoolWebSearch posts should become a separate thread. I mean are these guys for real? I must admit I haven't even been reading these posts for weeks, so perhaps I should not comment on it, but I have a feeling it's a lot of the same.

 

A simple mind like mine needs the repetitiveness in order for the technical stuff to sink in. A separate thread just meant for two people would be kind of silly. As for me, I value the info I have absorbed from the banter between these two.

Acadia

 

Exactly my friend, no more no less
A separated thread for both of you guys LOL

 

Very good point, I don't have any objection to this. I never forgot that cost-performance and merit-demerit balance, if you read all my past posts you'll find it. Even in this argument, "so one have to balance risk and cost."(#926), "Actually I don't recommend such hyper-protection for everyone. For novice user, I just tell...This is IMO good compromise btwn risk and cost. But if you prioritize security, the balance differs. For me, half of security is just a hobby...OTOH, it's true that we should consider probability to come across each threat, and acceptable cost varies on each individuals. So things come down to your preference after all."(#935)
As I said in #952, I dislike the AV industory's propaganda which exaggerates risk. MrBrian, again, once brought interesting reports about this industry. I'm almost sure if one bring actuallies, quants, and dedicated team to establish reliable statistics along, they will find AV industry is almost crazy or broken market.
But note, while your argument is valid, it's no relevant to current ongoing argument that if human is perfect and if "smart" people will never infected. Maybe you know but wanted to bring out another perspective.

 

Of course, I never meant to imply smart people never incur malware infections, including in my own case (and I'm certainly not that smart either).

 

Guys, truly apologize for destroying the thread with irrelevant arguments. But I hope I'm allowed to post last comments to CWS, tho I know it's already off topic. I promise it's last. But I leave final decision to Pete.
(Maybe I even shouldn't talk with him any more, as he don't understand things but interpret it with a way he like, so always misquote other's saying. I'm really tired of and from, I even cut my sleep to answer him.)

Now I see you are not scientific guy (anyone who have scientific intelligence).

Again, you lacks strictness. You had to say "billions" or at least "hundreds of thousands". Symantec alone have 200,000,000 customer and most of them will only use it alone. I'm amazed you still don't see logic, they are irrefutable FACTS but can never be EVIDENCE. rather, no relevant to argument. See #958 again after decent scientific training. Your broken logic can only convince "ignorant" (I use this term only for convenience) people, but will never be accepted by any well-educated guy. That is actually what pseudo-science often use to deceive people. Maybe you don't know what can be evidence, actually it's impossible to prove your bold theory in any practical way. You can only believe your theory if you want.
Also from your theory, "Smart people" should be safe even if they don't have AV. If one "smart" guy was saved by AV, it obviously means he was endangered, and we all know AV is not perfect and miss. Actually AV or any black-lister is good fail-safe as they can block threats with 90%+ probability when one did stupid thing. Exploit? keep up-to-date eliminates most, and in some case using old version is human error (except intentional case). I BELIEVE if those "smart" guys (BTW, how about definition? I really don't get who is "smart people") don't have AV, there will be much more infection, even after discarded all infection from 0day exploit. You can believe your theory tho, nobody stops it.

Huh? It just shows you don't know statistics. Yes, there're plenty of dubious statistics and people are often fooled, but this is cuz they don't know how to interpret stats. If you know stats, you can find their flaw. Thankfully, math is one of a few 100% transparent things human made, there can't be any hidden backdoor or vuln. As I'm student in mathematical science, I have least skills to interpret stats tho not well enough, this is why I said MS or AV vendor's stats are unreliable as either they don't show details or have problem in method, and is why I asked IBK to give details of their testing. But if you can't trust any stats, you can't trust the population in the world, GDP of your country, and most scientific results too including psychology, actually even physics partly rely on stats. But unlike those dubious stats in news or such, in science you can't hide dubious stats, even if you manipulated data and not method, it have to be shown in another researcher's stats too. But even that MS' unreliable stats I mentioned, thinking they manipulated data is just rootless conspiracy theory w/out any decent reason, they don't need to do that at all but need to be more clear and improve their methodology.

Speak only after you understand things. Those observed phenomena can't be evidence, they just show CURRENTLY this Th don't conflicts with facts, or simply the Th is useful so far, or better than old Th. Don't you know Theory of relativity is NOT only one theory to explain those phenomena? There's competitor, tho most scientist adopt ThR just because they learned it but not the other. Once counter evidence is found, the Th dies or have to be replaced. This is what is called falsifiability, one of the basic principle in science. And I'm surprised to see you seemingly don't know ThR and quantum mechanics conflicts. It is impossible both of Th are true when they conflicts. They have to be replaced with new quantum gravity theory which not yet completed, just like ThR replaced classic Newton dynamics and solved conflicts with Maxwell's electromagnetism. For theory, what matters is NOT if it's true of false, or if it have evidence or not, but if it's useful or not. We still use classic dynamics in certain situation, why? As it's useful for everyday-life-level things, tho we know the Th is not correct in many aspects. We also know law of univ gravitation was wrong, but it's still useful. Useful theory have value even w/out evidence.
Also you actually had to say "There are plenty of Th which can explain known facts well but there're not so many Th which predict unknown well", THIS is what really matters in natural science, if you don't know yet, read books about abduction. Since it is quite fundamental thing, surfacial knowledge you can get from internet will be never enough. BTW, almost all Th are unproven. They are still used as they are useful, but most of them are not yet proven so there can always be so-called paradigm shift.
Finally, in different science field, there's different principle. You can't bring the principle in natural science to human science, or principle in physics to biology. Your saying "the same approach should be in computer security" is just an idealism from who don't know science well.

 

Buddy, it needs some correction IMO.
1. If you do sth wrong in SBIE, still they are contained. If you restrict sandbox, you're even more secure. Also how you use SBIE matters. What I'm impressed by bo's usage is, he doesn't distinguish good and bad, he treat all progrmas equally. This way he elliminated major part of human error. Obviously this is strong fail-safe. Sure, it's not for everyone, but we can learn from him.

2. There can be theoretical threat scenario which can damage even when it doesn't affect real system. I think you missed the point. We know if one apply start/run and network restriction, he is more protected than default. If he also apply write-only for private folders, protection further increases. We (at least MrBrian and I) have been investigated other scenarios, to see how exactly it works. that itself have value to me, but better thing is, after all those done, I will be able to publish sth like "SBIE settings for real paranoid!". Current achivement is one can set read-only to Windows and Program Files folder, and HKLM\Policies to even more strengthen SBIE. Maybe there are more registry keys to protect. Remember this is for real paranoid tho.

 

Well, but isn't this thread for technical tests and debate?
I admit debate with CWS was no use, off topic but don't think debate with MrBrian was that. I didn't know his finding, maybe some others too.
Don't only to see the most valuable. Next valuable, third valuable, etc... still have value to some extent. Also we're not just repeating. We're advancing tho slowly (I'm slow in doing anything). Now I found what caused different results among testers. I hope you respect our pace, and our (a kind of) study with sense of value.
If someone start to misuse or misinterpret those things, I'll stop him as long as possible if you didn't.

 

I'm definitely a scientific guy, and anyone who is a good scientist would always be skeptical, until it's 100% proven, not in theory, but in practice otherwise, you didn't show how many home users have been infected, and I'm not talking about stupid users who click just about everything, I'm talking about smart users who know what they are doing, who have experience, who have evolved from stupid-click-everything level.

Sorry, but your the one who is ignorant here, the fact is so many people/home users are never infected by anything, and you raise panic all over this thread, for no reason at all-and that is, my friend, a fact supported by evidences of how you write. Facts are facts, if they are proven, something cannot be fact, if it's not proven first.

I will say once more statistics are waste of time, they never show the real thing in any particular, individual case of what's being tested, besides someone who knows statistics can manipulate numbers they way he/she wants.
Of course I don't believe in anything that you mentioned that is connected with statistics, because you never have real numbers of anything, only what scientists and others pick to be of important value (so they can show they are doing something valuable for the country, but however they don't do anything special, it's easy to fool someone who is not a scientist and who doesn't know how to handle numbers so they can keep earning money without doing anything specific; individual science is what matters, not mass science), however those things of important values are very often disregarded, my friend, unfortunately I had some experience with this before.
Sorry, but if you surf always the same websites like I do you simply cannot get infected, it all matter of what you visit on the net. For all those trusted websites I have on bookmarks, I have never been infected, I was never redirected to some malicious website which contains malwares and exploits and similar.

You really don't get it, do you, parts that are proven in relativity theory are no longer theory, they are not some assumptions anymore, this is why theories evolve although, it seems we hit the limit in proving and disproving all forms of hypotheses that physics has right now. Parts that are unproven or disproven in relativity need new theories, but like I said, theories mean nothing without irrefutable evidences.
The same goes for quantum theory.
Yes, I do know they look for theory of everything, but it looks like it's dead end, and again it means nothing if it can never been 100% proven, since new hypotheses will always emerge (if it's not 100% proven).

Actually, relativity has been put to the test many times, and all those things that are tested were confirmed, sure there are plenty of THR that are still just a theory, however, THR works on macroscopic level and quantum theory works on sub-atomic level, like you said they cannot combine those theories.
Yes, I know all of this, but like I said, to me (as it should be to all credible scientists) evidences are what matters, not theories, everyone can theories about everything, but they mean nothing if at least some part of them are not proven.