If users would at least view/read their emails in a Sandbox this would disappear when the browser was closed. How much easier can it get? If you need to save something put it in Quarantine and then scan it before bringing it into the system.
Then you need a better Sandbox! Its rare to break out of a good Sandbox. As a precaution I also put any Sandbox in a VM to further isolate the host. A side benefit of using a VM is many many malwares look for a virtualmachine signature and upon finding one they shut down as a counter measure to scrutiny. Many won't like this added comment. If you ditch Windows and use Linux that will shed > 95 % before you even use any other counter measures. Almost all Linux malware (what little is out there) goes after servers not end users. Payoff is too little. Refer to my linux sandbox post from today: https://www.wilderssecurity.com/thr...he-sandboxed-tor-browser.390590/#post-2638718 Another thread in this forum that just started makes my point about using a virtual machine for a sandbox: http://www.securityweek.com/nymaim-trojan-uses-mac-addresses-bypass-virtualization
Yes I agree, a sandbox like SBIE, is the easiest way to stop malware from infecting the whole system, but some malware can also do damage inside the sandbox, like stealing data. So the sandbox settings should always be hardened.
One simple solution (or at least it helps a bunch if not a complete solution) is to run private instances of firefox, all of which are individually sandbox'd using SBIE. I have a family Win 10 Pro with separate FF instances for banking, real name email, etc.... and I never permit any activity outside of the intended mission of the private instance. e.g. - If I open the banking FF private instance that is the ONLY thing that is done in that FF session and its further completely sandbox'd. Only my bank sees any activity in that private instance so obviously there is no real name email stuff to steal, etc.... Learning to use separate and private browser instances will go a very long way towards protecting many of the dangers that are out there. Like all Sandbox settings on my end, when I close that session of the browser ALL activity disappears, and next time its a clean instance again. Works for me.
IMHO the statement ,and/or it's implication, in the cited article: "According to a new report from PhishMe that found that 91% of cyberattacks start with a phish,..." is suspect. Intuitively, it does seem somewhat exreteme. Do they mean to say that 91% of successful malware attacks are phising attacks ? Or merely that 91% of attacks are phising attacks = a no brainer given spam bots. It is clear that Phishing represents a prominent and ever increasing attack vector' See Latest quarterly report by The Anti Phising Worging Group*: https://docs.apwg.org/reports/apwg_trends_report_q2_2016.pdf [*APWG is the independent global industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors. http://www.antiphishing.org/ However, as far as I have been able to determine, there is no publicly available objective basis for verifying PhisMe's claim that "91% of cyberattacks start with a phish," particulalrly if they mean successful cyber attacks. Is it more accurate to say that the 91% figure was derived by a test conducted by PhishMe in which a sampling of various attack vectors were deployed against a sample of 1,000 unwitting test subjects, in which 91% of successful attacks were phising attacks"? Admittedly it may be my lack of knowledge or understanding, but how could PhishMe be able to make a claim that according to it's study, 91% of successful malware attacks nation-wide, globally, eyc., during a period of time were by a specific attack vector? PhishMe is a company whose sole source of income is based upon assisting companies in preventing successful phising attacks through training programs and other methods. A bit of PR "Fluff" is to be expected. It's website appears to be devoid of the study on which the 91% figure is based. I do believe that it's conclusions respecting the "Why Of" peeps clicking on phising links and emails were based on a study, since such a study is not difficult to do and could have easily have been conducted with employees of it's current clients. But even access to that study is absent from it's website. I have tried downloading PhisMe's various reports and studies in both Firefox and Explorer with no success. https://phishme.com/resources/whitepapers-and-brochures/ Just my One Cent.
Works well for you, but I can't ditch windows. Some of the software I use does run on the MAC, but those versions aren't even always adequate. Believe or not Linux is not always the cural for everyone.
I absolutely agree with your comment. One personal example is rather than fighting tooth and nail with TurboTax on Linux workarounds, I submit/surrender and use a Win 10 Pro machine for TurboTax. Its an isolated machine that is almost never run, but TT has elected not to issue any linux compatible versions. Yes, I know and have the ability to perform those "workarounds" and could run TT on Linux but I prefer to use a supported mode for my Real Name legal stuff in the world. When I was in the Corporate world I was "chained" to Windows. I remember those situations, however luckily they no longer apply to my needs.
Yes, I also sometimes use separate instances of Firefox, mostly to login into multiple accounts at the same time, from Facebook or Gmail. But keep in mind that a sandbox is designed to keep malware inside the sandbox from infecting the real system. But if malware is already present on the real system, it can still infect a sandboxed browser.
Agreed. My thoughts are that while a malware is present and running in a sandox (if it is of course), why allow it to run across what would be multiple sites. e.g. If you pick up a cootie using your email and then go to your bank before shutting down the browser (and by default clearing the sandbox), there would be a chance your bank info could get pawn'd. But by requiring a new browser instance to even get to a new site there would be virtually zero chance of cross contamination. As you mentioned this model like all others using a sandbox is made with the intent to confine any malware, and then be "gone" when the browser is closed. I see folks use a sandbox'd browser and go to many sites without ever clearing the sandbox until being online for a substantial period of time. This I think is where cross site contamination happens. my .02
