A Sandbox prog?

Discussion in 'sandboxing & virtualization' started by Comp01, Nov 14, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I was wondering, if there is a free sand box program (Like tiny trojan trap), that works good, and is free?
     
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    the only one i could think of is system safety monitor..
    info here http://www.mickeytheman.com/forums/index.php?showtopic=11
    i could not acces maxcomputings home page, you can get it from webattack, tucows etc.
     
  3. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    What exactly is a sandbox program? Thank you.
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    System Safety Monitor offers the following features:


    Allows you to control which programs and applications can be opened on your computer.

    Offers a choice of two modes – User and Administrator. In Administrator mode you can set your preferences to control programs. Access to this mode can be protected with an encrypted password to prevent anyone changing your settings. In User mode no changes can be made to your settings.

    Supervises changes to important registry keys when you install new programs.

    Will block or alert on any attempt to change guarded registry keys.

    Allows you to control which programs run at system startup.

    Maintains a list of running applications and allows you to terminate any application immediately.

    Maintains lists of Black–Listed (banned) and Trusted (allowed) programs and applications for the Administrator and other users. These lists can be easily edited.

    Allows you to block specific windows (including websites) from opening.

    Can be set to run automatically on system startup, with the system tray icon visible or hidden.
     
  5. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Which of the features you listed are necessary for a sandbox? Or is it even one?
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    A sandbox is a metaphor for executing a program within a restricted or protected environment on your system. When a program runs under the control of a sandbox application, it no longer communicates freely (unrestricted) with the OS or other processes on the system, but rather all its interactions are filtered through the sandbox application. A sandbox is sometimes referred to as an application layer firewall because it allows you to set rules to control the interactions between a program and the rest of the system much like setting access rules in a network layer firewall. A good sandbox can give you control of every system call, file or device access, or any functions or services accessed by a program.

    A program that is restricted by such an application is said to "run in a sandbox", under the controls and within the limits that you configure with the specific sandbox application. Tiny Personal Firewall (TPF) is based upon a sandbox. I myself use the previous version, Tiny Trojan Trap which was available as a separate product less than a year ago.

    To truly understand the function and capabilities of a sandbox, you really need to see what all it can monitor and control. Take a look at this thread which details many of the capabilities of the Tiny Trojan Trap sandbox. Seeing what controls are possible with a specific sandbox app should make more clear what such an application is and does.
     
  7. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Definitely System Safety Monitor. A must have for me.

    Takes a bit to set up, but once thats done you have a new layer of protection.
     
  8. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I've tried System Safety Monitor, didnt like it too much... gues sI can give it another go?
     
  9. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Must you have a "Sandbox" program?
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    .

    Sandbox and antiviruses? Is that the same thing?
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    No, they are actually very different. An anti-virus scans a file prior to access looking for either known malware (checking by signature) or for patterns that are suspicious (checking by heuristics), but after it is done scanning, an AV program allows the file to be accessed normally if it isn't flagged as malware. If that file is an executable, it will run normally with no further intervention by the AV and an AV places no limitations on what that EXE can do when it runs so long as it scanned clean at access time.

    A sandbox doesn't scan files at all. It simply enforces the set of rules defined for an executable whenever that EXE runs. Those rules are enforced for the entire time the EXE runs and for whatever functions and accesses are being controlled by the sandbox.

    A simple example of the controls added by a sandbox would be seen in the case of sandboxing Internet Explorer (as I've done with TTT on my XP system). IE is restricted from writing to any location on my file system except for a specific list of directories I've allowed. Also, IE is not allow to write anywhere in the Windows registry on my system, except for a few keys that belong to IE itself. There are a lot more restrictions in place, but these two clearly point out the power of a sandbox...

    Because of the Tiny sandbox configuration on my system, IE is completely restricted to being "just a browser". All of it's special Windows integration (thanks Microsoft ;) ) is totally meaningless because the sandbox prevents it from being able to do anything other than what I allow it to do in the rules set in place for IE. It is as if IE were just any other browser because of these restrictions placed upon it.
     
  12. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Yes of course, I'm referring to some antiviruses that say they use sandboxing technology.
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Using sandboxing technology to assess whether a program is malware is still very different than having a general purpose sandbox installed where you control all the access rights and levels yourself, program by program. So no these are not the same though they use some similar technology under the hood. (I'd call Norman an anti-virus that uses a special purpose sandbox for diagnostic benefits.)
     
  14. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    To confuse matters further, what does Java has to do with sandbox?
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    A Java Virtual Machine environment is just another example of a sandbox concept. Again, it is a different implementation but the same concept. If the sandbox is secure, the idea is to keep the Java code contained and controlled within the limits of that particular sandbox. If it works it will keep it from gaining undue privileges and access rights to the rest of the system. Unfortunately, there have been some flaws in some of these in the past which allowed the program to escape some of the sandbox restrictions.
     
  16. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Thank you LWM for the education. As you can see I know all the buzzwords, but I don't know what they mean.
     
Loading...
Thread Status:
Not open for further replies.