A serious question about sandboxing and security

Discussion in 'sandboxing & virtualization' started by Chuck57, Nov 29, 2006.

Thread Status:
Not open for further replies.
  1. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Firstly, I'm brand new to this area of security, as I've posted in a couple of other threads. In the past few weeks, I've tried various HIPS and other types of programs. Today, a thought struck me and I'm curious what others think.

    We're all concerned about rogue programs getting access to our machines or we wouldn't be here. We're all looking for perfect protection. Isn't sandboxing approaching that ideal?

    Doesn't running our browsers sandboxed do that? If everything that comes in is stopped and held in a sandbox/virtual area that allows us to open it and check it prior to running or whatever it, isn't that an ideal situation? Whether it's DefenseWall, Sandboxie, or some other sandbox type software, it seems like our computers are protected.

    I'll grant that this leaves some leeway, and common sense has to be used. That might be a problem for some people. The average computer user though, when faced with some HIPS programs is overwhelmed. Downloading to a sandbox and running an antivirus or other software to check what's in the sanbox is a lot simpler than trying to figure out many HIPS programs. Even grandma could do it with a few minutes of instruction.

    Sandboxing technology might not be perfected yet, but it seems like the best solution. Curious about what comments others with more knowledge have on the subject.
     
  2. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    It's good protection but in my opinion it's not the best. I don't think there is a "best" anyways.

    What you should realize is that any malware you may have acquired during your browsing session, is active for the time being (until you clear the sandbox). By that time, the malware could have already served its purpose.

    True, it won't do much harm to your system, but some malware aren't looking to do that anyways. You could run a worm that steals email addresses while you are surfing and using your PC to send spam/malware to other people. Even though it is sandboxed, it will still do what it intended to do.

    You could run a keylogger during that sandboxed session that will capture your passwords and send them through the internet. True, the keylogger will be gone once you clear the sandbox, but by then the damage is already done.

    Sandboxing might even give some people more confidence (thinking nothing can harm them) and allow them to execute files they normally wouldn't.
     
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I tend to think so, yes, sandboxing is the best solution. But as Suave noted, if you get infected, for that time until you clear the sandboxed area, some things might do their work anyway. And no protection is offered to shots in the foot as they say:D

    But i still think it's by far the best approach. Besides an appropriate browser, no scripts...
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: I would prefer a sandbox/virtual applying to the whole partition/drive. Any malware could cause damages within that Box, those can been alerted by realtimeAV,AT orAS scanner, or even HIPS. Your reliable Firewall should serve its purpose stopping any singnals sending out from PC.Therefore, Sandbox/virtual app by itself alone can not provide you an ideal protection, however, if coupled w/ high calibre of FW,AV etc. You can sleep well at night. Just ask PC administrators at schools(universities, colleges and high schools), why can they walk so tall and sleep so well?:-*
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    I have only used sandbox software, specifically Sandboxie for about 3 or 4 weeks.
    It is a really strong solution of not infecting my machine while surfing. Against spyware, and viruses/trojans or any one might think. Against existing keyloggers stealing passwords from before, no help from it maybe.

    And if someone is as foolish as me, downloading a pirate movie with bittorrent and then finding out it needs a codec to install to be able to watch it. I sure installed that codec on my real system. I think it was a good codec, but still.

    For basic surfing, it is a strong protection :)
    Also for trying out all fancy Firefox extensions first in a sandboxie without getting corrupt FF profiles.
     
  6. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Thanks for the responses. I'm learning, a little at a time. Being somewhat older (coming from the Age of Typewriters), even though I've had a computer since 1991 and been on the Internet since 1996, this stuff is still strange to me. I guess some people have a harder time adapting, and I'm one of them.

    So, if I'm reading correctly, a good firewall such as Comodo, along with a good browser like Opera, maybe SSM free or paid and sandoxie would do the trick. Add decent antivirus (Avira in my case), common sense, and safe surfing (which I practice) ought to be enough.
     
  7. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    hi.Chuck57.your setup sounds alot like mine.rite now.antivir.comodo.opera.sandboxie.ssm free.and i feel very safe with this setup.and just for extra safety i have winpatrol...
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Hehe Chuck, my first introduction to computers came with punched cards and vibrating teletype machines. Force feed university education that was, but I came to internet about same time as you, well netscape 3 time anyways if I remember.
    If you were born 1957, i was born a year later :p
    It is easy to keep on with this newer and much more friendly technology.
     
  9. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi,

    Wrong. As your email adresses are trusted, a sandbox (i have myself BZ which is a virtual tech sanbox) does usually not allow untrusted programs to access confidential, private or sensitive data. Email adresses, passwords... are part of these data. A malware running in a sandbox could steal/copy any file from your computer as long as it is not part of these data.

    Wrong again. In BZ for example, it is not possible for a keylogger to record anything from a trusted program. It would be possible for this keylogger to record activity from another program running in sandbox.

    You're right.

    Furthermore, concerning worms and keyloggers, you have another layer usually installed on most computer to protect the escape of sensitive data; an outbound protecting firewall.
     
  10. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    Hi BZJet, I know that a "good" sandbox will isolate your data from untrusted programs. But what I meant by the email stealing is that there are worms that gether email addresses to spam as you surf the web. Not necesarily from your address book on your PC. ;)

    I don't think I am entirely wrong. I think it is very possible for a keylogger to record from your browser for example, if you ran the keylogger in the same sandboxed environment as the browser. Perhaps someone can confirm?

    Although, I have learned from the past that one should never underestimate the evolution of malware. So... :(
     
  11. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    :rolleyes: That is what I said:
    It is true for BZ: for a good balance between usability and safety, BZ developpers allows key recordings inside BZ (IE requires this to work properly for ewample).

    Anyway, when you use a sandbox, you should adapt somehow your way of using your computer. Online banking with IE run as trusted for example, to avoid such a potential problem (so that malware, necessarily running untrusted can't access IE and keystrokes on it).
     
  12. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    I agree, it's important for the user to understand how it works and at the same time work with it. Otherwise the person can get a false sense of security when using a sandbox which could make them susceptible to a malware attack.

    I would recommend a sandbox as part of a layered security setup, but definitely not as the only line of defense.
     
Loading...
Thread Status:
Not open for further replies.