An Alternative To Sandboxing Your Browser?

Discussion in 'other anti-malware software' started by arran, Mar 9, 2009.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Has anyone disabled the cache in FF3 and changed it to 0. ? Because if you do this, Fire Fox doesn't save any files. So therefore there is no files coming into your sandboxie and there is Nothing to delete at the end of your browsing session.

    I also use a combination of the Cache turned off, cs lite to block all cookies, no script and admuncher, and I am finding now that there is nothing to delete from my sandboxie at the end of each browsing session even after surfing 100 porn sites loaded with malware, because "NO Files" are ever downloaded from the internet by my browser.

    So I am beginning to ask myself do I still need sandboxie?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Interesting. Personally, I would still run Sandboxie, but that is me.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Are talking about the Prefernces>Advanced>Network>SOffline Storage cache = 50mb ?
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    cool man this is a smart question leading to very brave and smart decision too,i also ask same question;)
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    But, ask yourself, if you don't run sandboxie to contain your browser when you surf to pornsites with malware, what happens when code is ran? True you may not be writing to the cache or what have you, but does this really protect your OS? Are there exploits that can use your browser to escape to OS environment?

    If you are talking of being in LUA, and firefox.exe has restricted permissions, then perhaps a level of confidence could be presumed that this method might be secure.

    However, if you are running as admin and using firefox under those credentials, I don't see this as being very safe. Maybe convenient though. I think the whole key to sandboxie is not that is writes things to the sandbox folder, which you are circumventing by not writing there. But the key is that by writing to sandbox folder, things are virtualized, and not just file writes, but registry etc.

    I would personally think ditching SB in favor of what you say is not as secure as continuing your method within sandbox. But then, I will defer to peeps who have better knowledge than myself.

    Sul.
     
  6. Eirik

    Eirik Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    544
    Location:
    Chantilly, Virginia
    Interesting stuff Sully. I should ask our EdgeGuard team to craft some browser policy templates along these lines and flesh out the resulting user-experience.

    The Firefox settings and all diminish the risk surface. However, any other Firefox vulnerability that facilitates arbitrary execution of code (drive-by), still poses a risk to the LUA use-case, which allows code to run from user-space.

    Cheers,

    Eirik
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    yea I probably won't be ditching sandboxie, just making a point that there is never anything to delete.

    Regarding remote code in technical terms how would this work, because with EQS I have given my browser very limited privileges. Also my browser does not even connect to the websites I visit, it is only allowed to connect to 1 IP address on port 53 which is for DNS Requests. Its my admuncher which connects to websites only on port 80 and filters the data before sending it to Fire Fox. So any remote code would have to be written in such a way to be able to use admuncher.
     
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yeah, assuming you were to have only AV, router and firefox, running as admin, there could be holes. Using DW or EQS or other security app (admuncher in your case) merely give a layer. To get the exploit to happen then, first it would have to bypass whatever layers one would have.

    I only point this out because SB does a fine job overall of segregating the sandboxed app from the rest of the system. Ditching it for simply no disk writes via browser settings does not sound like an upgrade. Granted other security tools may exist.

    How do you feel your browsing is with your cache turned off? Visiting a site often (like wilders) would require longer load times it would seem. I personally keep my cache pretty small, but I definatly notice when I clear it out somewhat longer load times as it is built back up.

    Not bashing your idea or anything, just thinking out loud.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.