Are the default configurations in Sandboxie good enough?

Discussion in 'sandboxing & virtualization' started by sweater, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Just curious if the default settings that comes w/ Sandboxie free are good enough for ordinary users...:rolleyes:

    Will starting up browser in sandboxed mode secure enough?

    What are the other things under the hood that it really protects (in its default config) every time it is running?

    Sorry for the ignorance, I just want some kind of shortcuts here from experts. ;) ...tnx....:cool:
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Expert? No.
    Avid user and learner? Yes!
    My contribution to this thread is to remind you that by default, SBIE allows everything (all programs) Start/Run Access and Internet Access.
    It isn't until adding one program that a user begins to utilize restrictions.
    At that point, only the program added is allowed access.
    So adding Chrome.exe only to Start/Run Access and Internet Access means no other program can access net or start in the sandbox.
    Also, by default, Drop Rights is not enabled, and I like the restrictions it puts in place, so I usually enable it.
    HTH
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Isn't the entire file system virtualized by default?
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes, that is true AFAIK.

    The default box allows any execution within it, which could mean you get a keylogger etc to run within the virtual environment. A keylogger in a virtual environment is no different than the real system for most intents and purposes.

    The default box allows reading of any file/reg key. That itself is not really a concern for many.

    The default box does not allow things like browsers to save bookmarks to the real locations.

    The default box prompts to recover to MyDocs and Desktop, but needs you to respond to the prompt to do so.

    The default box will allow a clean system to stay clean, but might allow things to run in the sandbox that you don't want, and allows things to communicate outbound. Your system will most likely stay clean, but you don't know that the sandbox environment itself will. That is the cons of the default box IMO.

    Sul.
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    If I have Windows 7 with UAC enabled and maxed out (running as admin) do I still need to enable the drop rights of SBIE?

    Also, if I force a program to run sandboxed, for instance windows media player, will that program be able to update itself? I'm assuming that if I force a program to run sandboxed that I can allow/restrict its internet access?
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The idea is that within the sandbox, you want to restrict AS IF you were in the real system. The DropRights feature, when enabled, means you are treated as a user WITHIN the sandbox, the same as you would be OUTSIDE the sandbox when using UAC/LUA.

    Generally speaking in my experience, programs can update themselves if you allow it, but the updated file(s) are within the sandbox. Thus if you delete the sandbox or run the program outside of the sandbox, the updates won't be realized.

    Sul.
     
  7. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    According to Tzuk's Help & FAQ, Drop Rights "has little effect if you are already running under a non-Administrator user account".
    That's correct.
     
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    thanks for the answers!
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    99% of the time. Secure it for 99.99%. Of course, those are just estimates, but probably can be true on Windows 64-bit.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I know they are good but restricting the sandbox and using multiple sandboxes makes SBIE better as only whats allowed, runs and connects to the internet.
    I know people that run SBIE with most settings on default and don't get infected anymore.

    Bo
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thats why it is important for people to remember to flush out the default box and start a new browser session before log in any data especially sensitive data.

    I also recommend not to take for granted a security program is reading inside the box,this goes for keylogger protection.Example if I am not mistaken WSA does not see whats going on inside the box unless recovered out is when it springs into action if needed.




    Defaults are strong but restrictions of what can execute or call out is better and a more secure way to stay clean and a better chance of ones indentity to stay intact.

    Cheers Djohn
     
    Last edited: Oct 24, 2011
Loading...
Thread Status:
Not open for further replies.