Bufferzone Free question

Discussion in 'sandboxing & virtualization' started by q1aqza, Jan 10, 2007.

Thread Status:
Not open for further replies.
  1. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I‘m wondering if I’m missing the point in the empty the buffer zone function. I launched IE outside the buffer zone and cleared the cache, all offline files, history, cookies etc. I then launched it within bufferzone, verified cache was clean and then did a fair amount of surfing. After a while I then looked at the cache and as expected there were lots of cookies, images,etc from all the sites I’d visited, etc.

    I then used the empty bufferzone option and selected registry and files and would have expected that the IE history and the cache would have been emptied. Well the IE history was cleared but all the site cookies and graphics from visited pages were still there? I opened IE outside the buffer zone again and the cache from my surfing from within the bufferzone was all present and I was expecting it all to be cleared?

    Anyone else found this? Or I have I misunderstood Buffer zone?
     
  2. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Hello

    I have used the latest Home version for approx. 2 months now and out of concern with your post, i did an experiment myself using IE6, Firefox 2 and CCleaner.

    Firstly, i cleaned the Bufferzone and disabled it via the tray icon. Then i ran CCleaner twice. Opened IE6 and went to 10 websites and clicked a link on each site and also ran 2 video clips!. Exited IE6 and opened CCleaner and the entries took up most of the screen. Ran it twice again. Next, i enabled Bufferzone and repeated the process, same websites, same links. Closed IE and cleaned the Bufferzone. Ran CCleaner and nothing was present. Enabled View Hidden files and folders and could not find anything from these browsing sessions.

    I then repeated this same procedure with Firefox and disabled 'clean on exit'. And achieved the same results. If you don't have it, install CCleaner(without toolbar) and try what i just did. Let us know the results.
     
  3. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Do you recall if you had emptied your Temporory Internet files etc. since install of BufferZone?

    I have been using BufferZone {free} for IE since September'06 and did not 'clean' until the end of December,
    which seemed to 'choke' BZ version 1.90 :eek:

    Removed 1.9 and installed version 2.10 and have used BZ 'clean' (with all checks) several times and did see one instance where a stack of IE cookies remained inside my Temporary Internet Files Folder (with no red border). I have since used CleanUp and deleted Cookies, Temps and Prefetch, those cookies are all gone now and no others have appeared. Could those have been 'left-overs' from before my v2.10 install?

    My BZ's 'Red Border' Folders do not contain a thing from prior to last 'cleanBZ' and all IE cookies are within Red Border Folders.

    I use an un-BZ'd Firefox over 99% and never open IE outside BZ, but do you suppose IE could have retrieved files from your Temporary Internet?

    I use CleanUp but perhaps any removal of your non-BufferZone Temporary Internet Files would prevent that.

    The "CCleaner" that tobacco referred to has been well spoken of on many sites lately and would likely be a superior tool than my old CleanUp.
     
  4. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I didn't actually disable BZ in systray, I just opened IE outside of BufferZone. I'll try again by disabling it when I do the initial cache clean.

    I do use CCleaner but on the test partition I hadn't installed it but I will to ensure a thorough cache clean.

    I'l report back how it goes.
     
  5. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I tried a clean install of bufferzone and launced IE6 that had a completely clean cache. Browsed a few sites and checked the cache had lots of cookies and jpgs etc. I used the empty bufferzone button and all it seemed to do was remove the history. The whole cache of cookies and web pages, jpgs etc were still there.

    I disbled protection and launched IE6 without bufferzone protection and the cache accumulated from within bufferzone was still there.

    Unless I'm missing the point, this is a bad bug as I am able to launch a non-isolated browser session that can still access a cache that may well contain malware obtained during a 'protected' bufferzone surfing session?

    This makes me realise and appreciate what a good program sandboxie is !!
     
  6. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    See this Wilders post (partial text below):
    Also see that I had seen a problem similar to what you are describing with BZ Version 1.90. BZ 2.10 is working perfectly for me now.

    No doubt that different combinations of Security Software will react badly and this is why it is fortunate to have a choice.

    I am a believer in the 'Layered Security' approach and for My System, SandboxIE allowed malware to jump out of the 'box' and disable my AntiVir.

    This does not mean that SandboxIE would not be a better choice for Your Particular Setup. :)
     
  7. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    On my system BZ 2.1 is still leaving my IE6 browser cache intact even after emptying the bufferzone. I notice that the IE cach created in the red bordered folders under C:\Virtual are removed but the actual browsing cache is still being created and stored in the standard IE6 cache location (C:\Documents and Settings\username\Local Settings\Temporary Internet Files) and none of these folders are red bordered so they remain intact after cleaning.

    I have tried the same test with Firefox v2 and the complete cache is cleared completely when emptying the bufferzone. Oh well, I prefer FF anyway so this isn't a big issue for me.
     
  8. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Thank you for the above information.

    My C:\Documents and Settings\username\Local Settings\Temporary Internet Files Folder was full after running BufferZone Empty.

    Ran CleanUp and it was down to just four very old files, opened IE inside BufferZone and it filled right back up. (Saw no cookies.)

    What solves this best for me was to open IE Internet Options and add a check on the

    This instantly resulted in a completely empty Temporary Internet Files Folder upon closing IE (without 'empty BufferZone' being done).

    Did the same with 'History' and they are now empty as well.

    I only feel that I need BufferZone for my 'low privacy' IE required operations and run Firefox with all its security extensions enabled but never sandboxed.

    Don't see any Temporary Internet from Firefox, the 'History" icon opens Firefox History, but don't know where it is stored, there is a Firefox Cache with 40MB in 468 files.
     
    Last edited: Jan 18, 2007
  9. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    For cleaning I'm quite happy with CCleaner rather than using BZ but I was more focussing on what I believe to be a short coming in BZ by allowing the IE6 cache to be created in the real location rather than the virtual one - seems a bit odd.

    I'm the same, I don't know where FF stores it's cache but I do know that all history and cookies are removed by BZ, but I need to check if the actual cache is removed also.
     
  10. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I'm trying to reproduce this again in IE6. Could you please list again the exact paths where you are finding things that haven't been cleaned?.

    As for firefox, open it and make sure that clean on exit is 'Not' checked. Then in the address bar, type in about:cache This will show what is not only in memory but also cached on the disk. Surf a few sites and then close and empty the Bufferzone. Open firefox and enter about:cache again. You should only see entries from whatever page firefox opened to.
     
  11. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Type about:cache into address block.

    see this page; http://kb.mozillazine.org/Browser.cache.disk.parent_directory

    You can also enter (in address box) for more detail:
    more from here:http://kb.mozillazine.org/MozillaZine_Knowledge_Base:Searching
    ____________________________________

    @ tobacco,

    From my BufferZones IE visit to excite.com IE Temp was empty, but I found 20+ in

    C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files

    things like "getSponslinksAuto.js" or "doubleclicks..." "GIF's" "JPG's" "HTM's" "JSP's" "JScript Script File's"

    (I am not even allowed to copy from that folder and have no idea if they could be of any bad effect.)o_O
     
    Last edited: Jan 23, 2007
  12. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Hi tobacco, the exact path I'm referring to is the same as the one Pilotart has listed
    C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files

    I believe this is the normal location for IE6 cache so I would expect that IE6 wrapped by BZ should not be writing cache to that location but only to the Virtual one?


    Thanks to you and Pilotart on the tip for checking FF cache. I'll give it a try later.
     
  13. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Blame Outlook w/Hotmail

    I use Outlook (2002) for my Email Service and also have Outlook retrieve my Hotmail.

    Opening Outlook and downloading regular Email does not create anything in
    however accessing 'Hotmail' does create two or three HTM files in that folder, opening one Email (from HP in HTML) adds 30 'GIF's and 3 'JPEG's
    a subsequent visit to a BufferZoned IE 6 adds additional files. edit:- Looking at an Outlook Email (html w/ graphic) also adds files.

    Opening with a "about:blank" adds one 225Kb CAB file for ImageShack in the Un-BufferZoned Temp IE Folder (along with its 492Kb DLL within 'Virtual' Folders).
    Going to excite.com adds many more, but these are not 'cookies' but rather they seem to be graphics to make your next opening faster.
    I do not have any 'speed your internet' as I prefer a fresh load every visit.

    My BZ Virtual Folders also have a Temporary Internet Files Folder, why can't BufferZone limit the BZ'd IE to that Folder (it does not 'empty on close' but that would be Ok).

    Firefox does not seem to use the Temporary Internet Files Folder at all and my 'BufferZoned" Internet Explorer 6 is now set to empty the Temp on close.

    If Outlook is open when I close IE, it does not empty the folder, but if Outlook has been closed, then closing IE succeeds in clearing the Temp Folder.

    I am not qualified to comment on any possible dangers from BufferZone allowing Internet Explorer to add to my non-virtual Temporary Internet Folder,
    but it certainly raises the question for 'security experts' to address.o_O
     
    Last edited: Jan 24, 2007
  14. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I agree. I tried FF cache and have been able to ascertain that the FF cache is populated only in the virtual FF cache folder and not the original one and is emptied successfully when emptying the bufferzone.

    There certainly seems to be some sort of limitation or bug when using BZ with IE6.
     
  15. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I have also re-created this issue with IE6 which i hadn't noticed before as i rarely use that browser. I have reported this issue to the developers and will let you know when i hear something.
     
  16. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks a lot tobacco
     
  17. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    IE no longer writes to non-BZ Temporary Files

    Thanks to q1aqza for noticing and posting about this *apparant hole* in the BufferZone, as well as for tobacco's research and assistance.

    Had been of concern to me (only use BZ for my IE6) as there had been a post on the AntiVir Forum listing a dozen "...
    AntiVir has detected 'TR/NoClose.R' in the file C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\X8T5FTHR\mc-dubs2[1].htm ...'s

    I had first tried C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
    (from right-click - BufferZone) Confidential: - hide from BZ as well as Forbidden: deny all access.. with no effect.

    Then I went into Local Security Settings and "Disallowed" C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
    which kept Outlook from writing to it, but not the BZ'd IE.:gack:

    Went back to Administrative Tools and removed that entry, made no other changes; buto_O

    Now I have a different "...C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPZROLKA... etc. etc. etc.
    or a similar structure as was seen within the 'Virtual Folders' structure and my BZ'd Internet Explorer is doing nothing that I can see outside of the Virtual Folders. :D

    I will keep a lookout and report any actions seen beyond the Virtual structure. :ninja:
     
    Last edited: Jan 28, 2007
  18. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Re: IE no longer writes to non-BZ Temporary Files


    I've received a response from Bufferzone after asking them to check into the findings in this thread and have been assured that it is not a security breach or bug. Instead of summarizing, i will quote the responses.



    I then asked if this is a security risk!


    So i will accept that unless someone more knowledgeable than myself shows me different.
     
  19. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks tobacco.

    I'm still a little sceptical as I'm sure I saw all the jpgs and gifs etc all listed in the normal IE folders. Also, if the main files are virtualised why don't they clear when the buffer zone is emptied and the index.dat updated accordingly?

    I'll have another look at this when I am at home.
     
  20. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    "VERCLSID is Protected by BufferZone"

    Have been carefully watching that non-virtual Folder that had previously been collecting all those jpgs and gifs etc.
    The above structure had changed (itself) following my 'went into Local Security Settings and "Disallowed" and later removed that entry, on my next look the structure of
    C:\Documents and Settings\{user}\Local Settings\... had been considerably modified.

    There is now:
    C:\Documents and Settings\{user}\Local Settings\Temp\Temporary Internet Files\Content.IE5\03K26VEP (plus \30YGOZFD, \87VUNAKR and \GPZROLKA)
    The above Folders now contain all of my Outlook and MediaPlayer temp files.

    Below this I now see another set of Folders:

    C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files\Content.IE5\CDOWYEW5 (plus \GL0ZPXQC, \QYVVD4U9 and \W6054J2X)

    This Folder (without the ...\Content.IE5\...) had been where Outlook had been previously storing temps before and also where my BZ'd IE had been adding the jpgs and gifs etc.. [Content.IE5] contains index.dat (208Kb) modified today, but last accessed on the 28th and desktop.ini modified 26th and last accessed on the 28th. This is all that has been seen within those folders since 28th of January.

    ______________________________________________

    On January 30th, I had to enroll in an FAA required recurrent training course (chose www.americanflyers.net) and after having their Tech Support telephone to assist me, found that I had to use IE (or Netscape), but not Firefox (or Opera) o_O and I guess they need activeX or something:rolleyes: to 'monitor' your study habits.:ninja:

    She also had me go into ControlPanel/internet and further open IE's cookie habits.

    After five instances of needing to copy/paste video URL's in MediaPlayer 11, the sixth popped up a BZ "first operation" and they now open directly within BZ. (Adobe 8's PDF's also open within BufferZone.)

    Now I found that I needed to open IE's Tools; internet options... Temporary Internet Files [Settings] and increase "Amount of disk space to use" (for the BZ'd videos).

    When I click on that [View Files], there first pops up a BufferZone box that says "VERCLSID is Protected by BufferZone" and then a Folder:
    C:\Documents and Settings\{user}\Local Settings\Temporary Internet Files
    but within BZ's Red Border, containing the BZ'd temps.
    Opening the non-virtual Folders, shows no changes in content.

    The ability to enter www.americanflyers.net's training program with a 'clean' IE and know that any interaction with their server will be limited to what is within BufferZone is comforting.:-* (As well as knowing that no other 'cookies' exist.)

    I have limited my InternetExplorer for past three days, to www.americanflyers.net and training links within their "CFI Renewal Course" and I will not 'empty BufferZone' until after graduation.

    Trying to accomplish this training within Sandboxie's crashing (on my system) or using a "return to.." application like Power Shadow (GoBack would accomplish that and allow recover of any recent files wanted) would not work for me at all.
    ___________________________________________________

    I had mentioned on Thread; Which? Sandboxie, BufferZone Home or DeepFreeze
    that Windows Update as well as install of MediaPlayer[11] had been sucessful within BufferZone (had acted as 'trusted' and did what was needed outside BZ) but have now seen that MS Office Update must be done within an un-BZ'd IE.

    At least it can be 'clean' prior to "Disable protection" and I was able to move the downloads out of Virtual Folders before Cleaning BZ, saving some 35MB re-download. (13 updates).
     
  21. edotan

    edotan Registered Member

    Joined:
    May 1, 2005
    Posts:
    4
    Guys,

    Our previous versions indeed avoided the Temporary Internet Files directory, for performance.
    In our upcoming 2.50 version however, we improved performance a lot and therefore removed the exception on that directory.
    Now everything goes into the virtual tree. The only exception is the "index.dat" file (which only contains data indexing info, not files -- so no risk / burden whatsoever).

    Btw, you seem to be very quite knowledgable of the product. You're welcome to join our current 2.50 Beta program:
    www.trustware.com/virtualization/beta.html

    Eyal Dotan
    Trustware
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, nice to see BZ people here.

    BZ 2.5 beta failed against XP Killer trojan, I have posted over ur forums.
    I have seen that with many new versions something is broken that was fixed in previous version, examples are KillDisk virus and Martin,s Undetectable KeyLogger.

    Also the delay in browser launch must be reduced, that,s the main concern for me.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I just want to say that the concept looks really great but I´m afraid that BZ slows the system down considerably, it´s a major resoure hog. And I don´t think that it plays well with other security software. If BZ could be made more lightweight (like Sandboxie) I would certainly consider to buy it. ;)
     
  24. coen99

    coen99 Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    55
    hello,

    I signed up for the beta program Bufferzone 2.50.
    However I never got a reply and I'm still waiting.
    But I want to see if they really improved (the performance of) their product so I can decide to buy this program or buy another.
    Can anyone help me get the beta to test?
    Would be highly appreciated. :D
     
  25. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
Thread Status:
Not open for further replies.