Discussion in 'sandboxing & virtualization' started by overangry, Jun 2, 2010.
Check the address in the pics I posted. XP VM.
Old lazy system programmers & out of the box .....
The ones I know use bufferoverflow tricks to initiate internal tables in a 'lazy' manner.. Lazy is minimal code with maximal effect. How does this relate to out of the box?
Thanks Franklin. I had to unhide the directory to see c_. However, when I drag and drop my firefox icon into c_, it remains as a shortcut and does not start in the BZ. I'm obviously doing something wrong. Not sure what.
lol, too funny.
Pin FF to the start menu then drag and drop that icon into the BZ C drive.
A normal FF desktop shortcut icon doesn't work here either.
You can also right click BZ's C drive and send to desktop (create shortcut) then drag and drop FF that's pinned to the start menu straight into the BZ C drive shortcut.
Or copy and paste FF's whole program's folder to BZ C drive then create a desktop shortcut of the FF exe within and now it should start within BZ.
Any malware.exe sample on desktop that's dragged and dropped into the BZ C drive desktop shortcut is starting through BZ as well here.
Did anyone try their free security test?
On win7 32 bit,everything was stopped by the BufferZone Pro trial,so I gave the security test a shot with SandBoxie 3.45.14 64 bit on my Vista 64 partition.
Results for SandBoxie:
1/Launch your Windows Calculator. FAIL
2/Abort your Internet Explorer. FAIL
3/Access several sensitive files (no harm will actually be done), and scan your "My Documents" folder where you most likely keep your private information. SUCCES
4/We will place your sensitive file names (names only!) on our server. Your firewall may notify you of our demo trying to access your system. This means that our simulation was successful and is reporting its findings to our server. FAIL
Although the idex results and transfer of my "My Documents" folder was blocked to their server,there was a notepad file in the sandbox that listed the contents of it,so there's a way to access files outside SBIE's sandbox.
Most likely,as I'm relatively new to sandboxing and virtualisation,I haven't SandBoxie properly configured or tightened enough,but it's a strong point for BufferZone that it blocks that kind of behaviour right out of the box,without (novice or inexperienced) users having to crunch through a lot of configuration tabs and helpfiles.
Even if the file wasn't uploaded,I'm worried about the fact that their test program could actually acces folders out of the sandbox.....
i tested the free version with real malware and BZ was stable and protected my system
Thank you Franklin, I took door number three! Very nice program and works well with FF.
Decided to try BZ free. I have an older version desktop XP pro along with other things and have always like bufferzone. I'd completely forgotten about it since I use this laptop w/Vista HP almost exclusively.
When I downloaded it and rebooted, I got a strange message telling me that 'Windows has been illegally changed' or something to that effect, then went into shutdown. After booting up again, all was okay.
With 2G RAM and Vista HP there is a very slight slowdown with BZfree, but not bad. I'm still playing with it and, as on my desktop, I like this new version of Bufferzone. It plays well with Defensewall 3, which I also use, although probably overkill.
There's supposed to be a way in the free version to schedule an automatic emptying of BZ. Haven't found that yet, but it doesn't take much but a couple of mouse clicks to do it manually.
It's a good alternative to Sandboxie, which simply refuses to run on this laptop for some reason. I think BZ is a keeper.
I'm running bufferzone pro and have just 1-issue.
When opening pdf's,they will not display or open correctly.
Strange error. I'm running win7 32 with ie8 and using BZ free, the pdf displays an error opening pdf doc. Close your browser and try again. But when I click the ok button, the pdf opens up in the BZ.
Fixed it, changed my pdf viewer from Foxit to Free eXpert PDF Reader
Bufferzone is a pretty cool program IMO.
i'm alittle confused by some of the comments here pertaining to browsers. Simply right clicking on the firefox or iron chrome icon and selecting "open in bufferzone" works fine.
Not to ask a dumb questions....Is Bufferzone considered a virtualization or policy restriction like geswall?
sandbox/virtualization of files
Does right click a .*exe file "open inside BZ" do the same thing?
Yep, that works here with a 5 second delay which I didn't bother trying as the first option brings up a "This functionality only available..." so I didn't bother checking the others. How embarrassing.
Thanks tobacco for pointing that out. Way easier than dragging/dropping icons all over the place.
Bufferzone is a very smart application virtualisation program, which requires less user interlligence than with other application virtualisation softwares
1. Runs programs like SBIE forced into the sandbox or with right click on demand
2. Allows installs into AND offers program specific removes from the sandbox
3. Sandbox survices sessions, seperate maintenance options to clear the sandbox, compared to SBIE it only has one (1) sandbox (so no different settings like SBIE per sandbox possible).
Things I like about BZ Pro
1. Places a clear mark (BZ icon) when stored objects are virtualised, draws a red line when virtualised programs start.
2. Has a unique feature to sandbox, allow or deny or ask when any NEW PROGRAM or SCRIPT (2 seperate options) tries to run which is created by TRUSTED programs, so in this way it looks like Comodo sandbox (or any anti-executable program like old process guard)
3. Allows mail programs to start visualised, but let the mail and attachements be stored onto the real system. Due to option 2, you are still protected without the hassle (as with safespace and SBIE) to keep them in a sandbox (which has consequences for interaction and useability). So it has the same usage advantage of a Policy Sandbox application (like DW and GW).
4. Offers settings trough a GUI menu (like firewall option of sandboxed programs).
5. Does a better job than SBIE in regard to keylogger protection in sandbox sessions (with SBIE you can work around this SBIE disadvantage by starting a clean sandbox session, doing your sensitive business and clear the session when you are done).
That is why I think it is more appropriate for people sharing a PC with noobs or making their first steps into applcation virtualisation. It looks like more like SafeSpace than SBIE (1 sandbox + easy GUI), has Comodo Sandbox for things created by trusted aps (so offers system wide protection, instead of only on threatgates) and has policy management ease of use/transparency for mail programs (looks more like DW and GW for the user, in this sence that user ca be totally unaware of BZ, while having full functionality).
and i guess the mods have forgotten that we now have a "virtualization section"
Actually Kees, adding the url with the Citrix server to the Privacy zone accomplishes what I need. Since I know the Citrix server is safe, BZ will let it run normally with a green border around the browser session. So it works out of the box!!!!! Back to my old lazy system/programmer ways.
Excellent Analysis. I thought it reminded me of SafeSpace also but with less issues.
Only downside = sloooooowwwwww compared to Sandboxie
I allways disregarded BZ becasue SBIE was faster and often was more resistant against new PoC's/threats. Also at BZ launch they offered a price for anyone able to hack BZ. They made some noice but became very quiet when Ilya (of DefenseWall) brough BZ down wthin an hour.
Because I got a free giveaway I took the time to play with it.
Especially the Comodo like capabilities are something which makes BZ stand out. It also allows for simpler security of mail programs. What also is a nice feature is to provide keylogger protection in sandboxed sessions. BZ was one of the first to offer a sandbox with a FW control. So i think they conceptually make nice things, but Tzuk and Ilya are better programmers (IMO, speed of bug responses, new exploit solution found, etc).
For people making first steps to application virtualisation (see for example usage related questions https://www.wilderssecurity.com/showthread.php?t=274246) BZ Pro is a good option.
Not seeing any slowness to worry about here Kees.
BZ as the only security app and only app that auto starts in an XP VM with a gig of ram allocated.
Separate names with a comma.