Can we rely on virtualization software?

Discussion in 'sandboxing & virtualization' started by COMPYPY, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. COMPYPY

    COMPYPY Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    80
    I want to know that if i install software like sandboxie or bufferzone and dont use real time av and use on demand software like mbam and hitman what percentage of chance getting machine infected?
    Second question is which one slow downs browsing speed is it sandboxie/bufferzone or antivirus like avast/avira?
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Virtualization software is near perfect I would say. There are some ways to exploit true VMs. Sandboxie has some odd little things that could compromise things. Don't know about bufferzone. But overall, I think your odds of having a virtualized environment remain secure are pretty good. I have used vmWare for many years, and tested all sorts of things in it, and never seen an escape. Same is true with Sandboxie. Franklin would have been the on to ask most likely as he did a lot of testing. Maybe you could do some searches on some of his topics. Rmus might also be a good one to chime in, as he knows a lot about exploits and how they work, but I don't know if he does a lot of VM stuff.

    As far as which slows down the browser, any of them could, or none of them. I have had some versions of SBIE make browsing sluggish, others not at all. An AV for me usually makes everything a touch on the sluggish side, but I could not say one in particular was worse than another for browsing the web. Avira was, for me, the least sluggish in the OS back on versions 7 or 8, before they made a huge change in things (which was also the last time I used an AV really).

    Your particular hardware set, your settings and applications all play a role. IMO all you can do is test to see how your system reacts to each.

    Sul.
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Yes franklin was the man RIP.
    I agree with everything SUL said.

    IMO Sandboxie is like comparing a Pitbull to a poodle of course the Antivirus being the poodle.I will Take quiet guard over yappy scrappy any day.Cheers
     
    Last edited: Oct 19, 2011
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    virtualization software is better than relying on antivirus

    addmited by a very good black hacker i know

    anyway there some nasties that either won't run in Virtual system or can escape
     
  5. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Experts says there's no 100% guarantee but I guess virtualization softwares could be one of the best present day inventions in protecting our pc.

    Slow down/browsing speed I think depends more on your machines set-ups, internet speed connections and location. I don't think virtualization softwares/antivirus could cause any slow down at all. But in my experience, a third party Firewall installed could affect browsing speed...like ZoneAlarm, Outpost Pro and other "heavily filtering" firewalls out there. So if your net surfing speed are already slow then better up try several firewalls till you found out the one that don't affect browsing speed.

    Gosh, you've clone my face. Yaiks....I thought I've had twins. :D
     
  6. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I think a good light combo using a virtual appliance would be to match the virtual with a good firewall and a good on demand antivirus just to be safe.
     
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Comodo firewall, Sandboxie and panda cloud AV. I haven't noticed any slow downs with my browsing.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This would require serious risk assessment that I'm not capable of doing, especially without (a ton) more information.

    If sandboxie is configured properly I do not believe that any typical user will get infected barring atypical circumstances ie: a direct attack by a motivated hacker.

    Virtualization in conjunction with other typical sandboxing techniques is very powerful. It's also not a standard security setup and therefor it isn't targeted. While that in itself is not strong security the policy is.
     
  9. COMPYPY

    COMPYPY Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    80
    Thanks a lot for your answers and brief description.One point in my mind comes that should we use both internet security +virtualization software but i think its surely will impact browsing speed of machine

    Lol you can find hundred of similar face here as this avtaar is in Wilders list of avtaar :cool:
     
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Agreed. :thumb:
    On the other hand, Virtualization can be Nicely Combined with a Real-Time Anti-Malware.
    These two (2) are not mutually exclusive...;)
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It depends on the situation. If you download a file you believe to be legitimate and the file opens in your sandbox and tricks you into entering credit card info it won't really need to touch any part of your file system to get what it wants.
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Far more reliable and lighter than traditional AV products.
     
  13. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    I have great confidence in Sandboxie, I would say is one of my favorite products for safety. But as nothing is infallible, I prefer to keep my AV and other security tools...
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    To me, Sandboxie is a unique tool to use.

    It is very light weight.
    It is very affordable.
    It is constantly developed.
    It is very configurable.
    It is, for the most part, free of exploits.

    Not many tools can I apply those values and many others to. They make up the reason I like it so much. It can be a supplement to what you do, or it can be the cornerstone.

    As good as Sandboxie is, it also is not the end all to security. Understanding what it does and does not do is key to understanding how you can use it in your setup. I would say though, that if you do understand it, you can rely on it.

    I think that being a user rather than an admin is a rock solid way to use windows. I think vmWare (and others) are also a very very good in terms of security. I think Sandboxie, while not necessarily restrictive like LUA and not a full blown VM, is as good or better, depending on the scenario.

    There are other means to security which are very good too. But those three, to me, offer the best all-around means to achieve good security without having to make concessions. By concessions I mean entering/leaving shadow type modes, or answering all sorts of questions when needed or even simply being so resource intensive you can "feel" the security solution.

    Can we rely on virtualization software? IMO the answer is yes, we can. At least as much as we can rely on any other security scheme, and that means understanding what you have to protect and how your chosen tools provide that protection.

    Sul.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Really, it's a matter of what "rely" means. I rely on sandboxie to keep things off of my file system. That's it. It does that incredibly well.

    What I can't rely on is sandboxie stopping me from entering my CC info into a program that does not require my real filesystem to ruin my life.

    Sandboxie just isn't meant for that.

    EDIT: I also find it so strange that people consistently say "Sandboxie is virtually exploitless." Uhhh, sandboxie is a closed source project that has not undergone ANY kind of public V&V (Validation & Verification.) Whether or not it would pass such a test is entirely unknown.

    http://en.wikipedia.org/wiki/Verification_and_Validation_(software)

    Remember, sandboxie has a single developer. It has literally no dedicated incidence response. Unless there are behind the scenes devs I don't know about.

    Here's what I know about the program itself in terms of security: it doesn't support ASLR. That's literally I know. Where are you guys getting info showing Sandboxie itself is secure?
     
  16. wat0114

    wat0114 Guest

    Franklin (RIP) absolutely bombarded Sandboxie with malware and nothing escaped it. I believe him implicitly.

    As for the VM, it could be a terrific main component of a secure setup, especially if the virtual guest is run from a limited host account. It wouldn't matter if the guest gets infected; it's a simple mater of restoring to an earlier snapshot to flush the infection away. Unfortunately, this kind of virtualized security comes at a rather steep expense to system resources. Sandboxie would be the better choice, imo. As for malware that can escape a virtual environment and infect a host machine, I'm still waiting patiently to test one of those pesky, Ninja-leaping malware :p but I've seen no evidence yet that they exist.

    It was only a mere 4-5 years ago I would scoff at a statement like this. Now I embrace this concept as though it were gospel :D
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I have never used BZ but I know we can rely on SBIE. The longer the time that I use it, greater is the confidence that I feel about its protection. I can testify that in the almost 3 years that I have been using it, never seen anything that makes me wonder or doubt that SBIE is doing whats supposed to be doing.
    So, I do trust SBIE and feel safe, even though I am not using an AV. Not using one feels great but SBIE can also be run with one and choosing to use one or not should really depend on what makes you feel better. On my case, not using one, not only makes me feel better, it also makes me feel safer.

    SBIE on its own or along antiviruses like Avira, Avast or MSE runs/feels very light. If I was using an antivirus, at this time, I ll probably would be using Avira. I seen some antiviruses that I would never run along SBIE but I ll keep quiet on those names. If you decide to use SBIE, try to avoid using any program that might conflict with it. I think that's important and what I always do.

    Bo
     
  18. user0803y11

    user0803y11 Registered Member

    Joined:
    Aug 3, 2011
    Posts:
    5
    IMHO, virtualization solutions MUST be combined with antivirus and anti-malware. This ensures you have a clean PC to start.

    A point seems to be overlooked by many people is that: If any malware already exists on your PC, and you use boot-to-restore virtualization, then that malware will come back every time you reboot :eek: even if you have removed it!

    Not to mention the kind of "personal information stealing" malware, which may have already transmitted your sensitive info to the attacker via the Internet long before your reboot. Virtualization can protect your PC from permanent changes, but cannot erase/reverse those info sent out to the Internet by a malicious software.
     
    Last edited: Oct 22, 2011
  19. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    396
    Location:
    Event Horizon
    you're right, that's the only part where virtualization won't help you but there's a really simple solution to that. A simple firewall that denies all outgoing connection from your computer to the internet. Programs that you know get a specific rule to be allowed to establish an internet connection. So a trojan or keylogger that somehow already got on your system is not allowed to send personal information to the internet. It's kinda locked down and erased on reboot anyways...

    I don't think you need additional anti virus software running with a virtualization software. Maybe running an on demand scan here and there just to soothe your mind :p
     
  20. wat0114

    wat0114 Guest

    The idea is to install the vm guest to an already clean host, and use the guest machine for all online activities. Any infections that may occur are contained on the vm guest and get easily flushed away with a snapshot restore. I agree a firewall on the vm to restrict outbound is a good idea.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes but I can run a million exploits for Firefox against Chrome and it wouldn't prove Chrome's more secure, just that the exploits weren't taking Chrome into account.

    If Sandboxie were built into every Windows computer by default we'd see malware change to either work within it or to break out of it.

    As for needing a clean PC, just install Sandboxie after a reformat. Super paranoid? Run some scanners.
     
  22. wat0114

    wat0114 Guest

    What little I know about malware is that it seems to be written to target, more or less, specific applications, services or processes, and so far very little has been discovered, so therefore probably written, that targets Sandboxie. That tells me either hackers are finding it extremely difficult to produce a malware that successfully exploits it, or they are not focusing their efforts on it because it's not used by enough people to make it an attractive enough target, as opposed to say IE, Java or Flash. It is, of course, well documented that some exploits over the years of Sanboxie’s existence have been discovered and patched, but they are extremely few and far between.
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is much more likely.

    If sandboxie was on every computer it would be a different story.
     
  24. wat0114

    wat0114 Guest

    How much different would be the question. I’m thinking, in my non expert opinion, it would be a considerable challenge for hackers to produce malware that exploits Sandboxie or a similar product, unlike how the vendors of, for example, Java and Flash must make it seem like veritable childs play for hackers to exploit their products :cautious: It seems to be a never ending cycle of exploit-patch-exploit-patch......
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's always a challenge to exploit a program. The fact that we have basically no clue how Sandboxie is programmed means that it could be just as easy as exploiting Flash/Java. Or it could be stone-cold perfectly programmed.

    If you have some idea on how it's programmed I'd love to know. I had someone flip out on me because I mentioned Sandboxie doesn't include ASLR support and they went on about how "Sandboxie is programmed so well it doesn't need it" etc etc. I have no clue where people are getting this from - we do not have access to the code.

    But if malware was targeted to a Sandboxie environment it could:
    1) Check for file access to legitimate areas.
    2) Try to get the user to allow access to legitimate areas.
    3) Work within the sandbox to gather information (as long as it has internet access and can open a GUI a user can be scammed.)

    Any time you give malware write access to a legit part of the file system you open a gaping hole in sandboxie. Is that an exploit in the code? No, it's just a logical exploit in the function.

    Sandboxie's awesome and it's the only program I plan on using to protect Windows 8 (once supported.) I personally rely on it entirely. I do not think it's bullet proof and I personally don't have a *ton* of faith in any closed source project especially one with a single dev - no matter how intelligent I think Tzuk is.

    The fact that Sandboxie has security through obscurity is actually strong in this case.

    There are two things you can have:
    1) Security through obscurity (weak)
    2) V&V'd security through open source

    and wow I was about go on a longgggg talk about the differences but I think it'll probably get somewhat boring/ longwinded and I'm way off topic >_>
     
Loading...
Thread Status:
Not open for further replies.