Chrome sandboxed

Discussion in 'sandboxing & virtualization' started by Overkill, Jun 25, 2015.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,969
    Location:
    Nicaragua
    Yes, it is. Deleting contents of a sandbox and recovering files cant be any easier than how it is. You can set the sandbox to delete automatically on closing of sandboxed programs and to make sure you don't forget recovering files, Sandboxie prompts you before deleting the sandbox reminding you that there are files in the sandbox that can be recovered.
    Everyone has to download something sometime. One of the great things of using SBIE is that everything that you do when running sandboxed is gone when you close the browser or the sandboxed program, except what you recover or allow the sandboxed program to have access through sandbox settings. Using the internet is fun J L, and part of the fun is downloading.

    Downloading and recovering files with SBIE can be even safer if the user continues using Sandboxie after files have been recovered. Theres no reason to stop using SBIE just because files have been recovered. Making your downloads go into an specific folder and then making that folder forced, makes it safe to run files that you recover from the internet. In my personal case, I never stop using Sandboxie. Files that get created in my computers, they run sandboxed from the time they are created to the day they are deleted. The only thing that varies is in which sandbox they are gonna run, and that depends where the files are located in the PC.

    Bo
     
  2. guest

    guest Guest

    that is the "must-do" procedure.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,969
    Location:
    Nicaragua
    Yes. Theres no reason not to force the downloads folder if you are using Sandboxies paid version, and even with the free version, users can do something very similar by navigating to downloads using a sandboxed Windows explorer.

    If files and programs ran delayed, I can see not forcing the downloads folder but based on my personal experience, files run as fast as without SBIE. Theres probably a tiny delay but in my case, is so little, that I cant tell if and when there is one.

    Bo
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I suppose the whole point of using Sandboxie, in this context, would be to have my system setup "just so", and using Chrome within Sandboxie so that normal browsing and such is kept in a sterile environment. And in such circumstances, deleting the sandbox is effortless, unless you think clicking a button that says "delete contents" is not effortless.

    And as for "something" getting through, you don't have to do anything for that to happen. Just go to the wrong website. Even on Chrome, even under user level account.

    Its best to also realize these are opinions. Your opinion, from where you stand, is valid and I could understand why you would see it that way. But thats not how I normally would look at it ;)
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,924
    Location:
    Mexico
    +1 and I agree with you, fully. :thumb:
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    We've already discussed this Bo. One can download a file anywhere on the drive they want, and recovering from the sandbox is another step to take.

    If you don't execute the file recklessly without at least checking VirusTotal or sandboxing it, there is barely any difference except allowing browser settings, extensions, and updates through the sandbox if you want those.

    That IMO, is very likely to amount to meticulous configuration beforehand, especially for the average computer user.

    I've already listed all the reasons you should use SBIE exhaustively, and nobody has ever referenced that properly in this discussion or refuted it. Exploits are a moot point in real life, especially if you have anti-exploit software.

    That is why I've specifically stated "preparation". If you never did any of that beforehand and still find it effortless, colour me surprised.

    Any real proof for that, other than the Flash exploit where you had to run the content and not use anti-exploit?

    All I was offering is a counterpoint, and I'm glad you do see that.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,969
    Location:
    Nicaragua
    I like taking that step to recover files but if you don't like recovering files that way, you can allow direct file access to your downloads folders to bypass sandboxing, that way downloading files would work as if you were not using Sandboxie. You wouldn't have to do anything "extra" to recover files.

    Bo
     
  8. Two great features of the Chrome build in sandbox, see picture (enter about://flags)

    upload_2016-1-21_22-9-40.png

    On Win 8 and higher Chrome wil run in AppContainer in stead of UNTRUSTED see pic, so Chrome buildin sandbox runs with less priveledge as SBIE's sandbox using Untrusted Intergrity Levels :D

    upload_2016-1-21_22-11-51.png
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,924
    Location:
    Mexico
    Nice finding. Did you test this setting under SBIE? Thanks.
     
  10. I don't use SBIE, so don't know ;)
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,924
    Location:
    Mexico
    Alright, tested tweaked Chrome sans SBIE and it worked. Under SBIE it still shows "unprotected".
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,095
    Location:
    The Netherlands
    Let's not forget what this discussion was about. The question was, if you're more at risk when you run Chrome protected by SBIE. The answer is no you're not. And nobody is saying that you should use SBIE by all means, you can also use anti-exploit or AV. Or, if you believe that Chrome will never be successfully exploited, then simply rely on Chrome's sandbox.
     
  13. @Rasheed187

    Wise answer, agree for 99%, I would say problably not: remember Cruel Sister's example SBIE weakening the Chrome's sandbox versus a few example's of Curt showing that an expoit would have failed with SBIE on board (so benefits seem to outweight disadvantages).

    On the other hand Chrome has an excellent safety track record (try to find a patch date which is more recent as the disclosure date of a vulnability). I think the sandbox of Chrome is excellent and the improvements is making it better and better, also HTML (HTML5 sandbox) and Javascript (Chrome's Content Security Policy) become safer and safer, so I have no need for additional sandbox protection.

    Besides I am not using Internet Explorer (veterans might know its name was originally SandboxIE, short for sandbox Internet Explorer, although first release SandboxIE was a general purpose sandbox ;) )

    Regards Kees
     
    Last edited by a moderator: Jan 22, 2016
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,969
    Location:
    Nicaragua
    Hi Kees, I don't remember any example by Cruelsister that shows using Sandboxie weakening Chrome. A few months ago there was a vulnerability shown in one of Cruelsister videos but that was fixed in SBIE 5.04 and it was not related to Chrome, look at the changes and fixes for that SBIE version.
    http://www.sandboxie.com/index.php?VersionChanges#v_5.04

    Bo
     
  15. @bo elam

    Good news with a little luck thanks to autocascade the researchers of Chrome will be looking at SBIE's sandbox and do some penetration testing.

    That would be good news for all SBIE users using a browser with no sandbox.
     
  16. Look forward to that..... SBIE has been around for over 13 years. It's been tested, prodded, Bounties have been offered, etc, etc, etc, etc, etc...... We're confident. As for Chrome's sb. (((Sigh.))) And no, SBIE doesn't weaken that. I'd be more worried about big Google weakening SBIE.... as for Cruel Sister's YouTube vid, while is played nice, for all practical purposes, it would have failed. (Seems that was noted by everyone for the most part.)
     
  17. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    i think whether it is chrome or any other browser in sandboxie is irrelevant as the amount of protection offered will be equal with all browsers.

    Why use chrome with all of its sandboxing functionality just to throw it into another sandbox.....absurd.
     
  18. You are using the WE so you make it look like you are official representive of sandboxie, but your claim is really ridiculous. All processes start with medium level rights, so when I should be worried for Google Chrome, I should be worried for all other medium IL processes SBIE sandboxes. When I owned a lisence I wouild be de-installing SBIE right now, ROFL :argh:

    How in the world could a process running with medium level integrity (just a broker with low and appcontainer subprocesses) be weakening a security program running with high level integrity rights? :eek: So please explain.
     
    Last edited by a moderator: Jan 22, 2016
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,969
    Location:
    Nicaragua
    Kees, your name is mentioned in the first quote.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=5&t=19642#p103716

    Oh and, where is the Cruelsister video about Sandboxie weakening Chrome that you talk about yesterday? Show me the video. No video means it was just talk, nothing else.

    Bo
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,095
    Location:
    The Netherlands
    My whole point is, it doesn't matter if SBIE is weakening Chrome's sandbox, as long as SBIE can contain the malware that is delivered by some exploit. But you may say: it will become easier to exploit Chrome. My answer: in real life, exploit writers that target the mass market (not targeted attacks) will not write exploits that only work when Chrome and SBIE are combined, they write generic exploit code. End of story.

    https://www.wilderssecurity.com/threads/chrome-sandboxed.377440/page-22#post-2547157
     
  21. @Rasheed187

    I see the point you are making that is why I agreed for 99%


    @bo elam
    Do you want me to confirm what I posted earlier on the question of this thread (telling that IMO the added SBIE code is a theoretical increase of attack surface, but that this extra code also means an increased complexity and thus harder to predict memory displacements for exploits to succeed), then Yeah I agree it is all talks

    SBIE weakens the Chrome sandbox in theory, but in practise the advantages probably outweigh the disadvantages, see picture

    upload_2016-1-24_20-37-37.png
     
    Last edited by a moderator: Jan 24, 2016
  22. @bo_elam and Curt@invincea,

    New chrome features restrict sandbox processes tighter than SBIE, see picture. Some of SBIE's limitations are imposed on the controlled processes on a higher level as shown in the picture. But as I posted earlier that is all speculation (increased attack surface versus increased code complexity imposed by SBIE allow, block, redirect filter).

    upload_2016-1-24_18-40-1.png
     
    Last edited by a moderator: Jan 24, 2016
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,095
    Location:
    The Netherlands
    Isn't this old news? Of course Chrome's sandbox is tighter, it only has to worry about itself, while SBIE has to run and isolate all kinds of apps. But that still doesn't mean that you're more at risk when running Chrome sandboxed, that has been explained numerous of times, so I won't repeat. BTW, I've found some interesting info about the cost of zero day bugs, you get 30.000 bucks for a remote code execution bug for Chrome, and if you can also bypass the sandbox, you get up to 80.000, see pic.
     

    Attached Files:

  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,095
    Location:
    The Netherlands
    @ Windows_Security

    My bad, this info is freely available on the Zerodium website, see link. And BTW, about Sandboxie Support's remark, I think he meant this in a sarcastic way, something like: as long as SBIE works correctly, you have nothing to worry about.

    https://www.zerodium.com/program.html
     
  25. guest

    guest Guest

    i do while im typing this text ; no issue visible; as Kees said , Chrome run as "untrusted" while in Sandboxie.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.