Do you disable UAC?

Rasheed, guest is trying to confuse peopple. There are many ways programms in general can tell when they are running in a sandboxed environment. That is not a weakness but just the way that is.

Bo

 

I don't think he's trying to confuse, but it's true that some malware use certain tricks to bypass security tools, that is what the screenshot shows. But when it comes to sandboxes, most malware can't bypass it without the use of kernel exploits, so it's likely that this "anti-SBIE" option will simply cause the trojan to either terminate or act legit, so that people will think the file is clean.

 

Martin, I read about half of your post and stopped. My replies to you here have nothing to do with Sandboxie. There are many sentences written by you in this thread alone were you are offensive to other users in general. That bothers me. If you dare me to cherry pick them and post them here, I ll do it. Dont dare me.

And something else, get this straight. Security tools are not toys to me. I don't install and uninstall programs every day or every week. In fact, my systems are static. They never change. I use one programs and one program alone for security. And one browser addon.

Bo

 

Sorry Jarmo. That PM you are talking about, you asked me a question about another user in this forum who you thought was hacking you, and I told you what I thought, that you were wrong. Sorry Jarmo, I tell the truth, I could it told you what you wanted to hear but I prefer the truth.

Bo

 

No, Rasheed. I seen that screen before, he should have posted the link to the article. I cant remember the details but it has to do with showing that SBIE (as other programs) is detectable by sandboxed programs. And that's how that is. Nothing to raise your eyebrows about.

Bo

 

I think I was the one who posted this screenshot in the SBIE thread, but even if it's true bypass, there is always HIPS to protect Sandboxie. Multiple layers of security tools, that's what I always preach.

 

That screen is not about a bypass. Find the link.

Bo

 

I'm not following you, I'm talking about the screenshot that guest posted? But anyway, it's not that interesting.

The problem is that some think that people who disable UAC or don't run in LUA, do this because they don't understand the idea behind it. But it's all about security versus convenience, there has to be a certain balance, and it all depends on the user. It would be interesting to know how many Windows users disable UAC. I have this feeling that probably 30% turn it off, simply because of the annoyance factor. But this is pure speculation.

I already mentioned this but my previous online broker had this advanced 2FA system to protect against banking trojans, it drove me freaking nuts. Every time I had to make a transaction I was required to perform at least 4 steps. It reminds me a bit of UAC, it's not worth the hassle, especially when you're already protected by security tools.

 

Yes, me too. That picture doesn't show anything about any bypass. Dont forget, Sandboxie has never been bypassed by real malware. He posted the screen without a link, and a meaningless comment to confuse people into thinking that is a bypass.

You know the line, Show me the money. To the guy who posted the picture, Show me the link.

Bo

 

Yes we agree on this, see link.

https://www.wilderssecurity.com/threads/do-you-disable-uac.384223/page-17#post-2579732

 

@Peter2150 :

As far as I can see then the majority of infected users posting on that site are running earlier Windows generations and a multitude of third-party security products.

The small percentage Windows 10 users that do post there are also running all kinds of third-party security products.

Can't see how that will give you any insights to Windows 10 security.

If you want to draw any conclusions from the site you are referring to, then it must be that no matter what Windows edition a user are running and no matter how much third-party security a user installs - then a determined user can still infect themselves by clicking yes-yes-yes-ignore-ignore-ignore-yes-ignore-yes.

Which is exactly why social engineering is so extremely dangerous.

I think we can agree on that.

Which is also what I'm saying.
Only I'm saying, to add the few applications that makes sense to add in a given scenario instead of the general security forum trend of blindfolded pouring a dozen security applications onto the system.

 

And you can find tons of harsh posts from a million other users all over the site.
Apparently lots of users get grumpy when IT security are discussed.
Replying to such posts often results in replies that are also harsh.

What came first - the chicken or the egg ??

In case you feel like quoting posts you find harsh, offensive, inappropriate or that you just generally do not like, then remember to also quote the posts they replied to in order to preserve context.
Soon you will get a PM from site.admin that server are running low on storage since you decided to quote two-thirds of the site.

??
Yes, I know.
That is exactly what I wrote in my post.

 

Agreed, nothing interesting about a picture of a bypass tool.

It is sound policy to run as a Standard user, utilizing what's available in Windows, but the security-aware users in this thread who chose 3rd-party utilities over UAC and such should have no problems maintaining a secure system. Comparing them to the majority of the general public who know nothing other than antivirus solutions is comparing apples to oranges. It is why in responsible corporate environments systems are locked down like Fort Knox because the majority of their users know little to nothing about computer security, nor even care about it, so enforcing Standard accounts with locked out/down policies is the only way to go for businesses. It would be a security nightmare for the IT department otherwise. For the typical home-user Wilders member in this forum and thread, they have the know how and ability to run securely as Admin, utilizing whatever means they chose as their security platform.

BTW and fwiw, I chose to first utilize O/S built-in measures, then augment them with 3rd-party tools.

 

You are right, my fault, in my previous reply to you I mentioned I ignored and didn't read the second half of your post. They are too long, Martin, but I should have read it through. I though you were including me in the 12 security programs kind of guy group. And I am totally the opposite.

But you see, the difference in this regard between you and me is that unlike you, I respect people who do security different than me. Check what you say here about respecting peoples choice on how to secure their own computer.

Peace.

Bo

 

Nice post, wat .

Bo

 

Thank you for mentionning SUMo

 

@bo elam :

Post to long ?
Some are short. Some are long.
Like so many other things in life it's the mixture between occasionally quick and dirty and occasionally slow and thorough that makes perfect.

As for your quote from my post ?
You left out the entire section in my post about what I respect highly, and thereby twist my words.

If you instead read what I wrote in its correct context as I posted it, then it makes perfect sense. And I stand by every word I wrote.

Anyway, no hard feelings okay ? And I still wish you a great Sunday.

 

Same here, I don't hold grudges, Martin

Bo

 

That's good to hear, Bo. I don't hold grudges either. Life is to short for that.

 

stupid comment again, you are really out of the tracks; if i want confuse people i would do better than that , like making a fake video or photoshoped screenshots. With you , it becomes difficult to talk about anything related close or far to Sandboxie .

like in the minimalist security thread, i said SD never failed me, then you jump in off-topic saying that Sandboxie is better. because blablabla.. who cares.

Problem with you Bo, when someone dare to say/show anything that may "hurt" you baby sandboxie (even if it was not the purpose); you get rude... And it you read my following posts; i didn't say it specifically bypass Sbie, and if it does "maybe" it will be Sbie in default settings. If you want the name of the tool just PM me, simple as that, instead of making rant posts against me without any idea of what i'm talking...stop your fanboyism please.

You take Sandboxie's matters too seriously, it is just a software , nothing to get excited about. What you will use if sandboxie is abandoned?

i see you have a grudge against me , even trying to convince @Rasheed187 that my post has a malicious purpose... if it is the case, just don't mention or comment about my posts, especially if you can't tolerate any comments not going in your way.

FYI , of course i don't put a link , and i hid the name of the tool by cropping the picture to conform the forum rules, it is a keylogger by the way, you know the rules better than me , don't try to use that against me.
and i didn't put it just because Sandboxie was present, but because it could bypass several features/apps (like UAC , various anti-keyloggers, etc...) . note, that i have this tool, but didn't tested it to see how it performs; i don't have a spare system to do it.

And believe me , in the case of an hypothetical real bypass of sandboxie (or any other softs), it won't be published on youtube or any security forums; bypass tools are sold in the dark web for high price, between hackers/criminals; and only when it become outdated, you will see it public.

 

PC security really is a personal decision. The more locked down and secure we make our machines the less user-friendly they become. It's up to us just where to draw that line. Take NoScript for example. It adds a significant level of protection to Firefox but also make it more of a challenge to browse the web. Yeah Bo, I know you have made NoScript as user-friendly as possible for you.

This thread is full of great advice but at the same time full of personal opinions. It's up to us as individuals how comfortable we are and what we feel is or isn't necessary for our protection. Of course if the user is less knowledgeable about PC security, then perhaps they have to be educated so they can draw their own conclusion of how safe they want their machine to be.

That's my thoughts on this matter [UAC or not?] anyway.

 

guest, you as I know the link is to an article or something about a test tool ( I dont remember the details) that in the particular case of Sandboxie, all it does is show that SBIE is detectable by programs running in the sandbox.

Thats not a weakness guest but how things are. Program that run in the sandbox can detect SBIE in various way. Sandboxie doesn't hide itself. If Sandboxie tried to hide itself, its likely scanners like the ones in Virus total would start calling Sandboxie a Cheat tool. And Sandboxie is not a cheat tool. If you truly believe that posting the link is against the rules of the forum.......send the link in a PM to one of the moderators here, and see what they say. This is easy to do.

The problem I have with you posting the picture without a link and insinuating that among other things, it shows Sandboxie being bypassed is that that is not the truth. Be honest and post the link (think about it, if you post the link and it shows that is easy to bypass SBIE, it ll make me look bad).

Bo

 

This thread is not about Sandboxie. Neither is it about HIPS nor is it about any other 3rd-party security programs. Say whatever about UAC but stick to the topic please.

 

Yes I agree, this is my main point. This UAC discussion is nothing new, it annoyed people from the day it was introduced in Win Vista back in 2006. Of course, the intention behind this feature is good, but it's not needed to keep systems safe. So my advice is: Keep UAC enabled, unless you find it annoying. It's a bit sad that I had to repeat this like a 1000th times.

Bo, trust me on this one, I think he was only trying to point out that nothing is unhackable, including UAC. And he agreed with me that this trojan is most likely not able to bypass SBIE.

Let's try to calm down.