How do you test Sandboxie?

Discussion in 'sandboxing & virtualization' started by sweater, Oct 11, 2011.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Just curious, there are security tests available for our hips, firewalls and antivirus...etc...but how about Sandboxie?

    How can we tests this if it really works effectively for what it says?

    Are there any sites that makes some simulations of malware, etc...with Sandboxie running? How good it is?
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    You can run a rogue or malware inside the box by removing restrictions from SB if they are in place and allow it to run inside.Example a Rogue AV will place a try icon on the system task and actually scan your pc as if iinstalled When your done delete contents of sandboxie and then check your C drive and or registry, you should not see anything left.Follow up with a scanner of choice such as MBAM.

    I recommend you have have a clean image restore on hand just in case but everything I tested has never escaped,just be sure not to recover anything out of sandboxie to the system.
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    You can go one step further with some effort. Get Virtualbox or VMware and run sandboxie inside. From there test all you want inside sandboxie. If something does get out, chances are it isn't sandbox and Virtual aware malware. If it is, well then your ****ed. Then again you always have your image to fall back on as well. :D
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Even Better to play it safer.:thumb:
     
  5. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    You never can be too sure. Right? I have VMware running with whatever software I'm testing. I then have my host system in shadow mode. I really hope nothing would make it past that. If it does then I probably shouldn't be playing with it then. :p
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    i dont test malware in a box - i'm no stupid - and i'm no malware specialist.
    even with a VM it is possible to infect the host.
     
  7. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    This is the best way. I'll test when malware I always use VMware Player, and my host I use Shadow Defender also always have a very recent picture Keriver 1-Click Restore Pro, in case something goes wrong.

    Anyway, see this test: -http://www.youtube.com/watch?v=pcsCzty1tIQ-
     
  8. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Can you recommend any reputable sites that makes Sandboxie malware testing...just like those sites that performed tests for Antivirus?
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    While it is theoretically possible for the host to become infected by malware in a VM,with modern CPUs utilizing AMD-V/IntelVT technology not very likely.

    If we look at a scenario of running malware within Sbie,within a VM,there are some very significant "hoops" to jump through.Not only must the malware "break out" of Sbie (extremely difficult when correctly configured);the malware must also be VM-aware and exploit a specific bug in the chosen VM software.Then it must bypass any security in place on the host system,all of this with the reduced rights and restrictions imposed by Sbie.

    Leaving aside the fact that such a specifically targeted malware probably doesn't even exist (much better commercially to just make malware dormant in a virtual environment),the technical difficulties would be immense given the active development of Sandboxie and the likes of Virtualbox.
     
  10. chris1341

    chris1341 Guest

    It is possible to test Sandboxie's efficacy without malware of course. It's motto is (or at least used to be!) - trust no program. It does not care whether a file is malicious or not it places it under the same restrictions regardless.

    So if you want to know whether an app can get internet access when restricted from doing so, try it with any safe app you like. Similarly will it prevent an app from running when start/run restrictions are set to prevent it, try it with a safe app as Sandboxie will treat it the same way anyway.

    Along the same lines if you want to know if anything can escape from the sandbox install something into the sandbox then verify there are no traces in the real system.

    If you are asking how can I prove malware does not contain a sandboxie busting element then testing it in a VM or not (if you are brave) is the only way. The beauty of this little gem though is if you set it up right with some of the restrictions noted, and have mitigation against unwanted/uncontrolled execution of what you choose to let out of the sandbox, then traditional downloaded executable based malware cannot run in the first place.

    Cheers
     
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
Loading...
Thread Status:
Not open for further replies.