How does sandboxing/isolate software work in 64 bit enviroments?

Discussion in 'sandboxing & virtualization' started by cheater87, Dec 13, 2010.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I know patchguard causes some problems with isolating/sandboxing and makes the programs that can weaker compared to 32 bit OS's. How do they get past the patchguard to make it work since that patch doesn't let any modifying of the kernel. I know after a while 64 bit sandboxie was finally released and it was a lil bit weaker then the 32 bit version but a few updates down it was said to be as strong as its 32 bit counterpart. Geswall 64 bit is going to be in beta testing soon and I am looking forward to trying that out but also hoping that it would be as good as the 32 bit version.
     
  2. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Microsoft has provided some APIs, which make it possible to write code to provide functionality similar to x 86 architecture, but still it is much limited. Sandboxie has added dropped right functionality for x64 to fill the gap of complete control over sandboxed contents.
     
  3. Gobbler

    Gobbler Registered Member

    Joined:
    Jul 30, 2010
    Posts:
    270
    Are all security apps in a 64 bit environment weaker in design when compared to in 32 bit counterparts?
     
    Last edited: Dec 13, 2010
  4. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I know sandboxie is by a bit. Not sure about others.
     
  5. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Yes. All security applications are weaker (some more, some less depending on features they are offering) than their 32 bit counterparts.
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    x64 OS is more secure by default over an x86 OS as well.
     
  7. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    and what about TDL4 x64
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sandboxie 64 bit and my testing, never let anything get through. To me, it is just as good as 32 bit version.:thumb:
     
  9. Halffull

    Halffull Registered Member

    Joined:
    Sep 24, 2010
    Posts:
    50
    I always force run sandboxie in 32 bit environment, I have a few apps which do not run at all in 64bit sandboxie
     
  10. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    To be precise, Tzuk never claimed both versions to be equal in security protection at any point in time. What was meant by that release news point, was that they are both equal in terms of program support.

    I know he later enabled the LUA option by default; how that measures up to the x86 deafault protection I dont know. When discussing the same matter on sandboxie forums, Tzuk said that the only Achilles heel of the x64 version was the matter of service isolation which is supposed to be dealt with thru dropmyrights.

    Excellent work, Trjam. I wish more testers here could take your lead.
    I am interested in the sample size (# of viruses) you used in testing and the variety of viruses used -- i.e. whether it is fake AVs, killdisk variants etc. Also could you test how Java exploits fare in a start/run restricted sandbox? Are they successful in launching services?
     
  11. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Whats your point? That vulnerability has been fixed. ;)
     
  12. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    Start/Run restrictions my friend
     
Loading...
Thread Status:
Not open for further replies.