How to configure a full-proof Webbrowser Sandbox in Sanboxie?

Discussion in 'sandboxing & virtualization' started by GrammatonCleric, Aug 8, 2012.

Thread Status:
Not open for further replies.
  1. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    I would like to see the configuration file for a full proof Sandboxie web browser.
    I am currently using my Chrome and IE9 in the Default Sandboxie sandbox and I am wondering if that's sufficient protection if/when I get hit by a driveby.

    The problem is that I am also using RoboForm to store my website passwords and I like the fact that I can access website logins in Roboform but I presume it's not that safe allowing sandboxed browsers to have access to roboform. Since if I get hit by a driveby then I assume that the driveby will have access to my roboform passwords.

    is there a way to have my cake and eat it too? Secure Sandboxie browsing with roboform access or do I have to give up roboform when browsing sandboxed?

    So finally back to my original question:
    How to harden a sandbox container where I can browse with Chrome without the fear of infection leaking? I.E. browsing Malware Domain List with Chrome.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Without much complication, you can setup a specific sandbox for browsing fairly easily.

    You can start by only allowing browsers to run in a sandbox. So only chrome.exe allowed to run.

    You can add specific applications to run if you need them. You might allow foxit pdf reader, or something else you use and trust.

    You can limit what has network access to only the browsers. This may help, on the chance you get a keylogger, that only the browser will have network comms. If the exploit runs in the browser of course this does nothing.

    You can deny read and or write access to key areas if you desire. Maybe you want to lock down writes to the windows directory. Who knows. There are a number of threads with "sandboxie configurations" which might give you ideas of what you might want to protect if you don't have any ideas yourself.

    You can use the option to "drop rights" within the sandbox, so that activities that happen within the sandbox can only affect your user areas, not admin areas.

    I would say those simple implementations are enough for most issues. I personally don't worry about anything escaping SBIE. Until it is proven that something does this, I will trust it. I focus more on ensuring the "sandboxed environment" is kept as clean "as I need it" - meaning I have mulitple sandboxes each for specific programs and/or specific uses.

    Sul.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    GrammatonCleric, I think Sully pretty much covers it. To take care of the situation he describes here, make sure you only install well known addons. A infected addon will get you even when only the browser is allowed to connect. In Firefox you can disable addons, if that can be done in Chrome, it would help when doing sensitive browsing.
    Bo
     
Loading...
Thread Status:
Not open for further replies.