I Can See Underbelly Of The Net With SANDBOXIE!!

I wouldn't pretend to understand the delicate technicalities that go into constructing a sandbox as finely and on the order of SandboxIE, and for that matter virtual systems, but they definitively hold a distinct advantage in containments and protections from anything.

If there is a weakness and all softwares have some, at least this one is swifty corrected.

I would say the exact same thing applies to another great program called DEFENSEWALL, it's interesting to experience for ourselves these new technological advancements in security.

 

That's your opinion, but what I'd suggest is taking some time to study the basics, and learn what Robodog actually does and what OS "weaknesses" it exploits. It may be easy to convince yourself as such, but people who play with technical tools aren't always as technically inclined as they'd like to believe.

 

Re: I CAN SEE UNDERBELLY OF THE NET WITH SNANBOXIE!!

Thanks.

 

It steals passwords.

 

Never say never.

 

I think not. It defeats instant recovery software.

 

It defeats instant recovery software to survive the reboot, then it's a PSW trojan. solcroft can explain this better.

 

Robodog itself is a downloader trojan. It installs an autostart component that survives recovery, and downloads password stealer trojans the next time the system reboots. Now if the system enters "freeze" mode again, the password stealers are frozen onto the system, automatically restored at each reboot.

 

What a chip on the shoulder today. Sorry but i can't be led to cater to such useless ping pong leading only to unproductive criticisms.

Let's try to stay focused on the actual techologies plus it's not so becoming to suggest "play" when it comes to technical tools.

They are not for play but for study, examination, research and results. I don't have to convince myself of anything having long been involved in these matters for many years likely before many even plugged one in, so if i am in some error to details of a relatively new malware it would more reasonable to assist rather than make light at someone who is just first come into contact with a coded malware.

I don't think i will ever fully understand the purpose of why some of us are always taken to task negatively when suggesting some presumptive evidence not meant to claim as real fact but merely brought out for others perhaps better informed to clarify with their own details by results.

 

Crystal clear, thanks solcroft

 

And again, SafeSpace defeats robo-puppy.

 

trjam,
Don't forget that this is a cat and mouse game. Someday, sandboxes (Sandboxie, GeSWall, Defensewall, SafeSpace, etc) will leak. It's better to run LUA.

 

The reason why sandboxes are safer in general is because, short of bugs, they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself. Instant recovery software, on the other hand, do not have this design and programs are allowed to do whatever they want. They're likelier to get compromised, but on the other hand allow for greater functionality within the "isolated" environment.

 

Thanks "they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself" That is the bit that I had not seen mentioned before. I still feel that although "They're likelier to get compromised" is true the probability of either event is not as great as is sometimes feared.

 

That's why they're called sandboxes: a child's play area (the sandbox environment) and an omnipresent guard (sandbox driver).
You can achieve the same with Returnil, Deep Freeze and the likes by using LUA. Applications and malware can't fiddle with the ISR driver if they're running with limited privileges. This way, an ISR application becomes a "bullet-proof" system-wide sandbox.

 

Last hole in Sandboxie was fixed a week ago,thanks to member Rasheed to bring it in public.Tzuk fixed it imediately !

If you wont really safe,let alone your browser the right to connect,in this way defeating any other stuff trying to connect,including keyloggers.

usefull if you do online banking.

 

You could use a memory manager to free up some unreleased memory... Works wonder on systems with low RAM count.

I use smartRAM a small utility bundled free in Advanced Windows care 2 from Iobit You can downloaded it here

 

@ Long View, I mostly use Sandboxie for daily use and Returnil on demand. When Returnil is protecting my C:/ partition from changes, Sandboxie is set to Block Access to my D: and E: partitions. It can also be set to Block Access to My Documents or where ever you keep you important data. If something would happen to sneak it's way into the sandbox while I'm browsing, access to my data should be blocked. I hope that made sense.

innerpeace

 

I understand Lucas. But isnt SafeSpace basically doing this as far as web facing applications.

 

A simple bug/vulnerability in the kernel driver(s) and the gate to infection may be open.

 

Lucas,

Vista is really strong with its UAC (LUA in quiet) and IE in protected mode. Even downloaded have an extra security block on them.

On XP LUA is not really a very friendly option. The advantage of DW and GW is that downloaded files also inherit the untrusted status. I think this is better than sandboxing with virtualisation sandboxes. As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce).

Regards Kees

 

you see licas what you may me go and do.

 

I actually wrote the material on that link, so you are welcome as well.

 

thanks