Is Sandboxie useless on Windows 10?

Discussion in 'sandboxing & virtualization' started by CoolWebSearch, Dec 1, 2016.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Mr X, your problem is that you assume, and like to assume that Sandboxie is not working well in W10. I dont know, I dont understand you, sometimes you bash Sandboxie and other times you hit W10. I try to make sense of what you write, but cant anymore, all you done lately is bang up on people teaming up with your MT friend.

    But anyway, you need to open your mind and read comments, most people using Sandboxie in W10 are doing well. Right now there is a problem with the new version of Chrome, So? Its beenj like that forever and you know it. Problems between SBIE and Chrome are nothing new, or are they? I have no doubt that the developers are working in a solution. And W10 1809 has lot of problems of its own, IMO, is a bad version and not only in my opinion, even MS thinks so, they are not pushing 1809, or are they? I am doing nothing to block my computer from getting 1809 and I aint getting it, but even as bad as 1809 is, Sandboxie was fine during the 3 days I had that version. Honestly, I think you need to try W10, and forget about 8.1. W10 is a nice version of Windows, quit bashing it, same with Sandboxie. In a couple of months, version 1809 will be history and a new version will come out that more than likely will be quality again.

    Bo
     
  2. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,230
    Location:
    Canada
    I've been using Sandboxie and 1809 for months now with no issues, I also sandbox Chrome with no issues.
     
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    25,855
    Location:
    UK
    I have to say that it's the same for me digmor crusher, I am using Vivaldi.
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    Couldn't this protection be achieved by making the Chrome downloads folder into a forced folder? That way, you could run Chrome unsandboxed, and still be protected from infection by downloads. Admittedly, this is only possible with the paid version of Sandboxie.
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    If you download the malware and run it out of a forced folder, Sandboxie will protect the computer but no so if you get hit by a drive by download when visiting a website. Drive bys infect the computer without you doing anything. Its done automatically, you don't have to click nothing or download anything, the malware does it all automatically.. I know more than one person is going to hate what I am going to say, but since this is fact and this is a security forum, I ll say it. Other than keeping the system and programs you have in the computer up to date, the best protection against this type of malware are programs like Sandboxie and script blockers, like NoScript :D.

    Bo
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    Bo, I am with you when you say that a drive-by will download automatically. But I am puzzled by your statement that it runs automatically. Can't figure out how that works. Can you link me to further info on this point?
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Read this link.
    https://www.lastline.com/blog/drive-by-download/

    Bo
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    No, is more than that, if you have a program or addon or if your computer has a vulnerability, the malware detects it, and infects the system via the vulnerable application.

    Thats why you want to keep the system and programs up to date and hope the malware don't know about holes that are unpatched. If you use something like NoScript, the malware in the infected webpage, cant run. If it cant run, it cant detect vulnerable applications in your system and it cant infect. If you use Sandboxie (No need to.....hope for nothing :)), the malware infects but the infection stays in the sandbox and is gone when you delete the sandbox.

    Bo
     
    Last edited: Feb 10, 2019
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    Not clear how the malware will break out of Chrome and infect the system, unless it first exploits an unpatched vulnerability in Chrome, and also escapes Win10 appcontainer.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    @bo elam is correct on both these statements. Typically it will be a vulnerable browser plugin that gets targeted by the exploit kit. Flash has been a common target for years. The link below explains why just simply blocking iframes will eliminate the threat of many compromised web sites:

    https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-Benefits-of-blocking-3rd-party-iframe-tags

    Good question. I believe Chrome even with default settings is not easy for malware to break out of. However, utilizing a script blocker or sandboxie should enhance the browser's security, although there have been arguments that SBie could increase the attack surface.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    There are cases where data is stolen straight from the browser itself, or the browser is forced to serve up ads, or is redirected to certain URLs. For this kind of thing, Sandboxie can make it easier to clean the browser. But it won't prevent the infection. A script blocker is better prevention.

    Many years have past since the time when scripts on websites were breaking out of Chrome and infecting the system. I am not saying those times can't come back, but I am saying that this is not happening in the wild these days.

    There are plenty of good uses for Sandboxie on Windows 10, but I question whether sandboxing Chrome is one of the leading reasons.
     
    Last edited: Feb 10, 2019
  13. guest

    guest Guest

    you don't have to believe, it is a fact. In black hats reunions there used to have a contest about compromising browsers in the fastest time. Chrome was never used because, from the black hats themselves, it takes too much time and resources. However FF (pre-quantum) was hacked quite fast (i dont remember the time, but it was consider the best browser to hone pentesting skill...aka easiest to abuse).
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,096
    Location:
    Canada
    That's kind of what I thought. I think it was a pwn2own contest where I saw this declaration about Chrome.
     
  15. guest

    guest Guest

    There:
    https://digitalguardian.com/blog/firefox-safari-edge-all-fall-pwn2own-2018

    using Sandboxie with chrome is a bit overkill, but if you download an unexpected malicious file, and it pass past Chrome malicious filters, sandboxie will obviously help.
    That the main reason, i use sandboxes with Chrome.
     
    Last edited by a moderator: Feb 10, 2019
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    To protect from that, a person could make his download folder and his desktop folder into forced folders, without sandboxing Chrome itself.
     
  17. guest

    guest Guest

    but then there is no point using a sandbox, you will miss one of the main purpose. in your case better prevent auto-execution of items in the said Download folder using Anti-exes.
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,084
    Location:
    .
    +10000000000000 :D

    So Chrome's armor is so robust I could run it without Sandboxie, agreed. But I run Chrome sbied with an extra purpose: if I need to poof! all contents in a browsing session, just click the red cross and auto-delete feature. All good or bad is gone, lol.
     
    Last edited: Feb 10, 2019
  19. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    What happens when a dll or driver or some other type of binary (other than exe) lands in a forced folder? Will it get sandboxed?
     
  20. guest

    guest Guest

    yes i use it for that too.

    Never tried, so i cant give a accurate answer, but logically they should be since you can install programs in a sandbox.
     
  21. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,225
    I don't want to hijack this thread, but FWIW, I'm using uBO in Default-deny mode. I blacklist 3rd-party + 3rd-party scripts + 3rd-party frames. This has the benefit - if a site is broken by this which happens frequently - that a noop rule for 3rd-party in the local column often fixes that but 3rd-party scripts and frames are still blocked. Unless I add noop rules for specific 3rd-party domains, of course.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Then don't hijack the thread and post off topics things. There are threads for UBO
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Shumu26, I believe this sort of thing can happen like this: You are browsing the internet with Firefox or Chrome or any browser (the browser is up to date), you visit a webpage that is infected with drive by download malware, you are not using an script blocker, the malware runs, and immediately reads your Program files folder or looks in Control panel, the malware detects you are using an unpatched vulnerable version of Adobe reader, Foxit, MS Office, etc. And via the hole it finds, it goes in your computer silently and infects it......Your AV doesn't detect the infection, 10 days later your AV gets a new signature that detects this malware and now it flags the infection, and you end up wondering how it happened.

    Bo
     
  24. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Seeing as a 0-day for Chrome costs up to €15k, that does seem kind of unlikely. In fact, I've never had it happen during my 5 or so years of using Chrome.
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    +1
    If I was trying to protect nuclear secrets or something of that magnitude, I would worry about Chrome exploits.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.