Is there malware that can beat sandbox programs?

Discussion in 'sandboxing & virtualization' started by Subgud, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. Subgud

    Subgud Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    151
    Location:
    Norway
    Hi!

    I wonder if there is malware that would escape from a sandbox? You see, I have for years pumping my pc with different security suites, multilayer protection, and always had some sort of problem with virus or system slowing down.

    So I decided to try something else. I have installed MSSE(microsoft security essentials) and sandboxie. My system is very light! I know the idea of a sandbox, and I know how to empty it on shutdown. Is there any virus/malware that can escape from this and do damage to my pc? I am not talking about files that I save to my computer, but files I leave in the sandbox and delete when shutting it down.
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    At the moment no Proof of concepts or malware are mentioned on Wilders known to escape Sandboxie. By the the new Avast 5 beta is lighter than MSE on 32 bit systems.

    Regards
     
  3. Subgud

    Subgud Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    151
    Location:
    Norway
    That good to hear! I have installed both apps i mentioned above on my own and my wife`s computer. It is nice to have my computer running light and easy. I will take a look at avast 5 when it is released as final.
     
  4. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    If you restrict what programs you want to run and have internet access in the sandbox such as only the browser and IM program, then no malware can be activated. :)
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    cheater this can be done for the paid version only i guez:D
     
  6. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    The restriction settings are in the free version as well. :)
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    oh i see:)
     
  8. Subgud

    Subgud Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    151
    Location:
    Norway
    I have the paid version. I only run my browsers in the sandbox. I`m a safe user and I have never been infected through IM or mail.

    But it is good to know that running a sandbox is almost bullet proof :)
     
  9. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
  10. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    woww big list not only sandboxie,,,
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    bla video -> version 3.34 - rather old - who uses it should not work on a computer.
    a breaking program will exist anytime - the question is how you get it.
    none with normal behaviour - almost only with purpose - or by stupidity...
     
  12. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    i use sandboxie i've had 1 browser hijack that even after deleting sandbox firefox still couldn't open home page thanks to returnil2008 which i had on as well restarted and all is good again :D
     
  13. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I make sure sandboxie has the settings as tight as they can be nothing runs or has internet access except the browser.
     
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336

    Attached Files:

  15. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    the idea was that even with those nasty trojans sandboxie passed...
    subgud should draw the conclusions
     
  16. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Ahhh right I thought there were breaches of SBIE on there.Always of great interest since they're so rare.:p
     
  17. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    Instead of making baseless aqusations , give us a link to test out. I really doubt that something as simple as a browser hijacking attack could bypass Sandboxie's protection
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    There have been bypasses in SBIE, documented on their forums as well, and one should not expect that it will not happen in future. But practically speaking, the chance to get across such a malware is too remote. So SBIE is almost bullet proof.

    There is no pint in searching for a software that is 100 % perfect.
     
  19. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    agree and each new version becomes more stronger each time. it is very strong.
     
  20. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    Serapis, if a link was ever posted, it would be promptly removed, because it is a violation of our Terms of Service.
    JR
     
  21. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    i'm just telling you what happened
    you doubt it is not my problem and
    no i will not give you a link to a hijacking site :rolleyes:
     
  22. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Has there ever been a breach of sbie when the proper run and internet access restrictions were set?
     
  23. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That is the million $ question indeed.:D
    Most of the 'breaches' I've read about weren't in fact malware bypassing SBIE's protection,rather they were exploiting an area not covered by it,as in the case of the mouse-freezing POC.
     
  24. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Andyman,

    Yea to my knowledge a "properly configured" sbie is virtually invulnerable.
     
  25. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    If you don´t allow running unknown/untrusted applications then it will be very rare Sandboxie is bypassed.

    But if you mean downloading stuff and running it in Sandboxie then the answer is yes, Sandboxie has been bypassed. (I know it very well)
     
Loading...
Thread Status:
Not open for further replies.