Is virtualization the most ideal protection?

Discussion in 'sandboxing & virtualization' started by rOadToIS, Dec 24, 2008.

Thread Status:
Not open for further replies.
  1. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    Is my pc 100% protected if I virtualize my system while browsing? Are there any vulnerabilities?
    o_O
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    the only vulnurability would be a bug in the software, other than that, it should be clean after a simple reboot.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    There will always be bugs/vulnerabilities, that's just the nature of humans creating software. There is some malware out there specifically targeted at these virtual solutions, but with a good, well-supported program such as SandboxIE and Returnil, those types of malware are quickly dealt with. In my OPINION, once more people understand virtualization, these programs will move into the mainstream and be the future of security. HIPS, behavior blockers, and the like have their place and are not useless, however, when you can wipe away any damage done and problems caused with a reboot or a cleaning of the sandbox, then security becomes much easier and people begin to actively protect their systems.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Nothing will provide 100% protection!

    However, I would rather take my chances with some sort of virtualization application rather than relying only on a blacklist scanner. The trick is finding a setup that works for you and your habits.
     
  5. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    I strongly agree.
     
  6. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Just keep things updated and you should be fine. I've survived so far using this method.
     
  7. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Depdends on what software you use. Sandboxie has too many holes; I executed malware within Sandboxie and it leftover shortcuts and crap.

    I now use MS VPC.
     
  8. Miyasashi

    Miyasashi Registered Member

    Joined:
    Dec 10, 2008
    Posts:
    62
    You should protect your computer from junk even inside a Sandbox.
     
  9. faterider

    faterider Registered Member

    Joined:
    Nov 6, 2004
    Posts:
    64
    Virtualization alone can't help in protecting sensitive data. If the bad guy is somehow downloaded and executed it can steal CC numbers and so on before being wiped out with restart. Pure virtualization just protect from system being damaged or long term infected but otherwise leave everything open for abuse.

    Also it's mostly appropriate for very static setups where no changes are introduced or desired.
     
  10. dholiday

    dholiday Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    48
    I could not have stated it more simply than that. I'd add that if a "bad guy" gets in the sandbox it can read anything - including sensistive data - if that data may have also been included in the sandboxed environment. The advantage of a sandbox is that malware cannot write to the hard disk, as I understand it.
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    This is the second time today I've heard this story. I'm not trying to start a SandboxIE love session here, but I would love to know just what malware you and the other person executed that did this, and, where all these "holes" are.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    With SandboxIE at least, you can configure it to deny access to sensitive folders and data.

    Edit: While I don't deny that SandboxIE and the like are absolutely foolproof and cover every situation known to man, I do believe after reading quite a few posts in some of the recent virtualization threads that many don't understand that they (especially SandboxIE) can be configured to be as tight as you can reasonably get. Access to data can be denied/allowed, internet access can be given to only certain apps, all kinds of configurations can be made after a quick visit to some of the forums.
     
    Last edited: Dec 25, 2008
  13. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,279
    The problem with virtualization is that it is not transparent for the user. Because of this, it will never be a very popular solution. How many people are interested in reading forums to know how to configure Sandboxie?
     
  14. evilscribble

    evilscribble Registered Member

    Joined:
    Apr 30, 2008
    Posts:
    48
    Actually all you have to do is right click, "Run sandboxed" or click the sandboxed web browser icon.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    That can also go for HIPS, firewalls, some anti-virus programs, and others. Very few programs are truly "set and forget" while also providing the maximum amount of security possible. SandboxIE is probably one of the most secure apps out there straight out of the box. A wrong decision with a virtual app such as SandboxIE or Returnil is not likely to cause any major problems. But, a wrong answer to a HIPS or firewall message can prove disaster.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    You don't have to worry about ANY virtual or otherwise security set up failing so long as you ABSOLUTELY KEEP A COUPLE OF BACKUP IMAGES that you can turn to in event something that extreme would happen. I don't care if you had to wipe and reformat your disk, a good imaging program ( I Use DriveSnapshot), easily defeats any challenges designed to stop your services and and/or cost you money & time trying to undo what some fool coder has set out to do to disrupt or destroy your good machine and it's valuable applications/programs/data, what have ya'.

    Rule Of Thumb! MAINTAIN FIRST! AND ALWAYS A BACKUP IMAGE OR TWO TO AN ALTERNATE DISK OR EXTERNAL and you got them minions of fools defeated even if they do happen to get lucky on you.

    They cannot penetrate what you have stored away OFFLINE. That's your Life-Preserver even if your security apps or windows itself goes heywire.

    EASTER
     
  17. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Amen Easter. Image+virtualization=Bring it On!

    P.S. yes, I know, keyloggers/data theft: Get Noscript, set SandboxIE with the correct configuration, and boom, no more data theft.
     
  18. faterider

    faterider Registered Member

    Joined:
    Nov 6, 2004
    Posts:
    64
    Agree, but as dholiday specified, malware can still read and send out everything for limited amount of time. So if it steals my bank credentials and other valuables and send them to the creator what does it benefit me that it'll be cleaned when restarted ;)
     
  19. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Either:

    A: I'm not understanding something.

    B: People are having a hard time understanding configurations and how malware works.

    C: People are coming up with theoretical, but unrealistic scenarios.

    Ok, I'll go through this again. Using SandboxIE as an example, you can configure it so that:

    1. Nothing but your browser can run inside the sandbox.

    2. Nothing but your browser can access the internet (This means, for example firefox.exe and IE.exe, NOT also a .exe file running inside the browser).

    3. Access to personal folders (which is where you're going to be storing your precious bank account info....by the way, why is anyone so damn stupid that they keep information like that on their computer?) is DENIED, period, end of sentence, forget about it.

    Scared of scripts? Fine, install Noscript for Firefox and quit worrying. Look ladies and gents, malware is getting sophisticated, but there are no magical, immortal forces behind it. So, please, for the sake of people trying to learn and secure their systems, quit coming up with scenarios that have a real-world chance of 0000.1% (and probably lower).
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,220
    I just want to add that I've used virtualization since August 2005. I've never ever found anything, nothing at all, using many reputable scanners, if you run virtualized most of the time, and expect something untoward to happen you'll be disappointed. Most of the problems I've had were due to my configuration mistakes, also perfectly taken care by virtual means. To answer the thread question I'd say: Yes it is, without any doubt.
     
  21. faterider

    faterider Registered Member

    Joined:
    Nov 6, 2004
    Posts:
    64
    Judging for the rest of your post you mention point "A" just for the looks :) The question is about virtualization, but Sandboxie, DefenseWall are more hybrid solutions where the sandbox is only a part of the design. Returnil for example is pure virtualizer and doesn't offer the protection you speak of.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    SandboxIE only differs slightly from Returnil in that it protects only applications and not the whole system. Yes, there are config differences, but they both basically do the same thing. I consider SandBoxIE much more powerful than Returnil any day of the week. Yes, I can reboot using Returnil to undo any damage by malware, but with SandBoxIE, I can prevent that damage.
     
  23. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Not sure if you can post links to malware.
     
  24. faterider

    faterider Registered Member

    Joined:
    Nov 6, 2004
    Posts:
    64
    You need to clarify in your mind this stuff because this is not the case. Returnil doesn't protect anything in the sense of data theft and so on. It protects from system damage which is more of a nuisance than real threat.

    So as the topic goes discussing HIPS type virtualizers like Sandboxie, rOadToIS could remain with the wrong notion that generally virtualizers could protect him and if by chance pick something like Returnil or ShadowSurfer (never used but suppose is Returnil-type) he'll be vulnerable.
     
  25. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Have used Returnil for this entire year of 2008,have had no malware / problems :thumb:
     
Loading...
Thread Status:
Not open for further replies.