Discussion in 'sandboxing & virtualization' started by rOadToIS, Dec 24, 2008.
Is my pc 100% protected if I virtualize my system while browsing? Are there any vulnerabilities?
the only vulnurability would be a bug in the software, other than that, it should be clean after a simple reboot.
There will always be bugs/vulnerabilities, that's just the nature of humans creating software. There is some malware out there specifically targeted at these virtual solutions, but with a good, well-supported program such as SandboxIE and Returnil, those types of malware are quickly dealt with. In my OPINION, once more people understand virtualization, these programs will move into the mainstream and be the future of security. HIPS, behavior blockers, and the like have their place and are not useless, however, when you can wipe away any damage done and problems caused with a reboot or a cleaning of the sandbox, then security becomes much easier and people begin to actively protect their systems.
Nothing will provide 100% protection!
However, I would rather take my chances with some sort of virtualization application rather than relying only on a blacklist scanner. The trick is finding a setup that works for you and your habits.
I strongly agree.
Just keep things updated and you should be fine. I've survived so far using this method.
Depdends on what software you use. Sandboxie has too many holes; I executed malware within Sandboxie and it leftover shortcuts and crap.
I now use MS VPC.
You should protect your computer from junk even inside a Sandbox.
Virtualization alone can't help in protecting sensitive data. If the bad guy is somehow downloaded and executed it can steal CC numbers and so on before being wiped out with restart. Pure virtualization just protect from system being damaged or long term infected but otherwise leave everything open for abuse.
Also it's mostly appropriate for very static setups where no changes are introduced or desired.
I could not have stated it more simply than that. I'd add that if a "bad guy" gets in the sandbox it can read anything - including sensistive data - if that data may have also been included in the sandboxed environment. The advantage of a sandbox is that malware cannot write to the hard disk, as I understand it.
This is the second time today I've heard this story. I'm not trying to start a SandboxIE love session here, but I would love to know just what malware you and the other person executed that did this, and, where all these "holes" are.
With SandboxIE at least, you can configure it to deny access to sensitive folders and data.
Edit: While I don't deny that SandboxIE and the like are absolutely foolproof and cover every situation known to man, I do believe after reading quite a few posts in some of the recent virtualization threads that many don't understand that they (especially SandboxIE) can be configured to be as tight as you can reasonably get. Access to data can be denied/allowed, internet access can be given to only certain apps, all kinds of configurations can be made after a quick visit to some of the forums.
The problem with virtualization is that it is not transparent for the user. Because of this, it will never be a very popular solution. How many people are interested in reading forums to know how to configure Sandboxie?
Actually all you have to do is right click, "Run sandboxed" or click the sandboxed web browser icon.
That can also go for HIPS, firewalls, some anti-virus programs, and others. Very few programs are truly "set and forget" while also providing the maximum amount of security possible. SandboxIE is probably one of the most secure apps out there straight out of the box. A wrong decision with a virtual app such as SandboxIE or Returnil is not likely to cause any major problems. But, a wrong answer to a HIPS or firewall message can prove disaster.
You don't have to worry about ANY virtual or otherwise security set up failing so long as you ABSOLUTELY KEEP A COUPLE OF BACKUP IMAGES that you can turn to in event something that extreme would happen. I don't care if you had to wipe and reformat your disk, a good imaging program ( I Use DriveSnapshot), easily defeats any challenges designed to stop your services and and/or cost you money & time trying to undo what some fool coder has set out to do to disrupt or destroy your good machine and it's valuable applications/programs/data, what have ya'.
Rule Of Thumb! MAINTAIN FIRST! AND ALWAYS A BACKUP IMAGE OR TWO TO AN ALTERNATE DISK OR EXTERNAL and you got them minions of fools defeated even if they do happen to get lucky on you.
They cannot penetrate what you have stored away OFFLINE. That's your Life-Preserver even if your security apps or windows itself goes heywire.
Amen Easter. Image+virtualization=Bring it On!
P.S. yes, I know, keyloggers/data theft: Get Noscript, set SandboxIE with the correct configuration, and boom, no more data theft.
Agree, but as dholiday specified, malware can still read and send out everything for limited amount of time. So if it steals my bank credentials and other valuables and send them to the creator what does it benefit me that it'll be cleaned when restarted
A: I'm not understanding something.
B: People are having a hard time understanding configurations and how malware works.
C: People are coming up with theoretical, but unrealistic scenarios.
Ok, I'll go through this again. Using SandboxIE as an example, you can configure it so that:
1. Nothing but your browser can run inside the sandbox.
2. Nothing but your browser can access the internet (This means, for example firefox.exe and IE.exe, NOT also a .exe file running inside the browser).
3. Access to personal folders (which is where you're going to be storing your precious bank account info....by the way, why is anyone so damn stupid that they keep information like that on their computer?) is DENIED, period, end of sentence, forget about it.
Scared of scripts? Fine, install Noscript for Firefox and quit worrying. Look ladies and gents, malware is getting sophisticated, but there are no magical, immortal forces behind it. So, please, for the sake of people trying to learn and secure their systems, quit coming up with scenarios that have a real-world chance of 0000.1% (and probably lower).
I just want to add that I've used virtualization since August 2005. I've never ever found anything, nothing at all, using many reputable scanners, if you run virtualized most of the time, and expect something untoward to happen you'll be disappointed. Most of the problems I've had were due to my configuration mistakes, also perfectly taken care by virtual means. To answer the thread question I'd say: Yes it is, without any doubt.
Judging for the rest of your post you mention point "A" just for the looks The question is about virtualization, but Sandboxie, DefenseWall are more hybrid solutions where the sandbox is only a part of the design. Returnil for example is pure virtualizer and doesn't offer the protection you speak of.
SandboxIE only differs slightly from Returnil in that it protects only applications and not the whole system. Yes, there are config differences, but they both basically do the same thing. I consider SandBoxIE much more powerful than Returnil any day of the week. Yes, I can reboot using Returnil to undo any damage by malware, but with SandBoxIE, I can prevent that damage.
Not sure if you can post links to malware.
You need to clarify in your mind this stuff because this is not the case. Returnil doesn't protect anything in the sense of data theft and so on. It protects from system damage which is more of a nuisance than real threat.
So as the topic goes discussing HIPS type virtualizers like Sandboxie, rOadToIS could remain with the wrong notion that generally virtualizers could protect him and if by chance pick something like Returnil or ShadowSurfer (never used but suppose is Returnil-type) he'll be vulnerable.
Have used Returnil for this entire year of 2008,have had no malware / problems
Separate names with a comma.