Malware Analysis: Not All Sandboxes Are Created Equal

Discussion in 'sandboxing & virtualization' started by mood, Feb 28, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,044
    Not All Sandboxes Are Created Equal
    February 25, 2019
    https://www.tripwire.com/state-of-s...ction/cyber-security/sandboxes-created-equal/
     
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    386
    If security is the top priority, then obviously WDAG is the top contender for most people. Really looking forward to the final Windows Sandbox release, I think it can be quite the hit.
     
  3. jagth

    jagth Registered Member

    Joined:
    Feb 25, 2019
    Posts:
    6
    Location:
    Warszawa
    microsoft have source code so they know how to create good and light sandbox, I hope it will be good thing
     
  4. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    I mean we already have sandboxie... And also I read (haven't researched this in-depth cuz there's at least another few months till the official release) that windows sandbox, when closed, will wipe the contents of the sandbox, which is deal breaking for many / majority of the programs that one would like to run in a sandbox, like me for example. Of course, it still has some uses, like sandboxing office files and the likes, but yeah...
     
  5. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    386
    It would surprise me if they didn't add an option for that. They said the same thing about WDAG and here we are today, with a checkbox to keep data on shutdown.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,523
    Location:
    The Netherlands
    I don't believe this article was about sandboxes like Sandboxie and Windows Defender Application Guard. They were talking about sandboxes that are used to analyze malware, not sandboxes that are meant to protect against malware and exploits.
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    Well to be fair, I don't think sandboxie (idk about windows sandbox cuz I haven't read about it) will protect you against a hardware exploit like spectre or meltdown if you don't have any mitigations, like these exploits (the specific versions that can do that) can escape a vm... And for the ones that are patched, there are that many more unpatched and undiscovered... But you have higher chance of being hit by a lightning than encountering such exploit, of course spectre and meltdown have been abused and by now you should have mitigations enabled if you don't already have, I'm talking about newer vulnerabilities
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.