Malware Analysis: Not All Sandboxes Are Created Equal

Discussion in 'sandboxing & virtualization' started by mood, Feb 28, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,059
    Not All Sandboxes Are Created Equal
    February 25, 2019
    https://www.tripwire.com/state-of-s...ction/cyber-security/sandboxes-created-equal/
     
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    468
    If security is the top priority, then obviously WDAG is the top contender for most people. Really looking forward to the final Windows Sandbox release, I think it can be quite the hit.
     
  3. jagth

    jagth Registered Member

    Joined:
    Feb 25, 2019
    Posts:
    6
    Location:
    Warszawa
    microsoft have source code so they know how to create good and light sandbox, I hope it will be good thing
     
  4. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    I mean we already have sandboxie... And also I read (haven't researched this in-depth cuz there's at least another few months till the official release) that windows sandbox, when closed, will wipe the contents of the sandbox, which is deal breaking for many / majority of the programs that one would like to run in a sandbox, like me for example. Of course, it still has some uses, like sandboxing office files and the likes, but yeah...
     
  5. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    468
    It would surprise me if they didn't add an option for that. They said the same thing about WDAG and here we are today, with a checkbox to keep data on shutdown.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,079
    Location:
    The Netherlands
    I don't believe this article was about sandboxes like Sandboxie and Windows Defender Application Guard. They were talking about sandboxes that are used to analyze malware, not sandboxes that are meant to protect against malware and exploits.
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Well to be fair, I don't think sandboxie (idk about windows sandbox cuz I haven't read about it) will protect you against a hardware exploit like spectre or meltdown if you don't have any mitigations, like these exploits (the specific versions that can do that) can escape a vm... And for the ones that are patched, there are that many more unpatched and undiscovered... But you have higher chance of being hit by a lightning than encountering such exploit, of course spectre and meltdown have been abused and by now you should have mitigations enabled if you don't already have, I'm talking about newer vulnerabilities
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,059
    Malware Sandboxing Firm VMRay Raises $10 Million
    September 17, 2019
    https://www.securityweek.com/malware-sandboxing-firm-vmray-raises-10-million
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,789
    Location:
    UK
    Interesting work.

    Malware has been able to detect VM operation, and, I believe, Sandboxie too. It's not hard to add the detection for conventional virtual or restricted environments, which to be fair, were never aiming to be stealth like that. Of course, providing you use those protections and the malware abandons its attempts, that's rather sweet!
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.