Malware broke through Sandboxie

Discussion in 'sandboxing & virtualization' started by RCGuy, Jul 31, 2011.

Thread Status:
Not open for further replies.
Page 3 of 3
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yeah, I agree. I wonder, what would the correct term be for a program or scheme that is very sound with little margin for compromise? It could be LUA/UAC or Default Deny or ShadowDefender and kin, or virtualization like VM or SBIE. None of them are 100% as we know. I loosely use the term bullet-proof to describe something that is a shield against the most common threat - bullets. Maybe there should be a different category called mortar-proof or nuke-proof so that bullet-proof seems reasonable for "common" protection :D

    For sure, Granny would not get it. Neither do cousin or niece or father or brother. But I don't think it is the pop-ups that pose the difficulty, but rather it is where all the files have gone that I just downloaded.

    Since a file system is basically a filing cabinet, you would think people would grasp that concept easily. But noooo, they say the same thing "where is my stuff!? I hate this program $%@%*!"

    Sul.
     
    Sully, Aug 1, 2011
    #51
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It doesn't have to be that hard, really.

    Say we're setting a box for a browser. Make the browser download to a specific folder. Add that folder - if not already - to the sandbox Quick Recovery. Add the the folder then to Direct Access. Add a deny execution to the folder.

    Explain that if they want to execute something, to make things simpler, copy & paste (if they intend to keep the file in the folder) to the Desktop and install from there. If it's some pdf, doc, etc., just execute from the folder.

    It can't go simpler than this. Simpler would be not to use it, at all. :D
     
    m00nbl00d, Aug 1, 2011
    #52
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Exactly.
     
    Hungry Man, Aug 1, 2011
    #53
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    @m00nbl00d

    Remember two things :p

    1. you and I can only help a very limited number of people to do such things

    2. without you or I to help them, the odds are greatly reduced that they will help themselves. At least, I believe this to be true for the majority

    Sul.
     
    Sully, Aug 2, 2011
    #54
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,147
    Location:
    Nicaragua
    Something that really caught my attention when I first started using
    SBIE and later on DW is that there forums don't have a subforum for
    people that gets infected. In my opinion, that's a clear message
    about the quality of the protection that we get from this kind of
    programs. Maybe we can not say that SBIE is 100% bullet proof but
    it surely seems to be so, specially if we learn how to use it.

    What happened to RCGuy, does not happens to users that use SBIE
    properly. I am convinced of that.

    Bo
     
    bo elam, Aug 2, 2011
    #55
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Sandboxie does not have support for antimalware and it has nothing to do with how effective the product is... they simply do not provide support and I don't think sandboxie tries to replace antimalware software.
     
    Hungry Man, Aug 2, 2011
    #56
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,147
    Location:
    Nicaragua
    If people that used SBIE or DW were getting infected by the hundreds or
    thousands everyday, you can be sure that there would be a support
    subforum for people that gets infected.

    Hungry Man, the only people that use SBIE that gets infected are what I
    call "part time SBIE users". This are users that think that can pick which
    sites are dangerous and only use SBIE on those sites or when running
    certain programs. Picking malware is not like cherry picking.
    If you use SBIE 100% of the time, properly, you will not get infected.

    Bo
     
    bo elam, Aug 2, 2011
    #57
  8. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Two comments:
    1. You have to configure it to use it properly (which means you have to learn it)
    2. One man's "properly" is not the same as another man's. Some people would launch PDFs recovered from the sandbox without further protection. Others would always force-sandbox their PDF viewer. And some people would not dream of even viewing downloaded files without a sandboxed explorer.exe

    That's where SBIE differs from apps such as Shadowdefender, Defensewall, and Returnil. It's still very easy for the novice user to make a complete hash of their PC even with SBIE installed (this thread being a suspected example). Recall the video review of SBIE last year where it scored zero for protection because the reviewer hadn't read the manual. :)
     
    Scoobs72, Aug 2, 2011
    #58
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,147
    Location:
    Nicaragua
    Even people using DefenseWall have to learn it in order to be able to use
    the program properly. I ll give you a real life example that I remember.
    This guy had a piece of malware on his desktop, installed DW and ran the
    executable trusted. Bang, he got infected and asked Why, why did I get
    infected?.

    He got infected because he did not even read the first 2 pages on DW. I
    don't think it matters what product the user is using, if its not learned
    and used as its supposed to, it wont help.

    Bo
     
    bo elam, Aug 2, 2011
    #59
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I know some little kidies that use sandboxie with limited restrictions,and seems to always come back clean,at least every scanner I may through at it says so,and no appearent signs of any ill effects.NO granny though, she died decades before sandboxie was born.:D
     
    Dark Shadow, Aug 2, 2011
    #60
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Even when sandboxing with very light restrictions you'll see that most malware is unable to successfully attack the system.
     
    Hungry Man, Aug 2, 2011
    #61
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,944
    Location:
    USA
    I think there is a lot of validity to this statement... almost akin to the "you can't be half pregnant" saying. :)
     
    Page42, Aug 2, 2011
    #62
  13. wat0114

    wat0114 Guest

    My kids use Sandboxie, which I set up, and no issues whatsoever. Of course it helps their not permitted to download and install at will. They need my approval first before doing so, especially the install part.
     
    wat0114, Aug 2, 2011
    #63
  14. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    SAME here with no downloads with out approval.Also drop my rights and delete invocation to auto delete contents of SB the kids do very well keeping the sytem clean.:thumb:
     
    Dark Shadow, Aug 2, 2011
    #64
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    You are correct, and it applies to most applications, security or not.

    Your comment reminds me of why I liked ShadowDefender - it is so easy to use. Now that is one application I have shown people, because I use it on a laptop, that they really like and can understand. I don't know why exactly, but I would imagine it is because all they have to do is enter/exit shadow mode and decide what specific places to exclude. Funny though, even with its simplicity it is still the reboot that gets the thumbs down.

    Sul.
     
    Sully, Aug 2, 2011
    #65
  16. RHE10

    RHE10 Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    24
    Good on blocking that one. I hope you had the same luck with the rest. This is from Procmon in the few seconds that it took for both links to load in Chrome, on a X64 Win 7 Pro machine running no malware protection, Windows firewall on with default configuration:

    Code:
    54:01.0	chrome.exe	4004	TCP Send	Testing.noname:49268 -> 207.210.86.253:http	SUCCESS	Length: 385, startime: 11366, endtime: 11367, seqnum: 0, connid: 0
54:02.4	chrome.exe	4004	TCP Send	Testing.noname:49269 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 401, startime: 11379, endtime: 11381, seqnum: 0, connid: 0
54:03.2	chrome.exe	4004	TCP Send	Testing.noname:49270 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 446, startime: 11387, endtime: 11389, seqnum: 0, connid: 0
54:03.7	chrome.exe	4004	TCP Send	Testing.noname:49271 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 485, startime: 11391, endtime: 11394, seqnum: 0, connid: 0
54:04.3	chrome.exe	4004	TCP Send	Testing.noname:49272 -> 65.54.71.16:https	SUCCESS	Length: 190, startime: 11399, endtime: 11400, seqnum: 0, connid: 0
54:04.4	chrome.exe	4004	TCP Send	Testing.noname:49272 -> 65.54.71.16:https	SUCCESS	Length: 1483, startime: 11400, endtime: 11401, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49274 -> 201.218.222.91:8080	SUCCESS	Length: 399, startime: 11402, endtime: 11403, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49275 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 403, startime: 11402, endtime: 11403, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49280 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 408, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49287 -> 201.218.222.91:8080	SUCCESS	Length: 412, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49284 -> 201.218.222.91:8080	SUCCESS	Length: 408, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49286 -> 201.218.222.91:8080	SUCCESS	Length: 416, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49285 -> 201.218.222.91:8080	SUCCESS	Length: 410, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.6	chrome.exe	4004	TCP Send	Testing.noname:49279 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 402, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.7	chrome.exe	4004	TCP Send	Testing.noname:49283 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 398, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.7	chrome.exe	4004	TCP Send	Testing.noname:49281 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 405, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.7	chrome.exe	4004	TCP Send	Testing.noname:49282 -> 116.24.84.69.static.srtnet.com:8080	SUCCESS	Length: 400, startime: 11403, endtime: 11404, seqnum: 0, connid: 0
54:04.8	chrome.exe	4004	TCP Send	Testing.noname:49276 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 401, startime: 11403, endtime: 11405, seqnum: 0, connid: 0
54:04.8	chrome.exe	4004	TCP Send	Testing.noname:49304 -> 201.218.222.91:8080	SUCCESS	Length: 418, startime: 11404, endtime: 11405, seqnum: 0, connid: 0
54:04.8	chrome.exe	4004	TCP Send	Testing.noname:49278 -> 60.172.95.118:8080	SUCCESS	Length: 408, startime: 11403, endtime: 11405, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49277 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 400, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49290 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 404, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49273 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 485, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49292 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 414, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49289 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 406, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49291 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 404, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49293 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 406, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49294 -> 60.172.95.118:8080	SUCCESS	Length: 399, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49297 -> 60.172.95.118:8080	SUCCESS	Length: 408, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49295 -> 60.172.95.118:8080	SUCCESS	Length: 405, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49298 -> 60.172.95.118:8080	SUCCESS	Length: 406, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49296 -> 60.172.95.118:8080	SUCCESS	Length: 404, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49300 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 405, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49303 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 406, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49301 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 407, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49299 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 404, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:04.9	chrome.exe	4004	TCP Send	Testing.noname:49302 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 410, startime: 11404, endtime: 11406, seqnum: 0, connid: 0
54:05.1	chrome.exe	4004	TCP Send	Testing.noname:49307 -> 201.218.222.91:8080	SUCCESS	Length: 418, startime: 11407, endtime: 11408, seqnum: 0, connid: 0
54:05.1	chrome.exe	4004	TCP Send	Testing.noname:49305 -> 201.218.222.91:8080	SUCCESS	Length: 405, startime: 11407, endtime: 11408, seqnum: 0, connid: 0
54:05.1	chrome.exe	4004	TCP Send	Testing.noname:49309 -> 201.218.222.91:8080	SUCCESS	Length: 403, startime: 11408, endtime: 11408, seqnum: 0, connid: 0
54:05.2	chrome.exe	4004	TCP Send	Testing.noname:49308 -> 201.218.222.91:8080	SUCCESS	Length: 403, startime: 11407, endtime: 11409, seqnum: 0, connid: 0
54:05.2	chrome.exe	4004	TCP Send	Testing.noname:49306 -> 201.218.222.91:8080	SUCCESS	Length: 409, startime: 11407, endtime: 11409, seqnum: 0, connid: 0
54:05.8	chrome.exe	4004	TCP Send	Testing.noname:49311 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 418, startime: 11413, endtime: 11415, seqnum: 0, connid: 0
54:05.8	chrome.exe	4004	TCP Send	Testing.noname:49312 -> 60.172.95.118:8080	SUCCESS	Length: 417, startime: 11413, endtime: 11415, seqnum: 0, connid: 0
54:05.8	chrome.exe	4004	TCP Send	Testing.noname:49313 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 411, startime: 11414, endtime: 11416, seqnum: 0, connid: 0
54:05.9	chrome.exe	4004	TCP Send	Testing.noname:49314 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 414, startime: 11414, endtime: 11416, seqnum: 0, connid: 0
54:05.9	chrome.exe	4004	TCP Send	Testing.noname:49315 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 403, startime: 11414, endtime: 11416, seqnum: 0, connid: 0
54:05.9	chrome.exe	4004	TCP Send	Testing.noname:49316 -> 60.172.95.118:8080	SUCCESS	Length: 414, startime: 11414, endtime: 11417, seqnum: 0, connid: 0
54:05.9	chrome.exe	4004	TCP Send	Testing.noname:49317 -> 60.172.95.118:8080	SUCCESS	Length: 406, startime: 11414, endtime: 11417, seqnum: 0, connid: 0
54:05.9	chrome.exe	4004	TCP Send	Testing.noname:49318 -> 60.172.95.118:8080	SUCCESS	Length: 399, startime: 11415, endtime: 11417, seqnum: 0, connid: 0
54:06.1	chrome.exe	4004	TCP Send	Testing.noname:49319 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 407, startime: 11416, endtime: 11418, seqnum: 0, connid: 0
54:06.1	chrome.exe	4004	TCP Send	Testing.noname:49320 -> 219.128.178.61.broad.by.gs.dynamic.163data.com.cn:8080	SUCCESS	Length: 399, startime: 11416, endtime: 11418, seqnum: 0, connid: 0
54:06.1	chrome.exe	4004	TCP Send	Testing.noname:49321 -> 39.111.90.222.broad.xa.sn.dynamic.163data.com.cn:8080	SUCCESS	Length: 403, startime: 11416, endtime: 11418, seqnum: 0, connid: 0
54:07.8	chrome.exe	4004	TCP Send	Testing.noname:49322 -> 201.218.222.91:8080	SUCCESS	Length: 344, startime: 11434, endtime: 11435, seqnum: 0, connid: 0
54:34.6	svchost.exe	1208	TCP Send	Testing.noname:49323 -> OCSP.IAD3.VERISIGN.COM:http	SUCCESS	Length: 316, startime: 11702, endtime: 11703, seqnum: 0, connid: 0
54:34.9	svchost.exe	1208	TCP Send	Testing.noname:49324 -> OCSP.IAD3.VERISIGN.COM:http	SUCCESS	Length: 318, startime: 11705, endtime: 11706, seqnum: 0, connid: 0
54:55.4	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 638, startime: 11911, endtime: 11911, seqnum: 0, connid: 0
54:57.0	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 637, startime: 11926, endtime: 11927, seqnum: 0, connid: 0
55:00.1	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 636, startime: 11957, endtime: 11958, seqnum: 0, connid: 0
55:04.7	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 633, startime: 12003, endtime: 12004, seqnum: 0, connid: 0
55:05.2	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 634, startime: 12008, endtime: 12009, seqnum: 0, connid: 0
55:06.2	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 633, startime: 12018, endtime: 12019, seqnum: 0, connid: 0
55:06.5	chrome.exe	4004	TCP Send	Testing.noname:49256 -> 74.125.224.166:http	SUCCESS	Length: 632, startime: 12022, endtime: 12022, seqnum: 0, connid: 0
55:08.6	chrome.exe	4004	TCP Send	Testing.noname:49325 -> web02.ultrawebsitehosting.com:http	SUCCESS	Length: 387, startime: 12042, endtime: 12043, seqnum: 0, connid: 0
55:08.8	chrome.exe	4004	TCP Send	Testing.noname:49360 -> 65.54.71.16:https	SUCCESS	Length: 222, startime: 12044, endtime: 12045, seqnum: 0, connid: 0
55:08.8	chrome.exe	4004	TCP Send	Testing.noname:49361 -> 65.54.71.16:https	SUCCESS	Length: 222, startime: 12044, endtime: 12045, seqnum: 0, connid: 0
55:09.0	chrome.exe	4004	TCP Send	Testing.noname:49360 -> 65.54.71.16:https	SUCCESS	Length: 326, startime: 12047, endtime: 12047, seqnum: 0, connid: 0
55:09.0	chrome.exe	4004	TCP Send	Testing.noname:49361 -> 65.54.71.16:https	SUCCESS	Length: 326, startime: 12047, endtime: 12047, seqnum: 0, connid: 0
55:09.0	chrome.exe	4004	TCP Send	Testing.noname:49356 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 447, startime: 12046, endtime: 12048, seqnum: 0, connid: 0
55:09.8	chrome.exe	4004	TCP Send	Testing.noname:49355 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 446, startime: 12053, endtime: 12055, seqnum: 0, connid: 0
55:10.0	chrome.exe	4004	TCP Send	Testing.noname:49359 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 485, startime: 12055, endtime: 12057, seqnum: 0, connid: 0
55:10.3	chrome.exe	4004	TCP Send	Testing.noname:49328 -> 201.218.222.91:8080	SUCCESS	Length: 405, startime: 12060, endtime: 12060, seqnum: 0, connid: 0
55:10.3	chrome.exe	4004	TCP Send	Testing.noname:49327 -> 201.218.222.91:8080	SUCCESS	Length: 401, startime: 12060, endtime: 12060, seqnum: 0, connid: 0
55:10.4	chrome.exe	4004	TCP Send	Testing.noname:49358 -> 232.175.broadband15.iol.cz:http	SUCCESS	Length: 485, startime: 12059, endtime: 12061, seqnum: 0, connid: 0
     
    RHE10, Aug 3, 2011
    #66
  17. chris1341

    chris1341 Guest

    Intersting discussion about grannies, kids etc and SBIE. I found the more computer illeterate the user is the better my SBIE settings work. If they have no idea how to break it they don'y try!

    I allow direct access to the commonly used spaces for kids, grannies etc and force those locations with start/run restrictions to only allow the usual media players, readers and office stuff to run. If browsing, playing music and some office stuff is all they want to do I can go months without a peep from them or SBIE.

    This worked fine for ages until my eldest daughter worked out she could move the files sandboxie blocked out of the forced folder and run from them from elsewhere. LUA and SRP soon put a stop to that though!

    So I guess I'd echo what everyone seems to say. Those not familiar with the product would struggle to get the appropriate settings in place, but once in place can happily be protected by it. It should be backed up by something else for even accidental missuse. After all how many people have you seen infected because they wanted to instal that codec or new toolbar or game and found someway of circumventing their security set-up to do it.

    If you are familiar with it though and apply some common sense it safer to use than any other product I've tried. (which is almost every one discussed on these forums! :D )

    Cheers
     
    chris1341, Aug 3, 2011
    #67
  18. wat0114

    wat0114 Guest

    All connection attempts to remote TCP port 8080 were shown blocked in my log.

    With these measures combined with Sandboxie, your security is practically bullet proof :thumb:
     
    wat0114, Aug 3, 2011
    #68
  19. x942

    x942 Guest

    I use a VM running Ubuntu 11.04 XFCE for daily web browsing + SRP + UAC requiring a password. I believe that is even more bulletproof :D
     
    x942, Aug 3, 2011
    #69
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    And much heavier.
     
    Hungry Man, Aug 3, 2011
    #70
  21. clubhouse

    clubhouse Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    180

    :thumb: :thumb:
     
    clubhouse, Aug 4, 2011
    #71
  22. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    OT posts removed. No posts gets removed without a reason. If you are unclear about the reason or wonder why your post might be missing then ask a mod to look in to it for you. Do not ask for the reason in the forum itself.
    The posts on this occasion were removed because they were against TOS in particular
    https://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_x
    "Furthermore, you agree not to post any links to warez(1), sites from which malware (viruses, worms, trojans, backdoors etc.) can be downloaded, and requests for or to share malware."

    and also querying the removal in public. I hope this clears any confusion and we can return to discussing the thread subject
     
    Cudni, Aug 5, 2011
    #72
  23. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,291
    Location:
    Pennsylvania.
    So doe sit break through with tweaked sandboxie aka only browser can run, have internet access, or default everything allowed sandboxie?
     
    cheater87, Aug 5, 2011
    #73
  24. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Since the person who started this thread has not been on the forum since 1 hour after making the first post, several days ago, and because it seems pointless to continue given the direction of off-topic replies, this thread is now closed.
     
    LowWaterMark, Aug 5, 2011
    #74
Page 3 of 3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...