Please allow me just one Sandboxie question...

Actually, people are that stupid. Well, not stupid, more like naive. Sandboxie offers little help in two key areas I have noticed.

1. with auto-recovery so easy, people download things and save them to "my docs". When asked, they auto recover, then they will execute. SBIE is out of the picture. This happens a lot, but not as much as...

2. open browser in sandbox, system is kept clean. Keep on using this sandbox for long periods of time. All the nasties that would normally be on your system are not, but because the sandbox is never deleted, the nasties do thier thing in the sandbox. Some settings help eliminate this, but in the past this is what really affected people the most - from what I have seen.

When we talk about things in these forums, it is easy to assume everyone has a certain amount of knowledge. That is just not the case. Most people I know who use a computer daily don't know much at all. They barely understand the file system. An advanced user actually understands what a file extension is. They know how to use programs and how to look at thier "my pictures" etc. Most don't even have file extensions turned on. I have to keep reminding myself that here things are different. The real world is not at all like Wilders.

Sul.

 

My advice is, if you really like Sandboxie and appreciate simplicity, always start your browsers in a sandbox. I mean that, always.

To really make things work slick, have two browsers. One for sensitive activities like banking, where you restrict what may run and delete it when you close it. Don't use it for anything else. Ever.

Have the other browser for your normal internet use, like wilders and email, etc. NEVER use it for anything sensitive. This sandbox you can also restrict, but because you never do anything sensitive in it, you don't really have to delete it all the time. Periodically you delete it is all.

This has worked very well for me. I run as admin 24/7, don't use UAC or any AV/HIPS/Firewall at all. Might not be for everyone, but it is simple.

The final thing you do is make sure your downloads always start in a sandbox. I have a sandbox just for this. If I run it in the sandbox and like it, then I have to decide if I can trust it on my real system or not. If I am overly worried, I might run it in a VM or submit it to jotti or some other online scanner.

I don't worry about banking/ordering/etc using this method because I know my real system is never compromised, and I know what environment is used for what purpose.

Food for thought anyway.

Sul.

 

So, am I in danger if I use only sandboxie and router?
I never download any kind of files because I don't need to do it.
And what about man in the browser and and man in the middle attacks?
SBIE cannot protect against these attacks?

From what I know SBIE Considering that outside the sandbox the system is clean and the sandox folder is also clean (not infected or empty), if you browse directly to the bank then you will be safe?

 

If the bank's Website is compromised,then you are done.Sandboxie can do nothing about it.

 

This is mostly over hyped and misleading nonsense propagated by the media. Banks have been ddosed, which is not the same as hacked and does nothing but cause delays and inconvenience as opposed to compromising customer data.

 

You got it.

If you are worried about MIM or XSS, take that up with your browser I guess as there is nothing SBIE can do for that. My only point was, to be safe when banking and using SBIE, you have to have clean environments.

Sul.

 

CWS, be careful about the addons that you are using. If you have an infected addon installed in your browser, it will be able to read what you type even if you are using a restricted sandbox where only the browser is allowed to run and connect. It is better to do sensitive browsing on a browser with no addons. Also, disabling automatic updating of addons will make you safer.

Bo

 

Bo, thank you for your advices in your last posting. Two questions concerning it:

Does it offer the same security when I simply disable my existing addons (while doing sensitive browsing)?

Do you indeed mean disabling? I think of the case that security updates are published. In this situation wouldn't it be better to have automatic updating enabled?

 

Hi Peter, if you are using Firefox, you can create a new profile, name it Sensitive and use that profile for banking only. It takes 15 seconds to create one.The new profile wont have any extensions. I would make an exception for NoScript and install it as it can be used to block plugins, Javascript and I trust it. I think keeping addons from updating automatically is a good practice when you do sensitive browsing in a browser with 25 addons. I use three but a lot of people have 25/30 and that can become a hole even when we use a restricted sandbox. Read the last sentence in this link.

http://www.sandboxie.com/index.php?DetectingKeyLoggers#defend

http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

Bo

 

Thank you for your reply, Bo.

 

Even without Sandboxie or any other 3rd-party augmentation, just think how incredibly resistant to web based threats one could configure a browser, such as Chrome, dedicated for banking purposes only ?

-No extensions

-All unnecessary plugins disabled: no Flash, Java, PDF reader

-Deny javascript: only exceptions your bank's URL's

-Block 3rd-party cookies: only exceptions accepted from your bank

Pretty tough to beat, I'd think. And if you really wanted to go to town with this, a firewall could be used to restrict it to the bank's IP addresses only and Sandboxie used for containment.

More to come later in a different thread

 

From what I've read so far that's only partially true, the first and the most important thing here is you have to have 100% clean computer, second whenever you download something/keylogger or any other form of malware, download them inside the sandbox, third always have restrictions so that no malware/keylogger can access the internet and that they cannot start/run, than you just automatically delete sandbox.

 

what about youtube?
You need to enable plugin-container.exe for websites like youtube to work, I visit youtube very frequently, if plugin-container.exe is not allowed to start/run i can't open anything inside youtube.
However, I blocked plugin-container.exe to access the internet, and sandboxie is always telling how it has blocked plugin container.exe to access the internet.

And I thought Google Chrome has vulnerabilities more than Sandboxie?

 

I've illustrated a "banking only" browser setup, just as the OP of this thread was asking about It's an experimental setup. The youtube screenshot was just to show that no active content from any other website can run in the setup. Only that of the bank's site, in this case rbcroyalbank.com, can run, and it needs no Flash or Java, so that's even better.

 

No need for a firewall for that, unless one really wants to. Chromium/Chrome has a built-in command line switch, which will allow to map domains to localhost, except the domains we want to allow, including binding IP addresses to the allowed domains. I've mentioned it a few times already, so anyone interested just search for host-rules and my nickname.

 

You can restrict Youtube communications to the domains *.youtube.com and *.ytimg.com.
You may need to allow more if you need to login to your Youtube account, should you have one.

Only allow javascript and plugins for those domains. Disable any other unneeded plugin. Of course, this kind of setup works best when using dedicated/separate browser profiles.

 

So is Google Chrome better/more secure solution for this?

 

Ok, thanks for the help.

 

That command line switch approach looks good for Chrome. The firewall idea can be applied universally to any browser, though.

 

I agree. But, you mentioned Even without Sandboxie or any other 3rd-party augmentation, just think how incredibly resistant to web based threats one could configure a browser, such as Chrome, dedicated for banking purposes only

I just went along.

 

That will depend on what you want to use. If you don't want to configure firewall rules/have third-party extensions to do the same work that Chrome can do on its own, then I'd say yes.

By the way, using the --host-rules command-line switch, you can not only bind a domain to a specific IP(s), but also the port it should connect to.

This is an example for Wilders Security Forums:

Code:

--host-rules="MAP * 127.0.0.1, EXCLUDE www.wilderssecurity.com","MAP www.wilderssecurity.com 66.227.46.190:443"

 

Right, even without firewall restrictions, a "banking only" browser, such as Chrome, although any browser for that matter as well, can be made incredibly secure. The firewall or in the case of Chrome your host-rules command line switch, or Sandboxie, could be applied but is probably not necessary, although it might satisfy the ultra paranoid.

If you or someone can explain how anything malicious can run in a browser restricted with Flash, Java, Javascript (except the bank's site), PDF all disabled, no extensions used, check for server certificate revocation, disable 3rd-party cookies (except for bank's site), disable prediction services, and other hardening options enabled, then please do

The point I'm trying to make to CoolWeb, and any others who want to bank online, is to not just focus on what application can be used to secure a browser used for this purpose, but to look within the browser itself, because it has many "hardening" options that if enabled to their fullest extent, can make a "banking only" browser highly formidable without the use of any other security application such as Sandboxie, running from a Linux disk, HIPS, antivirus, or whatever else.

 

Ok, wat0114, I first thank you for sending me a PM and give me instructions it did help me a lot.
I'll go banking with your instructions, thank you big time.
This is why I love these forums, they are so helpful as well as the posters who provide help.
I also thank to m00nblood and all the other posters who helped me.

I have several more questions: why does Sandboxie lack these options, or I'm wrong?
Well I don't know how good Google Chrome is in malware tests, this is not really important to me too much, but I have always wondered, is anyone has tested it?

I guess it's possible to run sandboxed Google Chrome (in a case if Google Chrome is weak in malware tests, in a case I want to test it)?
Wouldn't there be some conflicts between Google Chrome and Sandboxie?
Thanks again.

 

Chrome and SB work just fine together.

Acadia

 

You're welcome CoolWeb My apologies again for sending this thread on different tangents. You can still sandbox the browser and use Sandboxie's restrictive options to limit Internet access, what's allowed to run, Drop my rights,etc... I think some other more knoweldgeable Sandboxie users were just trying to explain that these options don't give you absolute 100% protection against keyloggers and such - its developer, Ronan Tzur has even stated as such - but it's very darn close. The key of course is don't allow a keylogger to install outside the sandbox.

Absolutely!