'SandBlast' A Different Spin On Sandboxing

Discussion in 'sandboxing & virtualization' started by Minimalist, Sep 4, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi Minimalist, the guy who wrote the article says, "Nobody is going to run the sandbox for five days to see if the file is bad..." Myself, I don't run files in the sandbox to try telling if they clean or not but once a file is created in my computers, I run that file in a sandbox until the day it gets deleted.:D

    Bo
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Your system never meets those files, so malware never gets a chance to compromise it. :thumb: Most users probably couldn't use it that way.
    How do you test software that requires driver installation? Do you use virtual machine?
     
  4. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    47
    Where i can download this new app?!

    On my 1st pc i use ShadowDefender / Sandboxie
    On my 2nd pc i use VMware Wokrstatino / Sandboxie

    I keep all time all virtualized, sandboxed(24/7) system and apps like browser, packers and some games also.
    Becasue if hacker bypass game he can global send infection like old time in Opera browser so dont trust trusted app :mad:
     
    Last edited: Sep 4, 2015
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Thats right, malware that goes to sleep for days or weeks, wouldn't have a chance to infect me. The only time really that I put my computers in danger is when I install new software. But my computers are so static, that probably, for most people here at Wilders, it would be boring using computers as I do. Basically, I install what I know I want to use and dont change nothing. I rarely test any new software but when I do, if its done not using SBIE, I use Shadow defender.

    Bo
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
  7. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    47
    Bo elam but you forgot 1 fact SD same as Sandboxie meaby isolate your system but still use your mian system source
    So if malware can be cleaned in next boot system. he can spy you until your system still work/reset -,-

    With vmware or virtualbox he will dont spy your mian system but only what you do in this 2nd virtualized :D
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Quasar, about Sandboxie, you forgot something. In Sandbox settings, you can block sandboxed programs from having access to your personal files and folders. That way, programs that run in the sandbox cant see them or upload this files to the internet. You can also, restrict the programs that are allowed to run or connect to the internet.

    Examples for you. If you are browsing in a restricted sandbox where only your browser can run and all of the sudden malware of the type that steals information gets downloaded into the sandbox, the malware cant run. If it cant run, it cant run or steal your information. Nothing gets stolen from your computer.

    Another one. If you are browsing the internet using an unrestricted sandbox, the malware can run but it cant see your sensitive files because you block sandboxed programs from accessing those files. If malware can not see your sensitive files, it cant steal them.

    I can give you more examples how to set Sandboxie to keep your personal information safe. But above you have the two extreme case uses for Sandboxie. One, using a highly restricted sandbox and the other one using a non restricted sandbox. In both cases, your sensitive files and folders are safe from being stolen.

    About SD. It doesnt have settings like that. But I hardly ever use SD and don't use it for security. Sandboxie is my security program.:)

    Bo
     
  9. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    47
    I know i use faq from ssj100, but it can be still not enought :)
    I use"know" sandboxie from 1st olders version
    My old guide on SG.pl https://safegroup.pl/temat-sandboxie-omowienie-i-konfiguracja_9334 in poland lang but you dont figure nothing there about what you dont know :)

    For sensitive files i use SpyShelter method witch block all programs and pop up if smb wanna affect with it :)
    Combined with Sandboxie and AppGuard its just awesome on 2nd pc i have yet Exe Radar Pro with
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
  11. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Well said, until I started using the more advanced features [That was my second time around ] I wasn't even tempted to stick with SBIE. The first time I tried it, I uninstalled it almost immediately because the interface came across as old and unpolished (I still don't like it~but it felt 'low quality' so I figured, how could its protection be much better? ) and I didn't realize how it could be used to prevent such things but the stuff you can do to lock down each box differently with a little learning, trial and error or reading is simply amazing. These days I can't find anything else that comes close to giving me the 'degree of control' I've grown to love. If it wasn't for the glowing comments (and info) ppl like you had spread around I may never had buckled down and started my testing in-depth. I would have missed out on such a great program! Once I got the swing of SBIE and added AppGuard (then later MBAE) to the mix I was tempted to ditch my HIPS and AV but old habits die hard so I've not taken out those layers yet.

    Now that I've gotten that part of the rant out of the way, back to SandBlast...I skimmed over the article but can't see how that qualifies as a sandbox.
    It reminds me more of how AppGuard might work (or even a classic HIPS). It could have its uses in a business environment, sure, but I fail to see how it's a new spin on 'sandboxing'. If anything the whole article seems to be a spin job as I can't see how anything it's doing can be considered sandboxing (eg isolation/restricted environment). It's doing behavior analysis and 'likely' preventing those actions...Sure it could be useful for 'identifying' malware but it's not new and it's not a sandbox. IMO at least.
     
    Last edited: Sep 4, 2015
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    TIME OUT. This thread is not about Sandboxie, or Appguard. It is about a specific product Sandblast. Lets stay on topic.
     
  13. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Oh it's a shame we can't test the program, it's conceived for enterprise market only.
     
  14. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
    Key point that Bo was writing in the above post is that you can easily block all programs and all sensitive files with Sandboxie as well, so Spyshelter is over-redundant if you use both Sandboxie (properly configured) and Spyshelter at the same time on the same computer-oh, sorry, I won't post about anything else but Sandblast.
     
    Last edited: Sep 5, 2015
  15. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    47
    Sorry for a bit off topic but its still about sandboxing i cant wait when this technology out for home usage not only for buisness :)
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    No it isn't. Read the subject, and please stick to it.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I don't get it, what is so unique to this sandbox compared to others? I noticed that they claim to be able to block exploits, but so can other tools like Invincea Endpoint, and blocking exploits is something different than detecting malware that's started manually.
     
  18. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,079
    Location:
    Netherlands
    CPU and OS aware sandbox at network level. Similar to magic lubricant which adds 10% horse power to an aging car engine. For once we are on the same wave length. I don't get it either. I just read a sequence of security related buzz words. After reading their explanation I am in a higher state of excitement but at the same level of confusion.
     
  19. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    You are right of course, I did ramble a bit (a lot) there. Especially in regards to sandboxing (and sandboxie in particular). I just can't see this approach as new or even strictly speaking sandboxing (I can only hope there's more to it that the author didn't understand/know). My mention of AppGuard was brief though and only meant to show how such a product that monitors (and prevents) memory changes has existed for quite a while and even some of your standard classic HIPS programs could (can) prevent this type of activity so the article claiming that's what makes it new is hooey.

    Maybe if we had a chance to test it or a bit more technical info we might get a better idea of what all makes it a 'new approach' but all I got from that link and the info I saw was misleading hype. Assumptions and limited info don't make for good conclusions but as it doesn't seem we'll get a trial or home version I'm calling it how I see it, brown and going down. :-/
     
    Last edited: Sep 12, 2015
  20. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,172
    They show it on the list to trial I think. You have to register first.

    http://www.checkpoint.com/try-our-products/index.html
    I registered but when I go to the select an eval product there is three boxes

    1. select product
    2. Select account
    3. What is purpose

    In the number two spot is a down arrow and that one doesn't let me select an account for some reason. :-(
     
    Last edited: Sep 12, 2015
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes, it's probably just marketing hype.
     
Loading...