Sandbox testing

Discussion in 'sandboxing & virtualization' started by Drew99GT, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    340
    Location:
    Colorado Springs
  2. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    This tester rated Prevx as his favorite but states; "On just the fifth malware Web site, a password-stealing Trojan was able to infect the test system." What do you think the Sandboxie forum would look like if every fifth site allowed something out of the sandbox? He also states; "Sandboxie didn't prevent the clipboard hijack, and it did not remove all remnants of the XP Antivirus malware program when I told it to delete everything." I had no problem deleting everything in the XP Antivirus test, both with auto delete and no auto delete, so I don't know where that is coming from. As far as the clipboard, Sandboxie doesn't sandbox the clipboard cause what effect would that have - it would still be text. But there is no harm as anything pasted would be in a sandboxed address field anyway.
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Tested heaps of rogues sandboxed, including XP Antivirus, with Sandboxie not having a problem containing, terminating and deleting all comers so far.

    Can't understand what the author of the article means by:
    SB2.JPG
     
  4. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    hahaha I missed that comment Franklin, good post. :D
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    He only tested the free version. Not a very impressive write up in my opinion.
     
  6. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    876
    Location:
    Sverige
    pete, relax, we know sandboxie thwarts all :D :thumb:
     
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,119
    Location:
    Hawaii
    But NOT the heartbreak of psoriasis. :(
     
  8. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    876
    Location:
    Sverige
    hey bellgamin gimme a chance, im still relatively young at 34 - right about now there are about a billion things to kill me, all the while telling me I have just the one life - give them a chance to catch up to me - I know they catch up
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If it's any consolation to the infection we missed, detection was added automatically for it by our Community Database about 30 minutes after the test took place. If he was to rescan, we would have then detected/cleaned/blocked it.
     
  10. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    876
    Location:
    Sverige
    good try :shifty: but ids vs virtualization= nill
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, it is clear that a full virtualization solution will prevent anything from changing the underlying system, but how many "normal", non-techy users can actually use a virtualization solution? :)

    For instance, my mother could definitely not use a virtualization program, a virtual machine, or UAC for that matter. They are just far too difficult to use by a non-experienced person who just wants to use a computer and assume that everything just "works".
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    That is true, that is why solutions like Threatfire and PrevX excel.

    Regarding UAC and the perceived virtualisation of DefenseWall: it is an non techie implementation of internet faced programs security with policy management. It also works seamless (only requires a change of status to trusted to install software) in a way it is install and forget. It is also the only sandbox type application which works out of the box with Digital Rights Management. As a matter of fact my mother of 75 uses it with no problems at all (I did the installation of DW on her PC).
     
    Last edited: Oct 1, 2008
  13. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I agree with Kees.
    I've got Mrs. Click nicely tucked in with DW. I also have Returnil because I don't want all the garbage that she downloads to stay on the machine.
    She would give permissions to Satan himself.
    Hugger
     
  14. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    LOL,I have mrs click as well that will click anything, if it had flashing banners saying please click here she would be all over it. Before My mrs happy click gets use I fire up Returnil.
     
  15. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
  16. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,096
    Location:
    QC
  17. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    it seems to me the reviewer was comparing apples to oranges... a sandbox is malware agnostic... the fact that a bunch of the tools he looked at identified things as malicious points to the fact that they have additional functionality built in besides just sandboxing... additional protection is good, but if you're going to review sandboxing software you should stick to the sandbox functionality...

    nothing is impenetrable... if you start believing something is then you'll get careless and quite possibly pwned...
     
  18. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    340
    Location:
    Colorado Springs
    Specifically, does anyone have anything to say about the 2 exploits that Sandboxie missed; Adobe Flash clipboard hijack and the XP Antivirus malware program?
     
  19. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Quote Mitch:
    Quote Franklin:
     
  20. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    I addressed it in my earlier post. I can not reproduce his findings on the malware program.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i dont have a screen shot for it but sandboxie blocks the antivirus2009 very easy with no problems and nothing to scape the sandbox:thumb:
    so confident that i use sandboxie for testing malware insted of returnil or vm,thats me.
     
  22. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
  23. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I tested Antivirus 2009 a while back in sandboxie it did show the program tray icon running on the task which was a concern at first but after the termination and deletion of the contents there where No remants on my system.Sandboxied passed with out a doubt.
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    the icon you saw was a virtual icon not real:D after deleting the sandbox is gone as the wind:D
     
  25. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    My tests of SBIE vs. Antivirus2009 had the same results as those stated by djohn: The tray icon remained there until I passed the muose over it and then it dissapeared (no click needed, just pass the pointer over the icon). Otherwise, nothing at all stayed in my real system.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.