Sandbox testing

it is nothing that is going to Hurt you Hurt not a big deal it will disapair anyhow

 

Why is DefenseWall even compared in the virtualization/sandboxing group? It marks programs as trusted and untrusted right? Plus what happens to everything on your system if later down the line, you decide to uninstall DefenseWall and try something different? What does it re-designate programs as after an uninstall?

 

Because it is a sandboxing-style behavior blocker.

Right.

You can uninstall without deleting its settings.

 

Is that referring to having an intention to reinstall DefenseWall at some point and the previously used settings would be retained? My question is suppose you install a program on your system and DefenseWall marks it as untrusted. Now, you later decide to uninstall DefenseWall (forever). Is that previously installed program limited in some way?

 

I know that, just posting my results...

 

cool

 

Have you tried running Linux using Virtualbox? It is very secure and a type of "Sandbox"

And if you use Linux using Virtualbox, you are immune from keyloggers when your host is windows. But as far as I know (someone correct me if I'm wrong), if your windows is infected with a keylogger, whatever you type in a sandboxie web browser session, will be picked up by the keylogger, but in Linux using Virtualbox it won't.

 

why would you be immune from keyloggers when running a linux vm inside a windows host? why would a linux keylogger not be able to run inside the linux vm?

again, i see no reason why your keystrokes wouldn't be picked up by a keylogger in the host (since it receives the keystrokes first and passes them on to the vm)...

 

No. Why? And how exactly?

 

This has already been discussed at length on wildersecurity..... If you run Ubuntu Linux as a guest using Virtualbox, and windows as the host, whatever you type in the guest Virtualbox Linux session cannot be detected or logged by any keylogger that has infected the host Windows.

In other words, if I type anything in the guest Linux Virtualbox session, it won't be picked up and logged by any host Windows keylogger. So it's very safe to use Linux Virtualbox to do netbanking etc because even if windows was infected with a keylogger, it won't pick it up.

Test it yourself using any keylogger test program.

 

Personally I think it's just overkill.

 

with all due respect, just because you haven't found a keylogger test app that does it doesn't mean there aren't keyloggers that can... how many do you think are out there and how many did you actually try?

i found some other threads here on the subject but some of the things said in them just don't ring true - vm's don't access hardware directly, they go through the host os (i shudder to think of what would happen if 2 or more concurrent systems were competing for access to the same hardware)... further, the notion of entering keyboard input into the vm is nonsense which can easily be seen by minimizing the vm's window and entering text into notepad... the vm is still running, it has no idea it's been minimized, why wouldn't it be capturing that text? it is the host OS that directs keyboard input to the appropriate process, whether that be a virtual machine running within that host or notepad or your browser... as such the keyboard input must go through the host first which means the keyboard input can be intercepted in the host...

but even more fundamental than that, you just cannot protect a guest system from something running on the host with the same (or greater) privileges as the vm software itself...

 

SandBoxie is good.. Yes but programs are being designed to jump out of them - Such as copying it'self to your clipboard then pasting in your real system etc amongst other things, Neither does Sandboxie "Sandbox" your memory.

It's good guys.. But don't go getting too over confident with it, it's not bullet proof... yet. Maybe in the future

 

Can you name any of these specifically designed apps that jump out of the sandbox and how does text copied to clipboard compromise a system?

 

Sure, It isn't an "normal APP" though. It's malware, We were discussing vitalization in the malware research group at comodo's forums. If you know what your doing send me a Pm and you could join the group and learn\share with each other the various techniques malware uses among other things.

Nothing is 100%

 

And may I extend an invite to your fine self to to pm me with any poc you may have so as I could contact the author of SB or maybe you could pass any on personally.

It can only help make one of the best ever security apps even better and work toward that magic 100% security.

 

sent message in regards to franklin

 

This was also said in the Infoworld article. The response of sandboxie's developer was:

"Being able to put stuff on the clipboard, for these guys that's an attack.
I emailed them once to ask why but didn't get a response."

Perhaps you could explain why it constitutes an attack.

If there is any other poc that is not contained, that would be news indeed.

@Franklin: If Kyle has informed you of such a poc, I hope you'll continue to keep us informed of the results of your testing.

soccerfan

 

I can think of 1 thing straight off the top of my head, Some worms\Malware install them selves on the memory -Never even touching the disk. (There for not being sanbox)
I've already explained as to why clipboard is an attack.

I think you guys are getting me all wrong, I'm not bashing Sandboxie at all - It's a great program and I have used it *I really like it!*

What I am saying is to people using virtual programs on their production machines or home PC's shouldn't rely solely on Sandboxing or boot to restore vitalisation.

 

Kyle, all your points are well taken and do not IMHO in any way imply bashing this product.

Perhaps I'm being dense this morning (no coffee yet!).
Could you please humor me and explain again (or guide me to the appropriate post). Many thanks in advance.

soccerfan

 

I do hope that tests results get posted here or in SBIE forums, so improvements can be added...

 

Kyle1420, I would hazard a guess and say you are full of shite:

Why would I wanna join a beta program that causes more probs than fixes?

 

I told you how to find out more about this issue and gain access. for obvious reasons I won't be "giving 0 day malware" to anyone.
I don't get what you mean "program" It's a forum that I'm reffering too.

Also I don't appreciate being told im full of *poo*. I came here to discuss and share opinions and I've also taken my time out to personally help you and give you the info you need.


Please use pm instead of open posts.


EDIT:: If you are going to qoute me, please qoute the whole message;

 

Okee Dokee, PM sent.

 

Kyle...

Once again you just confirms for the rest of us that you´re nothing more than a simple braggart, spreading around FUD since you can´t support your statements with any PoC. And when other members want some answers or further explanations, you really do your best to avoid this by referring to some ridiculous reason as the following:

Where have you explained this?

or:

Please...

Or as you did in this forum/thread where you avoided to, or "didn´t want to", refute my question and arguments by simply referring to links with product descriptions/praising = marketing...

Once again, if it´s something that I really detest, it has to be braggers without deeper knowledge, spreading a lot of FUD without any proof.

/C.