Sandboxed scenario question!

Discussion in 'sandboxing & virtualization' started by ratchet, Sep 11, 2007.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Thanks to all of you, I installed and have been using Sandboxie since Friday 9/7.
    A couple of months ago I received a panic phone call from daughter A. She was
    checking her emails on daughter B's work notebook and opened an e-card with the
    trojan/worm/virus or whatever was/is going around. Daughter B did have Norton installed
    (don't really know if it was up to date but it apparently did work) and immediately the
    comp went crazy with Norton and the malware firing away at machine gun speed, i.e. the
    malware trying to "reproduce" with Norton text boxes informing and stopping it. My question is:
    What would have happened if this had occured in Sandbox mode? Thank You!
     
  2. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Providing your email is sandboxed the worm would have stayed in the sandbox and upon deleting the sandbox terminated...
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I'm no expert, but I read recently that sometimes some anti-whatevers can reach into the sandbox and quarantine/delete the malware. I'm told this is because they anti-whatevers work at a lower level than the sandbox. If Norton didn't respond, theoretically the malware would be rendered harmless to the system and deleted when the contents were emptied. I hope that makes sense.

    If the malware installed in the sandbox, it could possibly steal information while it was running in the sandbox until the contents were emptied. It wouldn't harm the system, just grab information. Someone would have to confirm this and I believe there are ways to 'tighten up' sandboxie configuration to prevent this.

    innerpeace
     
  4. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    Interesting!
     
  5. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Indeed a possible scenario albeit I suspect the chances of this happening are fairly remote.
    Bear in mind that by design SandboxIE keeps just about anything from getting on your system.
    (I love the idea of surfing the dark side (if one is so inclined) with virtual impunity.)
    It does not do as well preventing stuff from leaving your system.
    Hence the rationale for outgoing protection, be it a FW w/ good outbound protection or a substantial HIPs proggie.
     
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    This was posted by Peter2150. https://www.wilderssecurity.com/showpost.php?p=1013701&postcount=38
    This is one way to protect your sensitive information from being stolen. I haven't tried it yet as I often restore downloads and pics to a folder in My Documents. I'm not sure if that would cause problems or not.

    Edit: I gave this a try and it worked. I did a quick test and went to Jotti in Firefox while sandboxed and couldn't browse My Documents. I also couldn't download to My Documents, so i guess I will have to start downloading to my desktop or find a way to exclude my download folder.
     
    Last edited: Sep 11, 2007
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Innerpeace

    Yes when you download and something wants to go to my doc's it can't. What I do is just download it to the desktop. Then when I recover it from the the sandbox, it's on my desktop and then I move it where I want. Worth the effort knowng nothing from the browsers can get to data.

    Pete
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Definitely worth it and thanks for the tip. I kept reading posts of you mentioning it, so I did a search and found your config post. It's a great feature for added safety and privacy. Thanks :)

    Cheers, innerpeace
     
Loading...
Thread Status:
Not open for further replies.