SandboxIE alternative and p2p apps security

Discussion in 'sandboxing & virtualization' started by Swordfish_, Aug 1, 2008.

Thread Status:
Not open for further replies.
  1. Swordfish_

    Swordfish_ Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    63
    First things first - that's my first post here - so Hello :)

    is there any good alternative for SandboxIE?

    Actually, sandbox is the last thing that's missing from my 20-program ;) security config, so now I am wondering which one(s) should I focus on...

    I mostly need it for my p2p applications - yesterday, just because of being bored, I launched CurrPorts - and it showed me a lot of connections, where the program column was flagged as "unknown". What's interesting - there were also a lot of connections on the same ports flagged as "uTorrent". So - my point is - why some of the UT connections are visible from the CurrPorts "perspective" (in the sense, that CurrPorts sees the actual program) and some are not (in the sense that program is "unknown")? Is it just an innate characteristic of this program (or maybe a flaw in CurrPorts), or maybe it's something that should never happen?
    Even more - after launching Process Explorer and terminating UT - CurrPorts still showed these connections (TimeWait mode). So, I rebooted - and now everything is going fine (connections that CurrPorts shows make sense - but now UT as well as any other p2p app is shut down).

    So, my first idea - IF a p2p app would be compromised (which, on the other hand is unlikely in my case now, but, all things being the same, it just sparked some controversy in my mind - just some "what if?" questions), would sandbox (of course used in a layered security configuration) contain the leak (by this I don't mean downloading any malware/spyware/whateverware but more exploiting the vulnerability of the p2p app code holes) ? If not - then what? Applying some strict HIPS rules?

    Or maybe just another approach?

    Best Regards,
    Adam
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Personally i use defensewall to run my p2p apps as untrusted programs. This restricts what the program can do which helps to keep things safer. There are other programs like geswall and online armor which do a similar job.
     
  3. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    It may help to know why you are looking for an alternative to SandboxIE. Is it simply for choice or is there something you don't like about SandboxIE? If it is for choices then Defensewall as farmerlee suggested is an excellent choice. Online Armor is also an excellent app and would be very worthy of consideration. I've never used GesWall so can't comment, but i've used SBIE, DW & OA and deem them top tier apps.

    muf
     
  4. Swordfish_

    Swordfish_ Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    63
    To be hones - it's simply a matter of having choice and curiosity.
    I'm running CPF, though I may decide to abandon it and try something different.

    Anyway - thanks for your opinion.

    Best Regards,
    a.
     
Loading...
Thread Status:
Not open for further replies.