Sandboxie and banking browser configuration

Hello, I'm configuring sandboxie with Chrome for baking purpose I would like to know your configurations in order to improve mine.
Chrome starts in antonym mode and I'm using the free version of sandboxie

Here is my configuration of the sandbox:

 

Make sure you only use HTTPS with your banking websites. You could use some sorta keyboard encryption software but I think you'll be fine without it.

 

Thanks
The ideal would be if sandboxie were compatible with trusteer rapport or Prevx Safe Online. At least works with spyshelter

As far as I know sandboxie does not protect against banking malware
http://forums.malwareresearchgroup.com/viewtopic.php?f=29&t=582&p=2130&hilit=sandboxie#p2130

When I close the sandboxed Chrome I got this message: "SBIE1308 Program 'rundll32.exe' cannot start due to restrictions
" Should I allow 'rundll32.exe' to run in the sandbox?

 

Personally I wouldn't use either Chrome or Sandboxie for banking. Here's why:

1. Chrome - few controls/code reviews on the extensions before they are made available to install. One bad/rogue extension and your banking session could be insecure.

2. Sandboxie prevents you from using Trusteer or Prevx SOL as you mentioned, although Zemana and Spyshelter do work with Sandboxie

My approach:
- use a separate browser with no extensions for banking sessions only
- run non-banking web sessions with a different browser inside Sandboxie
- empty Sandboxie before doing any banking
- use your favourite anti-zeus/spyeye software (Zemana, Spyshelter, Rapport, Prevx SOL) to protect your banking sessions.

With this approach you get your "ideal", plus you also remove the risk of bad extensions.

 

AFAIK, Sandboxie doesn't protect against anything within it's own session. It only isolates Windows from whatever you are running inside the sandbox.

That said, I disagree that it can't be (or isn't) useful while banking. If you start with a clean PC, have every Sandboxie session start up as a new (clean) sandbox, do your banking immediately after starting a fresh Sandboxie session, and then close your Sandboxie session, I don't see much possibility of an issue within Sandboxie or Windows after you exit Sandboxie.

Granted, this is based on a clean PC as your foundation. If you don't have a clean PC, all bets are off for nearly anything.

Of course, the bank's security on their end plays a part in all of this but that is not the subject of this thread...

 

@Scoobs72
I I'm running chrome just for baking without extensions and Firefox for normal use, thanks for the other advices.

@HAN
I see, I just wanted to know if there is a way to prevent against banking malware using sandboxie config.
There are other sources of malware not just the browser, if you get infected during a sandboxed session with zeus and then you enter in you bank your data will be vulnerable.
Or if your computer has been infected by other source you are also vulnerable, I know that you can sandbox usb, and almost everything but with the free version this is no that easy or friendly user.

I know that are remote possibilities but this is a forum of "paranoid people", and we all like feel that we have the perfect config

 

Your approach is good. But, I'd just like to add that it's possible to have more than one Chrome profile, so you could run one without extensions.

Another option, would be to run two Chrome installs.

 

I have one sandbox dedicated to banking.

The only program that has Start/Run Access and Internet Access is Internet Explorer. Nothing else.

By default, Sandboxie allows all programs both Start/Run and Internet Access in any sandbox. The moment a user adds just one program to the restrictions settings, that "wide open" default setting is locked down, and no program other than the one (or ones) stipulated can do anything.

To me, that right there reflects the power of Sandboxie.

I also have Drop Rights enabled in that box and auto deletion.

 

I install a browser dedicated to banking/transactions. It happens to be QTweb, but any dedicated browser will work.

1. install browser with your network card disabled.
2. configure browser as needed.
3. create sandbox that allows only browser.exe to execute and only allows browser.exe network access
4. restrict any areas from being read that you might want, such as a quick books directory or other similar location that should never be accessed by other applications (this could apply to all of your sandboxes)
5. configure sandbox to delete contents on closing
6. enable network card

The idea is that you configure the browser prior to actually using it online, so that you KNOW it is in a clean state to begin with. You do NOT allow anything to be saved by sandboxie, like bookmarks or passwords, etc. Now when you start the browser up, in the sandbox, you know it has never been online (thus hopefully clean), you know ONLY the browser will be allowed access online and access to run, this stops everything else like keyloggers, etc. You know when you close the browser, that it is deleted and you start again with a clean slate. Even if you save a password, because those things are not saved, and the sandbox deletes itself, you start every time without those little security loopholes.

This doesn't address whether your system has a bug which could effect things. It doesn't address whether your browser has a bug or not. It does not address whether the website you visit is compromised. It only ensures you have a known clean environment when you set it up, and that environment will not be tampered with when you use it within the confines of sandboxie. Your other habits/protections now come into play.

It is the best you can do IMO.

Sul.

 

But, generally speaking, assuming a computer is clean of malware, is quite an assumption.

So, unless xyz user is100% sure the system is clean, Sandboxie is of no use to fight against keyloggers/other banking threats that are already present in the system. Sandboxie won't make it impossible to read the sandboxes (the processes/files running inside of them).

My approach would be similar to the one user Scoobs72 mentioned. On top of that, I'd run such browser in a different user account, and if possible restrict the browser communications to the bank's domains/IPs and nothing else.

 

How about creating two standard user accounts. One for general browsing and the other for banking and implementing default deny for both using SRP and put sandboxie in the mix

 

That would be a good approach. I just didn't mention SRP/AppLocker before.

But, something like Trusteer Rapport or Prevx SafeOnline/Webroot SecureAnywhere (when it comes out of closed beta, perhaps) would still be needed for those users who have tremors in their hands.

 

We postulate about how to be absolutely safe doing online banking, yet 99% of the rest of netizens only put on an AV suite and maybe use UAC if they have it.

We are geeks and nerds, arent' we

Sul.

 

Absolutely

@m00nbl00d I also have those tremors to some extent so I am thinking of installing rapport but at the sametime hesitant to let go of sandboxie

 

You don't need to let Sandboxie go, at all. You just need to separate your tasks.

You already mentioned two standard user accounts. One for general web browsing and one for accessing the bank's account only.

You could/should use Sandboxie for the general web browsing user account and use Trusteer Rapport/Prevx SafeOnline to protect the web browser in the other account.

You could tighten things up by restricting the browser to communicate only with the bank's website domains/IPs only.

Again, only if you consider that you'd be safer with this approach, rather than just sandboxing the browser for accessing the bank's account.

 

i've just installed Trusteer.

it does not seem to slow down browsing.

it is used by a lot of banks so i assume it must help.
protecting my online banking is probably the thing that scares me most about malware.

you can protect up tp 100 websites with the regular license so that should be more than enough for most people.

 

So is Sandboxie compatible with Trusteer?
Some say it isn't, but you say it is?

Edit in: I just found a SBIE Forum topic about Trusteer compatibility.
Looks like it isn't.

 

incompatible with Sandboxie according to this Trusteer Rapport web page:
http://consumers.trusteer.com/compatibility-other-security-software

 

The same goes for Prevx SafeOnline. I don't know about Trusteer, but with SafeOnline you need to open breaches in Sandboxie.

But, don't do that. Just use one account with Sandboxie and another one either with Rapport or SafeOnline.

It would be great if we could make use of both, yes... but, such is not possible, so make use of what you have.

 

If this is how you feel, then you may not have enough confidence in your ability to keep your computer malware free. Just sayin'

BTW, Kees1958 in a thread some time ago presented a nice idea; configure your outbound firewall to restrict your "banking browser" (let's just say, for example, you use Chrome for banking only, to your bank's ip address(es). This is, imo, an excellent idea from Kees You could also compliment this with a sandbox for this browser only and restrict Internet access for the selected browser only and run all this in a standard (limited) account. Really, what more do you seriously need?

 

You know what? You got me there for a moment... But... fear not my friend... I haven't subscribed to my bank's online service.

This is a nice approach, yes... very similar to what I do to relatives... But, my relatives aren't me nor Kees, nor you... etc. So, they need an extra ensurance, because while Kees approach is indeed great, it has a flaw, and that is that if something install with admin. rights (either the user does it or privilege escalation... or simply an admin. account without UAC lol), then it won't be WF (let's face it, most folks won't know how to deal with other type of firewalls and oh... YES... allow that, by all means... YES.... ) that will stop info going out.

Something like Rapport or SafeOnline/SecureAnywhere (when it comes out ) is all they will have, if their AV fails.

It's not for nothing that Zeus/Spyeye developer has added a feature to bypass, if I'm not mistaken, Rapport. So... it must protect their users, no? lol

 

this might be of interest:
https://www.wilderssecurity.com/showpost.php?p=1890472&postcount=30

 

Indeed, with the good comes the bad. The more an application is used, the more it will be targeted. The same would happen to Sandboxie or any other apps. But, it does show that the likes of Rapport aren't useless, otherwise why bother adding anti-Rapport, etc? Somehow, I don't think it's just for the placebo effect... lol

 

For my online banking, I run Firefox sandboxed solely for this purpose and have keyscrambler running in the background for a bit of extra protection. For general web browsing i use a different sandboxed browser altogether which happens to be opera at this point in time.

 

It isn't just about banking though. It's also about online shopping, accessing utility bills online, completing statutory returns online, etc; in fact just about any website that requires you to enter personal information that could be subject to identity theft. I doubt if many people would want to have to maintain an entire list of IP addresses.

Trusteer Rapport makes it easy to add protection for any website at the click of a button. With Prevx SafeOnline, it's even easier as https websites are automatically protected with a higher level of security as a default. Simply restricting the browser won't help if the machine is already infected. Utilities like Trusteer Rapport and Prevx SafeOnline are an additional layer that provides a little bit of extra insurance, just in case.