Sandboxie and Kaspersky Internet Security

Discussion in 'sandboxing & virtualization' started by thehawkMT, Jan 3, 2011.

Thread Status:
Not open for further replies.
  1. thehawkMT

    thehawkMT Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    34
    Good evening and happy new year.

    I will soon give my laptop to my parents so as they can finally enjoying the formidable world of Internet browsing :)

    Now I personally use Firefox + NoScript (besides other security tools of course) but there's no way my parents will learn to use NoScript to enable/disable scripts so I was thinking of installing Kaspersky Internet Security on their machine and SandboxIE, instructing the latter to always run Firefox in Sandbox mode.

    My question is: Let's say they end up on a website with a malicious script, will Kaspersky, the antivirus part of it, block the script? Or it will run and then disappear after the browser - and hence the sandbox - is closed?

    Thank you.
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    If they know what to NOT take out of the sandbox when it closes they should be OK. Also have only the browser have internet/running privileges and have it set to auto delete on exit.
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Doesn't Kaspersky have some sort of sandbox program- safe run - or something like that? What if the browsers were set to open in that? I'm not sure how it would treat downloads they would want to keep though.
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    You can use KIS own sandbox -- Safe Run for Websites. It is very tough and has not been bypassed to date. Simply teach them how to open browser via Kaspersky interface and they will be completely safe against all types of threats (including script which will also be scanned by Web-Antivirus) because Safe Run settings are very restrictive and cannot be over-ride and works on principle of restricted privileges. On my system, Google Chrome is not even allowed to use its installed extension when run under supervision of Safe Run.
     
  5. thehawkMT

    thehawkMT Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    34
    It does, but looking at some threads it seems it is still not as powerful as SandboxIE, though the thread is from 2009, so quite old. Does KIS have an "Always Run In SafeRun" mode feature like SandboxIE?

    Thanks.
     
  6. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    If the antivirus detects the script via either signatures or heuristics, then yes, it will block it because the scanning of Web content works at traffic level (so it doesn't matter if the browser is in the sandbox). Regardless, that doesn't really matter- if you have your browser sandboxed anything malicious coming from websites will be contained in the sandbox.

    If the user does Online banking then I'd recommend using KIS Safe run for websites/Online banking mode (not to be used at the same time as Sandboxie because of conflicts) because it provides an additional layer of protection against threats on an already compromised system by denying access to browsers' memory/threads to unknown 3rd party applications (similar to Prevx SafeOnline)- which Sandboxie doesn't have.
    On the other hand, if they don't do Online banking, using only Sandboxie will suffice- it's much more configurable and somewhat more safer/resilient compared to KIS sandbox (the latter having some issues with interpocess communication isolation ATM).
     
  7. thehawkMT

    thehawkMT Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    34
    Perfect!

    Thanks :)
     
  8. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Yes with a little edit to the shortcut you can. Take a look at this thread it explains how.

    Save your money and just use the sandbox from Kaspersky. It is very effective and has saved my butt several times! Just one piece of advice if you are sandboxed and download something remember to save it to the sandbox shared folder.

    Regards,
    Cgeek
     
  9. thehawkMT

    thehawkMT Registered Member

    Joined:
    Dec 16, 2010
    Posts:
    34
    Nice.

    Have you ever used Sandboxie, cgeek? I mean did KIS save you when Sandboxie didn't? I'm just trying to understand whether to go with KIS alone or both :)
     
  10. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    It's worth mentioning that that method isn't the same as Forced programs in SandboxIE.
    It will only sandbox the program if you launch it via that shortcut. If an unsandboxed application wants to start the application you created that shortcut trick for, it will start it outside the sandbox, since the shortcut isn't used. I.e if you're running Outlook outside the sandbox, and you've configured the shortcut for your def. browser as per the linked thread, when you click on a link in a email, the browser will start outside the sandbox (as opposed to SBIE Forced programs which sandboxes the program whichever way it's started).
     
  11. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    3x0gR13N is correct this is the only drawback to using safe run for websites. But you could open Outlook and use safe run for applications. Which would sandbox or virtualize the entire computer!

    @thehawkMT
    I have used sandboxie in the past and it is a wonderful application. Since I have used KIS I stopped using it since it has it's own sandbox. I also used to have Returnil but yet again it is covered in KIS. The only other app I use alongside is Prevx Safeonline. ;)

    Regards,
    Cgeek
     
    Last edited: Jan 4, 2011
Loading...
Thread Status:
Not open for further replies.