Sandboxie and VMware

Discussion in 'sandboxing & virtualization' started by kjdemuth, Apr 30, 2011.

Thread Status:
Not open for further replies.
  1. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Ok I know this is probably a easy question for all you sandboxie veterans. I have sandboxie and am trying to get VMware to run sandboxed. It says that the sandbox isn't big enough. I even increased the size of the sandbox but it still says it isn't big enough. I'm running windows 7 ultimate 32 bit on VMware. I hope I'm not the only one thats encountered this.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Frankly I don't see the point of trying to run VMware Sandboxed. I have VMware and I have Sandboxie, and I have Sandboxie installed on my VM machines. But running VMware in Sandboxie? That I don't get.

    Pete
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Tell me why you think this is necessary? Do you have proof that any real threats escaped out of VMware?
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Do I have any proof? No. Why do I need proof? I also don't need to explain my actions as to why I want to do it. So if you can't answer the questions then don't respond. Leave it to the real experts. Its a pretty straight forward question.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I'm sure the real experts will agree that it's unnecessary.
     
  6. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Oh very witty retort. Again not really useful information. Of course I expect that.
     
  7. wat0114

    wat0114 Guest

    At least a couple members (one former and myself) have sandboxied Virtualbox successfully, but I don't know if it's possible with VMWare. I've never tried and don't really want to. The sb + vbox attempt was for me nothing more than an experiment.

    This approach is probably more practical.

    Ultimate security, maybe? :D ...there was recent mention in this forum of someone "witnessing" a potent malware that was able to jump out of the vm and into the real system, though I don't recall seeing any concrete evidence posted of that happening.

    IMO, Sanboxing in a vm or a vm sandboxed are probably both overkill if it's meant for bolstering security. I'm running successfully vmware7 in my Win7 Standard account, which is bolstered by AppLocker. This is probably overkill, too, but it works gracefully with no stability issues.
     
  8. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Purely from a security perspective running VMWare within SBIE may not offer much additional protection and on modern CPUs supporting Intel VT and AMD-V it could theoretically reduce security;however the OP may have other reasons for doing this as it wasn't stated exactly why.

    Information is very sparse on the practicality of this,however it appears that Virtualbox runs ok so there mightn't be an overriding issue preventing it.I'm presuming that there is actually enough free space for SBIE to create a copy of VMWare and it's guest OS on the system in question.

    *Edit* Virtualbox runs in SBIE perfectly well for me.
     
    Last edited: May 1, 2011
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    I run SBIE in my virtual machine as I have it configured exactly as my host. Since the folder of my small VM is over 60gb, and the big one is twice that size, even trying to run the in SBIE would be tough.

    When I need extra protection for testing in the VM, I run Shadow Defender on the host, to further protect it.

    I don't see sandboxeing VMware as extra protection, so maybe the OP has another reason, but since he doesn't say, I can't comment.

    Pete
     
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    The reason I wanted to run vmware sandbox was for some extra protection. I understand that its probably unnecessary and the virtual machine is probably very safe. I can't recall his name but that guy that had mentioned the malware that can jump out of a virtual into your host, might have made me a little paranoid. I have used shadowdefender on my normal host and then run vmware. I was just curious if it could be done with sandboxie.
    I'm sorry for my previous rantings. I get upset when people just can't answer a question, without throwing in their two cents first. I've seen it more and more lately. People come here to get help, inquire and learn about security. Why should they get abused during the process? Snide comments should be left out of an answer.
     
  11. wat0114

    wat0114 Guest

    @kjdemuth, what is the host O/S you are using?
     
  12. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Extremely weird idea. Just use sandboxie in VM, not the other way round.
     
  13. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Win 7 ultimate 32 bit
     
  14. wat0114

    wat0114 Guest

    The setup I'm using should serve you extremely well; practically bullet proof and no 3rd party software introduced:

    Even if you just go with AppLocker defaults, that will still bolster security considerably without the added complications of trying to fine-tune the rules.

    Alternatively, you could even forgo Applocker, because the Standard account will more than likely be enough to thwart those pesky "ninja leaping" (as I like to call them) malware ;)

    Finally, if you have your entire setup imaged, then in the unlikely even something does go wrong, just restore the most recent image and you're good to go.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Reason most of us were curious about your use it that helps answer.

    I would consider the last version of VMware Workstation to by highly secure, and for normal use don't worry about it. However when I am testing stuff I know is dangerous, then I turn on Shadow Defender. Amazingly SD even reverts the VM machine back to it's current state, and that is with a 60+gb folder.

    I would say that you are good to go with VMware, and running it on top of SD, if you are really doing something questionable, security wise.

    I don't think the pain of trying to run in SBIE would be worth the gain, which I suspect is very small if any.

    Cheers,

    Pete
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you're talking about SteveTX, he claims his mystery malware can break out of SandBoxie as well.

    Don't get too paranoid unless he actually shows undeniable proof.
     
  17. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Why would you want to sandbox an environment that is already separated from your OS? Sandboxie might even prevent the applications running in the VM to work properly (or at least to fullest extent) and you'd end up in a scenario where the things you're doing in the virtual environment doesn't mirror the real environment outside the VM.

    The only reason I kind find is if the VM-software you're using has a vulnerability. But the VM-softwares around are extremely safe these days.
     
  18. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I think I'll just stick with running shadowdefender on my host system. Sounds like its too much of a pain and really not worth the effort. Thanks for all your help. Sorry for the short fuse.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    HI Kjdemuth

    I think you ended up at the right place, and we all get short fuses at times. As they say all is well that ends well.

    Pete
     
  20. samy

    samy Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    148
    I am novice regarding Virtual Machines. i begun learning this subject only 10 days ago. I read a lot of threads in this forum which were very instructive. I installed VMware Player and use it to learn and test.
    I was under the assumption that the V.M. is a "totally close" environment and totally safe for testing software, but when I saw the ease to 'copy and paste" programs and exe files from the host to the guest PC and vice-versa I have been surprised/disappointed.

    My questions Peter are :
    - To what extend is VMware safe in itself? as per the quote above.
    - Is there any danger of the host computer becoming infected from an infected VMware guest machine?
    - Testing a software which may "contain a code" on the guest, is there any danger (vulnerability) for this "code" running on the host?

    Thanks
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    HI Samy

    I don't think you can ever put a number on anything, but it's extremely high, so in normal use I don't give it a thought.

    When testing Malware, I do protect my host, but as of yet, I've never seen anything escape the VM. I use a VMware Workstation machine.

    Pete
     
  22. DIgiDis

    DIgiDis Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    49
    I use VirtualBox, but I am sure VMWare is the same. I tend to think of VMs as sandboxes and use them as such. There is also the ability to make snapshots which comes in handy and functions sort of like Returnil.

    I think its a good idea to protect a VM and something like Comodo IS should be enough. If, in the unlikely possibility, that some malware escapes a VM it would then still have to face the protection of the host machine.

    To put things in perspective, I see many videos on youtube where people test various malware softwares against zero day threats in VMs and still none have jumped the VM to infect the host.

    Lastly, if you are really worried about being infected, it is really easy to back up VMs and I would also have a routine of disk imaging for the host. I understand malware is getting pretty sophisticated, but I am very confident none are capable of jumping through time.
     
  23. samy

    samy Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    148
    Peter and DIgiDis thanks for your kind assistance.
    I feel comfortable with the answers.
    As I mentioned in my thread above I just wondered that regarding the ease to
    copy and past executable programs between the host and the guest, a sophisticated malware could do the same using a hidden configuration.

    Peter
    which version of Shadow Defender are you using?
    i am asking this question because of the issue regarding the new one (331) and detailed in
    https://www.wilderssecurity.com/showthread.php?t=293075

    thanks
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    I am using 325. I downloaded 326 while site was still Tonys but never saw a reason to install it.

    Pete
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,770
    Location:
    Outer space
    Perhaps using EMET on the host to apply migitations to all VMware's processes might help to prevent them from being exploited and thus reducing the change of breaking out, I don't think that using EMET inside the guest will protect VMware, only the OS it runs.
     
Loading...
Thread Status:
Not open for further replies.