Sandboxie Configuration Recommendations

Discussion in 'sandboxing & virtualization' started by TheKid7, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Guest

    Okay, thanks Sully. I guess as long as the config is backed, which I do, then there's no need to fear after all. Slowly I'm getting a better understanding of this great product, so perhaps venturing into the mystical depths of the config will do me some good :)
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hurst is an absolute great source for all things Sandboxie. Here or at SB forum, he has great info.

    Sul.
     
  3. AH26

    AH26 Registered Member

    Joined:
    May 27, 2009
    Posts:
    1
    ......
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Ok, your using plugins so that makes sense now in how you were able to open those file types in a highly restricted sandbox :).

    Yep, I was talking about my browser downloading the file and then choosing to view the file myself with winamp or foxit.
     
  5. ssj100

    ssj100 Guest

    Sure thing mate. Well, hope this thread has helped and/or reassured you! Happy Sandboxing haha!
     
  6. ssj100

    ssj100 Guest

    Nice, can you PM me it haha.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Make it two. Brain storming is never too much, and we always have something to learn about.

    Thanks
     
  8. ssj100

    ssj100 Guest

    Hi m00nbl00d, unfortunately I've exceeded my PM daily limit haha. I'll try to remember to PM you my article tomorrow. Cheers mate.
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,253
    Location:
    New England
    PM limit raised.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thank you ssj100 for the PM and LowWaterMark for raising the limit. ;)
     
  11. wat0114

    wat0114 Guest

    ssj10, could you please pm me as well with your config? Even if I don't follow it all, I still want to see what others are doing. After all, knowledge is a good thing :)
     
  12. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Thanks to the OP for this thread I've found it helpful. I decided to try SB on my laptop and with a little patience (and time) i have been very impressed with SB. I would be interested in the article if it describes in some detail how to configure SB to reach its full potential (or at least closer to it than I am now).
     
  13. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    What are the added risks in allowing full access to Firefox's profile?
     
  14. ssj100

    ssj100 Guest

    Hi all, I've received quite a few PMs asking me about my small article on configuring for near 100% security. Most of the PMs have generally asked for my Sandboxie configuration - please check the first page of this thread (post number 8 ) for it!

    I've avoided posting the full article in this thread, as it's not relevant to Sandboxie. The article is mostly about Sandboxie anyway.

    EDIT: if anyone has any questions about any of the 12 steps, please feel free to ask it here. Just quote which step you're unsure of or have a question about and I'll happily answer or justify why I use it like that. Thanks!
     
    Last edited by a moderator: Jun 4, 2009
  15. ssj100

    ssj100 Guest

    This is an arguable one. Some experts will say that there are no additional risks in allowing an Openfilepath to firefox's profile. After all, you can configure it so ONLY firefox.exe can access firefox's profile on the real system.

    One of the risks involved is actually pretty much prevented by Firefox's own defensive system: "Warn me when sites try to install add-ons", which is enabled by default. In theory, a malicious keylogger could automate its own installation (using a hidden script) within Firefox when the user browses to a web-site. Once installed into firefox's profile (which will be on the real system, since you've allowed access as above), the keylogger will simply log everything you type and try to send it out. If it somehow uses firefox.exe and associated ports etc to send out the information you're typing, and if your firewall doesn't alert you to this suspicious behaviour, then your privacy is completely compromised.

    This might be a reason why some people choose to automatically always empty the sandboxed Firefox session each time. The problem is that if you've allowed access to your real firefox profile, this means the keylogger will remain on your system permanently (despite emptying the sandbox after each session).

    Then comes the question of usability and convenience, and balancing this with security. Is there even a keylogger out there that can bypass Firefox's notification system when a site trys to install an add-on? Is this whole process of sending out information within the sandbox using firefox.exe (it MUST use firefox.exe, as no untrusted processes are allowed to run if you've configured Sandboxie properly) even possible?

    Personally, that is why I divide my browsing habits with two browsers: Firefox and IE 8.

    Firefox is for normal, everyday surfing, and I never empty out its sandbox (except when I am doing a major upgrade). Since I don't empty out its sandbox, I have great usability and convenience, and easily retain browser history, cookies, newly installed add-ons, bookmarks etc. All this is of course in the virtualised environment.

    For more private surfing (internet banking etc), I use IE 8, and automatically set its sandbox to empty out after each session. In this way, every time I use IE 8, I will effectively be using a completely freshly installed IE that is guaranteed to be malware-free. Thus, I solve the extremely unlikely problem of the potential keylogger above for sensitive browsing.

    To be honest, I don't think it is really necessary to use IE 8 like that. I think with the sandboxed Firefox configured so tightly and securely (even with Openfilepaths like allowing access to Firefox's profile), you are pretty much 100% covered.

    But I guess I just like making use of Sandboxie's full power. And I'm still learning more about Sandboxie too! I recently discovered a Sandboxie add-on which would make Sandboxie pass all those POCs in "Some tests", even in default configuration. I think Tzuk is planning to implement this feature permanently in the near future. Personally, I don't think it's needed at all though.
     
  16. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    As ssj100 stated, you could install a bad add-on or theoretically Firefox could have a vulnerability that would install the add-on without your knowledge. I'm sure if a vulnerability is known it would be patched quickly and that is why it's important to keep up on updates. All of the above is theoretical for now but I do believe there has been a few bad add-ons that users have installed themselves. Here is a recent thread that may help a little about how Firefox alerts to a new add-on. https://www.wilderssecurity.com/showthread.php?t=242348

    I only allow a few things to have an openfilepath within Sandboxie. Just bookmarks/history, Firefox phishing database and AdBlockPlus patterns. In enjoy the fact that my cache, cookies, etc. are deleted when I'm done surfing. It saves me from running ccleaner all the time. I also occasionally like to try an add-on and delete the box when I'm done like I did in the above linky.

    On the flip side, if I need to update an add-on or Firefox, I start it normally and do what is needed then close the browser and run ccleaner. You'll have to find a system that works for you and your needs :).
     
  17. Gaeko

    Gaeko Guest

    Hi all!
    I think it would really be nice,
    if there are ScreenShots of your SBIE configuration.
    Something like Blackspear's NOD32 configuration. :)
    Don't bother though, I know it's a tought job. :(
     
  18. Godlike

    Godlike Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    12
    Location:
    New York
    Re: ssj100 & innerpeace

    Very informative posts, thanks. :thumb:
     
  19. wat0114

    wat0114 Guest


    I've been thinking the same thing :) Maybe those of us who have configurations that are beyond the basics could post something, even if it's only one or two shots.
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes, this is a good idea. I will get around to this, as peeps I know have also wanted this done. Maybe into a .pdf would work. I might even put it on my website. Not that everyone wants a setup like mine, but seeing different configs can only help develop better ideas.

    Sul.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    that's easy just add the first 10 letters or so of the alphabet into sandboxie settings.

    And A good informative thread here for sandboxie Newbies good job ssj100.

    But If only sandboxie users would take a leap of faith and step out of their Sandboxie Comfort Zone and discover the true powerful bullet proof benefits of Malware Defender HIPS and learn how the windows operating system works.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i agree with you,i learned alot by using my hips(MD)this is very important to get to know your system:thumb:
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    And, why would Sandboxie users, take that "leap of faith", to move towards something else more complicated of dealing with, by loosing something of easy use and effective?

    Security doesn't have to be hard to achieve. It is easy, and the right mechanisms are available, so why complicate security?
     
  24. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    993
    :cool:

    :thumb: :thumb: :thumb:

    :shifty:
     
    Last edited by a moderator: Jun 4, 2009
  25. ssj100

    ssj100 Guest

    Thanks arran.

    But please read my posts more carefully. You said: "...that's easy just add the first 10 letters or so of the alphabet into sandboxie settings", which is almost exactly what I mentioned in post number 25 of this thread after "EDIT". Unfortunately you didn't quote that. But thanks for repeating it to anyone who wants USB protection. However, as I also mentioned in the post, "This is a bit impractical, as sometimes you don't want everything you connect to your computer to always run sandboxed..."

    I wouldn't call it informative for just Sandboxie newbies. As you have already seen, people who have been using Sandboxie for years have benefited from this thread too. It's good to share ideas, and I doubt anyone had the exact same Sandboxie configuration as I have. With Sandboxie, it's all a matter of strategy too - for example, achieving the "100% clean browser" (I use IE 8 for this) every time you open the browser is a Sandboxie strategy that is highly convenient and provides that 100% protection when doing sensitive surfing without sacrificing usability.

    Malware Defender is a completely different security product and in my opinion, it would be best used in combination with Sandboxie. You can already achieve bullet-proof protection using Sandboxie alone (with internet facing applications etc), but a classical HIPS like Malware Defender would provide that "system wide protection" that Sandboxie is missing. I use Comodo's Defense+ (completely free) which is also a classical HIPS that is being continually developed and supported by a big company (just like Malware Defender is being continually developed and supported by Xiaolin).

    It's all about finding your balance and what product(s) you're comfortable with using to achieve that 100% (or bullet-proof status). I've found my balance and have stuck with it for a while now, and I don't see it changing for many years to come. With the current setup I have, I have minimal pop-ups (sometimes I'd go days without any at all if I'm not downloading or installing new programs), and excellent usability and convenience (no need for more tweaking or un-tweaking everyday). Of course, I'll always be on the look-out for new possibilities and improvements though! In the mean time, I'm now enjoying using my computer for other pleasures (and no longer spending hours trying to configure things to achieve that 100% without losing usability and convenience).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.