Sandboxie direct access question

Hello,

I've given direct access settings for noscript and adblock plus in Sandboxie so that when I close the browser(and everything inside the SB gets automatically deleted) and revisit the same site I need not again allow that site in NoScript.

I got the files to give direct access settings to after a lot of searching online. So my question is, is there a way to pinpoint a particular file where changes take place when I make changes to the programs gui so that I know that it is that particular file which I need to give direct access setting to...

Thanks,

exus

 

Hi exus69, to do that I use "TrackFolderChanges". It allows to track changes in folders, so if you change your program GUI and that change some file it can help you. It is a standalone app..

 

Thanks majoMo but unfortunately that did not help. When I went to the preferences in yahoo and changed the following options "Automatically start yahoo messenger" and "Show yahoo messenger insider" trackfolderchanges did not show any changes to any particular file in C:\Program Files\Yahoo.

Also there were no changes shown in C:\Users\username\AppData\Roaming\Yahoo! I just used those two options as samples. Say for eg. a person likes a particular font in yahoo and he selects that but on restarting the messenger (since the sandbox deletes everything on exit) comes across the same default font.

Agreed he can run the messenger outside the sandbox and then select the font of his choice to make the change permanant. But how many times will he keep running the messenger outside the SB just to make some permanant change in the preferences?? It'll be too inconvenient. The same logic applies to all settings and preferences in all sandboxed apps...

Any idea?

Thanks,

exus

 

@ exus69, I don't know how "yahoo messenger" works; but it seems here aren't folders changes, once you say "Automatically start yahoo messenger".

Likely we are facing registry changes also...

For both track changes (files/registry entries) I suggest to use System Explorer: it has a very good snapshot feature (snapshot tab), that you can use. It is very quickly in their analize, and shows the results in tree or text format.

Try it and I think you can see where changes was done.

P.S.: If you see Registry changes, you need to use registry direct access settings (OpenKeyPath) in SandboxIE.

 

exus69, do you have a file named something like

"com.yahoo.messenger3.Users.YourYahooID.plist"?

I don't use messenger programs but after quick searching Yahoo messenger preferences in Google, that file showed up a couple of times. If its in your computer, allow direct access to it.

Bo

 

Thanks for you replies. I was able to save those settings by giving direct access to the path C:\Users\username\AppData\Roaming\Yahoo!

One more question. Do you think direct access settings should be as minimal as possible coz they are not sandboxed?? Is it a security threat if I give an entire folder as a direct access setting instead an individual file?? If yes then how is it a security threat??

Please explain. Thanks

 

In my opinion, direct access should be used as little as possible but at the same time, I think that when we are setting up a sandbox, the sandbox has to be comfortable for you. Try to find the best balance that you can between convenience and security. Thats what I always try to do. In a way, I am kind of lucky because the only thing that I allow direct access in my computer are bookmarks and to me that's enough. I don't feel any inconvenience by not allowing anything else.

Whenever you allow direct access to a file or folder, you are opening up holes. So, keep Sandboxie as tight as possible by allowing as little as you can without making things uncomfortable.

Bo

 

Ok so taking my example of giving direct access to the folder C:\Users\username\AppData\Roaming\Yahoo! and not a particular file inside that folder, assuming that a malware infects my yahoo messenger will it stay inside that folder and destroy the files in there or cause more damage??

 

Exus, I think is better if you find the one file that needs direct access and only allow direct access to that file. It should not be hard to find the file that needs access but if you want to allow access to the whole folder, go ahead and do it. I would if I was using Yahoo messenger and allowing access to that folder made things more comfortable for me.

Something that I would do if I was using Messenger is use a separate sandbox for it. If you are not, that's something that you ought to do. Separating programs from each other will do good for you since allowing access to the Roaming\Yahoo folder will only be in effect in the Yahoo messenger sandbox.

Whatever you decide to do, I would not worry much. After all, is only one folder that you ll be allowing access. Different will be if you were allowing access to 25 folders in your computer. Anyway, I strongly believe that SBIE should make our internet experience better and if we need to allow something here or something there in order to be comfortable using the program, lets allow it and forget about it.

Bo

 

Thanks for the explanation bo. Here's another reply which is on similar lines to my question https://www.wilderssecurity.com/showthread.php?t=240008&page=3 post no.65

 

Can I ask a dumb question - why do you need NoScript in a sandboxed browser?

 

Hi Melf, I don't know if you are asking me but I do use SBIE and NoScript. I like using NoScript because it cleans websites of annoying stuff that jumps all over the place. By getting rid of distractions, I can focus on what I am doing. NoScript also blocks pop ups, I probably see about 2 or 3 pop ups a year and they only happen when I have allowed some site in order to download something.

I don't use plugins or Java other than Flash. Since I only use Flash when using Youtube, it also helps me block Flash elsewhere. For security, SBIE is enough but I think NoScript walks along SBIE hand on hand. The philosophy behind both softwares is similar in a way, SBIE tell us not to trust any program and NoScript tell us not to trust any site. I dont trust any site, not even mother Theresas site but I know that I can surf anywhere because I am using SBIE and NoScript. Thats pretty much how I feel.

Bo

 

Without a working script, exploits can't run in the browser.

Even with a Sandbox (and run restrictions in place), if the browser is compromised you can still lose data. It's not just about what trojans are downloaded to disk - if an exploit has worked, then the browser is already running malware code. Also there's cross site scripting to consider: CSRFs, etc...