Sandboxie + Java = How do I protect myself?

Discussion in 'sandboxing & virtualization' started by ExtremeGamerBR, Jan 20, 2012.

Thread Status:
Not open for further replies.
  1. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    I stopped using AV for some time, and unfortunately I have to use Java.

    How can I configure Sandboxie to protect myself from attacks in Java?

    My browser is isolated, it would be enough?

    Thank you! :thumb:
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Thanks for starting this topic. :)
     
  3. chris1341

    chris1341 Guest

    Depends what you mean by Java attack. Different exploits do different things so need different mitigation but if your sandboxed browser starts the java process then java and anything spawned from it will be sandboxed also and therefore subject to any restrictions you add to your sandbox.

    So if your worried about java exploits reading private data then block access to important files. If you are worried about exploits escalating privilege use 'drop-rights'. If your worried about java being used to download and run malicious files or starting other processes to do the same use start/run restrictions and so on.

    In other words use what you would anyway safe in the knowledge emptying the sandbox will get rid of it anyway :D .

    Cheers
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Typical start/run restrictions. Typical internet restrictions. Block access where you can.
     
  5. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Thanks, I have restricted my browser, only a few applications can start - including Java.

    If I understand if I go into an infected page running Java (To do any damage to your computer) so I'll clear my sandbox without infection.

    So great, Sandboxie is undoubtedly fantastic!
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You could go a bit further, though. :D

    When I don't need Java, which is often :argh:, I simply keep my Java firewall rules disabled; when I do need Java, then I enabled them back.

    If you don't want to do that, but still want to prevent Java from connecting to the Internet when you don't need it, you could force Java to a sandbox, then in the start/run permissions enter some fake process name - something like IamBlockingJavaCosIsNasty.exe Or, you could simply force it to run in a sandbox, and block Internet access for that sandbox. Whatever works for you.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    You can install it in a dedicated sandbox that don't delete. If Java is required, run the browser or program that requires it in the Java sandbox.

    If you want to keep using it like you are doing now, in a restricted browser sandbox, if you are using Firefox you could use NoScript to block Java on all sites except when you allow it. I used it this way until I figured out that I don't need Java at all and uninstalled it.

    If I was to use Java again, I would use the dedicated sandbox.

    Bo
     
Loading...
Thread Status:
Not open for further replies.