Sandboxie/Keylogger Question

Discussion in 'sandboxing & virtualization' started by chinook9, Mar 26, 2010.

Thread Status:
Not open for further replies.
  1. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    My brother-in-law surfs and does his banking online using a Win Vista box using IE8 with NIS as his only protection. He has had a couple of viruses/trojans and I was considering putting Sandboxie on his machine for him to use only for his banking. He is not the kind of person who can answer a bunch of pop-ups so I have to make it very easy. I can do this with Sandboxie.

    The question is: If he gets a keylogger on his machine outside the sandbox, can that keylogger intercept key strokes made on a browser inside the sandbox?

    I assumed it can't but I want to make sure.
     
  2. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    He should install prevx with safeonline. That way, even if a keylogger is installed, his keystrokes won't be monitored/recorded while browsing sandboxed or not.

    Works well with sandboxie.
     
  5. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    Thank you all for the information. Logic told me that Sandbox could not protect from a keylogger already in the system and I am glad I asked.

    I considered applications like IDVault but I'm afraid that is just too complex for him.

    I downloaded Prevx Safeonline and tried to install it in a virtual OS but it did not install. I will continue to work with it to check it out.

    Thanks again. If anyone else has recommendations, I would still like to know what they are.
     
  6. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    To each their own, but I am highly against signing up to Facebook or any social network to get software free. You do NOT want to deal with Facebook's "We don't give a damn about your privacy, we'll share what we please" attitude. If anyone is worse about privacy than Google, it is them. As far as I know you have to create a profile to use Facebook, probably before you even get confirmed for an account. Configure Sandboxie to not allow anything to run or gain internet access besides the browser in the default sandbox, and keyloggers shouldn't be an issue.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    KeyScrambler is the choice for him. With IE, even the free version will do its job.
     
  9. ratwing

    ratwing Guest

    Why well said!! Amen!!
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    For IE8

    The smartscreen blocks about 60% of the malware, so keep it on.

    Run IE8 with UAC in protected mode or create a shortcut with drop my rights on XP (http://www.symantec.com/connect/articles/reducing-browser-privileges)

    Install keyscrambler Free for IE8

    Install Trusteer Rapport Free, select block screen capturing, Validate IP address, security certificate, warn when log-info is used for partner and my sensitive websites. Set protect browser process to Allways, set Keyboard encryption and Send info to Never. Free version allows to add 50 websites. Add his online banking sites (add the https etc) and his favourite shopping sites.

    Show him how to add a website to trusteer protection list
     
  11. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Does Trusteer work with Prevx also installed?
     
  12. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    Wow! More great feedback! I had completely forgotten about Keyscrambler which I have on all my computers. I will also check out Trusteer Rapport some more.

    As for Facebook, I am already on it, but I have never put any personal information on it other than my old e-mail address which half the spammers in the world already have.

    Thanks again!
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I did not manage to get the free prevx **, so I do not know how good it is or whether it can run together. I do know keyscrambler and Trusteer work well together.

    Risk analysis using Keyscrambler and Trusteer with IE

    What I do know is that with a reduced rights Internet Browser kernel based keyloggers and system wide hooks/keyboard hooks can't install. When you look at Malware Research Group test, keyscrambler Free circumvades/fools most (all) user space based keyloggers. Add to this the screen capture protection and process modifocaton protection of Trusteer and I am good for one thing: scripts gaining access over the clipboard. Starting from IE7, you can set the browser (IE7 or IE8 ) to prompt you when this happens.


    Conclusion
    So with a normal setup you reduce the risk substantially (reduced rights, keyscrambler free and Trusteer free). Add good hex practice to this and your are fine. Paranoids can use a policy (not a virtualisation) Sandbox or HIPS on top of this so they are 99,999999999999% sure they can't be touched by a keylogger.


    ** I use a second email address Spamkees01 when I get to much spam I delete and create Spamkees02 etc. This email address was not accepted by Facebook or PrevX as a valid email :thumb:
     
    Last edited: Mar 27, 2010
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well that is the trade mark of a great application: it works silently
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,134
    Location:
    USA
    .
    The default privacy settings for Facebook are still wide open, but they have made it possible to lock them down. For the savvy it's not hard. You could also cancel the account after acquiring Prevx SafeOnline.

    More and more vendors are using social networking to advertise their products - don't you want to be Prevx's "friend"? :D
     
  16. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I agree though dw, took me half an hour or more to lock facebook down. Otherwise default privacy settings are just plain ridiculous.
     
    Last edited: Mar 27, 2010
  17. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    This evening I tried Trusteer Rapport and Prevx SafeOnline in a VM. I received a message from Prevx that because Trusteer Rapport was installed it would set security to Medium level. After that everything seemed to go swimmingly.

    Because I nave not tested this extensively, and I will be putting it on someone else's computer, so I thought I'd check here and see if you thought just one of these protections would provide enough protection, or if both of them together provide significantly better protection?

    Any opinions would be appreciated.


    NOTE: I will also be installing KeyScrambler.
     
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    The test results from the recent Online Banking Security Test carried out by MRG suggest that Trusteer Rapport will do nothing to enhance the much stronger security provided by Prevx SafeOnline. Instead the reverse appears to be true: If you run both, as you correctly stated, SafeOnline security level is reduced in order to avoid conflict with Rapport. The only advantage I can see to Rapport over SafeOnline is that Rapport is free.

    The MRG test results can be found here: http://malwareresearchgroup.com/wp-...MRG-Online-Banking-Security-Test-Mar-2010.pdf
     
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I've heard this complaint berfore, did it ever occur to people that they are able to enter details which are not necessarily correct?
    Also, you can get it on that page with two clicks, no need for registering :)
    Click get SafeOnline now, click download now, no need for email, license is built-in.
     
Loading...
Thread Status:
Not open for further replies.