Sandboxie question

Discussion in 'sandboxing & virtualization' started by Monkey_Feces, Mar 25, 2007.

Thread Status:
Not open for further replies.
  1. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    I tend to think that I have adequate zero day protection w/ Prevx1 in ABC mode, antivir guard, and SSM free. Therefore, I'm pretty sure I'm covered when it comes to attacks from programs of questionable origin (cough* filesharing *cough). What are the chances that something bad might leak out of the sandbox? Am I being extremely paranoid by running anything other than an internet browser via sandboxie ;considering many other people find a simple anti virus + only downloading material with lots of comments and seeds/leechers adequate safety precautions?
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    See this thread about P2P misconceptions.
    I wouldn´t download executable content from P2P networks.
     
  3. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    Thanks, the link was really informative and your tip was sound advice. However, I'm a cheap ass idiot, so I still want to know what the chances are that malicious content may leak from the sandbox. Also, I would like to know if it is even necessary to sandbox with my 3 real time protection apps.

    On a somewhat related note, is the avira premium background, realtime scanner any better than the free one? I acquired a nag free version of winrar and avira only alerted me of a rootkit after I installed it.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    - I wouldn´t sandbox P2P apps. If you are really worried, run them in a virtual or spare machine. Also, SSM should intercept the execution of files.
    - There´s the possibility that malware can leak from the sandbox. Remember that 100 % security does not exist.
    - Antivir PE Premiun adds ad/spyware detection, MailGuard, better update servers, etc.
    - That rootkit detection could be a FP.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Ran a little test with Sandboxie v 2.8 myself. First I did a sandboxed install of Cryptosuite. It is fairly non intrusive only installng a couple of dll's. Stayed totally in the sandbox, and ran their, but I couldn't acess files outside of the sandbox to archive. Deleted the sandbox and it was gone. Next I tried KAV. I had to run the windows installer startup in sandboxie. Then I tried the kAV install. It failed and rolled back the install. Deleted sandbox and it was gone. Finally I tried an install of OA inside the sandbox. It installed okay, but couldn't start it's service. Again a sandbox delete and it was gone.

    So I am fairly comfortable with Sanboxie doing it's job. However as recommended if I know I am going risky, I will actually run Sandboxie inside a VM machine.
     
  6. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    Thanks for bringing up VMs. I did some research on the castlecops wiki because I initially had no idea what a VM was. I have a few questions about it now. If I do adopt a VM for security measures, is VMware the best free program for setting up? Will emulating my hardware make my system any slower (I need as many hardware resources as possible since those executables I (*ahem*) acquire are game installers)?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    There are a couple of threads in the Software and Services thread about the free vm machines. I bought VMware Workstation and it has worked well. I don't see an impact, but I am running on a machine that has excess resources so I don't see an impact.


    Pete
     
  8. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    I'm starting to think sandboxie/VMmachines are entirely unnecessary.

    Would my combination of real time Avira, Prevx1 ABC, SSM, and Comodo PF catch nasty malicious installations or compromised apps phoning home? Are my on demand scanners via Avira + AVG AS capable of catching all major executed threats? If they are, won't my chances of running backdoors or rootkits be pretty much nill as long as my p2p selections are reliable (good comments/high seeds)?
     
  9. besafe

    besafe Registered Member

    Joined:
    Mar 29, 2007
    Posts:
    222
    Bottom line is that even with your current system, you may still be put in the position to make the wrong or right decision. For example: you go to install a new game, it's infected with malware, both Comodo and SSM alert you, and you allow the alert because you are installing a game. Bam...you're infected. Now hopefully Avira or Prevx1 will compensate for your bad decision. But they might not. So from that aspect, sandboxing adds another layer of security and makes sense.

    What are the odds? I think your current system even without a virtual application is excellent and the chances of you getting infected are extremely low.
     
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    I think "monkey" you may have had a wrong idea about what a Sandboxie is. It is not made against malicious information passing out to internet from your possibly infected sandbox content. For that you have your firewall, behaviour hips, classical hips, AV.

    Sandboxie is about protecting your Windows install, original program installs, your system, keeping it clean from what ever baddies you might play with inside the sandbox. The programs having their vulnerabilities and also Windows ones restricted to a virtualized sandbox while they are running in it, preventing them escalating malware infections into your system.To get a better idea is to visit Ronen Tzur's web site in here:
    http://www.sandboxie.com/
    He is a very outspoken developer and also replies what I have seen to most rational queries in his forum.
    Jarmo
     
    Last edited: Mar 31, 2007
  11. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    It's a pain trying to run anything other than an internet browser via sandboxie. I'll probably just backup my os installation and most used, 100% uncompromised programs. I know I should do my research, but it's going to be a pain selecting which program. My questions are: Is there a way I can compress 30 gigs of files into an easily accessible and restorable partition, and if so, what program should I use? I already toyed w/ window's xp's included backup function, but I'm not sure if it's any different from just backing up my hard drive on several cds with no compression.
     
Loading...
Thread Status:
Not open for further replies.