Sandboxie safe to run Active X control?

Discussion in 'privacy technology' started by tonyseeking, Mar 3, 2009.

Thread Status:
Not open for further replies.
  1. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Some websites I visit, give me a pop up window asking to install "Run Active X Control".

    If I am uncertain about such a website, can I run that website through Sandboxie, and then when I close Sandboxie, that Active X or whatever it was that IE installed, will be deleted and totally removed?
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    It should be, yes.
     
  3. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    It should be? You don't sound very sure.

    Anyone else know for sure? :blink:
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm very sure that the chances of that active x control trying any funny business outside of the sandbox are extremely low. Does that sound better to you? :) You don't get guarantees out of me when it comes to security and threats, everything is fallible. Sandboxie has been penetrated before, just like a few other highly popular apps. It happens, it'll happen again, but it will get fixed. Don't rely on just Sandboxie, and you'll be alright no matter what tries to hit you.
     
  5. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    From what I understand, it cannot escape the sandbox. And then by deleting the sandbox in Sandboxie Control, it disappears as if it never existed.
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    it is safe , i got one site which install active x , and when i empty container and reload site , it want to install this active x again , so it is safe!
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I assure you it is not safe. :)
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Really? Is it never safe? Or only sometimes unsafe?
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Active X allows objects and foreign code to run on your system. Foreign code, which can be malevolent, can break out of memory/sandboxes, run 3rd party applications outside of the sandbox, install rootkits that bypass or live outside the sandbox by hooking into files and applications. Sandboxie is NOT a suitable replacement for a virtual machine, and does not make unsafe applications or activities safe.
     
  11. tonyseeking

    tonyseeking Former Poster

    Joined:
    Nov 12, 2008
    Posts:
    406
    Yeah, thanks Steve for the reminder. I actually went through this about a month ago with some other people.

    I will avoid allowing any ActiveX to be run on Vista. Even when IE is running in Sandboxie.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Steve, I actually get what you're saying, however, if we're talking about malware that can break out of a virtual environment, there are some that can break out of a virtual machine too. In fact more and more malware are becoming aware of "virtual solutions". Now I'll grant you I'm not even close to being an expert on this stuff, but my thought is, if you get a piece of malware like this, it's not going to matter what kind of virtual environment you run. But for any other case, Sandboxie has a proven record of being able to stop bad things from happening, including active x.
     
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I was also going to point out that some malware can break out of a virtual machine too :). However, a virtual machine is a safer solution than a sandbox simply because it emulates a computer rather than hook the kernel to monitor all changes to a system.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    I assume you've tested this with Sandboxie and can provide a specific example of this so others can test and verify, and Tzuk, the developer of sandboxie and look at it. Myself and others have thrown a lot of malware at Sandboxie and it holds up fine. I run active X stuff sandboxed and have never seen a breakout.

    Pete
     
    Last edited: Mar 4, 2009
  15. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @SteveTX: I am no expert either but that may be >a bit< OTT ?? :blink:
    Not meant to be replacement for VM imo.
    This is a fairly provocative comment and clearly implies that Sandboxie has some dramatic flaws that have not been tested or addressed.
    If that is the case, that would be very important to know.

    Beyond what we know about sandboxie and capabilities ,can you provide some specific examples please: if there are; <cough> ....really are ...<cough> such gaping holes in Sandboxie; then we have all been hoodwinked.

    EDIT: @tonyseeking:
    this thread?: https://www.wilderssecurity.com/showthread.php?t=232214
    SO why are you still asking about sandboxie if you think it is so flawed ??
    Did you not learn anything from that thread?
    Sandboxie Forum thread re tonyseeking's issue at that time: http://www.sandboxie.com/phpbb/viewtopic.php?t=4911

    Sandboxie forum thread referencing tonyseeking's current problem : http://sandboxie.com/phpbb/viewtopic.php?t=5083&highlight=active

    Looking forward to seeing flaws in Sandboxie laid bare.

    EDIT:
    From Blue:
    :eek: The frenzy is upon us. :)
     
    Last edited: Mar 4, 2009
  16. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    It a Amazing how statements are made and No facts are presented.The fact many have tested time and time again and sandboxie holds its own against most malware and has yet let anything escape if used properly. The fact of the matter is anything can be broken, So unless there is a active x or some evil variant specificaly targeted to escape sandboxie well then.Beside how often does this happen in the first place and when it does its addressed rather quickly.
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I don't mean for it to sound like a wolf cry. We focus our bugfinding eyes on anonymity and privacy for the most part, and we look at what is considered the most advanced open-source projects with hundreds of contributors, and we still find severe vulnerabilities and compromises of all types, many times per year. Sandboxie has significantly less resources for development, is closed-source (security through obscurity), less code maturity, significantly fewer eyes on it's codebase, and has significantly more risk in it's attack vectors.

    While this is not an apple to apple comparison, it isn't over the top to say you have dangerous things going on that will have a relatively predictable outcome: Sandboxie allows and encourages unknown and unsafe code to run, and it is therefore capable of running right over sandboxie. That will be an inherent flaw, much like Tor's flaw is that it allows participants to manipulate traffic. Nothing can be done to mitigate it, it is just an effect of the design. The reason it falsely seems safe is because it just isn't a high value target. In the 1990s Mac users used to tout how Mac's were virus proof, that is until virus writers started designing viruses for mac. Sandboxie says it themselves: "Trust no program." Just because nobody is trying to fill up your bucket doesn't mean your bucket holds water. ;)

    I think a good person to ask, if you were looking for a bugfinder, would be a guy who pioneered sandbox/virtualization breakout attacks, like Tim Shelton, aka "RedSand".
     
  18. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I haven't got my new system set up like this yet, but you can do like I was doing on my old system: open up Sandboxie, the inside of Sandboxie open up a VirtualMachine, then inside of the VM open up Linux and surf using Firefox. For a baddie to get me it would somehow have to get thru Firefox with NoScript, then somehow survive on Linux, then survive the desolving of my VM, then Sandboxie.

    Acadia
     
  19. tzuk

    tzuk Developer

    Joined:
    Jul 4, 2004
    Posts:
    34
    An ActiveX component is just some bits of code (technically, a DLL) that are downloaded from the Web and executed within the Internet Explorer process.

    Sandboxie completely envelops the process/program it supervises, and pretty much guarantees that the program cannot write anything outside the sandbox. When the program we're talking about is Internet Explorer, this applies to everything Internet Explorer does, including the ActiveX code that runs within IE.

    SteveTX, you obviously have no idea about Sandboxie, or how it works, yet you repeatedly make bold claims about it, with the air of someone who knows what they're talking about.

    May I kindly ask that in the future you refrain from making your baseless, inflammatory comments about Sandboxie? Thanks.
     
  20. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    When security expert Steve Gibson uses Sandboxie himself and recommends it over all other sandboxing apps, well, that says it all for me! :cool:

    Acadia
     
  21. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hmm, this could turn into a really technical and great discussion, or it could suffer "Wilder's Syndrome" and get shut down. Here's to hoping we get to see some good stuff (if any tests are actually performed that is. Me, I'm comfortable with the safety of Sandboxie, but others may want to run it through the gauntlet).
     
  22. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
  23. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Even tho programs cannot write to the Disk outside of the sandbox, it has been proven that programs running inside sandboxie can "Communicate" outside of the sandbox. Like the Reg test etc.
    http://sandboxie.com/phpbb/viewtopic.php?t=4665&sid=86ba78cde4fcc16e1f7250f9012ecc96

    Even tho people say that this is not an issue Fact remains that Programs can still "Communicate" by code injection outside of the Sandbox.

    In sandboxie restrictions we have stuff like Run and internet access.
    It would be good if at some stage we can have another feature added to the restrictions like "Block Running programs from communicating outside of sandbox etc"
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    You're right, I haven't really studied the design schematic of Sandboxie, Ronen. Would you be so kind to send me a registered version and source code so I can take a look at the full functionality of your program? I would be happy to sign a non-disclosure agreement.
     
  25. Cadillakin

    Cadillakin Registered Member

    Joined:
    May 22, 2007
    Posts:
    18
    I'm not one of the more knowledgable users of Sandboxie. So, perhaps you can expand on what you said for me.

    For instance, if I run an application in my sandbox.. Let's say Firefox.. And if I configure Firefox to be the only application running in that box and disallow any internet access... how will that sandboxed Firefox "communicate", and with what?

    Give me an example of what you mean so I can test it. You pick the program and I'll see if I can configure it so it doesn't "communicate" or allow anything else to run.
     
Loading...
Thread Status:
Not open for further replies.