Sandboxie technical tests and other technical topics discussion thread

A couple of settings in Sandboxie that you can use to keep your data from being leaked are: File access>Write only access and File access>Blocked access. They do work you know and they are available.

Bo

 

Those are for file access-related leakage. Keylogging is a separate form of leakage.

 

You want a bet? I am in my W7 right now and I use no plugin in W7. Not even Flash. If you take me on the bet, I ll install Flash temporarily and will show you Sandboxie blocking Flash from having access to the internet. So, Do you want a bet?

Bo

 

Mr Brian, Sandboxie is not an antikeylogger. We should not expect Sandboxie to act like one. But Sandbox settings are like icing on the cake, when you set them up working as a team, together they do wonders. You just don't know it.

Bo

 

Ah, you're not using Flash online usually. I thought you were trying to say that you were using Flash online without allowing it internet access.

 

I don't doubt it.

 

In W7, I dont use plugins but I install them sandboxed temporarily when I have a need for them. In Xp, I use Flash all the time so I install Flash in that computer.

But regarding Flash connecting to the net. What I said before is that you can allow Flash to run in a sandbox and at the same time have Sandboxie block it from having access to the internet. You said that that can not be done. Sandboxie can do that with any plugin.

So, to prove my point, I went ahead and installed Flash and I have a picture showing a Flash video being played in YouTube and it also shows Sandboxie blocking Flash from having access to the internet. I really dont care posting the picture but if you want it, I ll post it. You let me know what you want.

Bo

 

Please try playing a Flash video from http://thedailyshow.cc.com/videos.

 

OK, I guess you want the picture.


Bo

 

I get the same error messages for the site I posted when allowing internet access to just Firefox.exe, except no video plays.

 

What error? Sandboxie message 1307 is not an error, that is an information message from Sandboxie telling you that Flash is being blocked from having access to the internet. And to make things easier, its also displaying message 2221, which you can click on it to allow Flash to have internet access, if that's what you want.

Bo

 

Same as you got in post #34.

I can confirm that Youtube Flash videos do play when allowing just sandboxed Firefox.exe internet access.

Can you try playing a video from post #33 without giving Flash internet access?

 

I can confirm, that site and its not the only site that I seen where Flash requires internet access for videos to play. But Brian, you are missing the point. If you are going to do banking, and Flash is not allowed internet access, no matter what, Flash its not going to connect. Its not going to phone home. So, if you do banking on a fresh browsing session where only the browser can connect and immediately after you are done, you delete the sandbox, you are safe. The scenario you described in post 14, wont happen.

Regarding the site. Thats a pretty nasty site, Brian. If you go there often, you should use Sandboxie and NoScript. Scripts load from about 20 sites, some with ugly sounding names like browser-update.org. Bad.

Bo

 

I'm curious why you're substituting "Flash" where I wrote "browser"?

 

In Pale Moon and I'm assuming in Firefox as well you don't need to give flash Internet Access to play Videos
at Youtube in Sandboxie.
Sandboxie message 1307 will popup for plugin-container.exe wanting access to the Internet. I deny it and still can play videos. Only browser is allowed Internet access and plugin-container.exe and browser are only allowed Start/Run Access in Sandboxie.

 

Well, you should not assume or presume that Sandboxie users allow internet access to All programs in their sandboxes. In my personal case, I got 14 sandboxes in the computer that I am using now, in only one I allow internet access to all programs and that is the one that I use for installing programs. The only reason I do that in that sandbox is because I have to do it, otherwise programs wont install sandboxed.

Bo

 

That's true, but are Sandboxie settings/is the real and full powers of the wide range of Sandboxie settings effective enough to stop all forms of keyloggers, all forms of exploits (except kernel-level exploits) like, are these wonders of SBIE settings to protect and block all applications, dlls, exes and everything else from getting exploited in the first place?

 

No CWS, Sandboxie is just a sandboxing program. Some of the worst stalkers take part in these kind of posts. SBIE is just a sandboxing program, it can most like protect your USB drives against some execution from there, or I hope so.

I myself even though I have a payed version, am using mostly just the feature of multiple sandboxes. Maybe because of the AppGuard that guards my USB drives. And it too can't from what I have read protect us from many villains and stalkers from internet that I consider the lowest of low criminals. With their memory malware and other ****.

For normal users Sandboxie with the default box settings should be a good protection!

Nothing is perfect or you are some person that wants keep these talks going on? At least better a new thread was made instead poisoning the main thread that should consider help with Sandboxie usage etc stuff. My point posted. And I am an angry man many times like in this post, not a hungry man.

 

@CoolWebSearch: the best reference I found on understanding exploits at a basic level is at hxxp://badishi.com/on-vulnerabilities-exploits-and-shellcodes/.

For exploit protection I would recommend:
1) Keeping commonly exploited software up to date (operating system, browser, browser plugins such as Flash and Java).
2) Use an anti-exploit program such as EMET.

 

MrBrian is basically saying the exact same as I said in this post, and you agreed with it. So why run around in circles?

https://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-38#post-2417854

I also do not see how blocking Adobe Flash from internet access would stop the so called "in-memory" malware.

 

Well, you're right, I'll stop, I've got all the answers and big thanks to all from everybody, but I have to admit I'm still a bit worried about keyloggers.

 

It's probably best to combine SBIE with HIPS + anti-exploit, for extra control and protection. You can choose between EMET, HMPA (anti-exploit) and tools like Zemana, SpyShelter, and Online Armor (HIPS), for example.

 

Well, I guess we all ought to be appropriately concerned by keyloggers, in-memory baddies etc.

But, as usual, we can only use multilayer defences and limit damage. So for example:

I do not do online banking on my main system - patched, sandboxed, HIPed, emetted, zemanad though it may be, I use a system of a fresh pendrive linux which loads into RAM and I then remove the pendrive so it cannot be corrupted by anything that happens in the session. I only browse to the bank website, check the certificate, do what I need, then shutdown. Of course there are vulnerabilities there, but they're smaller than a general purpose system that has many applications and exposures.

Keystroke logging would also be a lot less significant if 2FA were better/more widely implemented, that's a huge industry failing right now.

Also, I've been thinking about low-hanging fruit and the advantages of using combinations of defences. Even if each defence is not particularly good, if you stack them together, the chances of malware getting past all of them becomes small. You are likely to escape the attentions of the crooks because the low-hanging fruit is much easier, and that leaves targeted attacks - avoid being a target!

 

Regarding keyloggers, note that the test done in the first link in post #6 showed that Sandboxie default settings provided protection against all keylogging methods tested by Anti-Keylogger Tester 3.0 in the scenario of Anti-Keylogger Tester 3.0 sandboxed and the target program unsandboxed, on Windows 7 x64 but not on Windows XP x86. So doing sensitive activities unsandboxed (on those operating systems where protection is provided in conjunction with Sandboxie) may be another keylogging mitigation, although those test results may or may not generalize to all possible keylogging methods.

Another possibility is do sensitive activities in a different sandbox, but I don't have test result data on that because the free version doesn't allow that kind of test.