Sandboxie Versus Virtualbox Ubuntu

Discussion in 'sandboxing & virtualization' started by truthseeker, Sep 16, 2008.

Thread Status:
Not open for further replies.
  1. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    I just tested myself... none of the methods worked, so never mind. It was an incorrect assumption.
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Your making a point that opensource fan boys point to in order to show that linux is 'superior'. Emrpically, there is evidence either way.

    Linux is not 'immune'. It just isnt targeted because hardly anyone uses it on the desktop. This is the so called security through obscurity model and is not good practise.

    Again, security through obscurity.

    On the original question of whether sandboxing or full virtualization is better at isolating malware, theoritically it is full virtualization.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Ugh; open-source software and security by obscurity in the same sentence really makes a lot of sense... o_O
     
  4. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Yeah, that's cool. To be honest I was surprised, as I thought that whatever I type in the guest would be picked up by the host. But it seems that running Ubuntu as a guest using Virtualbox will defeat any potential keylogger that may have infected Windows :thumb:
     
  5. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    In Linux, the whole filesystem is locked down and a person needs to enter a root password for anything to be written to the filesystem.
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    That is misconstruing what I said. The fact that linux is open source is a totally different issue from the fact that it is not targeted because it not a mainstream desktop os.

    I assume you mean that you can only access your home/personal folders unless you enter the root password. That is true of OSX and Vista and they aren't "immune".
     
    Last edited: Sep 17, 2008
  7. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    But you could easily make Windows just as safe as Linux - e.g. using Sandboxie.
     
    Last edited: Sep 18, 2008
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Uhm... let's try again.

    What's "security by obscurity"? That the OS is hardly used on desktop? Makes about as little sense as the previous interpretation. o_O o_O
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Erm... no, you really couldn't. Using third-party sandbox apps to circumvent security flaws of a particular operating system doesn't make that OS secure in any way, you need to fix the underlaying design of the OS instead to make it really secure.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks for your candor truthseeker. I would agree the linux is probably safer, not necessarily more secure. I say that as I don't think it's been the target of attack as windows has.

    I also use VM machines at times, but I run windows in them and secure them as I do my host.

    I think if you take an indepth look at Sandboxie you would be amazed at just how secure it is.

    Pete
     
  11. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    But many people use XP and have turned off UAV in Vista. And also, Linux is a different environment which makes it very hard for any nasty to "live" in, but in Windows, they have a field day. And Linux doesn't have registry etc.
     
    Last edited: Sep 17, 2008
  12. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I am not 100% certain, yet I believe Linux is still a more secure environment, even if a person uses Sandboxie on Windows. There are many factors involved why Linux is more secure and resilient, even at the core and kernel level which Sandboxie is still susceptible to.
     
    Last edited: Sep 17, 2008
  13. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Now this comment makes really good sense. :thumb:
     
  14. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Can you please explain the difference between the meaning when you use the words "safer" and "secure"? In other words..... What exactly do you mean safer, but not more secure? The words safer and secure can seem synonymous.

    And yes, I have ran Sandboxie and I appreciate how good it is for many people.
     
  15. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I much prefer to use virtualbox, not that i would consider it more safe or secure thatn sandboxie but its definitely a lot more fun to use. I take a slightly different approach to you, i do my netbanking on my host and most other activities inside a virtual machine.
     
  16. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    "Security through obsecurity" in the sense that you are relying on the fact that Linux is not a big target not that it is more secure by design.

    The fact that Linux is open source is another story. It doesn't automatically mean it is more secure however. Take a look at Debian and how it handled openssh.

    If you don't understand my point, you can ask me to clarify. Being sarcastic doesn't help.

    1) Yes there are people using XP so that can be an issue. 2) If people turn off UAC in Vista, that is like running as root in Linux. You wont be protected either way.

    You have no support for these statements. Show me how Linux is different to Vista that makes it harder for malware to "live in". What does the registry have to do with it?
     
  17. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    IMHO, VM is more secure than SBIE, because:

    1) SBIE runs on Windows, which can be compromised by vulnerability or malware more easily than a VM OS.
    2) VM interacts directly with hardware, bypassing host OS. Hence malware in Windows will not be able to read/write to VM. (As proved by the Keylogger tests done by many here)
    3) VM OS like Linux are more secure than windows by their inherent design and because of lack of popularity among the masses, they enjoy almost total immunity for malware.

    But hypothetically, even VM can be comprimised. You could create a raw hardware hook onto the VM or even infect the VM files on Host OS with malicious code. But this scenario is very unlikely, since the returns for any malware writer who does this much is basically 1 guy called "TruthSeeker" :D
    Also if you are infected by a MBR rootkit, your usage of VM will be of no avail.

    So unless, you are using your computer to play " Spy vs Spy ". VM is better than SBIE, at the cost of more complexity and resource use.
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,300
    Hello,

    Not in the mood to quote 40 people so:

    1. "Linux fanboys"

    Instead of throwing big words around, why not test the operating system for itself and see what gives ... Once you get to know things, you'll realize that Linux has a default modus operandi that is far superior to that of MS Windows.

    This is also true for the security / safety aspect, and no comparison of potatoes and bunnies can help here.

    2. Malware in Linux

    How can you know your OS is clean? The fact you're asking for scanners indicates an obsolete, outdated approach.

    - Scanners finding or missing something means little.

    - Open-source means lots of people who can read code can provide their input and prevent sneaky sneaky code from being used; this is all nicely daisy-chained through reputable repositories.

    - Scanners are unnecessary, because scanners imply root access - which you don't have in the first place (if you follow the Linux doctrine), so no need for something like that.

    3. openssh (openssl you mean)

    huangker, don't throw big words around. Really.

    The entire problem is solved thus: you create a key using the random device, like this: -r /dev/random - problem solved!

    4. Security through obscurity

    Linux holds 65% world server market, that's called obscure? And the difference between Linux desktop and server: open ports, sans GUI ... that's it. So what obscurity exactly?

    But where is the malware, lol? You ask ...

    Well, once you get the hang of how Linux works (aka one big sandbox), you realize that writing non-root malware for Linux is a very difficult task.

    Mrk
     
  19. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,713
    Location:
    George, S.Africa
    :thumb:
    Thanks for reiterating the Linux basics. 'Normal' Linux desktop users
    can once again breathe easy. :D
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Your right we tend to mix and match these terms. Does sandboxie make windows more secure. No. Does it make using the insecure operating system safer. Absolutely.

    The problem with the Linux v Windows debate is for me it's irrelevant. Quite a bit of the software I need won't run under Linux. So that ends that.

    Pete
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Couple of points.
    Yes, take a good look. Debian released all details, how to fix it, and so on. Nothing is hidden, it's part of what Debian is all about. Obscurity = 0.

    It's not like with other OS's, where you get patches for who knows exactly what. Security through obscurity indeed. :)
    No, it's not UAC, it's more like, anything but admin. There are no prompts.
    What you can and should do, UAC or not, is use a LUA, and SRP. That is closer to what Linux provides, out of the box.

    Regarding SBIE or Virtualbox, i'd choose first, as above mentioned, using a LUA, SRP and DEP. Then try SandboxIE if wanted.
    Use Virtualbox to test stuff, like different configs in Windows, or Linux/BSD/Haiku/whatever you find. There is a security benefit with VM's, but i think that alone doesn't justify its use. I mean, overall, that's what i think. You can go either way.
     
    Last edited: Sep 17, 2008
  22. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    well said:thumb:
    plus of course with linux one updator updates everything.
    i hope linux becomes more and more mainstream in the future. the faster the better IMO.
    the default accounts are limited user so you dont have to worry about malware.
    heck i dont worry about malware on windows i have been malware free for around 3years now.
    only reason i dont use linux yet is due to some of the stuff i use doesnt have a version for linux yet.
    dvd playback is a bit hit and miss. sometimes other codecs can be as well.
     
    Last edited: Sep 17, 2008
  23. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    1) My mistake. Maybe you shouldn't make it personal. Being patronising doesn't help.
    2) I'm not talking about how the problem was solved. I'm talking about how it came about. It was there because the code maintainers were doing a code audit and made changes to the package that they shouldn't have. It wasn't discovered for a while too, even though it was open source and everyone can read the source code. I'm not attacking this model. Just making the point that you cant claim it is more secure prima facie.

    Malware writers arent targeting the server market. The only thing they can hope for on the server is an unpatched service running that at is exploitable. Malware writers are targeting the desktop market because it is much easier to pull off with with some social engineering. That is the key difference. Everything is made easier with a clueless user at the end.

    Given the desktop market is much easier to target, malware write malware for Windows (and now as OSX becomes more popular it is been targeted too).

    And that is true but it isnt the point I'm making. It is that just because it was open source, doesn't mean these vulnerabilities dont exist in practise. Again, I'm not favouring one side or the other on the open/source closed source debate. Just making the point that 1 is prima facie more secure than the other.

    The problem is just that people make blanket claims that A is more secure than B without pointing out what makes it secure. If you can back up your claims with specifics on how Linux securely implements something where Windows doesn't, that is backing up your argument. I'm sure there are some people with Linux experience that make such points. That is what I want to hear.
     
  24. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    876
    Location:
    Sverige
    :D :D
     
  25. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I will qualify it with a "not nearly as much"
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.