Sandboxie Versus Virtualbox Ubuntu

I just tested myself... none of the methods worked, so never mind. It was an incorrect assumption.

 

Your making a point that opensource fan boys point to in order to show that linux is 'superior'. Emrpically, there is evidence either way.

Linux is not 'immune'. It just isnt targeted because hardly anyone uses it on the desktop. This is the so called security through obscurity model and is not good practise.

Again, security through obscurity.

On the original question of whether sandboxing or full virtualization is better at isolating malware, theoritically it is full virtualization.

 

Ugh; open-source software and security by obscurity in the same sentence really makes a lot of sense...

 

Yeah, that's cool. To be honest I was surprised, as I thought that whatever I type in the guest would be picked up by the host. But it seems that running Ubuntu as a guest using Virtualbox will defeat any potential keylogger that may have infected Windows

 

In Linux, the whole filesystem is locked down and a person needs to enter a root password for anything to be written to the filesystem.

 

That is misconstruing what I said. The fact that linux is open source is a totally different issue from the fact that it is not targeted because it not a mainstream desktop os.

I assume you mean that you can only access your home/personal folders unless you enter the root password. That is true of OSX and Vista and they aren't "immune".

 

But you could easily make Windows just as safe as Linux - e.g. using Sandboxie.

 

Uhm... let's try again.

What's "security by obscurity"? That the OS is hardly used on desktop? Makes about as little sense as the previous interpretation.

 

Erm... no, you really couldn't. Using third-party sandbox apps to circumvent security flaws of a particular operating system doesn't make that OS secure in any way, you need to fix the underlaying design of the OS instead to make it really secure.

 

But many people use XP and have turned off UAV in Vista. And also, Linux is a different environment which makes it very hard for any nasty to "live" in, but in Windows, they have a field day. And Linux doesn't have registry etc.

 

I am not 100% certain, yet I believe Linux is still a more secure environment, even if a person uses Sandboxie on Windows. There are many factors involved why Linux is more secure and resilient, even at the core and kernel level which Sandboxie is still susceptible to.

 

Now this comment makes really good sense.

 

Can you please explain the difference between the meaning when you use the words "safer" and "secure"? In other words..... What exactly do you mean safer, but not more secure? The words safer and secure can seem synonymous.

And yes, I have ran Sandboxie and I appreciate how good it is for many people.

 

I much prefer to use virtualbox, not that i would consider it more safe or secure thatn sandboxie but its definitely a lot more fun to use. I take a slightly different approach to you, i do my netbanking on my host and most other activities inside a virtual machine.

 

"Security through obsecurity" in the sense that you are relying on the fact that Linux is not a big target not that it is more secure by design.

The fact that Linux is open source is another story. It doesn't automatically mean it is more secure however. Take a look at Debian and how it handled openssh.

If you don't understand my point, you can ask me to clarify. Being sarcastic doesn't help.

1) Yes there are people using XP so that can be an issue. 2) If people turn off UAC in Vista, that is like running as root in Linux. You wont be protected either way.

You have no support for these statements. Show me how Linux is different to Vista that makes it harder for malware to "live in". What does the registry have to do with it?

 

IMHO, VM is more secure than SBIE, because:

1) SBIE runs on Windows, which can be compromised by vulnerability or malware more easily than a VM OS.
2) VM interacts directly with hardware, bypassing host OS. Hence malware in Windows will not be able to read/write to VM. (As proved by the Keylogger tests done by many here)
3) VM OS like Linux are more secure than windows by their inherent design and because of lack of popularity among the masses, they enjoy almost total immunity for malware.

But hypothetically, even VM can be comprimised. You could create a raw hardware hook onto the VM or even infect the VM files on Host OS with malicious code. But this scenario is very unlikely, since the returns for any malware writer who does this much is basically 1 guy called "TruthSeeker"
Also if you are infected by a MBR rootkit, your usage of VM will be of no avail.

So unless, you are using your computer to play " Spy vs Spy ". VM is better than SBIE, at the cost of more complexity and resource use.

 

Hello,

Not in the mood to quote 40 people so:

1. "Linux fanboys"

Instead of throwing big words around, why not test the operating system for itself and see what gives ... Once you get to know things, you'll realize that Linux has a default modus operandi that is far superior to that of MS Windows.

This is also true for the security / safety aspect, and no comparison of potatoes and bunnies can help here.

2. Malware in Linux

How can you know your OS is clean? The fact you're asking for scanners indicates an obsolete, outdated approach.

- Scanners finding or missing something means little.

- Open-source means lots of people who can read code can provide their input and prevent sneaky sneaky code from being used; this is all nicely daisy-chained through reputable repositories.

- Scanners are unnecessary, because scanners imply root access - which you don't have in the first place (if you follow the Linux doctrine), so no need for something like that.

3. openssh (openssl you mean)

huangker, don't throw big words around. Really.

The entire problem is solved thus: you create a key using the random device, like this: -r /dev/random - problem solved!

4. Security through obscurity

Linux holds 65% world server market, that's called obscure? And the difference between Linux desktop and server: open ports, sans GUI ... that's it. So what obscurity exactly?

But where is the malware, lol? You ask ...

Well, once you get the hang of how Linux works (aka one big sandbox), you realize that writing non-root malware for Linux is a very difficult task.

Mrk

 

Thanks for reiterating the Linux basics. 'Normal' Linux desktop users
can once again breathe easy.

 

Couple of points.

Yes, take a good look. Debian released all details, how to fix it, and so on. Nothing is hidden, it's part of what Debian is all about. Obscurity = 0.

It's not like with other OS's, where you get patches for who knows exactly what. Security through obscurity indeed.

No, it's not UAC, it's more like, anything but admin. There are no prompts.
What you can and should do, UAC or not, is use a LUA, and SRP. That is closer to what Linux provides, out of the box.

Regarding SBIE or Virtualbox, i'd choose first, as above mentioned, using a LUA, SRP and DEP. Then try SandboxIE if wanted.
Use Virtualbox to test stuff, like different configs in Windows, or Linux/BSD/Haiku/whatever you find. There is a security benefit with VM's, but i think that alone doesn't justify its use. I mean, overall, that's what i think. You can go either way.

 

well said
plus of course with linux one updator updates everything.
i hope linux becomes more and more mainstream in the future. the faster the better IMO.
the default accounts are limited user so you dont have to worry about malware.
heck i dont worry about malware on windows i have been malware free for around 3years now.
only reason i dont use linux yet is due to some of the stuff i use doesnt have a version for linux yet.
dvd playback is a bit hit and miss. sometimes other codecs can be as well.

 

1) My mistake. Maybe you shouldn't make it personal. Being patronising doesn't help.
2) I'm not talking about how the problem was solved. I'm talking about how it came about. It was there because the code maintainers were doing a code audit and made changes to the package that they shouldn't have. It wasn't discovered for a while too, even though it was open source and everyone can read the source code. I'm not attacking this model. Just making the point that you cant claim it is more secure prima facie.

Malware writers arent targeting the server market. The only thing they can hope for on the server is an unpatched service running that at is exploitable. Malware writers are targeting the desktop market because it is much easier to pull off with with some social engineering. That is the key difference. Everything is made easier with a clueless user at the end.

Given the desktop market is much easier to target, malware write malware for Windows (and now as OSX becomes more popular it is been targeted too).

And that is true but it isnt the point I'm making. It is that just because it was open source, doesn't mean these vulnerabilities dont exist in practise. Again, I'm not favouring one side or the other on the open/source closed source debate. Just making the point that 1 is prima facie more secure than the other.

The problem is just that people make blanket claims that A is more secure than B without pointing out what makes it secure. If you can back up your claims with specifics on how Linux securely implements something where Windows doesn't, that is backing up your argument. I'm sure there are some people with Linux experience that make such points. That is what I want to hear.

 

I will qualify it with a "not nearly as much"