Sandboxie

Discussion in 'sandboxing & virtualization' started by John Bull, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Just a small point about my personal PC use.

    I do not have any banking, credit card or other financial details entered on my computer. The only personal details are my correct name and address which I must have entered for various normal activity reasons.
    ~Comments removed. See the TOS.~I do not even have a passport. Have a nice day. My daily alibi for being where I am is water tight and apart from a good giggle, that is all I care about.

    John B
     
    Last edited by a moderator: Jul 7, 2011
  2. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,979
    Location:
    Eastern PA, USA
    It won't stop you from transmitting personal information, if you so choose. The first layer of security lies in the choices you make, whether to participate or not and to what extent.
     
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    If the website is simply a rogue, that's true. That's where reputation-based browser add-ons like WOT can help. If the website is a fraudulent version of a genuine website then Prevx may help. The latter aspect has been discussed in the following thread: https://www.wilderssecurity.com/showthread.php?t=270119
     
  4. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    do you mean from let's say facebook account or from my system account [OS]?
     
  5. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,979
    Location:
    Eastern PA, USA
    I mean from anywhere through your internet connection. SBIE will protect your system, with the qualifications already discussed in this thread (needing AV, etc.). My point was that nothing can protect you from making poor choices about what information you decide to provide to social networking sites, such as FB, except your level of awareness and giving the choices sufficient thought.

    So, more in what I take is the original intent of your question, SBIE doesn't care whether you are connected to a malware sharing site or FB or twitter, It quarantines what enters your system through the sanboxed browser connection and, in that sense, it is equally secure for all three.

    Social networking, on the surface, is supposedly just meant for that: social networking. BUT, as you can find in many other threads at these fora, you take a risk of being "socially engineered" into giving out information to strangers that you wouldn't otherwise give out unless you have an "acceptable level" of control on privacy settings. Even at that, "acceptable" may not be good enough, a topic for another thread.;)
     
  6. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    thanks for the information,well iwas planing to have a fb,twitter account with fake info
    you know.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Heard a rumour that Youtube, Twitter and Facebook might merge.

    The new site will be called "You Twit Face". :ouch:
     
  8. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,378
    Please consider prepending the first syllable of Scroogle.
     
  9. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    All I can construe from this wonderful thread response is that Sandboxie is similar to a personal safe where our possessions are perfectly secure except from the expertise of a professional safe cracker.
    Enter the Pink Panther and Inspector Clouseau with his ever suffering side-kick Kato.

    I`ll buy that any day - nothing is perfect, not even Fort Knox.

    Tzuk should be nominated for a Nobel Prize for his ingenious contribution to net surfers safety.

    John B
     
    Last edited: Jun 22, 2010
  10. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Sandboxie 1 - Threats 0

    I have only had Sandboxie fro 3 weeks having installed it as a result of this thread and thereafter being over the moon with it and not a hiccup in sight.

    I have just had a practical example of how marvelous this program is. During a browse on an innocent subject like car steering locks, up came two panels, one from AVG - Threat detected, blocked by AVG and the other from Firefox. WARNING - dangerous attack site ! I clicked "Get me out of here" and the screen went back to Google.

    This was all in the sandbox and nothing left it. No log entry in AVG virus vault. I just deleted the sandbox (it is deleted on shut down anyway), shut Sandboxie down and did a quick scan. Nothing - all clean.

    Wonderful.
    John B
     
  11. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,376
    Location:
    Milan and Seoul
    This thread has convinced me that for every day browsing Sandboxie is ideal. Shadow Defender might be more appropriate for heavily invasive applications. As it is often the case for the programs I buy, I paid for Sandboxie out of respect to the developer.

    Two questions please (I'm trying to read the online tutorials).

    -How does one create a sandbox for a USB flashdrive(Do you have to plug it in and run it sandboxed? Can one create a sandbox before plugging the flash drive?)
    -Without an active AV, how can one scan anything before recovering it (in other words, can one scan something in the sandbox?)

    Thanks in advance for any advice
     
  12. Leach

    Leach Registered Member

    Joined:
    May 5, 2010
    Posts:
    84
    The question is not very clear. If you want to execute something from a flash drive - one possible way to use a explorer's context menu - "Run sandboxed". You do not need to create an extra sandbox for that purpose.
    Yes, just point to a sandbox folder, usually C:\SandBox. This will scan all the contents of a sandbox.
     
  13. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    It's a good idea to check your AV works within the sandbox. For instance Avira worked fine for me, but Prevx didn't.

    Try the Eicar AV test files in the sandbox. Just to be sure.
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,376
    Location:
    Milan and Seoul
    Thanks Leach & Keyboard_Commando.

    When USB flash drives are infected, as soon as you plug them in they transfer the infected object automatically (autorun). Now, I know one can disable the autoplay/autorun, but is there a way to have the USB plugged into a sandbox?
     
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Here is some light reading https://www.wilderssecurity.com/showthread.php?t=253382

    Don't forget that besides the autorun killing regedits for XP you can use Panda USB Vaccine, which does a nice job on your own thumb drives. As well, you can use SRP to deny execution from drive letters possibly assigned to USB devices.

    I have not heard of a way yet to stop the execution of autorun.inf with any means (that is, blocking .inf files does not seem to work). Perhaps someone who uses AppLocker a lot could inform us if it would stop autorun.inf from doing its business.

    Sul.

    EDIT: Sorry, what you are looking for is the ForceFolders setting. This way if you plug it in, and it gets letter z: assigned, you can force it into a particular sandbox.
     
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @Sully

    Hi,

    That's not good :(

    But did you mean generally, or just for new startups ? Because, as i'm sure you know, Autoruns will fit the bill ;)

    How about something like ScriptDefend ? You can include ANY extention for inclusion in blocking/alerting and then allow/deny. I havn't tried it, as it just occurred to me ;) Maybe we would get too many blocks/alerts on boot to be worthwhile ? Just a thought :)
     
  17. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Maybe create a benign autorun.inf in the root of each drive that can't be deleted or overwritten?

    Flash Disinfector can do that.
    Applocker is mentioned in the link below.

    Flash Disinfector seemed to work ok here on this Win 7 32 bit install.
    Bleeping Computer Discussion
     
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Granted I don't know for sure, but in my tests, the autorun.inf was never a filetype that could be "stopped". For example in SBIE, you could prescribe a block on autorun.inf, and you could not open it (deny it in terms of double click or right click events), but it would "autorun" no matter what type of rule I put in place. The same thing happens in SRP. You can deny execution, but execution exists in a different manner for autorun.inf files.

    I stopped looking for an answer, but it would have been nice to actually stop it whilst still retaining Autoplay (not autorun) in XP. In win7, it is not an issue it seems, so why bother. Ok ok, curiosity on the topic still makes me want to poke around more, but I never was able to find much info on the internal mechanism that makes the magic work. Perhaps revisiting win95 would shed some light, but I don't really feel that ambitious ;)

    Sul.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,376
    Location:
    Milan and Seoul
    Thanks Sully for your feedback. Yes, I think that using Forced Folders is the solution: I first plugged in a USB flash drive, once the letters E:\ F:\ are created, I was able to add them to the Forced Folders settings. Now whenever I plug a USB drive it starts sandboxed (presumably the dreaded autorun.inf would transfer to the sandbox...).

    For these situations, however, I would rather use Shadow Defender as it is a bit more forgiving if one makes stupid mistakes.
     

    Attached Files:

  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If they are your USB sticks that you will be using you only need to use Panda USB Vaccine on them one time to stop them from being able to autorun. It is other USB sticks that are not yours that will then be the possible contaminants.

    Sul.
     
  21. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Last edited: Jul 2, 2010
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,376
    Location:
    Milan and Seoul
  23. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
  24. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    A thread from 2006? A lot of rain fallen since then...
     
  25. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Hi Buster,

    Yep, a lot of rain has fallen since then, BUT are you saying that the problem discussed is now non-existent ? If you are, then where is the follow-up ? I would love to read it.
    The thread seems inconclusive - a cold case file ?

    If a 4-5 year old problem has not been solved, then we have a 6th July 2010 problem.

    John B
     
    Last edited: Jul 6, 2010
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.