Sandboxie's "rootkit" problem not really a problem after all :)

Discussion in 'other anti-malware software' started by TNT, Nov 9, 2005.

Thread Status:
Not open for further replies.
  1. TNT

    TNT Registered Member

    Sep 4, 2005
    Well, it seem that the Sandboxie's problem I outlined in my post some days ago is not really a problem, after all. After a little more time for some other tests, it turned out that IceSword is able to break out of Sandboxie only in certain conditions, NOT related to a Sandboxie "security hole".

    Essentially, Sandboxie DOES block kernel modules inside the sandbox. IceSword WILL fail to work inside the sandbox, UNLESS it's executed previously outside the sandbox, closed and then executed inside the sandbox: the fact that IceSword is able to bypass Sandboxie "sometimes" is related to the fact that IceSword's kernel module is still active even when you close its executable. Only in this case, with IceSword's kernel module active, it can bypass Sandboxie.

    In other words, Sandboxie will work with rootkits. :)

    Trackback here:
  2. Franklin

    Franklin Registered Member

    May 12, 2005
    West Aussie
    Thanks for the hardwork TNT.And good to see Tzuk has had a look.Maybe you two should team up and come up with the ultimate Sandboxie.:)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.