Sandboxing - what applications, and why?

Discussion in 'sandboxing & virtualization' started by chrome_sturmen, Sep 27, 2007.

Thread Status:
Not open for further replies.
  1. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    I would like to know, of the users who utilize sandboxing technology, what applications you run sandboxed, with a brief explanation of why you find it wise to run said program sandboxed, and maybe a quick example of how running said program sandboxed would theoretically save you against malware....
     
  2. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Newsreader, emailclient and webbrowser. new malware wich are not detected yet by any anti virus/malware by signatures or heuristics is for the most part safely isolated from your main system trough a sandbox. The programs i mentioned should be the most obvious ways from ways of infections. I say most cause there is malware out there capable of breaking out the sandbox. However with your anti virus, anti malware, anti spyware, firewall, anti ads, alternate browser, hips and sandbox you need not worry.

    Cheers.
     
  3. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Thanks for the reply- if you run your email client sandboxed, wouldnt you lose your emails, when you empty the sandbox?
     
  4. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    I don't much use anymore any email clients, but Sandboxie has an option to Thunderbird mail client. So all my ISP email posts will remain in my local hard disk TB mail box, even after clearing out the sandbox.

    I feel though more comfortable using my gmail email and that only in web browser instead in an email client. Cause of possible exploits and a web browser is always sandboxed tight!

    That leaves of course the trust to google to keep them private. My emails though have not much to hide or to exploited so that someone possibly could make a fortune on them. Private they should remain and that is a trust factor we all depend who use a gmail account.

    Jarmo
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    I mainly sandbox the browsers. That way anything downloaded is sandboxed, both good and bad. Good can be retrieved, and bad deleted.

    An example. The killdisk virus. Suppose it is flyby downloaded, and it was to new to be detected by an AV, or like me you don't even bother any more. If it ran it would wipe out your hard drive. But in the sandbox it can't access what it needs to access to do it's nasty work, so it fails. Then when you empty the sandbox it's gone. This isn't theoretical. I've tested it.

    Pete
     
  7. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Just about any sandboxing utility will do as long as you have control over outgoing communications. Anyone who wants to be very secure will have a good firewall that will stop most leaks and run a sandbox that empties on reboot.

    SourMilk out
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    I do sandbox besides browsers also email client, instant messengers (Skype included) and also torrent client. They need some effort to save chats and downloaded stuff if wanting, but thats the way I like to keep it.

    I agree, the foremost thing is the browser. Sandboxie has the option to allow bookmarks (favorites in IE) to be unsandboxed.
    The Firefox extensions that are to be permanent has to be installed in unsandboxed browser, but you can try them of course first sandboxed.
     
  9. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Pete:
    Hm, I see-

    I use opera run through proxomitron, with outpost firewall-blockpost plugin enabled - could I catch a virus like this just from surfing and without intervention?

    The only virus i've ever caught is that one we were discussing on the isr forum a few weeks back, and that wasn't from just surfing, I deliberatly allowed it by clicking on something suspicious I downloaded. I don't think i've ever had any trouble just from surfing, maybe someone could post a link towards some reading on this ?

    Thanks for all the input by the way;)
     
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    Anything you try to install or run with a sandboxed browser session should also be sandboxed. That is the main reason of using a sandbox.
     
  11. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Good point to bear in mind. Sandboxie does an excellent job of keeping stuff off your system. Not as well at preventing stuff from leaving your system.
    My Sandboxie rational:
    One of my primary reasons for liking this software (enough to register), is it's convenience, aside from all the security benefits (and they are substantial).
    Before SandboxIE, I was constantly turning cookies on/off (depending on site visiting), as well as Java, JavaScripting, etc. Made me crazy.
    OK, I'm at Wilders, cookies on. Browsing elsewhere, cookies off. Other trusted sites, damn, they're not rendering correctly, Java/JavaScript on.
    Constantly clicking permission stuff depending where on the web I was.
    At the end of sessions, I was constantly reviewing, subsequently selecting/deleting cookies, as well as clearing history, etc.
    Ahhhh....With SandboxIE, I find the browsing experience much more relaxed.
    Cookies, Java, JavaScripting, all ON.
    Browsing done, close browser, EVERYTHING gone.
    Surf with virtual impunity.
    Simplistic approach. I like simple.
     
  12. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Bob D,

    You make good points- but surfing with everything on in a sandbox, while your security wouldn't be compromised, what about your privacy?

    Myself, I use agnitum firewalls active content plugin to control these things- globally I set most active content elements off, then I add site exclusions as necessary, for instance with Wilder's it's set to allow cookies, referers, javascript, etc.

    I understand your points about convenience and not sacrificing security, but I wonder about privacy.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Sandboxing only contains what comes in. Of course when you clean sandbox cookies and the like are gone, but you still have to take care on that score.
     
  14. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Pete,

    Exactly- that's why I don't understand with his case for surfing with all active content allowed, because though it empties after the sandbox session, those active elements can compromise privacy while surfing.

    But basically I think what's being said, is, in spite of your other defense layers, go ahead and surf sandboxed, just in case, right?
     
  15. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    i run my web browsers sandboxed, that's about it, use it as a layer of security against anything AV may not recognise, from a privacy perspective I use Opera which controls cookies, referrer logging, JS, and plugins, etc.
     
  16. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I agree, but I'm not terribly worried about tracking cookies telling "Site A" that I subsequently visited "Site B".
    And IF I should decide to surf the dark side, I turn cookies, java, etc OFF. (With K-Meleon's "privacy bar", control / visibility of these is so easy).
    Any nasties that do "run" are constrained to the sandbox.
    Any serious violations (i.e.: outgoing), should be picked up by FW/HIPs.
    Common sense (and a modicum of paranoia) prevails. For instance when doing online banking or the like, I typically close browser, re-open browser, do transactions, close browser, re-open browser, continue surfing.
     
    Last edited: Sep 27, 2007
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sandboxie and any AV rated Standard or better will secure 95 percent of you. Sandbox your web browser and email.
     
  18. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I agree with trjam that SandboxIE will do the job. Make sure you configure SandboxIE correctly with your browser and email client though. Then add any good AV to it and that is sufficient.

    dja2k
     
  19. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    I've been trying out SandboxIE, and have read through the FAQ sections on the SandboxIE website, but am not sure what needs to be configured. Any recommendations would be appreciated.
     
  20. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Cloudcroft I have sent you a PM about your question.

    dja2k
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    You can also alter Sandboxies configuration file to tighten things up. For example, you can add a line that blocks a Sandboxed program from My Documents.
     
  22. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I was actually referring to that exactly plus other configurations.

    dja2k
     
  23. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Add the four lines to Sandboxie's ini file.Replace firefox with the browser that you will use then go over to the leaktests site and see how you go.

    Of course nothing else, except your browser, that is sandboxed should be able to connect,
    Code:
    ClosedFilePath=!firefox.exe,\Device\Afd*
    ClosedFilePath=!firefox.exe,\Device\Tcp
    ClosedFilePath=!firefox.exe,\Device\Udp
    ClosedFilePath=!firefox.exe,\Device\RawIp
    Leaktests
     
  24. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Just a thought... No one mentioned Returnil as a sandbox option. I have been thinking of trying it and wonder how many people are using it rather than Sandboxie. :)
     
  25. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Using both here with no probs or slowdowns on all my Vista/XP drives.

    Exceptionally fine and rock solid apps the both of em.(for me anyways)
    S+R.jpg
     
Loading...
Thread Status:
Not open for further replies.