sbie and chrome?

Hi,

I currently have Firefox and Internet Explorer in my pc. I wanna try out Google Chrome.

I occasionally sandbox Firefox and Internet Explorer using Sandboxie.

But can I do the same to Google Chrome? It does have a sandbox built-in, right? Would that not be then a double sandboxing? Will that potentially increase protection or will it cause crash?

Best Regards,
ams963

 

Did you make this topic over on the Sandboxie forums? If so I've answered it there.

I've had a long conversation about this with some user over on that forum and Tzuk chimed in briefly.

I'll say this much: Yes, Chrome has a built in sandbox. Yes, it would be sandboxing it twice. Yes, this would potentially increase protection, it would also potentially cause crashes, it would also potentially decrease protection.

 

I've used Chrome and Sandboxie for a long time without any problem on 3 computers, XP and Vista (except for Adobe Flash crashing 2 days ago, but it only lasted for a day). I've never understood how does Chrome sandbox work, but I certainly rely more on Sandboxie than Chrome for security.

 

I Sandbox Firefox not chrome because chrome is Sandboxed already.

 

no I did not make this topic over on the Sandboxie forums........

can you please post the link of your conversation on that forum where Tzuk also chimed in briefly?.......

thx for the theoretical affirmation....but which side would have a greater degree: the potentially increased protection due to double sandboxing or the potential of causing crashes and decrease in protection?.......

 

I'm running Google Chrome browser sandboxed in Sandboxie on two XP machines..
I do have mysterious browser crashes (the infamous Aw, Snap! page taunts me now and then) that I have been unable to solve. It has been discussed here at Wilders that this was happening on a system running Chrome inside SBIE, but the same member (m00nbl00d) said it was happening also to a relative who did not run SBIE.
The reason I discount the SBIE-causing-Chrome-crashes theory is because as I noted, I run the same setup on two machines, and the crashes only occur on one of them. The other computer (with Chrome and SBIE) never crashes.

As far as HM's notable and quotable, "Yes, this would potentially increase protection ... it would also potentially decrease protection", I say he sounds like a stock market prognosticator (the market might go up and the market might go down)! But seriously, Hungry is a smart fellow and there is usually a good degree of merit in what he says.

My personal opinion is that my machines are far better off with all internet-facing apps running inside Sandboxie, and I have greater faith in SBIE's sandbox than in Chrome's. Until and unless I'm shown otherwise, I think that the combined effect of both sandboxes results in increased protection, with the added disclaimer that I'm probably believing what I want to believe.

Edit in: May already have been posted, but here is a recent article that touches on Chrome's sandbox being bypassed and broken out of.

 

thx a lot for the elaborate explanation and positive confirmation Page42....I'll be using sbie and chrome together then......until of course Chrome crashes or something....

 

I don't think I can find it.

It was a fairly useless thread with myself and one other member arguing for no apparent reason - I had stated that Sandboxie could potentially conflict with Chrome and that it wasn't worth messing with something that works. I think they thought I was trying to insult Sandboxie or some such thing, I really don't know and I had lost interest by the end of the topic.

Sandboxie increases attack surface. That's a fact. What does that mean? Well that means that an exploit in sandboxie could be used to bypass Chrome's sandbox.

How often do we see Sandboxie exploits in the wild? None so far that I'm aware of. It's a "security in depth" thing. It's generally a bad idea to increase attack surface unless there is a definitive gain. In the case of Chrome I see no definitive gains.

I believe I summed it up in three points, which Tzuk agreed with:

By running Sandboxie with Chrome you:
1) May stop potential Chrome exploits
2) May interfere with Chrome's sandboxing system due to unforseen conflicts
3) May allow Chrome's sandbox to be circumvented due to exploits in Sandboxie

Now, you can way up the potential of those options. There are kind of "two bad" and "one good" point but not all of them are equal - there are no known conflicts with Chrome therefor (2) is plausible but not necessarily very likely (though future updates may change this.) There are no known Chrome exploits in the wild, so (1) doesn't seem like a big deal but then again in a direct attack that may not be the case.

edit: I see posts about crashes caused by Sandboxie so perhaps conflicts are not so unlikely? Not necessarily something taht would cause a security issue though, just to be clear.

So, basically, if you get anything out of this post:

edit: Also, I should note that if you use Java there are definitive benefits of sandboxing Java that outweigh the issues of attack surface and therefor if you use Chrome with Java it would be a good idea to sandbox.

 

It always seems ironic to point to a program's increased attack surface when that very program is actually lessening the likelihood of attack.

In that regard, I'm willing to take my chances running Chrome inside Sandboxie.

 

This is exactly my point. Increasing attack surface isn't good, but there are tradeoffs - you are less likely to be attacked by sandboxie than to be attacked by Java, for example.

The question is, are you really helping Chrome by sandboxing it? With something like Java, which is so blatantly a security hole it's easy to say "Anything is better than default."

With Chrome, we don't actually see exploits in the wild and we don't know how sandboxie might interfere with the sandbox in Chrome.

So it's really just a matter of weighing up the pros and cons.

 

Chrome now has been bypassed, as we all know. Exploits in the wild are sure to follow, we all knew it was coming at some point. More on-topic, Sandboxie might slightly increase attack surface, true, what security program or any program at all won't? However, Sandboxie has been around a bit, and has had much more time to mature and get stronger over time.

I think it's also safe to say that it is far more powerful than Chromes' sandbox, and less likely to cause issues than the one built into Chrome. It might cause conflicts between the two, however, at the end of the day if one has to be left standing, I'd prefer it to be Sandboxie. I think the overall security of Chrome will do nothing but be beneficial to both other browser developers and users. Even Mozilla is stepping up their game with ASLR.

In the end, yes, you may be increasing attack surface by using both, and there might be a conflict or two along the way. But, look at it this way, when something gets through Chrome, it's very unlikely it'll go through both protections. I can live with that myself.

 

Chrome was bypassed a year ago... where are the exploits in the wild?

No... it really really is not safe to say that. Chrome is open source and heavily vetted, Sandboxie is not. Chrome uses finely-documented operating-system based security measures, Sandboxie does not.

And viceversa, if something can't get through chrome it can get through sandboxie.

I'm not trying to knock sandboxie but for whatever reason people don't really like to admit it has shortcomings. You mention ASLR - guess what, Sandboxie doesn't support ASLR unless something has changed in the last month. You know why Mozilla is hardening binary extensions with ASLR? Because a single area of memory not supporting ASLR can be enough to exploit the program.

I love Sandboxie for protecting against complete gaping holes like Java or even a torrent client or something and I'd use it with Firefox (especially because of Flash) but I don't really get what appears to me as blind faith in the program.

And as you say, all security programs increase attack surface. That's why piling on program after program is not a good idea - it leads to conflicts, overcomplicated setups, and yes, it leads to way more potential vulnerabilities on a system.

 

Chromes' sandbox wasn't bypassed though, iirc, a year ago. Big difference. Perhaps you're right about "blind faith" in Sandboxie, but at the same time, it's still standing, whereas Chromes' sandbox is not. Sandboxie does indeed have some shortcomings, no measure is perfect. But I would still trust it over the sandbox in Chrome any day of the week. Just an opinion though.

 

Yeah, it was.

Yes... and perhaps when we have pwn2own Sandboxie edition we'll start seeing things change lol

 

Lol, well now that the sandbox bypass is such hot news, who knows, maybe hackers will start going after Sandboxie and its kin.

 

There's a huge difference there. Google Chrome is used by millions* of people. Can you honestly say that about Sandboxie?

* Not that they're at any potential danger, as there's easier fish to catch...

P.S: That said, I'm a Sandboxie paid user. I just use it for different things.

 

What m00n said lol

Chrome users probably outnumber Sandboxie users 1000:1. So if you want to go with "Well I hope the hacker has never heard of Sandboxie!" approach that's fine. I mean, in reality there's more to it than that and that's why I suggest sandboxie for something like Java, but the issue with layered security is that people kind of miss the point. Slapping layer after layer is not good security, in a lot of cases it's detrimental. It's about applying the layers where they need to be.

 

I don't know much about sandboxing so this may sound like a stupid question. But doesn't sandboxie limit the rights of programs that are downloaded and ran? Anyway, if a person downloads a program through Chrome, is the download limited in its permissions like those downloaded when a chrome is running in sandboxie?

I guess where the confusion is for me about the sbie and chrome is that I thought sbie has more to offer than the limited sandbox from the chromes flash plug in.

 

Yes, if you download a file through chrome and run it it will be run sandboxed. (Assuming you're running chrome in sandboxie)

 

Yes, I'm understanding that part. But if I download a program through chrome and chrome is not running in sandboxie, the download will not be ran sandboxed...correct? I see a lot of people writing that they are running chrome and it's already sandboxed...and they think they are running chrome completely sandboxed and that they have the same security as running chrome in sandboxie - for internet browsing, downloading, everything.

 

If you run Chrome without sandboxie and you run a file it will not be sandboxed.

 

Point well taken, though my comment was mostly in jest, lol. If I'm a hacker, Sandboxie is like a bumble bee on my radar. I know it's there, but I don't see any benefit in chasing after it right now. All this stuff aside, again, I don't believe having that extra back up in Sandboxie hurts anything.

 

I wish I could say how serious having a non-ASLR dll injected into a program is, but I don't know enough. From what I've been told if you have a single area of a program that isn't supporting ASLR it's enough to break ASLR in the whole thing - I may have misinterpreted that and it's times like these that make me want to hurry up and learn to program at amore advanced level lol

 

The bee or the transformer?

 

Here is the thread over at Sandboxie:

http://www.sandboxie.com/phpbb/viewtopic.php?t=11788&highlight=chrome

Acadia