System and Application level virtualization for Linux?

I've had a block of my hard drive partitioned off as Ex3 fro a while. I finally started using Linux a bit for a few utilities that don't exist on Windows.
But, I've been reluctant to use it for browsing because I've become used to having my browser in SandboxIE and my system protected by Returnil.

I know that the user is non root by default, but I'm not fully confident as it stands.
Is there something like this for Linux?

 

Hi,

Unfortunatelly i am afraid that there is currently no product that provides browser sandboxing and virtualization on Linux (but i may be wrong of course).
There is a very few instant restore or rollback software solutions such as Returnil for a full system, not for a single application (browser, mail client etc.).
But as you are in the right place, it would be interesting to take a look at ExtBrowser which provides an access to a Linux partiction from Windows:http://www.paragon-software.com/home/extbrowser/

It is free with registration to get the serial key.
Paragon offers excellent free and paid products like their recent virtualization application for Windows Paragon go Virtual
http://www.paragon-software.com/home/go-virtual/

Linux and Windows regards

 

First, I'm going to assume following:

System virtualization - something like reboot, revert changes?
Application virtualization - something like sandboxie?

Well, system, you have live CDs! Pretty much any Linux comes as a fully usable live CD, so you enjoy yourself and then reboot, going back to normal.

Application wise, there are all kinds of programs that can do sandboxing, including the built-in chroot environment mechanism, plus several programs that build on it and offer extended functionality.

Now, a question? Why do you need those? Why would you bother?
What benefit do you see in trying such solutions, or rather, what kind of a problem are you trying to solve?

Mrk

 

Fedora Linux has sandbox -x - implementation of very easy sandbox in *nix systems.
http://www.h-online.com/open/news/i...-sandbox-for-desktop-applications-812242.html

 

That'll make transferring files easier(and safer)
Thank you.

Yes to both.

One of the main things I use Ubuntu for is video encoding. I need write access to the hard drive for that.

Yeah, I pretty much knew this, from reading around. But it sounds like a huge pain, and I'm too lazy to learn all that
The reason I use Returnil and SandboxIE is because they're easy to setup.

If I had to deal with spending 50+ hours in a manual to learn them, I'd just deal with spyware/malware

My primary concern is persistent keyloggers.
Linux doesn't have an application based firewall capability, so should I get one, it will definitely be getting out without problems(unless it's stupid enough to use only exotic ports).
I know you'll respond that a user isn't a root, and so they can't install outside their own home directory. But that assumes the program(written specifically for Linux), can't access sudo.
In the last year, through regular browsing, I've had two programs manage to install themselves(temporarily thanks to Returnil) into my system volume.
Now I realize in that period of time, I probably wouldn't have the issue at all in Linux, since it's much lower profile.
Still, in the event it *does* happen, I don't believe there's any way to recover from it, short of a partition wipe. Nor is there any way to even detect it.

Correct me if I'm misunderstanding any of this.

 

hi,
hi,

SeLinux is not a sandbox, it's an hardening patch or framework that comes integrated with some distributions and that can be configured for thoses who like Gui with tools like Segatex...
As i've said above, i personnaly don't know a Linux sandboxie equivalent as a program.
Of course, in linux or in Windows it's possible to harden the system deeply and then create a kind of sandboxed and restrictive environment, but it requires to be an advanced users, one or two hours and to be a keyboard friend of course...a simple example is to set up file permission on browser.
Regarding Returnil, there is free full virtualization software that can be used to run a VM easily, and there is DeepFreeze linux and a beta free soft that i've not experimented yet.
But creating an equivalent of Sandboxie in Linux is not as simple as a Ramones song (one-two-tree-four!).It is well circumscribed by a Google dev. Julien Tinnes in his paper where are presented an overview of linuix sandbox like those designed for Chromium:
http://blog.cr0.org/2009/10/security-in-depth-for-linux-software.html

As pointed out by Mrk, it is possible to launch a restrive environment with chroot (in UBUNTU for instance:https://help.ubuntu.com/community/DebootstrapChroot ), and with patience and effort, maybe a kind of solution can be used with the tandem Unionfs and chroot:
http://www.paguilar.org/blog/?p=24

And why not running Linux application from Windows as it is permitted by plenty free programs like Ulteo virtual desktop:
http://www.ulteo.com/home/en/home?a=view&autolang=en

At last, keyloogers are not difficult to defeat in Linux, just using the virtual keyboard is enough in most cases ( SSL VPN is a plus too).
More over, if someone wants to own you, he can do it with the necessary ressources (money or/and skills): i've seen a backddor installation in Linux with a package update...


Rgds