Using Sandboxes app a smart Defense Strategy ?

Discussion in 'sandboxing & virtualization' started by Perman, Sep 5, 2006.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I have been using DeepFreeze standard for just over 2 weeks. I do like it and could not help thinking that using virtulization technology to protect your pc system is'nt a bad approach at all. There are other good sanboxes apps on the market such as ShadowUser, DefenseWall, GeSWall, Sanboxie and BufferZone. Can you share your experience of these apps with Forum viewers? Thanks.
     
  2. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I just started using sandboxie a few days ago and I am very impressed. I was about to reimage my drive, so for the hell of it, I used IE/ sandboxie and purposely went on sites known to install spyware/adware/ect. After, I used Spyware doc, Ewido, Spyweeper, Counterspy and online TrendMicro to scan my system. I didnt even have a tracking cookie after!

    Since then I have been able to disable my realtime antispyware programs. I now sandbox all browsers and Outlook.
     
  3. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Sandboxie didn't like my computer. It wouldn't install or work.
     
  4. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Another SandboxIE user here for about a month now.
    (Gonna register and send them some $. It's worth it.)
    Nice proggie. Not much resource impact, only a couple stability issues on rare occassions. Forum available with respectable support (queries usually answered by the developer).
    Allows surfing with wanton abandon. You're nearly bulletproof.
    I've created two shortcuts to my browser (K-meleon).
    One to run under SandboxIE, the other to run normally (under DropMyRights).
    Interface is fairly intuitive. Doesn't take much time to figure out it's workings.
    I haven't even explored all the other possibilities of running test programs within it.
    As browser protection alone, I feel it's well worth it.
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I didn't like SandboxIE because my popup stopping app could not run while in SandboxIE mode. So i ended up getting all those popup's that i hate.

    I tried Defencewall and found it inhibited apps too much. I couldn't ever get it to run Steam(game playing application) or even if i placed my online game .exe files in there all i ever got was permission rights errors and the games wouldn't run.

    muf
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: A bit problems w/ Sandboxie and DefenseWall? Why not try DeepFreeze or ShadowUser? They will allow you to DO anything that you would on your normal partition/drive. After you finish, simply reboot PC, and everything ,I mean everything you have done or the damadges malwares have caused, are gone, vanished w/o any physical trace. This "borrowed" partition/drive is your temp pass for joy and excitement.
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Both are already bypassed by malware writers. Direct PDO IRP!
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Can you tell us more? I thought the newer DP V.6 has this problem fixed.Thanks.
     
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    What is DP?
     
  10. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I believe Perman meant DF (DeepFreeze) v.6
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Sorry, just a mis-spelling of DF (DeepFreeze).
     
  12. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
  13. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Interesting, although I do not read Russian. Perhaps you or memebers who read Russian can assist a bit. Is it using some codes while accesses a particular PC to bypass DF's password and then unfrozen DF,hacking the target? Or is it a more advanced than this? Do you have any remedy?
     
  14. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    Keep this thread quiet or freaking crackers will sneak in and find juicy stuff to prey upon.

    Just joking. Been using SBoxie for almost 6 months now and all I can say is that got no infection at all while browsing the net.

    Nice appointment.
     
  15. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    I've been getting in the habit of using ShadowUser more and more of late and once used to the reboot which is no particular pain, I've found it does exactly what it purports to do.

    I'm not an adventurous surfer but the fact that it would undo any carelessness on my part makes me far more comfortable when surfing in Shadow Mode.

    I do however take care to only visit my trusted sites when out of Shadow Mode.

    So far I just can't find a downside to it but would be interested to know more more about it's susceptibility to malware that Ilya refers to.
     
  16. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Before I can enlist any help from Russian speaking friends, and just to ease my curiosity and anxiety, I went to that Russian connection link provided by Ilya, post#12 on this thread. Apparently, only these names have been mentioned several times; ShadowUser, ShadowBeast and Folder Guard. Perhaps some cracks have be unearthed. I am a DeepFreeze user and have learned from other forum that DF is now immune to any attack. I do hope these two factors will assure me of smooth and safe surfing for the next while.:-*
     
  17. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I am not quite understanding problems users are having with sandboxie. I have the paid version which allows you to force programs to run thorugh it. I only have my browsers using it. All other programs, unless you right click and option them to run through sandboxie, are not run though the sandboxie program.

    For the users who cannot install, it may be time for a reinstall of XP.
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    First sentances are: "Full bypass of ShadowUser, Folder Guard and other simular programs weight ~15kb of code. The method's aim is in search of original file system's driver entry points and direct it's call, bypassing all the filters and hooks of the protective software. I won't post here full code but fragments.".
     
  19. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    I'm a happy User of Shadow,like many in this thread. Until i saw your post,Ilya, i thought i had spared myself the hassle of reinstalling and using again the likes of Antihook (waiting for version 3 i became happy with ShadowUser) or SSM. But,after an initial discomfort,i reasoned that what you imply is that ,if you take a pc with just OS and ShadowUser/FG/others THEN it's just that simple to bypass the 'sandboxed' machine.
    My point is- is it still that simple to get to a machine which runs -along OS and ShadowUser- also a Router, Avast! antivirus with WebShield, Jetico firewall with Process Attack filter, BOClean, uses Firefox with NoScript allowed, runs a hardened OS,+ Firewallleaktester, to name the essentials?
    I say this because perhaps,by now, practically every software on earth can be 'bypassed' by a hacker,isnt that so?
    Perhaps security is 'layered', and SU -albeit theoretically bypassable like most- provides a 'certainty' which not many HIPS can give, that is,a reboot is death for any malware or mistake.
     
  20. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    The question is, can this be done on the fly? So if SU or DF for example are active can the code bypass the protection there and then or does it need to be loaded up at boot?
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,216
    "Both meaning Deep Freeze and ShadowUser"

    In Shadowmode, with PG full completely locked, RegDefend active, L'n'S properly working, and no physical access to my machine I really wonder who is going to bypass whatsoever....

    The only disadvantage I find running ShadowUser is that sometimes I forget that I'm in shadowmode (I only switch to normal mode to download a program or to update Windows) and some data that is not written to the excluded folders might get lost with the next reboot.

    DeepFreeze is a good program, cheaper than ShadowUser, but doesn't allow you to exclude specific files and folders and doesn't allow multiple reboots
    in frozen mode (important if you try a program that needs a reboot).
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    In fact, it is always possible to bypass any protection from the driver level.
     
  23. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Does this also mean that the BADGUY can bypass at kernel or socket level? Supposed that I have a kernel- or socket based security app installed, and if(only if) it has been compromised,then is it possible that this BADGUY can freely get a smooth ride into your system? Why do I ask this 2-cents question? I have a kernel-based AS app installed,during DF frozon stage, any def updates seem to stay even after reboot. Just wonder? BTW. is kernel or socket a process activated prior to driver during pc booting ? Just a layman's question.
     
  24. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Antivirus and firewalls have no role whatsoever in protecting something like Shadowuser or DeepFreeze from being 'hacked'. If one can manage to bypass these programs' protection (and it's been done before), having the most unbelievably accurate antivirus and firewall protection won't help any.
     
  25. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299

    TNT ,you forgot one item of those i mentioned : Router.
    As a matter of fact i am well aware that the antivirus is not directly responsible of any hacking operation,while i cannot entirely agree with you about the uselessness of a firewall.
    I only mentioned these softwares -which usually people do run in their pcs- because they represent an obstacle to an easy conquering of a machine, as opposed to the statement that ShadowUser and DeepFreeze can be bypassed with extreme ease: yes,only if you have no other defense,though.
    If you think a Router ,even a not so recent one,can be bypassed that easily you should find a fabolous thread at www.dslreports.com
    in the Security section where the story is told of how many of the best security experts in the US tried to break into a Router some days ago and failed (excepting and partially just one). I dont remember the post now,but you wont have any difficulty finding it.
     
Loading...
Thread Status:
Not open for further replies.