Ways to isolate/sandbox Flash ?

Discussion in 'other security issues & news' started by Fly, Jul 11, 2011.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    This is mostly for my Windows 7 64 bit system.
    Although it would be nice if something similar would be available for Win XP.

    I think Privoxy can filter Flash, but it probably doesn't isolate it.

    The way Chrome handles Flash is very nice, but I won't install that Google product.

    Flash is a never-ending security and privacy nightmare.
    Most sites don't work properly without Flash.

    Are there any options to rigorously isolate/sandbox Flash ?
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The only option I can think of would be to run the browser inside an isolated environment, be it Sandboxie or similar. Or, you could set an explicit low integrity level to your browser, which would make Flash inherit it as well. You may also add the browser under EMET's protection.
     
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Yes, it appears that isolating Flash is the answer.

    It seems that Sandboxie doesn't work properly on 64 bit systems. 'experimental mode'
    Alternatives ?

    Do Sandboxie and similar programs isolate Flash completely and properly ?

    Does that actually work ? What are my options to set a low integrity level to my browser ? For IE or a different browser.
     
  4. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Sandboxie works well on x64, even without experimental protection. While it is technically feasible for a breakout without the experimental protection, it is not easily done and would likely need to be specifically crafted to escape Sandboxie. I've been using experimental protection, and its been very stable.

    As far as isolation goes, it prevents the malicious code from modifying the real file system... but the code still executes. Additional work needs to be done to ensure it cannot read important data.

    A Low IL for firefox would work as well...
     
  5. x942

    x942 Guest

    Geswall has (is going to have?) a x64 bit version. Its like sandboxie but using policy restrictions to isolate instead of sandboxing it. Just as safe but a different way of achieving it.

    Also why not use Iron? it's a fork of Chromium without all the Google stuff in it. If you know how to you could even compile chromium yourself removing what you don't want. :thumb:
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By setting an explicit low integrity level to the web browser, anything that is initiated by it will inherit the low integrity level. This will make it impossible for anything exploiting either the browser or Flash player and get into our systems, it will be restrict to practically no locations, because these other locations will either be running with a medium or high integrity level.

    I'd say it's a pretty effective way of preventing damage. You could couple that with the so-called (in this forum) 1806 trick

    Take a look here -http://www.wilderssecurity.com/showthread.php?p=1603237#post1603237

    If you're using a standard user account, this one should be used, otherwise you'd have to use Gpedit everytime to disable it when needed, if you choose to block execution, rather than being alerted.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
    "1806"=dword:00000003
    
    Another way, would be to use SuRun to manage the entries in the link I provided. This way, you'd elevate only for the current user and not system-wide.

    If you set an explicit low integrity level + 1806 + EMET, I don't think you'd be in danger. ;)

    I wouldn't mess with Internet Explorer, in what respects the low integrity level. We never know how it still interacts with the O.S and/or other apps. At least not without a backup of your system. :)

    You should also add an explicit low integrity level to your Downloads folder.
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Unfortunately the 64 bit doesn't exist yet.
    So for now it's a moot point.

    Iron ? Interesting. I wouldn't blindly trust 'open source' but I'll look into it.
    I'm just not SURE in what way it is related to Google's product. I'd rather err on the side of caution.

    Thank you.
     
  8. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    m00nbl00d: how could I set a low integrity level for the browser ?
    To be honest, I'm not familiar with the technical aspects of 'integrity levels', but I could look that up.

    So we're not talking about IE here. My past experiences with Firefox and Opera were not good.

    So, how would one set a low integrity level for the various browsers ?

    In my mind, one could make a basic distinction between browsers that have 'additional' security/privacy features (probably involving more code that itself can be vulnerable) and simple browsers that offer just the basics without additional security/privacy features, also having less code that can be exploited.

    Security through obscurity is not completely pointless.
    Would you suggest a few browsers that have not been mentioned in this thread ? The Flash thing is relevant, of course ;)
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    FYI there's no such thing as "Chromium without the Google stuff in it" considering that Chromium is inherently Google and is worked on by Google engineers and was in fact created by Google engineers.

    I would not suggest iron since it doesn't get updates as often as regular Chrome or Chromium.
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Try this, should explain how to do it
    https://www.wilderssecurity.com/showthread.php?t=283375

    As for what it is, and what it does, it is a bit technical.

    In laymans terms, maybe this will help.

    You probably know that users and/or groups have certain rights. Admins can do anything, anywhere, users are more restricted.

    Integrity Levels apply this concept to a process. You have 4 basic levels:
    System - the hightest level, normally not used by you or me ;)
    High - think of it as admin level
    Medium - think of it as user level
    Low - think of it as a guest level

    An Integrity Level cannot (normally) mess with levels above itself. Thus Low cannot mess with any others, and Medium can only mess with other Mediums and any Lows, Highs cannot mess with Systems, but can mess with other Highs, Mediums and Lows, and obviously System levels can mess with whomever they want. I think System levels are like cousin Vinny, you know, the real muscle ;)

    If you are a USER, then almost everything runs at Medium Integrity. Important things run at High or System. This is how LUA runs all the time. Integrity Levels make a better boundry because everything you start without UAC runs at Medium, and nothing really important is at Medium really. When you use UAC to open a process, it elevates that process to HIGH Integrity, which then allows more options.

    If you start IE in protected mode, it runs at Low Integrity. If all the other stuff you do in LUA is at medium then you can see how this Low Integrity IE process is rather limited. Actually there are not many processes or directories that have a Low Integrity by default.

    You will notice in that thread I linked to, that if you want to run a browser, maybe Firefox, at a Low Integrity, it might need to write to places, like for your bookmarks or cache. Well, those places are not a Low by default, so Firefox might not run, or just might not save things like bookmarks. In order to get that functionality, you have to set files or folders to Low Inegrity as well, so the Low Integrity Firefox process is at the same level.

    You can probably already see that if all you do in LUA is at Medium, or if you are Admin and all is at High, having your browser at Low Integrity puts a good limit on it as to where and what it can do. This is aside from the users rights mind you.

    HTH.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.