Why we need 2 sandbox in sandboxie

Discussion in 'sandboxing & virtualization' started by southcat, Apr 25, 2010.

Thread Status:
Not open for further replies.
  1. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Hello. I just registered sandboxie, but i just wonder why we need 2 sandbox ?
    what is the different between running all application in one sandbox or running each application in single sandbox.

    Thanks for concerns.

    Ragards
    southcat
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    You can tailor the each sandbox for a specific application, and control what runs in the sandbox and what can access the internet.

    For example I have a Firefox sandbox. In it only Firefox, Foxit, Word, and the media player can run, and only Firefox can access the internet. I do this for each browser and outlook. Then I have another sandbox for certain testing. Anything can run it it, but nothing can access the internet.

    These are some of the many reasons.

    Pete
     
  3. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Yeah you're right. Thank you for clear my mind.

    Regards
    southcat
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Default box is nearly the same as Peter's with only a few apps having run access and only FF able to use inet resources.

    Testing box anything can run and anything can connect in/out as I want any fakealerts/downloaders to bring in their payloads and harvest them from the sandbox.

    Below is a shot of my setup with a malware sample running in the testing box.

    One.JPG
     
  5. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Hello Franklin, thanks for sharing, seems like you have great faith on sandboxie. But i am curious where are you found so many malware sample ? Is that any place provide those samples for testing ?

    Thank you.

    Regards
    southcat
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yes I volunteer for an Antimalware and upload to an AV if not detected.

    That is actually one sample I ran in my testing sandbox which downloads many other exploits and which can change from day to day. It actually downloaded three different rogues one day! :blink:

    I go through several malware lists nearly every day and search through Threat Expert reports for live links.

    If the samples are hit then I just archive them away. If they're not hit then I run them sanboxed, grab any droppers then upload for further testing and inclusion into removal databases.

    I also utilise Returnil (older version), Virtual Machines and Ghost Images and use as needed but I haven't found anything downloaded from the net that has bypassed Sandboxie as yet.
     
  7. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Haha, those malware too advance now, one catch you eventually you have all.:D

    Very reassurance.


    Thank you.

    Regards
    southcat
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041

    Hi Southcat

    Do not play with Malware unless you really know what you are doing. When I do, I put my computer in SHadow Mode with Shadow Defender, and then go into a VM machine to do the actual testing. It can be very dangerous.

    Pete
     
  9. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    Hi Pete.

    Is the idea of using Shadow Mode a backup in case something escapes the VM?

    Ken
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    You've got it. Also with Shadow Protect both of the drives are protected.

    I also make sure my images and FDISR archives are current. I take no chances.

    Pete

    PS. Sandboxie has been a tried and true friend to me.
     
  11. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Hello Pete. I'm not gonna to play malware, haha. Even if i do, i will put my system into virtualization first.

    Thanks for concerns.

    Regards
    southcat
     
Loading...
Thread Status:
Not open for further replies.