Working inside a sandbox

Discussion in 'other anti-malware software' started by fred128, Nov 30, 2006.

Thread Status:
Not open for further replies.
  1. fred128

    fred128 Registered Member

    Joined:
    May 21, 2006
    Posts:
    152
    I'm sorry for asking this because there must be threads about it but I can't find them.
    Can a keylogger program work inside a sandbox so that if one goes to a sensitive site also within the sandbox, it can execute it's purpose?
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Yes it can. There is an on going thread, https://www.wilderssecurity.com/showthread.php?t=156172 discussing a similar scenario with VMs` and Sandboxes. While the key logger would be gone once the sandbox was closed, any information it collected or more specifically, transmitted, would still be in the hands of who ever planted the key logger.
     
  3. fred128

    fred128 Registered Member

    Joined:
    May 21, 2006
    Posts:
    152
    Thanks for answering. As Shakespeare wrote, "There's the rub". A keylogging program doesn't need the C drive to write it's program in order to record key strokes. You're protecting the drive but a lot of damage can still be done.
    I guess the perfect sandbox would be one that allows everything in and nothing out through the browser that has been sandboxed.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Correct me if necessary. I am using DeepFreeze home. Each time when I surf net, i use frozen state. W/ DF the whole C drive is frozen, no exception. I would assume my actual drive is free of any sort of malwares prior to freezeing. If it is not so, any damages caused by malwares, such as kegloggers as mentioned on this thread, would be contained w/in frozen state, and any attempt initiated by these Keyloggers, such as transmiiting info outbound, should be stopped by ZA pro firewall(it has strong outbound control, and reliable application control). Keyloggers can collect as many info it can, but nothing has been leaked out. Therefore, soon after pc is rebooted, anything , I mean everything w/in forzen state is gone foreever. This has been my comprehension how DF does its amazing work. And It has been keeping me from any trouble.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    IMO, that would all depend on how the key logger was transmitting the info. If it was doing it as say a BHO, then I believe ZA would only see the Browser and not block it. One possible difference is if you were to have indavidual components blocked. Then again that would mean you were most likely aware of the key logger and would then take steps to remove it as opposed to just blocking it.
     
  6. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    With all these scenarios, one must assume that their machine is not infected in the first place. Assuming a clean system, Deep Freeze would offer no protection against Keyloggers between reboots. Same as others like Sandboxie, BufferZone, etc where a 'Dirty' sandbox offers no protection to what happens in the sandbox. Any important online activities should be done with a 'Fresh Reboot' or 'Clean' sandbox.
     
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Deepfreeze isn't invulnerable. There's a program called Unfreeze that will thaw the system. Unfreeze was developed by someone in Argentina and, apparently, works on the last 3 versions of Deepfreeze.

    Faronics lab, the developers of Deepfreeze, know about this but haven't done anything to fix the problem.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Just allow me to make a minor correction. DF up until v.5 was vulnerable to Unfreeze or some password breaker. The newest one v.6 appears to me is currently immune to this type of attack. As to keyloggers situation, any good advice available? I am aware of AntiExecutible available from DF's developer, is it effective?:-*
     
  9. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Thanks for the correction, Perman. My understanding was that Deepfreeze hadn't fixed the problem.
     
Loading...
Thread Status:
Not open for further replies.