Working inside a sandbox

I'm sorry for asking this because there must be threads about it but I can't find them.
Can a keylogger program work inside a sandbox so that if one goes to a sensitive site also within the sandbox, it can execute it's purpose?

 

Yes it can. There is an on going thread, https://www.wilderssecurity.com/showthread.php?t=156172 discussing a similar scenario with VMs` and Sandboxes. While the key logger would be gone once the sandbox was closed, any information it collected or more specifically, transmitted, would still be in the hands of who ever planted the key logger.

 

Thanks for answering. As Shakespeare wrote, "There's the rub". A keylogging program doesn't need the C drive to write it's program in order to record key strokes. You're protecting the drive but a lot of damage can still be done.
I guess the perfect sandbox would be one that allows everything in and nothing out through the browser that has been sandboxed.

 

Hi, folks: Correct me if necessary. I am using DeepFreeze home. Each time when I surf net, i use frozen state. W/ DF the whole C drive is frozen, no exception. I would assume my actual drive is free of any sort of malwares prior to freezeing. If it is not so, any damages caused by malwares, such as kegloggers as mentioned on this thread, would be contained w/in frozen state, and any attempt initiated by these Keyloggers, such as transmiiting info outbound, should be stopped by ZA pro firewall(it has strong outbound control, and reliable application control). Keyloggers can collect as many info it can, but nothing has been leaked out. Therefore, soon after pc is rebooted, anything , I mean everything w/in forzen state is gone foreever. This has been my comprehension how DF does its amazing work. And It has been keeping me from any trouble.

 

IMO, that would all depend on how the key logger was transmitting the info. If it was doing it as say a BHO, then I believe ZA would only see the Browser and not block it. One possible difference is if you were to have indavidual components blocked. Then again that would mean you were most likely aware of the key logger and would then take steps to remove it as opposed to just blocking it.

 

With all these scenarios, one must assume that their machine is not infected in the first place. Assuming a clean system, Deep Freeze would offer no protection against Keyloggers between reboots. Same as others like Sandboxie, BufferZone, etc where a 'Dirty' sandbox offers no protection to what happens in the sandbox. Any important online activities should be done with a 'Fresh Reboot' or 'Clean' sandbox.

 

Deepfreeze isn't invulnerable. There's a program called Unfreeze that will thaw the system. Unfreeze was developed by someone in Argentina and, apparently, works on the last 3 versions of Deepfreeze.

Faronics lab, the developers of Deepfreeze, know about this but haven't done anything to fix the problem.

 

Hi, folks: Just allow me to make a minor correction. DF up until v.5 was vulnerable to Unfreeze or some password breaker. The newest one v.6 appears to me is currently immune to this type of attack. As to keyloggers situation, any good advice available? I am aware of AntiExecutible available from DF's developer, is it effective?

 

Thanks for the correction, Perman. My understanding was that Deepfreeze hadn't fixed the problem.