WSA monitoring SBIE- questions!

Hi,

WSA is monitoring sbie.



I want to if I should allow sbie or not. If I allow sbie will wsa still scan contents inside a sandbox?

I've also set Firefox and plugin container in Protected Applications in WSA. Firefox and plugin container are started forcibly in a sandbox under sbie. Do I need to keep sbie in monitor with wsa to protect those apps under sbie to be protected by wsa with entered information?

 

Yes, that will continue working fine.

Sandboxie may prevent WSA from seeing active windows in Firefox because it blocks data from exiting the browser. Therefore, I suspect you won't be able to have WSA protecting the browser when under Sandboxie (although a website which could infect you would generally not be one you'd be transacting on, i.e. your bank).

 

So whether or not I allow sbie, wsa may not protect the info entered in my browsers? I force internet facing apps for better protection. If WSA cannot protect the info inside a sandbox then I've to open browser unsandboxed to protect info entered with wsa?

I think this point should be noted and all this time I've wondered why wsa is not listed in the software compatibility in sbie. I think someone should contact Tzuk to ask him(preferably Joe as Tzuk rarely sees ordinary email or topics posted in the sbie forum)to put wsa in the software compatibility for wsa to work to it's full potential as do other products like EAM, Norton, Avast etc which are listed.

 

Yes you're probably right. But then the whole idea of privacy, data protection and identity in WSA, mega suites like Norton, Bitdefender, Kaspersky and standalone specialized apps like Keyscrambler would have been obsolete, right?

I mean then why put the Protected Applications feature in WSA identity Shield in the first place, right?

 

I'm definitely not saying there isn't a need for the feature. What I'm saying is that the websites you're likely to get infected on (the ones you would want to browse with using a sandbox) wouldn't be the ones you would need to protect your identity on. Therefore, you can browse with Sandboxie for general browsing and browse without it to receive WSA protection.

WSA does a significant amount within the browser to protect it and it is fundamentally incompatible with Sandboxie for providing identity protection at the same time as sandboxing. Short of Tzuk disabling a great deal of protection to allow WSA to monitor the browser, there isn't a way for WSA to communicate out from the browser to provide protection.

 

Ah that clears the confusion. So put simply you're saying it's either sbie or wsa ay? I don't understand why you can go through the complex process of making wsa compatible with another AV or IS or mega suite which does exactly the same thing as WSA yet I've gotta choose between wsa and sbie when both does totally different things with different aims.

 

So what you're saying is if I carry out a sandboxed browsing session with sbie the web threat shield is put off completely? Well isn't that unfortunate. Many of us here consider layered security approach in protecting their pcs. Many mega suites and some Avs nowadays offer more or less kind of sandbox features. Now WSA does offer to some extent but we have to agree it's not really sandboxing of any sort. I guess with using wsa we better forget sandboxing feature for good. That's just damn.

 

Sandboxing by design has to prevent anything from being communicated out from the browser. In order to see what the browser is doing, something needs to be communicated out from the browser. If anything at all is sent outside of the browser into the OS, it could be used to exploit the system and therefore violates the core principals of a sandbox. I imagine Sandboxie has hardcoded exclusions to allow certain pipes out from the browser for specific AVs but any exception like this could be exploited and therefore reduce user security.

Short of lessening the security of Sandboxie, there is nothing that can be done here and frankly, I would much rather see users using Sandboxie for it's intended purpose rather than trying to intentionally open holes in it to allow security products to communicate in and out from it.

I imagine it is possible for Tzuk to open interfaces in and out from the browser for the Identity Shield to monitor it but I would very, very strongly recommend against it as this would break the core principals of sandbox security.

In either case, the change is out of WSA's hands as it is playing in Sandboxie's "sandbox" and therefore it is Sandboxie which has to either block or allow it from communicating.

 

Okay I understand. But frankly speaking I really don't think many people use sbie alone. I bet they use it with a AV or IS of their choice. I guess many of browsers using sbie could be exploited and are under threat. Well so much for taking security measures.

 

Sadly no anti-keyloggers work with browsers in SBIE, if they do then they are lying.
I had the same thing happen to me when I tried running Trusteer Report last year and a browser in sandboxie. When the browser was sandboxed trusteer wasn't working, when the browser was fired outside the sandbox then trusteer was working. It's just the nature of the beast. It's safer for everyone that Sandboxie totally isolates the system from itself. Otherwise an exploit in trusteer could be transversed past the sandbox and onto the host.

 

Exactly.

 

You could use the "trick" I pointed you to in the other thread, to restrict connections to specific services. All you got to do to make it easy, is to use different browser profiles for the different tasks. I use Chromium, but I have two profiles, each for each of the e-mail services I use. They cannot connect to any domain/IP, other than those allowed.

It's all about separating tasks. I actually have these browser profiles in a secondary standard/limited user account. Then, I got another standard user account for my general web browsing. Even this general browsing Chromium profile can only connect to allowed domains.

 

Hmm...I've to agree with that.