WSA monitoring SBIE- questions!

Discussion in 'Prevx Releases' started by ams963, Jul 7, 2012.

Thread Status:
Not open for further replies.
  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hi,

    WSA is monitoring sbie.

    sbie.PNG

    I want to if I should allow sbie or not. If I allow sbie will wsa still scan contents inside a sandbox?

    I've also set Firefox and plugin container in Protected Applications in WSA. Firefox and plugin container are started forcibly in a sandbox under sbie. Do I need to keep sbie in monitor with wsa to protect those apps under sbie to be protected by wsa with entered information?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, that will continue working fine.

    Sandboxie may prevent WSA from seeing active windows in Firefox because it blocks data from exiting the browser. Therefore, I suspect you won't be able to have WSA protecting the browser when under Sandboxie (although a website which could infect you would generally not be one you'd be transacting on, i.e. your bank).
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe

    So whether or not I allow sbie, wsa may not protect the info entered in my browsers? I force internet facing apps for better protection. If WSA cannot protect the info inside a sandbox then I've to open browser unsandboxed to protect info entered with wsa?

    I think this point should be noted and all this time I've wondered why wsa is not listed in the software compatibility in sbie. I think someone should contact Tzuk to ask him(preferably Joe as Tzuk rarely sees ordinary email or topics posted in the sbie forum)to put wsa in the software compatibility for wsa to work to it's full potential as do other products like EAM, Norton, Avast etc which are listed.
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Yes you're probably right. But then the whole idea of privacy, data protection and identity in WSA, mega suites like Norton, Bitdefender, Kaspersky and standalone specialized apps like Keyscrambler would have been obsolete, right?

    I mean then why put the Protected Applications feature in WSA identity Shield in the first place, right?
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm definitely not saying there isn't a need for the feature. What I'm saying is that the websites you're likely to get infected on (the ones you would want to browse with using a sandbox) wouldn't be the ones you would need to protect your identity on. Therefore, you can browse with Sandboxie for general browsing and browse without it to receive WSA protection.

    WSA does a significant amount within the browser to protect it and it is fundamentally incompatible with Sandboxie for providing identity protection at the same time as sandboxing. Short of Tzuk disabling a great deal of protection to allow WSA to monitor the browser, there isn't a way for WSA to communicate out from the browser to provide protection.
     
  6. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Ah that clears the confusion. So put simply you're saying it's either sbie or wsa ay? I don't understand why you can go through the complex process of making wsa compatible with another AV or IS or mega suite which does exactly the same thing as WSA yet I've gotta choose between wsa and sbie when both does totally different things with different aims.
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    So what you're saying is if I carry out a sandboxed browsing session with sbie the web threat shield is put off completely? Well isn't that unfortunate. Many of us here consider layered security approach in protecting their pcs. Many mega suites and some Avs nowadays offer more or less kind of sandbox features. Now WSA does offer to some extent but we have to agree it's not really sandboxing of any sort. I guess with using wsa we better forget sandboxing feature for good. That's just damn.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sandboxing by design has to prevent anything from being communicated out from the browser. In order to see what the browser is doing, something needs to be communicated out from the browser. If anything at all is sent outside of the browser into the OS, it could be used to exploit the system and therefore violates the core principals of a sandbox. I imagine Sandboxie has hardcoded exclusions to allow certain pipes out from the browser for specific AVs but any exception like this could be exploited and therefore reduce user security.

    Short of lessening the security of Sandboxie, there is nothing that can be done here and frankly, I would much rather see users using Sandboxie for it's intended purpose rather than trying to intentionally open holes in it to allow security products to communicate in and out from it.

    I imagine it is possible for Tzuk to open interfaces in and out from the browser for the Identity Shield to monitor it but I would very, very strongly recommend against it as this would break the core principals of sandbox security.

    In either case, the change is out of WSA's hands as it is playing in Sandboxie's "sandbox" and therefore it is Sandboxie which has to either block or allow it from communicating.
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Okay I understand. But frankly speaking I really don't think many people use sbie alone. I bet they use it with a AV or IS of their choice. I guess many of browsers using sbie could be exploited and are under threat. Well so much for taking security measures. :rolleyes:
     
  10. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372

    Sadly no anti-keyloggers work with browsers in SBIE, if they do then they are lying.
    I had the same thing happen to me when I tried running Trusteer Report last year and a browser in sandboxie. When the browser was sandboxed trusteer wasn't working, when the browser was fired outside the sandbox then trusteer was working. It's just the nature of the beast. It's safer for everyone that Sandboxie totally isolates the system from itself. Otherwise an exploit in trusteer could be transversed past the sandbox and onto the host.
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Exactly.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You could use the "trick" I pointed you to in the other thread, to restrict connections to specific services. All you got to do to make it easy, is to use different browser profiles for the different tasks. I use Chromium, but I have two profiles, each for each of the e-mail services I use. They cannot connect to any domain/IP, other than those allowed.

    It's all about separating tasks. I actually have these browser profiles in a secondary standard/limited user account. Then, I got another standard user account for my general web browsing. Even this general browsing Chromium profile can only connect to allowed domains.
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hmm...I've to agree with that. :)
     
Thread Status:
Not open for further replies.