Using the 6.x sandbox/kiosk for different purposes

INTRODUCTION

What this guide is about?
This guide provides guidance on how to setup and use the CIS sandbox for different purposes. By sandbox I mean the virtualisation facilities of CIS including this Kiosk.The guide does not cover the Behavior Blocker despite the fact that the Behavior Blocker used to be called, confusingly in my view, the ‘auto-sandbox’. By setup I mean adjust security settings for risk management purposes, and other settings to make ussing the sandbox convenient.

What words I will use?
I will call the virtualisation facilities of CIS ‘the sandbox’ and what used to be called the autosandbox, the behavior blocker.

Why is this an issue?
The CIS sandbox can be used for many different purposes. As explained in more detail here if you use a sandbox for purposes that assume the threat is outside the sandbox, and then for a purpose that assumes the opposite you may run a significant security risk.

You can get round this problem by resetting the sandbox between conflicting purposes. But if you do by default you lose all the settings changes you have made to programs, including browser shortcuts etc. Pending introduction of multiple sandboxes, Comodo provides a work around for this by allowing you to add browser settings and extensions directories to sandbox exclusions. But this potentially leaves you exposed to any exploits that infect the browser itself - a browser infection aquired when browsing say gaming sites could still be active when you next use the sandbox for banking purposes. Also, since you are likely to be using the same browsers sandboxed and unsandboxed, these infections, which may be acquired in the relatively permissive environment of the sandbox, could take effect when you are not sandboxed.

In my view a safer approach is to create separate, non-virtualised, software (eg browser) installations for sandboxed use. You could create just two - one that assumes that the threat lies outside the sandbox, one that assumes it lies within. But, since this is really easy to do, while you are doing this you might as well set up separate software installations for each different purpose, allowing you to closely tailor security settings, and even the programs you choose to use to each purpose. This makes sense because the optimal security can vary significantly with purpose. For example settings needed to maintain anonymity (which is exceedingly difficult to do well) are quite different from those required for online banking. An collateral advantage of this approach is that you can set up software environments that are very efficient for carrying out specific tasks.

What approach do I use?
The common availability of portable versions of programs makes creating separate installations for different purposes really easy. I suggest creating a suite of such portable installations for each purpose in it’s own directory. A link to these purpose directories is created on the Kiosk desktop. Settings normally stored in the OS are also re-located into dedicated software installations where possible, and their security enhanced. For example dedicated password managers are used to store site shortcuts instead of say the OS password storage facility. I avoid inadvertent use of pre-installed relatively insecure software (eg IE) by removing these, and the links that might invoke them, from the sandbox. I add facilities that would be too inconvenient to set up for each use, for example truly anonymising browsing connections for the anonymous browsing purpose.

The main disadvantage of this approach apart from adding some complexity, is that you will need to make all settings changes in the purpose-specific portable installations when running them non-virtualised. All changes made when virtualised will be deleted when you reset the sandbox.

Normal and advanced users
Guidance is flagged as being for normal or advanced users. Normal users are reasonably competent computer users able to install software, change software settings, and perform simple file system operations (copying, moving, renaming, changing properties etc). Advanced users are assumed to have a sound technical understanding of the way their computer works, and so are able to take on more advanced tasks, eg involving setting up firewall and D+ rules and editing the registry. Advice for normal users is detailed, that for advanced users is higher level. It is presumed advanced users can work out how to perform the tasks required from a general description.

Testing of recommendations
These recommendations have been tested by a fellow Comodo user, Treefrogs, and recommendations for improvement incorporated. The testing thread starts here.

Guidelines
Follow this guideline for all purposes:

[ol]- General guideline.[/ol]

Then follow the guideline for all the specific purposes you have in mind:

[ol]- Banking & other apps where private communication to the correct location is critical

• Anonymous browsing & other apps where secrecy of web activity is critical
• Browsing risky sites & trying out potentially risky software inc. gaming
• Corporate usage[/ol]

[i]Status: The guide is a draft - so please forgive any inaccuracies. Because it is a draft, any and all input regarding how it can be improved will be particularly gratefully received. Please post that input: here.

Preparation and responsibility: This introduction has been prepared by a volunteer moderator – with input from many other moderators and staff (Thanks everyone, especially: Treefrogs for his extensive testng work and suggestions, Chiron for his articles and in partic for his browser security add-on & non-■■■ comms service suggestions, HeffeD for his review, and Egemen - the latter via prior discussion, not review of this document). It has been produced on a best endeavors basis - please use at your own risk. it will be added to and corrected as we find out more about the sandbox. Note that I am not a member of staff and therefore cannot speak on behalf of Comodo.[/i]

Updated: 5 April 2013, to reflect changes up to CIS version 6.0.xxx.2708

GENERAL GUIDELINE- do this for all purposes

Normal users. Why do this?.

[ol]- Reset the Kiosk and in Sandbox Tasks ~ Advanced Settings set the following options:

[li]‘Show highlight frame on virtualised Windows’

• ‘Do NOT start services’

• Kiosk Password (Strong, ideally 15 characters, upper and lower case with a punctuation mark)

• In Firewall Tasks ~ Advanced settings turn on ‘Enable TrustConnect for public networks’.

• Outside Kiosk create folder in your Program Files directory called ‘Software for VIRTUAL use ONLY’ and a folder named ‘Shortcuts’ then create a Desktop shortcut to the shortcuts folder with the name ‘Software for VIRTUAL use ONLY’.

• Enter the Kiosk & remove all unnecessary items from the Kiosk desktop, in both tablet and classic modes, particularly any shortcuts to unrecognized programs stored outside the sandbox. This will not effect your normal desktop. In tablet mode do this by switching to tablet mode, clicking and holding then clicking on the cross on each icon.

• Optionally exit Kiosk and delete the desktop shortcut to the ‘Software for virtual use only\shortcuts’ folder. This will not delete the Kiosk shortcut, but will prevent or inhibit you using it outside Kiosk. If you do this you will need to re-create the shortcut on each reset.

• Consider installing an advert manager like AddBlock Plus with EasyPrivacy+EasyList in any browsers you install when following purpose specific recommendations. (In some of the recommended browsers similar software or restrictions that have the same effect are pre-installed, and adding additional software may upset the built in functionality, so check the browser user guide first).

• Use recommendation: The one exception to the general rule that you should not use Kiosk software outside Kiosk is that you must do so to make settings changes which you wish to survive a reset

• Use recommendation: Unless you use the rather complex setup at Advanced (2) below, you will still need to take care to use the Kiosk browser(s) not your normal browser when in the Kiosk. I am currently looking for a more practical way to ensure people don’t make mistakes in this respect. Please PM me if you can think of one.

• Use recommendation: Reset before and after each use, exit after each use using ‘Exit’.[/ol]

Advanced users Why do this?.

[ol]- Restrict internet comms. To do this create a rule requiring all installed virtualised apps to ask for internet access, using the path C:\VTRoot* to define virtualised apps. Details here.

• It is possible to ensure that you cannot inadvertently use normal browser installations when virtualised, but this involves some work. To do this you need to rename your browser’s directory to anything. Then create a junction point (using say the sysinternals junction tool ) for the browser directory in any location you like (except the browser directory), then redirect all shortcuts used to run the browser via the junction point. If it’s your default browser you’ll lose some functionality doing this. I will try to post further guidance soon.
• Install a third party clipboard manager such as Clipmate which allows you to choose the location of its clips. Install this outside the sandbox, and create a shortcut to it on the desktop. Start it from the desktop and create a new clips database in default location when prompted. This database will be deleted on reset.
• Install a secure deletion tool and use that to delete sandbox contents (C:\VTRoot and all subdirectories), before and as part of each sandbox reset. One is included in Comodo System Utilities. THis needs to be done carefully detailed instructions here. Testing by treefrogs here.
• Optionally switch on CertSentry for IceDragon see here for details
• Activate the proactive configuration and reboot[/ol]

BANKING ETC
Suitable for: applications where preventing access to private information by malware, misdirection and interception is most important factor.

Normal users. Why do this?.

[ol]- Install the portable version of a secure browser like IceDragon that can enforce strict https:// & DNS security, and supports a flexible password manager. Install it outside the Kiosk, to C:\Program Files (x86)\Software for Virtual use only\Banking\Browser, allowing it to create a desktop shortcut. Accept, if offered, the option of a secure DNS service like Comodo SecureDNS, and a https:// manager like Https Everywhere. Otherwise install such services subsequently. If you use IceDragon, which I recommend, also do this. Dragon (CD) may complain about the location, ignore this.

• Choose a secure password manager which supports the definition of a specific browser as the web link handler, and allows you to set the location of it’s password database, such as the KeePass/KeeFox combination. Install a specific instance of the program for banking use to C:\Program Files (x86)\Software for Virtual use only\Banking<password manager name>, create a Banking passwords database, and locate that password database in the shared area. Choose a strong password and encryption level for the database and generally set the most secure settings you can tolerate. Make the default URL handler for all financial sites Banking Browser - instructions re how to do this if using Keepass with IceDragon here. Alternatively you can install a web-based password manager like Lastpass which installs into the browser and so uses that browser for link handling, and tolerates deletion of it’s local password cache. Then set up a specific account with high security settings for banking purposes (tip from treefrogs detail here).
• Create a Banking subdirectory of the ‘Software for virtual use only\shortcuts’ folder (see general guideline). Move to this folder the Desktop shortcut of the copy of the banking browser, and name it ‘Banking Browser’. Similarly with the password manager, naming the shortcut ‘Banking Passwords’.
• Using your bank’s paper documentation, type in the URLs of your banking log-on pages. When each site loads, check that the URL bar indicates a secure connection (usually it is green). If it’s not double-check the URL with your bank by phone. Save the passwords & the URLs in the secure password manager. Set your most frequently used banking page as your home page (tip from treefrogs).
• Use suggestion: Use only the password database shortcuts (or the bank home page) to access banking web sites, use the Kiosk keyboard or secure transfer from password manager to transfer passwords[/ol]

Advanced users. Why do this?.

[ol]- Install browsing communications anonymity and encryption software outside the Kiosk. Suggestions: Use ■■■/JonDo paid version if you can afford it and don’t mind a small latency hit (Portable version install instructions here), otherwise Ultrasurf (though make sure you read design notes first here), not TrustConnect as you cannot automatically apply it just to Kiosk comms. TOR will work but performance is very variable. If you install separate browsing communications encryption software you should turn off CIS’s integrated Trustconnect under Firewall Tasks ~ Advanced settings.

• If necessary (JonDoFox and TOR browsers come pre-set) set the Banking Browser to use the comms port designated by the encrypted browsing comms software
• Restrict internet comms further. To do this create a rule for the Banking Browser blocking all network access except for the Urls or IPs (preferably the latter) of your banking sites. You may have to experiment with this list a bit as URLs and or IPs may change as you navigate complex sites.
• Add the password database to Defence Plus protected files, and create a rule allowing (only) the secure password manager to access it.
• Use suggestion: Where appropriate remember to switch your browsing encryption software on before you enter the Kiosk and off after exiting[/ol]

ANONYMOUS WEB ACCESS
Suitable for applications where local or external access to identifying information or traces of activity are the critical concerns.

Normal users. Why do this?.

[ol]- Install a dedicated copy of a anonymous browser such as JohnDoFox in portable mode outside the Kiosk to C:\Program Files (x86)\Software for Virtual use only\Anonymous\Browser

• Install dedicated portable versions of any other internet facing applications you may have to sub-directories of the anonymous directory. Pidgin and Thunderbird run well virtualised and can be installed in portable mode, and anonymous application profiles are available (see advanced below).
• Create a Anonymous subdirectory of the ‘Software for virtual use only\shortcuts’ folder (see general guideline). Move to this folder the Desktop shortcut of the copy of the anonymous browser, and name it ‘Anonymous Browser’. Similarly with any other software used for anonymous purposes.
• Note that the settings for normal users only provide freedom from local traces - there will still be records of web sites visited on your ISP’s servers.[/ol]

Advanced users. Why do this?.

[ol]- Install browsing communications anonymity and encryption software outside the Kiosk. Suggestions: Use ■■■/JonDo paid version if you can afford it and don’t mind a small latency hit (Portable version install instructions here), otherwise Ultrasurf (though make sure you read design notes first here), not TrustConnect unless you agree with it’s privacy policy and are willing to switch it on and off manually on entry and exit. TOR will work but performance is very variable. If you install separate browsing communications encryption software you should turn off CIS’s integrated Trustconnect under Firewall Tasks ~ Advanced settings.

• If necessary set the anonymous browser and any other internet facing applications you may have (email, instant messaging etc) to use the comms port designated by the secure browsing software. (The JonDoFox and TOR browsers come preconfigured in this respect). In the case of email and instant messaging (IM) you will also need to use anonymous destination servers to ensure complete anonymity. Guidance and app profiles for anonymous email and IM with ■■■/JonDo using Thunderbird and Pidgin here and here. Profiles include optional support for end to end email (Enigmail) and IM encryption.
• Using the firewall you could also restrict non-installed virtual apps so they cannot communicate except via the VPN instructions here -another tip from Treefrogs.
• Ideally set hibernation (& hybrid mode) to off, and set Windows to over-write it’s page file on reboot, rebooting after each Kiosk use. Also over-write cluster tips and other filename/allocation traces after each reboot using a specialist secure deletion tool like Eraser (www.heidi.ie) or Privazer (www.privazer.com).
• Use suggestion: If you are not using proxy/port-based VPN software remember to switch your browsing encryption software on before you enter the Kiosk and off after exiting.[/ol]

RISKY SITE BROWSING & OTHER APPS INC. GAMING
Suitable for most applications where main danger is harm to your computer or access to non-virtualised private information, by malware resident on web-sites or in software you download and run.

Normal users. Why do this?.

[ol]- Install the portable version of a hardened browser outside the Kiosk to C:\Program Files (x86)\Software for virtual use only\RiskySites\Browser, allowing it to create a desktop shortcut and accepting Comodo SecureDNS. Either Dragon or IceDragon would be offer benefits in this role, but if the General Setup ~ Advanced Users recommendation to setup firewall control is not followed, it may be better to consider installing a browser with more facilities that malware could exploit switched off such as JonDoFox remembering to add Comodo SecureDNS. If you already use this browser install an additional portable copy to this path.

• Create a Risky sites subdirectory of the ‘Software for virtual use only\shortcuts’ folder (see general guideline). Move to this folder the Desktop shortcut of the copy of the risky sites browser, and name it ‘Risky Sites Browser’. Similarly with other risky sites software.
• Install WOT (Web Of Trust) or some other, perhaps more reliable, site whitelisting service into the Risky Sites Browser to help warn you about the most risky sites. [/ol]

Advanced users. Why do this?.

[ol]- Optionally change Plug-in (Java Flash Etc) settings so they have to ask before running. (This may already be the setting in some hardened browsers). (Tip from Treefrogs)

• Optionally install a scrip manager like NoScript extension into your RiskSites browser, though this should not really be necessary. JonDo and TOR browsers already have this installed.
• It may also be helpful to add VirusTotal, Comodo CIMA/Valkyrie file verdicting sites to the bookmarks and to install the VTChromizer extension for context menu VirusTotal uploading. (Tip from treefrogs)
• Use suggestions for browsing risky web sites. Use Kiosk.
• Use suggestions for trying out risky software. Use Sandbox Tasks ~ Advanced Settings and:

[li]Before running any software or installer check it by uploading it to CIMA and Virus Total

• Use the facility in Sandbox tasks ~ Advanced Settings to add the software to the Sandbox, starting with a high restriction level and decreasing it progressively
• Watch what it does using Advanced Tasks ~ Watch activity.
• Optionally watch it in more detail using the M$ Procmon tool
• When you are happy with the software, remember to re-install it outside the sandbox as it will be deleted on Sandbox reset
  [/li][/ol]

SENSITIVE CORPORATE USE
Suitable for: applications where preventing access to private information by malware, misdirection and interception and physical ingress are the most important factors.

Normal users Why do this?.

[ol]- Follow the banking guidelines here, labeling everything as ‘Corporate’ rather than ‘Banking’ optionally using your companies preferred software if it is sufficiently secure and supports all the required facilities

• [Not yet fully tested - if you try it please feedback]. In Windows 7+ Ultimate/Pro/corporate versions, use encryption to encrypt the shared area. In this folder’s properties go to General ~ Advanced and set encryption to on, remembering to back-up the encryption key as described: here. Consider turning off indexing of encrypted files under Control Panel ~ Indexing Options ~ Advanced to deny other users access to filenames. To achieve good physical security you will also need to ensure you have set up adequate Windows password control, guidance here. It may be wise to reboot before setting encryption on or off due to potential problems with encrypting or decrypting locked files.
• Use tip. Don’t try to do all your Corporate work in the Kiosk, do only the sensitive work there. Remember to ensure any work you wish to save is stored in the Shared Area as otherwise it will be deleted on sandbox reset.[/ol]

Advanced users Why do this?.

[ol]- Follow the banking guidelines substituting your Corporate VPN for the secure browsing service if you have one. Also substitute your corporate site IPs and URLs for the banking ones

• Ideally set hibernation (& hybrid mode) to off, and in Windows 7+, set Windows to encrypt it’s page file (guidance here), remembering the additional precautions in 3 above. Also over-write remaining physical storage traces (eg Cluster tips) after each Kiosk reset using a specialist secure deletion tool like Eraser[/ol]

General design principles
Normal users. The techniques used to store purpose-specific settings through sandbox resets (see Introduction ~ What Approach Do I Use) make avoidance of confusion in user browser selection essential. Accordingly the guidelines recommend removing desktop clutter. High security options are used for the Kiosk settings. Frequent resetting prevents persistent malware infections, or traces of activity threatening your security. Finally optional installation of AddBlock plus into whatever browser you install is suggested as this can block some privacy and some malware threats with fairly low user hassle.

Advanced users. By default sandboxed processes can access any information inside and outside the sandbox, and could send it over the internet. Firewall rules are used to address this weakness for executables stored in the sandbox. These rules will not trigger for executables stored outside the Kiosk, but since any downloads by sandboxed process will be stored in the sandbox, and links to existing executables are eliminated from the desktop, this should not happen. It’s particularly important to avoid inadvertently using the non-purpose specific browsers so an approach to disabling normal (non-purpose specific) browsers in Kiosk is developed. (Though this need improvement). The ability to reset the sandbox is enhanced by the user of a secure deletion tool that wipes all traces of sandbox contents. The machine is generally hardened against malware access at the expense of more alerts by setting CIS in proactive mode.The fact that Windows clipboard data (potentially including passwords) is stored outside the sandbox is addressed by use of a (paid) clipboard manager that will use different storage inside and outside the sandbox. Security of access to https//: sites is increased by use of CertSentry which will refuse to access to a site if certificate revocation information is out of date.

Banking design principles
Normal users: A dedicated secure browser is installed for banking purposes and set to use a Secure DNS service. Portable Icedragon is the recommended browser as it is good at resisting https:// exploits and has SecureDNS installed by default. It also appears to experience less virtualisation leaks than Dragon, and supports a particularly high quality secure password manager. Passwords are made persistent without significant security risks by installing a dedicated high security password manager outside the sandbox. The fact that the password manager is dedicated means it high security settings can be used. The password database is stored in a shared area to allow access from the sandbox and persistence across resets. Users are protected from phishing attacks by use of protected banking site shortcuts in the secure password manager instead of links or favorites. The secure browser is installed on an unusual path so that the users can later choose to create banking-specific firewall rules & browser settings (see advanced settings) without re-installation.

Advanced users. The setup in made more resistant to communications interception by automatic first step encryption of communications via proxy-based internet access encryption services. This is not made a recommendation for normal users, though it would be a significant advantage, as high quality fast proxy-based services seem to be chargeable, and non-proxy-based services mean the user has to remember to switch on and off before and after entering the Kiosk. In this role I once again suggest ■■■/JonDo because of the systematic and determined approach taken to encryption and anonymity and the reasonable performance of the paid solution. There is however some latency so, if you cannot bear this or cannot afford ■■■, consider UltraSurf though there has been some controversy satisfy yourself: here and by reading the UltraSurf Wiki. TrustConnect is another solution if you don’t mind switching Comms software on and off when you enter and leave the Kiosk.

Stronger guards are placed on access to malicious IPs by restricting banking browser access to a whitelist of the user’s own bank IPs. Defence plus, which will work in thhe shared area, is used to add a further level of protection to the password database, as this is not virtualised.

Anonymous access design principles
Normal users. A dedicated specialist anonymous browser/profile is installed but is not set to use SecureDNS, as SecureDNS provides no anonymity guarantee. Dedicated copies of other internet-facing applications (eg email, IM) may be installed and rendered reasonably anonymous using the KIosk’s reset-ability, and dedicated anonymous servers.

Advanced users. ISP traces are eliminated though automatic use of a proxy-based secure browsing service that emphasizes anonymity. This is not made a recommendation for normal users, though it would be highly preferable, as high quality fast proxy-based services seem to be chargeable, and non-proxy-based services mean the user has to remember to switch on and off before and after entering the Kiosk. In this role I suggest ■■■/JonDo because of the systematic and determined approach taken to anonymity and the reasonable performance of the paid solution. If you cannot afford paid ■■■ consider the much slower free ■■■ or TOR solutions, and if you cannot cope with the slow speeds try UltraSurf though there has been some controversy. Satisfy yourself: here and by reading the UltraSurf Wiki. I would not suggest TrustConnect in this role as you need to switch it on and off manually and Comodo’s commitment to anonymity is qualified. Becuase port/proxy based VPN software will leak internet comms which are not on the mapped ports, it is suggested that you use the firewall to prevent internet comms other than those going via the VPN.

Leakage of memory traces via the page file is prevented by over-writing the page file at boot and booting after each reset.

Risky site and software testing design principles
Normal users: A dedicated high security, optionally hardened browser is installed and set to use SecureDNS. The sandbox should protect the computer from malware damage, but some information gathering exploits are still possible if firewall control is not set up as recommended under General Setup ~ Advanced users.

Advanced users. A process for safe trial running of risky software is proposed using not the Kiosk, but the ability of the CIS to run software in the sandbox at various restriction levels from the main CIS interface, plus Comodo services. Making plug-ins like Java as for access before running give you the choice of saying no to such points of vulnerability on particularly risky sites.

Corporate Design Principles
Normal users. Corporate users are likely to be particularly concerned about access to sensitive information recorded while using the sandbox, so encryption of the shared area is suggested. Windows encryption is not secure unless proper password access control is set as anyone logged in on your account is automatically able to decrypt. Accordingly password access control guidelines are given. Only the shared area is encrypted as the sandbox itself is cleared each reset, and reset with each use. Please also see Banking Design Principles.

Advanced users. Leakage of memory traces via the page file is prevented by over-writing the page file at boot and booting after each reset. Please also see Banking Design Principles.

To set up Banking IceDragon as the default URL handler in Keepass, copy the string below to the URL override field in Options ~ Integration.

Keepass URL string: cmd://"C:\Program Files (x86)\Software for Virtual use only\Banking\Browser\IceDragon.exe" "{URL}" 

Setting up adequate password control in Windows XP to 7.

Probably will work in 8 as well

Normal users

[ol]- Go to All Programs ~ Accessories ~ Command prompt. Type in commands and set settings as below.

• Type Control UserPasswords , and chose to create or change the account password. Ideally make it 15 characters or more long and use lower and upper case, and at least one punctuation mark. (Using 15 chracters or more is especially critical in Winodws XP as it prevents the password being stored insecurely by Windows). Choose to create a password reset disk, and store this securely. Check that only people you trust absolutely have administrator accounts on the computer, and check that they too have password control set like this. Exit the Window.
• EITHER Type Control PowerCfg.cpl and choose that your computer should sleep after 15 minutes max (5 is better), and choose that it should require a password on waking. Log in to and do this in all other administrator accounts as well. Exit the Window.
• AND/OR Type Control Desktop and choose screensaver settings, and choose to create a screensaver password. Set this to 15 minutes max (5 is better). Log into and do this in all other administrator accounts as well. Exit the Window.
• Carefully check what you are sharing with other users in your network sharing settings and folder properties. In Windows XP one setting can grant all users access to all documents in all user accounts![/ol]

Advanced users

[ol]- From the command line, run Gpedit.msc and go to Computer config ~ Windows Settings ~ Security Policy ~ Account Policy ~ Password Policy ~ Password Must Meet Complexity Requirements, and enable it. Note that it is not possible in Win XP-7 to enforce a password length longer than 14 Characters.

• Consider setting a bios password. To do this consult your computer’s instruction manual (to enter the Bios you usually press F8 during the initial boot stages). Please note that setting a bios password and forgetting it will probably mean you cannot use the machine again without replacing the motherboard. Changing other Bios settings may have similarly dire consequences if you don’t know what you are doing.[/ol]

If you use IceDragon go to Tools ~ Options ~ Advanced ~ Encryption ~ Validation and set it to fail certificate validation if OSCP server checking fails.

This makes sure that if a web site’s SSL security certificate cannot be fully checked, the browser refuses to load it and should alert the user.

I have been following this thread and decided to test each individual purpose, I have concentrated on the “Average User” rules but may also test some “advanced rules” in future tests.
I have so far only tested the Banking hardened browser.
Following the rules step by step is pretty straight forward -
after securing the Kiosk as seen in rules A,B,C and D here
I created the required folders, see folders and followed the other steps “General Guidelines” which are good practice.

BANKING
Creating and using the Hardened banking browser
I followed the steps Here
I installed Ad Block and HTTPS Everywhere in Ice Dragon,
I had never used Keepass before, make sure to install the portable version. I installed the database in a shared area I called Kiosk (I have deleted shared space)
I reset the sandbox then entered the Kiosk I opened the banking browser from the shortcut - Software for Virtual use only - I have set my bank log in page to open as the home page, then logged in using Keepass, when I finished I logged out, exited the Kiosk and reset.

After a little time spent setting this up I found it very easy to use. I like the fact that the browser used will never be used for any other purpose therefore creating a very secure banking enviroment.

Edit: I have since configured the browser to open my bank log in URL when the browser opens.
Now my banking is as easy as entering the Kiosk logging in, doing my banking logging out, exiting the Kiosk and then a reset. I know the browser has never been anywhere on the web and is only ever used for this purpose.

Edit 2: Lastpass can also be used in this set up, I followed the same steps except from installing Keepass, I replaced this by opening the banking browser outside the kiosk (non virtual) and installed the Lastpass add on. Lastpass uses a local database as well as keeping an encrypted copy on there servers. I tested been logged in to Lastpass using a browser outside the kiosk, then entered the kiosk opened the Lastpass version of the banking browser logged in with Lastpass, logged out, exited and then reset the kiosk. The non virtual Lastpass browser is still fully functional. I believe the local database is recreated almost immediatly as I was also able to log in to sites using Lastpass when offline.

Edit 3: When setting up Keepass it’s important to instruct Keepass to open the banking browser and not your default browser. Shown Here

[attachment deleted by admin]

Thanks very much for reviewing this Treefrogs. I and I’m sure many users will appreciate the care you take, and i will sort out any problems, needs for clarification that you find.

After a little time spent setting this up I found it very easy to use. I like the fact that the browser used will never be used for any other purpose therefore creating a very secure banking enviroment.

I have set up and tested the Anonymous web access browser, I followed the same guidelines seen Here.
The only exception been #5, I did not alter or add to the browser as ■■■ is pre-configured for anonymity by default, changing this could be counterproductive.

I followed the steps Here and installed the portable ■■■ browser in to the specified folder, reset the sandbox and entered the Kiosk.
Once in the browser ■■■ starts from the shortcut and anonymously connects to the web. I also configured the Tor browser the same way, another portable versions of chat/email etc should be just as straight forward.

All app’s running in the kiosk can be made to ask for internet access by following the guide Here
I created rules to force all browser connections to only connect through my VPN.

Edit:■■■ uses Java, I have Java set to always run fully virtualized with Partially Limited rights, this has no impact on functionality that I have noticed.
The portable installation is a little different than the standard install, I found This guide helpful.

Edit: I think it’s worth noting that both the ■■■ browser and the Tor browser bundle both come with custom settings and add ons pre-installed so there is no need to tweak or add to the browsers, doing this could actually be counter productive.

[attachment deleted by admin]

The risky site browser set up is very straight forward, Using the Guidelines seen Here
I created the files - ‘Software for VIRTUAL use ONLY’ and the shortcut folder, I have called it ‘Kiosk’
I installed a portable copy of CD following This Guide and placed a shortcut to the .exe in the shortcut folder (Kiosk)
As the site will be used for risky sites and downloads I also added killswitch.exe to the shortcuts (Kiosk) folder.
I added VT, CIMA and others to the bookmarks, I also added the VTChromizer extension for context menu VT uploading.
This browser is ideal for finding and testing risky software, resets before and after use are critical.
I also create the FW rule found Here[/url ]to control any unknown file connection attempts

I have tested three of these hardened virtual browsers now, I have found that after initially reading the guidelines and creating the folders needed, the set up is relatively simple.
Once in the Kiosk using these browsers is as easy as using any other program, the advantage is knowing you are running a secure browser that is specific to that task.
I have tried to follow the guide as much as possible for these tests and intend to come back and add some advanced rules as I test them.

I recommend using these guides to anyone who wants to get the best security for specific high risk tasks.

Edit: I forgot to mention that CD issued an alert saying installing in this location is not recommended, I haven’t seen any issues with the browser at all.

[attachment deleted by admin]

Secure deletion is another layer of security/privacy that can be used to permanently delete the contents of the kiosk/sandbox.
I tried this using Eraser both in the kiosk before resetting and out of the kiosk. Errors are encountered each time.

Secure deletion is possible using Comodo System Cleaner. To securely delete the kiosk I exited the kiosk using the exit kiosk button, opened CSC then navigated to shredder - shred files and folders - C:\VTRoot and checked it, then hit shred, caution must be used to only select C:\VTRoot and nothing else as the data will be lost for ever, a message warning that C:\ drive contains windows files appears needs to be allowed and then the shredder runs.
On my pretty average X64 system the entire VTRoot folder was shredded in well less than a minute when using a 3x wipe with random charcter overwrite. A system reboot is needed to complete the process.
This method wipes all the registry values from the VTRoot entry HKLM\SYSTEM\VritualRoot\ although file key [Mod edit by Mouse] names remain.
Nothing was recoverable off the HDD using Recova to scan for traces.

Edit: After shredding but before reboot it appears as if a reset has been performed, C:\VTRoot no longer exists in the directory, I did have cmdvirth.exe and two instances of svchost.exe still running virtual, but no user invoked programs.

Edit 2: I used CSC to delete C:\VTRoot as described above then ran Recova before a reboot to see what is recoverable, there is no recoverable C:\VTRoot files/folders although they are lots of entries that can only be identified as coming from C:.…
After a reboot they are no recoverable files/folders relating to C:|VTRoot at all.

[attachment deleted by admin]

Hi folks, fascinating discussion here. I have a newbie question: what’s the purpose to doing sandboxing for banking purposes?

If I follow other suggestions here (e.g. use separate browser, harden that browser, only access banking sites on it, etc.), why is it advantageous to use sandboxing? I thought sandboxing is to ensure no malware gets out of sandbox to main system, but if I ensure I access “good” banking website, then there is no need for such assurance. Does sandboxing somehow prevent malware potentially running on the main system seeing what I am doing inside the sandbox (I did not think it provided such protections but could be wrong)? Or is there some other reasoning?