Full Virtualization & Ransomware

I know that untrusted will prevent ransomware encrypting files, I believe restricted also does this. ATM can full virtualization BB setting stop ransomware - I understand there are problems with this e.g., keyloggers. Does anyone here use full virtualization BB setting ??? ??? ??? :slight_smile:

Also when I run firefox sandbox click run virtual is this a fully virtualized sandbox???

Yes, in fact I tested this on my own computer against 10 variants of ransomware. When run in the FV sandbox some were able to lock up the screen even. However, upon restarting everything was fine. Therefore, the FV sandbox does appear to provide full protection from ransomware.

Currently I do not use it, mainly because it’s possible for malware to leak information out through the browser as it is running in the FV environment.

If you open it from the widget it runs in the FV sandbox. Is that what you were asking?

Yes that’s the info I was looking for re: clicking widget to open firefox. Can untrusted stop ransomware, rootkits etc.,?

Yes, that’s what I advise in my article here.

Will restricted work, as I have had problems with installers crashing when set to untrusted?

From ‘Limited’ to onwards you are secure.

That’s great thank you!! what setting do you use?

I use ‘untrusted’ but that’s because any application is not allowed to access any operating system resources. Can’t help being paranoid :slight_smile: Many users don’t need this… Limited would do fine.

If you have a problem with the installers crashing with untrusted BB. Use Limited. You will be well protected!

Limited and above will protect you from ransomware. However, there are still some malware which can bypass Limited and Restricted.