Does the virtual kiosk provide a secure environment for online banking??? ???
I've entered my banks website, entered my password..... I'm safe, aren't I
If you reset it before and after session, yes, while browsing in private window. Future updates I hope will make Kiosk compatible with Trusteer Rapport software. Internet banking should then be safer. I myself actually do internet banking this way.
Is the reset necessary or system restart also removes everything?
A system restart will not empty the sandbox.
But no sandboxed processes can auto-start
I think there is a check-box to allow this, but it’s disabled by default.
Edit: Having a huge Déjà vu from this comment. ???
Edit 2: From help file: “Enable automatic startup for services installed in the sandbox – By default, CIS does not permit sandboxed services to run at Windows startup. Select this check-box to allow them to do so. (Default = Disabled)”
Not sure whether services mean programs of actual services?
“I’m safe, aren’t I”
Depends on the threat.
Does this means apps installed in Kiosk will be there after restart?
It’s complex. As far as I can work out:
You are safe from malware processes running directly in explorer context in the sandbox if you exit and re-enter (not switch to windows) from the sandbox.
You are safe also from processes and modules running in or invoked by sandboxed browsers IFF a) you type in the banks correct URL into the browser or use a known safe link (using secure DNS is also helpful) b) you reset immediately before using browser for banking c) you have made a new installation of the browser for sandboxed use (or know your browser is uninfected for certain) and and have set your browser to store it’s data in the sandbox (ie not used the group exclusion)
You are safe from sandboxed services if you turn the switch off that Sanya is talking about, and exit and re-enter. Or if you reset the sandbox.
Personally I’d recommend you use a more secure replacement password store than windows as well, if you cannot remember your passwords. The windows password store is probably written non-sandboxed.
But none of this affects malicious processes running outside the sandbox, which could potentially key or clipboard log. You need to rely on BB and/or HIPS for these.
Hope this helps