jZip able to extract files from sandbox as untrusted [NBZ]

bequick · October 10, 2010, 4:32pm

The bug/issue

What you did:Extracted file from .zip archive
What actually happened or you actually saw:the file was successfully extracted
What you expected to happen or see:not to be able to do the above, because the program was in the SB and threated as untrusted
How you tried to fix it & what happened:n/a
Details (exact version) of any software involved with download link: http://www.jzip.com/
Any other information (eg your guess regarding the cause, with reasons):n/a

Files appended

Screenshots illustrating the bug:n/a
Screenshots of related event logs or the active processes list:n/a
A CIS config report or file. n/a
Crash or freeze dump file:n/a

Your set-up

CIS version, AV database version & configuration used:CIS 5 complete, internet security mode
Whether you imported a configuration, if so from what version: no
Defense+ and Sandbox OR Firewall security level:see above
OS version, service pack, no of bits, UAC setting, & account type:Win 7 x 64 ultimate
Other security and utility software running:MBAM on demand
Virtual machine used (Please do NOT use Virtual box):no

Citizen_K · October 10, 2010, 11:53pm

Can you tell us to what folder you were unzipping to? Was the program automatically or manually sandboxed?

bequick · October 11, 2010, 7:19am

1.To Desktop
2.Automatically as unknown and untrusted.

Citizen_K · October 11, 2010, 2:07pm

It behaves the same here. The desktop is not one of the protected areas as far as I know. I remember we had a topic in the feedback board about this. It can be confusing to have something dropped there.

Dennis2 · October 11, 2010, 6:11pm

There is one in bugs topic for shortcuts not sure if you mean that one.

Dennis

Citizen_K · October 11, 2010, 9:59pm

That’s the one. I had forgotten it was eventually posted in the bug board after it was first brought to attention in the feedback/announcement/news board.

mouse1 · October 13, 2010, 8:29am

I don’t think its probably reasonable to generally prevent sandboxed files writing to the desktop? Too many progs would fai?. So I guess this is a help issue, if Bequick wants to do this he needs to add an additional protected folder?

Mouse

Citizen_K · October 13, 2010, 2:39pm

I agree it can be simply worked around by adding the Desktop to the protected areas.

bequick · October 13, 2010, 9:38pm

I don’t think is’t probably reasonable a sandboxed program to do a thing.It’s sandboxed, right? Or it’s an illusion of sandboxing?
If I say untrusted, I mean untrusted.
IO don’t want a workaround.I want working CIS.

HeffeD · October 13, 2010, 11:31pm

Maybe I’m not understanding what you are trying to accomplish. Are you saying your zip program was sandboxed, or the .zip file?

I would expect a program to run in the sandbox. Especially an action such as unzipping an archive, as that isn’t actually trying to execute anything inside the archive. What I wouldn’t expect it to do is harm my system in any lasting way. Did it do that? Perhaps then you might say CIS isn’t working…

Do you use Sandboxie? Try sandboxing your zip program and watch it unzip a file.

bequick · October 14, 2010, 6:29am

My program was sandboxed as UNKNOWN and was threated as UNTRUSTED.How is it possible for a program, which is sandboxed, unknown and untrusted to do it’s stuff without a problem?
I hope you understand now.It was a test and I didn’t expect jZip to work in these conditions.

Dennis2 · October 14, 2010, 6:47am

Sorry I am afraid we all missed this even though you included it above but not in Set up.

I just presumed that when you said untrusted it mean running the sandbox at default

You have change your Defense+ settings for the Sandbox from Partially Limited to Untrusted.

Then ran the program which was Unknown was sandboxed.

So no files should have been extracted to the Desktop.

mouse1 · October 14, 2010, 8:11am

Yes I missed this too, apologies. The mods are currently discussing this interesting issue, and one of us will get back to you soon.

Best wishes

Mouse

bequick · October 14, 2010, 10:17am

Thank You!

mouse1 · October 15, 2010, 9:07am

OK forwarding this to format verified, on the basis that, from a users perspective, files treated as untrusted should not be able to drop files on the desktop.

The problem here is that changing this will probably require quite deep changes to CIS. (Protected files/folders to vary accoring to ‘treat file as’ setting). So I’m not sure this will change.

Happily you can adapte yourself by adding the desktop to protected files and using the | terminator. (plaese ask in help if you are not sure how). As a result some unrecognised files may not run - but you may feel this is a reasonable trade-off?

Best wishes

Mouse