Sandbox

Japo · September 13, 2007, 8:09am

Just so everybody knows about running Windows with limited rights, albeit off topic:

Administrator accounts are not designed for casual use—everyone who uses your computer should be set up with a Limited User account that they can use for regular activities such as word processing or surfing the Web.
If you suffer an attack from malicious software, the attacker can gain access to your computer through the account that you’re using—limited accounts give the attacker limited access, and administrator accounts give the attacker administrator access.

“How the right user account can help your computer security”, by MS knowledge base

You just got some malware (for whatever reason your layered security suite got trespassed just like any one can get) and it kicks in? Well if it wants to modifiy the registry as usual… No luck, he’s got no permission --in an admin account it would. Wanna modify files outside the Documents and Settings(Limited User’s Name) folder, perhaps to modify trusted programs and inject malicious code into them? No way Jose, still off limits.

If you opt for this it’s also a good idea to password-protect the admin account.

Of course this means that in order to perform tasks that need full access (registry cleaning, defragmenting, install non-self-contained software, etc.), you just right click on the program and shorcut and select “Run as…”. Also any shortcut’s properties can be edited so that Windows asks for different credentials when running it.

It’s a little annoyance but only a little one, and the idea that anything that managed to run would have full access to do as it pleases with my registry just gives me the creeps.

Japo · September 13, 2007, 9:36am

@Aladinonl: Not all the sites I visit are Certified by Comodo ™, still nothing ever got through thanks to my browser settings and security software.

aladinonl · September 13, 2007, 3:42pm

Plus as LM said some malware could find its way out of the sandbox even on its own --also because of a user's ovresight or a 0-day threat or whatever.

But Japo, virtually every app can b xploited, including sandbox and anti-watever. So for u, solution is FW+real-time scanner+HIPS. for me, its FW+sandbox+HIPS. both has 3 layers.

But as i see u and ganda made decisions, i wont bend. I feel perfect w sandbox and my laptop feel smooth w sandbox too.

Damitha · September 13, 2007, 4:50pm

Very well said!

Little_Mac · September 13, 2007, 9:18pm

One other thing I just thought of, for your safe surfing (due to potential drive-by threats you’re not even aware of, on legit sites)…

Use a browser that allows the blocking of scripts (in other words, NOT IE).

Then use something like CMG, that is designed to block buffer overrun problems. In combo with no scripting, your browsing security increases greatly.

LM

PS: Don’t think too much of my “stars” - every Moderator gets 'em, and Soya says I talk too much anyway…

system · September 13, 2007, 10:10pm

No I don’t. I think you type too much. Lengthy, but valuable posts

.

Okay, to avoid being pointed at as being off-topic (even by myself ;D), here’s a related thread: https://forums.comodo.com/feedbackcommentsannouncementsnews/cpf_sandbox_discussions-t5316.0.html

ganda · September 14, 2007, 12:27am

ow, i used firefox and CMG + V-engine too (so these are security products too ;D ). that way i know that i do safesurf.

thx all.
:■■■■
Ganda

andyman35 · October 2, 2007, 1:05am

I’m not aware of any current malware than can break out of the sandbox,however the program is basically code and any code can contain flaws.

If you’re looking for something as near to 100% security as possible,then a virtualization program such as Returnil would be the way.Since this creates a clone of your system drive in RAM,there isn’t even any theoretical way that malware could survive a reboot (at the moment!).

Of course the usual security apps such as Firewall and AV etc. are still necessary,since although no malware can remain on your system after rebooting,it can still get on there during a session,the same as if you’re using a ‘real’ system.You could have your personal or financial data stolen at any time.

aladinonl · October 2, 2007, 11:50am

true, no report so far. Maybe da bad guys r busy on AV, AS as usual and Vista.

andyman35 · October 2, 2007, 11:57am

Well as Melih would say,you can never be complacent when it comes to matters of pc security.These days malware is big business,an effective exploit can net the authors a great deal of money during the window of opportunity between releasing the malware and a defence being developed.

System1 · October 5, 2007, 7:34pm

I have been using Sandboxie for two months and I really enjoy it. I mostly use it on my browser but I also use it when installing and testing new softwares. One of the best things about Sandboxie is the fact that if you don’t like the software, you can just clear out Sandboxie and the entire software will be deleted and won’t leave any leftover junk on your computer. If you do like the software, you can request sandboxie to save it into your computer.

aladinonl · October 5, 2007, 7:54pm

Hey someone notice system and justin use somehow same pic…?!

Little_Mac · October 5, 2007, 8:03pm

How can they be the same? They’re different colors! ;D

System1 · October 5, 2007, 11:14pm

I got this avatar from Sasha’s avatar gallery topic from avast! forum (His signature, sZc, is embedded in the avatar).

Alright, I’m using an avatar similar to justin’s, so sue me sarcasm, lol.

MorphOS_REBOL · October 8, 2007, 9:16pm

I have always hated sandboxes.

BufferZone free for Browsers only probably was the more intelligent of them concept. Still, I don’t like them at all.

aladinonl · October 19, 2007, 1:56pm

hi everyone, this thread is colded for quite sometimes alr.

I came bak here to confess Im so ashamed of myself dat after using sandboxie for such a long time, until now I kno sandboxie is a highly-configuarable security app.

my 2 above-quoted statements abt sandboxie were totally wrong (sorry 4 da nice guy who writes sandboxie). heres why:
_u can specify which directory, besides some well-known directories given by sandboxie, to be notified in quick recovery function.
_paid version: unlimited forced and alerted apps (which u need to input the executable file name) besides well-known given ones.
_another useful function is set-top level folder which u specify da folder for all sandboxed content to live in. This is useful wen ur using app like returnil, deepfreeze… If u set top-level folder in D:\ while ur system drive is C:, content in sandboxes wont b rollbacked after reboot.

just to rectify my self.

Rednose · October 20, 2007, 2:41pm

Sandboxie is updated to version 3.02 :

http://www.sandboxie.com/index.php?DownloadSandboxie

Greetz, Red.

aladinonl · October 20, 2007, 4:32pm

oh, i just updated sandboxie to 3.01 2 days ago.

have trying out returnil for few days (Pandlock is a big fan of this), must say gr8!, xcept more configurable is better, but totally gr8 4 average user.

I think returnil and sandboxie r 2 must-have for those who wanna use comp year after year worry-free of system degrade and malware.

MorphOS_REBOL · October 21, 2007, 8:29pm

If one really thinks of “Free”, as in “free”, virtualization, I’d rather commend those 3 free apps:

http://www.trustware.com/virtualization/free.html

Even if I think that virtualising is not the right way. Anyone who’s read my old postings may know why.

Cheers

andyman35 · October 23, 2007, 11:27am

Virtualisation isn’t without difficulties,but it’s a developing area so hopefully these will be addressed over time.Any additional defence in the pc armoury can only be a good thing considering the huge amount of ever more intelligent malware out there in cyberland.