Sandboxie and testing live malware

Hello! How safe is it to test live malware inside sandboxie but on the real system not the virtual machine? Your view?

Thank you ;D

No. As far as I know, there are viruses that are capable of bypassing sandboxie, although I have not encountered one directly. Proof of concepts exist elsewhere in the internet. One may consider using back-up software (though this in itself would still not be enough) or the use of BSA to help strengthen to some degree sandboxie.

Simple, NEVER do that.
Nothing is ‘safe’ and even sandboxes can or will leak in the future. So don’t put your data and bank-account to the risk.

Best use a ‘dedicated’ system to fool-around and then use a disk wipe tool to zeroise all bit’s on disk and start fresh.

I see. Thanks for the info guys. ;D :-TU

First of all - why ask this on the Comodo forum? Just go to the Sandboxie forum.

Anyway, if you are new to Sandboxie I wouldn’t take the chance of making a newbie mistake… like recovering a file to your real system.
If you are an experienced Sandboxie user and you really know how to lock down your registry and “restrict” sandboxie, you probably couldn’t get infected because nothing would run except your browser.

I still think you should run Sandboxie within a virtual machine however, because like all security software, it only takes one misstep by the human running it to allow a virus into you computer.

I tested my “restricted” Sandbox within VMware for a month and frankly it’s kind of boring because Sandboxie wouldn’t let anything but my browser run when it is “restricted”. I ended up uninstalling it and just testing AVs (like LanGuy does) because at least malware has a chance to open so that the AV engines can attempt to catch them.

Needless to say, I now run my browser in a restricted sandbox on my real system.

I don’t mind. This is the the section dedicated to “Other Security Products” under “Learn about Computer Security and Interact with Security Experts”. I don’t find the topic out of place at all. And we do, after all, share the same sentiment of ensuring protection. I don’t see anything wrong with the OP posting here.

Too generalizing. There are other viruses that can jump in sandboxes.

My thoughts exactly.

Strange. I used to restrict mine just the same when testing applications and they all ran well enough for testing. Unless, of course, you meant viruses, in which case, some are able to tell when they are in a sandbox and refuse to run. It’s one way of fooling the user into running them in the actual system. Malware authors advertise these in the market quite a lot these days that I’m not surprised there’s a number of them out in the wild.

It’s about “Other Security Products” that’s what it’s all about. I don’t want to register in some other forum while I know people here use such product and can help me. I wanted to know other people’s view on this matter that’s all.

That’s fine :slight_smile: vive la différence

Right :wink: I recently had something that wouldn’t run in my default sandbox (un-restricted) and I just deleted it…why play with fire?
Also, I think that if you choose the option to not include the Sandboxie (#) in the window title, that many malwares won’t know that they are running in Sandboxie.
I could be wrong about that, maybe I’ll go over to their forum and find out… :wink:

Nope. That’s just a modification to the GUI. A virus specially designed to detect sandboxes doesn’t rely on the window title (because they are also designed to bypass other sandboxes beside sandboxie).