What is the main reason for using Sandboxing application?

please tell us why you use or like a Sandboxing application (like sandboxie)?

Is it for safe surfing? or is it to execute uknown/suspicios applications. Yes of course in theory for both, but the main reason is what we are after. Thanks

Melih

I use GeSWall to isolate my browsers…so I guess “Safe browsing”.

Hmm hard decide I use it for both.

Being in malware research group I like to run rouges and other Malware Sandboxed.

However I do sandbox IE.

A sandbox is useful both for browsing and testing malware. But isn’t there an overlap with Time Machine?
Don’t they both perform the same functions?

Wouldn’t it be better to have

Sandbox/Virtual Machine
or
Time Machine/Virtual Machine

I like to use sandboxie for my browser because i can set it up how i wan`t it then run it sanboxed, bookmark pages watch stuff download bits and bobs knowing i can just flush the box and the browser reverts back to how i originally set it up.
Probably not needed but i find it easy to use and convenient.

Matt

Oh i do try out the odd application as well…

I personally use Sandboxie to execute unknown/suspicious applications. Also I do use it for Safe Browsing BUT ONLY on Dangerous sites though, or suspicious or a site I don’t trust.

For 2 Reasons - Execution:

I test out malware in Sandboxie every now and then for one reason; To see how CIS goes against it, Whether caught by the AV, Firewall or D+ (I use default CIS settings). By the way… I been doing this for several months, NO malware has bypassed D+ or Firewall :slight_smile: (not detected by AV). Undetected malware gets then sent through http://internetsecurity.comodo.com/submit.php :slight_smile:

Also to test out applications that don’t require a restart of the PC.

One Reason - Browsing:
Explained Above, Safe Browsing on dangerous/unknown sites.

Sandbox, Together with Time Machine (roll back technology) WILL be useful together with rest of CIS. Obviously we are focusing on Sandboxing. Because how Defense+ works in CIS, It stops execution of malware. It is designed to stop malware executing and performing malicious actions (Like Malware trying to write and drop in SYSTEM32, Or trying to modify userinit.exe). D+ is NOT designed to stop malware from simply “Spreading in the Registry or your Hard Drive and doing nothing!” When you block the malware. D+ stops the executing of the malicious actions it performs.

If you have done experience in Testing malware with CIS, Checking proccess list, etc, then after doing on-demand scans with various anti-malware scanners, Such as SUPERAntiSpyware and Malwarebytes Anti-Malware, You will find These will still find malware in:
C:\System Volume Information
Registry
Hard Drive (Sometimes)

But Mostly found in Registry, System Volume Information obviously is just past events, And Registry entries that have nothing to “register” are harmless, Because CIS stopped the previous executing. So malware sits there like “Cant do that! Nothing to do”.

What my point is: Sandboxing will clean up left over NON-EXEUCTABLE malware and harmless Registry Keys, Because they are TEMPORARY there in Sandbox, and once its out of sandbox, its out of reality in your PC! Sandbox will also Help the usability of CIS even further, Depending how COMODO “designs and architectures it” to work together to have great usability and security, I know COMODO will do that very very well!

No. It won’t be an overlap. Because Sandboxing/HIPS provides over 99% protection againist malware. If under any rare circumstances, some how malware breaks out of sandbox, you ALLOW a malware or whatever, Time Machine, or roll back technology, will bring you right and straight back. And Also, Melih told me this btw, Roll Back Technology/Time Machine will work with Memory Signatures. Meaning malware caught by memory sigs, will simply be rolled back in time. So here you are seeing the benefit of Memory Sigs on top of Time Machine, cause obviously malware hitting memory could be too late, thats why Memory Scanner in CIS is last line of defense too. But this here is something so strong with Time Machine, malware cant break through it.

Cheers,
Josh

P.S - Sorry, I was really technical in this post (for being a non-developer). LOL.

Just out of curosity, can anyone pm me a site that is considered worthy of a sandbox?

I Sandbox my entire System Partition with Returnil.

I use Sandboxie to Test Small Programs, and whilst Returnil is also Active. Otherwise I use VMware; for Big Programs.

I don’t usually use Sandboxie to Surf the Web, as I feel Returnil, CIS and my LUA are enough.

Before I Shutdown the PC, I decide whether I would like to Save everything I have done (on the System Partition), or Discard everything in Returnil’s Cache File. I usually just Discard everything (unless I have just installed New Software, changed System Settings or Updated some Software; then I will double-click the Returnil ‘system tray’ icon, enter my Password and in ‘Advanced Settings’ I Tick ‘Save all changes’.). This puts my System back to how it was before I switched it On: It’s like I haven’t even used the PC.

I don’t use ‘My Documents’. My System Partition is Encrypted. All of my Private Data is stored on ‘300+ Character Password + Key Files’ Encrypted TrueCrypt Partitions; each Partition’s Encrypted with various algorithms.

EDIT:
The reason I don’t use ‘My Documents’ is because TrueCrypt Partitions can’t Auto’ Mount at Boot Time. (Not even if you use just ‘Key Files’ without a Password. And, not even if you Encrypt a whole unEncrypted ‘Non-System Partition’.)

Using a ‘300+ Character Password’ is as convenient as using a ‘1 Character Password’ because I use a Password Manager (Password Safe).

Encrypting Data isn’t an Option where I live. The chances of Thieves stealing my Private Data via the Internet, are probably much less than the chances of them physically stealing it from my Home; along with the PC.

If they break into my LAN via Wireless, and successfully install Malware on my System, I am hoping that the Sandbox will have killed everything upon Reboot.

Comodo Backup 1.0.4.337 automatically copies Data from TrueCrypt Partition ‘A’ into TrueCrypt Partition ‘B’ on a regular basis, to organise my Private Data ready for Storage (Backup).

Comodo Backup 1.0.4.337 executes a Batch File which Dismounts TrueCrypt Partition ‘B’, then copies the ‘TrueCrypt Partition’ File ‘B’ (350MB) to a NAS System from time to time (Manually; when the NAS is On).

So I don’t usually need my System Partition to be able to ‘Save’ anything. I only really feel Safe when I know that my entire System Partition is Sandboxed.

I use Linux’s DD Command from a Knoppix Shell (Live DVD or USB) to Image my Systems MBR and TrueCrypt Partitions separately.

[at-bypass]J2045: It’s nice to be secure, but sometimes too much protection measures can be inconvenient. I’d rather have less protection and more convenience.

Melih, Didn’t you reply to me saying that sandboxes are vulnerable? 88)

Kyle, everything is vulnerable if you have a big enough hammer. :smiley:

If he did, then you know CSB wont be vulerable like others. ;D

Yup thats right. ;D

I can see it being essential for malware testers, but for the average person out there, I don’t think sandboxing is necessary at all.

Usually I use Sandboxie to Surf the Web.
I only use free programs :smiley:
Now I have free one year licenses from a giveaway for Norton Antivirus 2009 and A-squared full version.

I have to admit I sometimes install programs in Sandboxie because I don´t want their free trial to expire :stuck_out_tongue:

Sandboxie under attack :

Hey Melih, What exactly are your idea’s you have about sandboxing off the top of your head? There have been mixed comments about this by you and I’m unsure what you approach and goal to sandboxing will be?
https://forums.comodo.com/malware_research_group/to_melih_in_regards_to_sandboxie-t31439.0.html

Bit off topic…: … Why not Employ Tzuk? Some great talents for one man… ;D ;D ;D

Sure would love to…
pls tell him…

Melih

Tzuk? He’s the brains behind sandboxie and the one and only sole developer :wink:
Think it’s something that you would have to inquire about and not myself. :wink: