I Can See Underbelly Of The Net With SANDBOXIE!!

Discussion in 'sandboxing & virtualization' started by cortez, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,485
    Location:
    U.S.A. (South)
    I wouldn't pretend to understand the delicate technicalities that go into constructing a sandbox as finely and on the order of SandboxIE, and for that matter virtual systems, but they definitively hold a distinct advantage in containments and protections from anything.

    If there is a weakness and all softwares have some, at least this one is swifty corrected.

    I would say the exact same thing applies to another great program called DEFENSEWALL, it's interesting to experience for ourselves these new technological advancements in security.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That's your opinion, but what I'd suggest is taking some time to study the basics, and learn what Robodog actually does and what OS "weaknesses" it exploits. It may be easy to convince yourself as such, but people who play with technical tools aren't always as technically inclined as they'd like to believe.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Re: I CAN SEE UNDERBELLY OF THE NET WITH SNANBOXIE!!

    Thanks.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It steals passwords.
     
  5. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Never say never. ;)
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    I think not. It defeats instant recovery software.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It defeats instant recovery software to survive the reboot, then it's a PSW trojan. solcroft can explain this better.
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Robodog itself is a downloader trojan. It installs an autostart component that survives recovery, and downloads password stealer trojans the next time the system reboots. Now if the system enters "freeze" mode again, the password stealers are frozen onto the system, automatically restored at each reboot.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,485
    Location:
    U.S.A. (South)
    What a chip on the shoulder today. Sorry but i can't be led to cater to such useless ping pong leading only to unproductive criticisms.

    Let's try to stay focused on the actual techologies plus it's not so becoming to suggest "play" when it comes to technical tools.

    They are not for play but for study, examination, research and results. I don't have to convince myself of anything having long been involved in these matters for many years likely before many even plugged one in, so if i am in some error to details of a relatively new malware it would more reasonable to assist rather than make light at someone who is just first come into contact with a coded malware.

    I don't think i will ever fully understand the purpose of why some of us are always taken to task negatively when suggesting some presumptive evidence not meant to claim as real fact but merely brought out for others perhaps better informed to clarify with their own details by results.
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Crystal clear, thanks solcroft :)
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    And again, SafeSpace defeats robo-puppy.;)
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    trjam,
    Don't forget that this is a cat and mouse game. Someday, sandboxes (Sandboxie, GeSWall, Defensewall, SafeSpace, etc) will leak. It's better to run LUA.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The reason why sandboxes are safer in general is because, short of bugs, they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself. Instant recovery software, on the other hand, do not have this design and programs are allowed to do whatever they want. They're likelier to get compromised, but on the other hand allow for greater functionality within the "isolated" environment.
     
  14. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks "they are designed to not allow isolated programs to possess equal or higher privileges than the sandbox driver itself" That is the bit that I had not seen mentioned before. I still feel that although "They're likelier to get compromised" is true the probability of either event is not as great as is sometimes feared.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That's why they're called sandboxes: a child's play area (the sandbox environment) and an omnipresent guard (sandbox driver).
    You can achieve the same with Returnil, Deep Freeze and the likes by using LUA. Applications and malware can't fiddle with the ISR driver if they're running with limited privileges. This way, an ISR application becomes a "bullet-proof" system-wide sandbox.
     
  16. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Last hole in Sandboxie was fixed a week ago,thanks to member Rasheed to bring it in public.Tzuk fixed it imediately !

    If you wont really safe,let alone your browser the right to connect,in this way defeating any other stuff trying to connect,including keyloggers.

    usefull if you do online banking.
     
  17. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    You could use a memory manager to free up some unreleased memory... Works wonder on systems with low RAM count.

    I use smartRAM a small utility bundled free in Advanced Windows care 2 from Iobit You can downloaded it here
     

    Attached Files:

    Last edited: Feb 23, 2008
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    @ Long View, I mostly use Sandboxie for daily use and Returnil on demand. When Returnil is protecting my C:/ partition from changes, Sandboxie is set to Block Access to my D: and E: partitions. It can also be set to Block Access to My Documents or where ever you keep you important data. If something would happen to sneak it's way into the sandbox while I'm browsing, access to my data should be blocked. I hope that made sense.

    innerpeace
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I understand Lucas. But isnt SafeSpace basically doing this as far as web facing applications.
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    A simple bug/vulnerability in the kernel driver(s) and the gate to infection may be open.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Lucas,

    Vista is really strong with its UAC (LUA in quiet) and IE in protected mode. Even downloaded have an extra security block on them.

    On XP LUA is not really a very friendly option. The advantage of DW and GW is that downloaded files also inherit the untrusted status. I think this is better than sandboxing with virtualisation sandboxes. As far as I understood, as soon as you set a file outside the sandbox it runs Admin, while this same file with DW runs LUA. Please correct me when I am wrong (about Sandboxie and SafeSPAce).

    Regards Kees
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    you see licas what you may me go and do.;)
     
  23. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I actually wrote the material on that link, so you are welcome as well.
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ;)
    thanks
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Normally, yes that is correct, with Sandboxie. However you still do have the option to right click the file and run it sandboxed if you chose.

    Pete
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.