Sandboxie Versus Virtualbox Ubuntu

Most setups have the guest on a lan with the host as the gateway. All packets are routed through. If data is not through a secure connection, then anything from the guest can be sniffed.

As noted before, while the keylogger tests show this, in theory, if the host is infected, anything typed can be captured.

 

In theory, not in reality. Because all tests I conducted did not pick up what I typed in Linux Virtualbox (Guest).

So your comments contain no proof.

 

In theory, not in reality. Because all tests I conducted did not pick up what I typed in Linux Virtualbox (Guest).

So your comments contain no proof.

I am very confident due to personal testing and what I have read from others that even if Windows Vista (host) was infected with a keylogger, whatever was typed in the Linux Virtualbox guest would not be able to be picked up by the Vista hosts keylogger.

 

Just because YOU haven't found software that compromise your setup, doesn't mean that it can't be broken. What you are doing is using inductive reasoning. So you are taking your experiences and generalizing it as a rule. There is nothing wrong with inductive reasoning in itself however your own set of experiences are too limited to make your argument persuasive.

My comments are based on understanding of how full virtualization works. Given a set of preconditions, you can infer a conclusion. It is called deductive reasoning.

 

I am not generalising my personal experiences at all. There were many other posts on this forum and on internet about others testing this.. and they also found that keyloggers etc which infected windows host was unable to pick up any keystrokes in the Linux guest virtualbox session. So this makes a virtualbox linux guest very secure and great for netbanking etc.

And in sandboxie, if windows was infected with a keylogger malware, then whatever a person types in sandboxie session will still be picked up.

So this makes using virtualbox a lot safer and more secure than sandboxie.

And not everyone who uses sandboxie uses or knows about a keyloger scrambler, so they are open for attacks on sandboxie. Yet on virtualbox linux, no keyloger scrambler is needed, which then covers 100% of all users.

And your comments were not based on deductive reasoning at all. They were based on inductive reasoning. Maybe you don't know the difference. Deductive reasoning is often contrasted with inductive reasoning, which reasons using examples to a general rule.

 

FFS, you guys were all looking at the same set of keyloggers and performing the same test but just on your individual computers. In either case, you are using inductive reasoning in the sense that you are taking observations of specific key loggers not picking up VM key strokes and generalizing to all key loggers can't pick up VM key strokes.

My comments were based on deductive reasoning. I start from the general rule that if there is a key logger on your host machine, it can generally pick up all key strokes. The conclusion drawn from this is that a key logger can pick up key strokes typed into a VM. A VM is not designed to stop the key logger.

You are the one who doesn't understand the difference between inductive and deductive reasoning.

 

From Wikipedia, as an example:

huangker makes a point. Since the VM runs on the host, he deduces that a keylogger, well programmed and residing on the host, can detect the keystrokes meant for the VM, just as with anything else on the host.

Some keyloggers don't, and truthseeker found only ones that couldn't. But it doesn't prove that all keyloggers fail.

While i'm not certain of anything, huangker's arguments make sense.

 

Ok, I have a challenge for you, an opportunity for you to prove and backup your claims...... what keylogger malware exactly that has infected a windows host defeats guest virtualbox linux session and picks up and logs all keywords typed into the guest session? Point me and us to the keylogger so we can test it for ourselves.

If you are unable to, or side-step and start making excuses that you cannot find such a keylogger, then my point stands and you are proven wrong.

No side-stepping, no excuses, action only. Where is this keylogger malware that can defeat the virtualbox linux guest session? You indicate that there exists some keyloggers which can log something typed in the linux guest session.. so back this comment up and send me the keylogger or point me to the keylogger.

I await with keen interest for you to prove and backup your claims. But my bet is you will either ignore this challenge, or side-step it making an excuse like you dont have time, or you cant be bothered, or you dont want to do it etc... My bet is you will make an excuse in an attempt to avoid having to prove your comments, because the reality is that there doesn't exist a single keylogger that logs and detects anything typed in a linux guest session. If such a keylogger existed, you would have already pointed us to it and had proof.

So my original comments stand... Virtualbox is a lot more safer and secure than sandboxie, because virtualbox defeats keyloggers where sandboxie cannot.

 

Because something "makes sense" to you, doesnt mean that something is true. That is why we as humans have testing and evidence to backup claims. Without any evidence or proof, then it's only assumptions and talk.

Please watch this thread and you will notice that huangker will be unable to provide even a single keylogger that defeats the linux guest session. Then you will know that what I have said is true and that huangker was unable to backup his claims.

 

The one who made a claim is you.
I'm politely telling you it isn't that simple.

 

Ok it isn't that easy. But where is the keylogger malware that can defeat and detect keystrokes in a guest virtualbox linux session? If someone can point me to the keylogger, then I will test it. But as yet, nobody has been able to provide me with the apparent keylogger malware that reads and detects whats typed in a virtualbox linux guest session. Anyone?

 

I've set out my arguments. In the other post that we are having this discussion on I've point to other programmers and security professionals (see Security Now Pocast and Dekart Blog) that make the same point. I have not and will not accept any of these childish challenges. This is the last I'm posting in this thread unless something new pop ups up and is worth discussing.

 

I rest my case. There is only a lot of talk about, but there doesn't exist, and nobody can provide even a single keylogger that defeats a virtualbox guest session, making virtualbox very safe and very secure to use for netbanking and browsing.

 

Although common keylogging techniques have failed from testing thus far in a Linux virtual machine, it doesn't mean all fail. There are TONS of different vectors, and that may include taking screenshots. Using a seperate partition or a live CD is far more secure whether or not you think the hassle is too great.

 

One could ask, have you tried every single keylogger and they all fail to detect keystrokes on a VM?

Huangker's point is that theoretically, it is possible, and that point is also backed up by security proffessionals. Testing several keyloggers which fail does not necessarily make all keyloggers fail.

Though I'm not sure who's right, Huangker and Pseudo's point makes sense.

 

Yes, true. But I am still to find even one keylogger that detects whats typed in the virtualbox guest session. But yes there may be one out there, but I am yet to be shown it.

 

Yes, I agree, there may be one or more "out there". I have not tested every single keylogger on the planet. But if one does exist, nobody has been able thus far to reveal it to me.

So on that note, I feel this topic is at a close, because until the day a keylogger is revealed that can defeat virtualbox linux guest, then we only guessing that one exists, without any evidence one does.

 

truthseeker...

It´s interesting to read this hole thread once again, post by post, and compare your first posts with the last ones. I get the feeling that you were not really interested of comparing which one of the two solutions, Sandboxie vs. VirtualBox/Ubuntu was more secure, rather than a sort of personal acknowledgement that your way was the right way. And when some members questioned the impenetrably of the VM solution, your attitude becomes narrow-mindedly and defensive to its nature, instead of embracing the content of the discourse.

No, you have not, and neither do we. But from a theoretical point of view there´s a variable of uncertainty since the *nix solution isn´t a host in itself, but rather dependent of the VM, which in turn is dependent of the host OS (which is Windows in this case). All I´m saying is that if you indeed want to eliminate this variable of uncertainty, you should either use *nix as a host on its own partition, or use a live CD solution.

/C.

 

Have your feelings ever been wrong? Don't always rely on feelings, as feelings are no guarantee for perfect accuracy or perfect conclusions. And I can tell you the truth... I was very open minded at the beginning with vbox versus sandboxie. However as the thread went along I realised that sandboxie is still very much open for keylogger attacks where vbox is not. So as the thread went along, and new awareness were raised, I realised that vbox is for me.

Thanks for your feedback, and it all comes down to personal choice at the end.

 

You mean as open minded like in this post?

Funny how the content clashes with your signature...

/C.

 

If contextualized, that was written after analysis and comparison.

 

Hi Cerxes:
I just read through the thread from beginning to end, and I agree with your conclusion that the OP just seems out to prove he is right.

I think this thread would have better been called something like... "Why I believe Linux is more secure than Windows..." I think most folks here would likely agree that your less likely to 'catch'/contract a virus or spyware if you were running a straight linux installation instead of windows.

That concludes this thread... ok maybe not...

TruthSeeker:

I work in IT and to be honest very few of my customers either would be willing to run linux as their desktop, or would have the knowledge to do so. Many of my customers (and myself) use programs that just will not run on a linux installation.

For most 'average' computer users, I think that Sandboxie will be easier for them to learn and use in everyday surfing and events (as an example, I set it up on my wifes computer. She doesn't have to do anything but click on firefox and be automatically sandboxed). Until I found Sandboxie, I used VMWare with a Windows guest OS that was set to prevent any changes being saved after being closed out for testing. I still use it for some testing, but I feel very secure with my current setup.
(I normally run XP in a limited account, I have a Linksys firewall/router, and also a software firewall/antispyware/antivirus (NIS 09) plus malwarebytes, etc.). I also run Firefox 3.03 with noscript and adblock and always have Firefox 3.03 sandboxed in Sandboxie. Please tell me (apart from me doing something really stupid on purpose) how a keylogger is going to get past my hardware firewall, software firewall, NIS 09, sandboxed environment and install itself in my limited user account...

Matthew

 

Thanks Matthew for sharing your own personal opinions.

However, I respectfully disagree, and I give people more credit that they are smart enough to learn how virtualbox works. Matthew, please don't underestimate the intelligence of your customers, as that will not be a good reflection on you and your services.

BTW, have you ever installed and tried virtualbox? If not, then please do so, so you can come to a fully informed conclusion. Then come back and give us your feedback. That way it's more fair as then you have tested sandboxie and virtualbox. It's not fair to come to a limited conclusion about something if you haven't even tested it or installed it.

 

I don't think it's fair for you to say that Matthew is underestimating his customers, unless you know him well enough. For example, he might be catering to those who do not have the technical expertise to mess around with different operating systems. Also, he specifically said that his customers use applications that will simply not work with Linux, thus running Linux is not an option to them. He also stated that he used to use VMWare, which is very similar to VirtualBox. With that in mind, I don't think he needs to install VirtualBox to know how well it works.

Personally, I'd rather run Sandboxie than a virtual machine. It uses less resources and is effective at protecting the host operating system. With regards to keyloggers... it may be true that a keylogger will still log whatever you type in Sandboxie, however, most keyloggers can only be installed if someone has physical access to your system. Of course, the possibility still exists that a keylogger might get installed. Sandboxie is also easier to use than VirtualBox. For example, my grandma can easily launch a sanboxed browser as opposed to setting up a virtual machine.

Now, I have no doubt that VirtualBox running Linux is more secure than Sandboxie due to the nature of the operating system itself. However, using a virtual machines just to browse is not practical to most users. It works well for you, but it's something not everyone can do.

 

The people I work with (mostly business owners) are very smart folks. I have learned though from years of working with them and their employee's that they are unlikely to expend the time and effort to learn a completely new program that doesn't help them in their productivity. These folks use Quickbooks and other programs that require Windows to be at least the host OS. What you are asking is for them to 1. learn how virtualbox works, 2. learn how to update the linux installation on a regular basis, 3. learn how to use a new gui interface (linux interface). 4. Do so on a regular basis.

The problem though is: if you could get the local business to invest the time it takes to learn, install, and use new software, how long will it be before folks just start to ignore running it and begin to just click on the Internet exporer icon or Firefox icon (What I'm saying is the average employee is going to get tired quickly having to wait for a virtual OS to load before they can do what they want to do online. They generally take the easy way out).

As I stated above, I work with some very smart people. To these people, time is money. They aren't going to invest the money and time that could be better invested elsewhere. And thats talking about businesses. The majority (I'd say probably 60%) of the home users computers I have worked on have no idea they need to update their anti-virus subscription, what a firewall is for , or something as simple as defragging their harddrive (most don't). I normally like to set everything to automatic: automatic virus scans, automatic defrags, automatic anti-spyware and anti-virus updates. I also am big on making sure they run under a limited account user and not as the administrator.

I've looked at Virtualbox, but I prefer VMWare. I use a guest Windows OS (XP and Windows 2003 server) because most of the programs I want to test are windows based of course. I never disagreed with you that running Virtualbox with a guest linux install is more secure. I agree with you. What I disagree with is that the majority of business people/employees (or even home users) are going to invest the time to learn how to install, secure, update both Vitualbox and linux.

So... in my opinion... Your way is likely more secure but not likely to be used (at least not for long), while setting up Sandboxie (so that it automatically sandboxes browsers) is much quicker. The end user is also able to surf and do 'stuff' on the internet as there is no slow down waiting for the guest os to load, etc. Employee's and others are less likely I believe to 'bypass' it as a result.

I agree with you that your method is probably more secure, but believe most folks would find it less user friendly (because of the learning curve, required updates, etc.) than using Sandboxie.

You also stated the following:

This is of course your opinion. My question would be: How is it easier? What proof do you have that its more secure (if you are starting from a clean system, and have Sandboxie set up properly)?

You told Peter2150 that you have no proof or evidence that it is more secure or safe than Sandboxie. You state this is just your assumption.

I run my (and set my customers accounts up to run) under limited user accounts.

Can you provide some proof that running Firefox in a sandboxed environment will allow keyloggers or other 'junk' onto your system? Please provide some proof that Sandboxie run properly is not safe. (your assumption in many of your arguments regarding keyloggers is that the windows system is already compromised. I'm talking about a clean environment here. Also, all my customers can afford at least a $40.00 external/hardware router/firewall).

You provided no proof (real life examples) that Sandboxie will not provide the security a user needs on a clean system (clean prior to installing Sandboxie).

My entire argument I guess can be summed up as:
1. A user running Linux is less likely to be attacked by a virus/malware than a windows user.
2. Few 'average' folks have the desire or time to learn to use virtualbox + linux, etc., when there are easier ways.
3. You have provided no proof that Sandboxie will not provide a secure environment for web/internet browsing when used correctly.
4. This whole thread would better be titled something like "Linux users are less likely to be infected than Windows users who are not using Sandboxie".