Sandboxie

Discussion in 'sandboxing & virtualization' started by John Bull, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    I run Chrome portable in Sandboxie. I tried running the original Chrome in Sandboxie but it didn't work for me although it seems to work for others. I posted in the Sandboxie forum but the various methods suggested didn't work. So I went back to Chrome Portable (from portableapps.com) which runs smoothly in Sandboxie.

    As far as plug-ins go, I don't use the Adobe pdf reader on-line so that plug-in is disabled. And I also don't care for flash so that one is disabled too. So I don't have a problem and a solution either :D !
     
  2. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    At the beginning I had the same experience. But in the meantime unfortunately I also came upon websites that will not work correctly within the sandbox if the plugin-container.exe does not have internet access too. :doubt:

    Concerning the disabling of the plugin-container.exe:
    Is the plugin-container.exe of Firefox really a feature for protection/security or is it only a feature that shall assure a smooth operation of the browser in case that the flash player (or something similar) crashes within the browser?
    If the second case is true, I also will think about disabling it.
     
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I just followed RedDawn's link here *thanks Redawn* it solves the problem - disabled the plugin-container.exe altogether - no lag with streamed clips - browser seems to be working ok.

    Going into about:config and setting dom.ipc.plugins.enabled.* to false, it wasn't enough, though. Youtube and a few other streaming clip sites didn't work for me. So I disabled the plugins as well. Changed all to false (as says in the link)

    * dom.ipc.plugins.enabled.npctrl.dll (Microsoft Silverlight)
    * dom.ipc.plugins.enabled.npqtplugin.dll (Apple QuickTime)
    * dom.ipc.plugins.enabled.npswf32.dll (Adobe Flash)
    * dom.ipc.plugins.enabled.nptest.dll (NPAPI test plugin)


    This isn't a security feature (maybe it does enhance security? I haven't seen anything saying so) ... it's more a reliability fix for crashing browsers, from the press releases. I think a lot of people have the same idea that you have. If it doesn't improve security - it might be best to wait and see if it weakens the browser security. You can bet there are morons out there that are looking at this plugin-container change, and they're working on ways to exploit it.
     
  4. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    Keyboard_Commando, thank you for your explanations. :)
     
  5. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    After running Sandboxie for about two months, I have not had a micron of infection found by my scanners, of which I have 4 and use them ad-lib about 5 times per week.

    John B
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    I'm glad you found something you like and works for you, John. Sandboxie has its moments for me, but overall, I've not seen anything out there paid or free that can make the vast majority of malware out there cry, and do it without driving the user insane.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The good thing about being a noob button clicking novice average user is that you go about life perfectly sane -- oblivious to the infections etc until they slow your system to a crawl. You pay the geek squad some hard earned $$$ and resume the process all over again.

    Wasn't it nice to just click buttons before you know what you know now?

    Sul.
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    The last time it was safe to be a button clicker was from about the year 2000 on back. But yep, those days were oh so sweet. The Geek Squad, more known to break your system than fix it, hehe.
     
  9. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    Any thoughts on whether using running a browser fully in Sandboxie renders NoScript redundant, assuming one isn't bothered by one's browsing being tracked?
     
  10. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    For me is redundant, indeed.
     
  11. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    Thanks & keep up your good work! Seems to be much appreciated by quite a few folks.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
    In my opinion if you only look at the security perspective, then it is rebundant
    but I personally use it because it makes browsing more enjoyable and keeps
    away annoying flash ads that otherwise would open all the time. I almost never
    see a pop up and that's NoScript blocking them. To me NS is like SBIE, I love
    them both and would not browse without either program.

    Bo
     
  13. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    Hi Bo! My main concern is security, not privacy. As for the ads and flashies and even redirects, Privoxy takes good care of them across browsers (Chrome, FF, IE & K-Meleon).
     
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,256
    Location:
    Sydney, Australia
    I'm sure this has been pointed out before: within that sandboxed browser session, any script could be run, any keylogger/keyboard sniffer/network sniffer could be running, any redirect may work, any potential phish may work, websites will pick-up whatever they can, compromised web sites are still compromised, cookies will do as directed. ( subject to other precautions ;) )

    There would be no HD or system "access" outside the sb, and any downloads will not be permanent unless specified.
    The system itself is safe, but "on top" of the sandboxed layer, what will be may well be !!, -also subject to other security measures in place in the sandbox and s'boxie set-up: ending the session and erasing will wipe the slate as required and return to 'native state' as per usual,
    Echo that. :)
    Of course NS will not be any panacea, but IMHO NS does/can have a role in the sandbox.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,195
    Location:
    Nicaragua
    Longboard, in some ways both programs and developers are alike. When you
    think about it there philosophy is similar because SBIE does not trust any
    program and NoScripts does not trust any page. Like you I think NS has a role
    in the Sandbox.

    Bo
     
  16. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    What role is it?

    It can not be a security role because Sandboxie takes care of that 100%.

    About privacy maybe?
     
  17. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    I think bo elam refers to the role he already mentioned in his previous posting:
    Indeed (primarily) this may be neither a security nor a privacy role, but I learned to appreciate this effect too:

    Sometimes I find a little bit painful the necessity to allow scripts with NoScript when visiting a new website in order to be possible to view it correctly. But on the other hand I often realize how many flash ads etc. do not bother me simply because I continue to use NoScript even within Sandboxie. I think this is indeed a useful role of NoScript. (At least if you do not use other software to achieve this effect.)
     
  18. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    That happens for reading too fast. Bad Buster, bad!!! :ouch:

    Yes, I agree that browsing is more enjoyable using add-ons like NS or ABP.
     
  19. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,256
    Location:
    Sydney, Australia
    Ahh :cautious:
    No doubt about what you mean :thumb:
    ..can still be phished, hijacked, recdirected, idenity stolen, credit-card details stolen etc etc..
    NS will not stop all of that but still has security benefits as well as "convenience and enjoyment" factor..
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    My thoughts are this, malicious scripts can still run if you allow them to in the sandbox. Who cares if Sandboxie prevents actual damage from taking place on the real system, it can still cause havoc with the browser, it can still redirect to a malicious website and possibly cause malware to install, it can still send your data out, and so on and so forth. NoScript, if used carefully, CAN prevent all that. So, you have a sandboxed browser that not only keeps malware and other things from getting to your real disk, but, since the scripts were kept under control, they can't even run to TRY to access the real disk, or send you to another page and so on.

    Sandboxie is one beautiful piece of software, gorgeous it is. But, a responsible user doesn't let bad things run period, not just within a sandbox.
     
  21. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Hey ! My most respected "dw". That piece of wisdom sounds as good an explanation of the art of mine detecting as I have ever heard. It sums it all up perfectly, a proverbial Bible of fact against fiction.

    Who can argue with that precise summary of life in the trenches ?
    I bet somebody will, but not me Brother, I`ve been converted.

    John B
     
  22. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    dw426 raises a point that intrigues me in his post No.270.

    Threats IN = NIL, threats OUT = ?

    Whilst I have become to regard Sandboxie as a pretty good stopper for flack coming in after all the posts in this thread, and sit back happy that my dust-free PC does not get covered in debris, he has a point.

    What about data that can be stolen from within the sandbox outward bound ?

    I do use NoScript and ABP and only stand them down manually by the Options for sites I trust. There are posters who have said that NoScript is redundant with Sandboxie.

    Would some of our more experienced geeks please comment on the points made by dw426, plus my own ? Waiting to hear.

    John B
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Phew, so much hyperbole. Properly configured the threat of something being "stolen" out of the sandbox is almost nil.


    First what critical data is even in the sandbox. I generally wouldn't be downloading something I would consider critical data.

    Second my sandbox's are configured so only the browser and foxit can even run in the sandbox.

    Third only the browser can access the internet. Other apps can't

    Fourth, nothing running in the sandbox can access data locations on my machine.

    I do run ADP, and NS on my browsers, but I have NS disabled as it drives me nuts.

    Pete
     
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The beauty of SBIE is that you can control the programs that run or have outbound access. Setting up a sandbox for a specific purpose is the best use IMHO.

    For example, if I have 2 browsers, say Opera and FF. Opera is forced into its own sandbox, and only opera.exe is allowed to run and allowed outbound access. Firefox has its own sandbox as well, but it also allows perhaps adobereader.exe to run, and maybe also have internet access.

    The granularity of SBIE is what I like best. I know that if I use Opera, it is segregated and very lonely being the only thing that can start in that sandbox. It also deletes its files once it closes. I can run any script, go anywhere, contract anything, and the next time I open Opera, all is back to a clean slate. It is where I do my transactions and other sensitive activities. It is its only purpose in life, and I only go to sites that I trust, such as my bank. Should my banks website become hijacked, most of my bases should be covered because no keygen.exe etc can run within this sandbox. It is the man-in-the-middle attack that leaves a gaping hole or a browser exploit.

    Firefox is where I might go researching. It does not delete its contents on shutdown. Again, I don't care what scripts run or where browsing takes place, because no data is ever given when using Firefox like this. It has its own little environment that has nothing to give out that is of any value other than maybe cookies and mundane things of that nature.

    Personally I have started installing browsers, setting the options, but not going anywhere. Then I install SBIE and force the browsers into thier respective sandboxes. Then I will start the browsing. In this manner I am assured that the browser profiles start clean, and when they then start in SBIE they are known to be clean. Deleteing the sandbox then is all that is needed to maintain that fresh and clean feeling.

    Sul.

    EDIT: Pete, you think along the same lines as I, and evidentily get your posts off much faster as well ;)
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't mean to spread "hyperbole", but, I'm under the assumption that without said proper configuration (by the way, what is proper configuration for a browser anyway? Flash, Java, all those need to run and have internet access if you wish to view that type of content, right?), whatever data is in the browser can be stolen. Let's say passwords and other log in items, email addresses, banking details, that sort of thing. Am I way off base here?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.