Sandboxie - bullet-proofing your PC against malware from the net

probe

Interesting netcast on Sandboxie - a sandbox that runs on windows which allows you to isolate your browser (firefox, IE, opera etc) and email client (or anything else) from your computer.

It doesn't stop your browser or other software from picking up viruses and other malware - but when you dump the browser session, any malware picked up is also dumped.

It does this by making a copy of any file requested by your browser and letting the malware play with the copy file - leaving the original file untouched and inaccessible. It even makes a copy of your registry. Keyboard loggers and other crap picked up are dumped when the session is finished.

The netcast comprises an interview with the developer which is followed by Steve Gibson's explanation of the technology. Better protection even than a firewall!

The netcast: http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-172.mp3


http://www.sandboxie.com/
Free trial download - after that €22 payment for a lifetime license, including upgrades, for all your PCs no matter how many you own.

samhail

Anyone know of it ? try it ?

or is this an ad

MrDaithi

For Sandboxing, I use VirtualPC with pretty tight Windows XP install, and I enable the undo disk so when I shut it down any changes are discarded.

OK, you requires a sedond XP licence, but you can get a small Linux Distro instead.

probe

samhail wrote: »

Anyone know of it ? try it ?

or is this an ad

No - this posting is not an "ad"......probe is not for sale :-)

You can download and use this software for free - after a while you will probably get annoying messages if you don't pay for it - but you can use it free if you agree to the simple conditions of use.

If you take the time to listen to the netcast you will hear Steve Gibson compare the benefits of virtual stuff (eg VM ware etc) and Sandboxie - and he finds Sandboxie better (less of a drag on hardware resources, more effective etc).

Steve knows a thing or two about virtual machines - a quick google of the stuff he wrote on his website that mentions "virtual":
http://www.google.ie/search?hl=en&q=virtual+site%3Agrc.com&btnG=Google+Search&meta= He has done several netcasts in the past promoting VM stuff for security.

And Steve doesn't make his money from Sandboxie either (as far as one can tell). His main business is SpinRite - data recovery software for failed hard disk drives. He uses this netcast as a promo to sell his SpinRite software. This netcast has a few advertisements - but they are very clearly separated from the topic of discussion. This netcast gets awards year in year out for security coverage, and is one of the most downloaded podcasts on the net.

While the presenter, Leo Laporte, might sound like a DJ (and he does weekly shows on American coast to coast radio station networks on computer issues) - he knows his stuff on computer programming and gadgets generally.

All the netcasts he produces are available here: http://www.twit.tv/
You can also watch him making them live during weekday evenings European time at http://live.twit.tv/ (click on the popout button) - when he is not live he usually streams replays of his live stuff. You can also listen to the live stuff on his "am radio station" www.twit.am.

Computer security, open source (floss), Macs, Windows, biotechnology, radio call in programmes on computer stuff, law... he has a netcast virtually every week on all these topics and more...

He's a bright boy and does it all from his TWIT cottage in Petaluma, http://maps.google.com/maps?f=q&hl=en&geocode=&q=petaluma,+ca&sll=37.0625,-95.677068&sspn=36.368578,79.101563&ie=UTF8&ll=38.143198,-122.557983&spn=0.564862,1.235962&t=h&z=10&iwloc=addr just north of SFO, using Skype and broadband.

_CreeD_

I've used it for a few years, very good and unintrusive.

Black Swan

If you go virtual, using one of the above mentioned programmes, does it eat up your capacity and slow you down a bit? I only have 2 gigs memory on my laptop and Vista Ultimate sucks up about half. I go virtual and then run apps, will it be slower?

Second question, what would run best with Vista Ultimate?

MrDaithi

Blue_Lagoon wrote: »

If you go virtual, using one of the above mentioned programmes, does it eat up your capacity and slow you down a bit? I only have 2 gigs memory on my laptop and Vista Ultimate sucks up about half. I go virtual and then run apps, will it be slower?

Second question, what would run best with Vista Ultimate?

About Vista, it uses it can use 1GB after starting on your system but some of it some prefetching based on your usage habit. I'm not sure how much of it is actually Vista processes and the rest is the cache. Still even with prefetching and superfetching being disable Vista uses more RAM than XP.

What ever want to use your machine for, you should invest in 1GB of RAM more. Also, look around the web for some tips on how to optimize Vista.


About the Sandboxie, I'm not sure how much RAM and ressources it takes, don't think it would be too much.

About running a Virtual Machine install with VirtualPC or VMWare or any other solution, it depends how you configure the guest OS. I only allocate 256MB of RAM to my browsing XP VMs because once booted my XP configs only consumes around 50MB of RAM. Something else to take into consideration is the Virutal HardDrive File. I allocate 4GB max and make sure the host HDD is defraged before creating the VHD files.

_CreeD_

TBH you won't even notice that you're running Sandboxie, it's extremely light on resources.

kaimera

Might look into this for my work machine

probe

Steve is doing another netcast on Sandboxie next week. In this week's issue he pointed out that while it is a very secure technology it doesn't guarantee privacy, unless you are running Firefox with the noscript addon. https://addons.mozilla.org/en-US/firefox/addon/722

In other words if you use a backstreet bank which doesn't give you a multi-factor authentication device for your logins to access their online banking service, you could hit a problem if you had several browser windows open in your sandbox while you are doing online banking. A browser window running a malicious script from some dogy website could capture your bank login and transmit it to a fraudster.

The solution is obviously to only do online banking or other serious stuff in a separate session with no other activity running in the background, and/or to use noscript to block scripting.

Other than that it seems to be totally bullet proof so far. I was naively thinking for a second why doesn't Firefox or Microsoft buy Sandboxie and incorporate it in their browser. Answer: Google (or any other search engine) wouldn't like it - and they are the big paymasters for the browser developers. They don't want your cookies to vanish when you switch off your machine.

MrDaithi

probe wrote: »

Other than that it seems to be totally bullet proof so far. I was naively thinking for a second why doesn't Firefox or Microsoft buy Sandboxie and incorporate it in their browser. Answer: Google (or any other search engine) wouldn't like it - and they are the big paymasters for the browser developers. They don't want your cookies to vanish when you switch off your machine.

Firefox can automatically delete cookies once it gets closed, IE in some way too I guess.

I'm not sure how deleting cookies can affect search engines, but it certainly affect site usage stats because you are considered as a new user each time you access the site, at least if you've closed your browser between each visit.

IE8 has "InPrivate" feature that automatically gets rid of browsing and searching history, cookies, form data and passwords and clear the browser cache at the end of the session. Firefox will get a similar feature too. But this is by no mean Sandboxing.

probe

MrDaithi wrote: »

Firefox can automatically delete cookies once it gets closed, IE in some way too I guess.

I'm not sure how deleting cookies can affect search engines, but it certainly affect site usage stats because you are considered as a new user each time you access the site, at least if you've closed your browser between each visit.

IE8 has "InPrivate" feature that automatically gets rid of browsing and searching history, cookies, form data and passwords and clear the browser cache at the end of the session. Firefox will get a similar feature too. But this is by no mean Sandboxing.

Of course Firefox and Opera and other browsers can be set to dump cookies but I suspect a majority of people just let cookies build up, leaving a nice trail for the search engines and other tracking companies. If on the other hand, Sandboxie came as standard with a browser (assuming the sandbox was switched on by default when browsing) the cookie files would be held in the sandbox and would be automatically deleted at the end of the session.

The search engines love to gather as much data as possible. This is why they offer free email services - and why these email services usually use the same domain as the search engine - so that the cookies carry over between search and email sessions. Google has gmail.com - but that redirects to mail.google.com.

Even if you delete your cookies, many websites require flash, and some of these deposit flash cookies on your machine - which remain even after Firefox is closed.

Go here to see if there are any flash cookies hiding on your machine:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Flash can also be used to switch on your webcam and or microphone so a website can spy on you - this outrageous "facility" can be switched off here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html

probe

Steve has done a further netcast on Sandboxie this week
>> http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-174.mp3

He talks about various issues, including using separate sandboxes for running email clients and browsers, and setting up sandboxie so it can write permanently to your email client's data file (if you didn't do this obviously any email you downloaded or created during a session would vanish after you closed the sandbox, because the sandboxie default is to prevent writing to files on your system).

Free trial download of the software at www.sandboxie.com