Discuss Can you get infected if sandboxie can access the internet?

[Hormoz]

Can it somehow infect you via network if you test malware (just your average PC connected to the router)? If so, how are the chances?

 

[Robbie]

I believe the only way to get infected would be if you share network folder between host and isolation mode. Just because a software can access itnernet in isolated way doesn't mean it can get you infected.

 

[93803123]

Can it somehow infect you via network if you test malware (just your average PC connected to the router)? If so, how are the chances?

Sandboxie only protects your local system. Other systems can still be infected. Testing malware can result in a spread across your local area network (LAN), dependent upon the network access allowed in Sandboxie as well as the networking for the PC on which Sandboxie runs and the network access configuration for all other systems on the LAN.

With just a single PC connected to a router there is a risk that additional infection could happen. The how of it can be any of a number of ways. There is no way to quantify that risk, but the probability would be a relatively small number.

 

[Hormoz]

With just a single PC connected to a router there is a risk that additional infection could happen. The how of it can be any of a number of ways. There is no way to quantify that risk, but the probability would be a relatively small number.

Does having a software firewall on your computer (windows firewall for example) enabled help? How are the chances if you disable that software firewall then, is it still small or does it get big?
Also how does all this apply to virtual machines like VirtualBox infecting the host system? Does a software firewall on the host system help? How are the chances without software firewall?
(This is all about a single system connected to a router by the way.)

 

[blackice]

I believe the reason people in the hub use a VPN while testing is to isolate their internet connection from the local network. In that way no other systems on the local network would be affected. As for the sandboxie specifics I have no idea, but am curious to see the answer.

 

[silversurfer]

I believe the reason people in the hub use a VPN while testing is to isolate their internet connection from the local network. In that way no other systems on the local network would be affected. As for the sandboxie specifics I have no idea, but am curious to see the answer.

There is more than one reason to use VPN for testing malware samples, Your ISP would be known about your testing activities sooner or later,
ISP are able to lock your internet connection for some weeks or something similar...

 

[blackice]

There is more than one reason to use VPN for testing malware samples, Your ISP would be known about your testing activities sooner or later,
ISP are able to lock your internet connection for some weeks or something similar...

Good point, I hadn’t considered that. They probably don’t want volumes of malware wandering through their network.

 

[ichito]

There was an interresting discuss on Wilders about Bromium Lab's test of some sandbox technologies

Application Sandboxes: A pen-tester’s perspective

I’m excited to announce a new research report from Bromium Labs, written by myself and Rafal Wojtczuk. It ended up being far more comprehensive than we...

www.wilderssecurity.com

Unfortunately original article is already not avaliable on BL page but here is the full report

https://bromiumlabs.files.wordpress.com/2013/07/application_sandboxes_a_pen_tester_s_perspective2.pdf

and video presentation from Derbycon 2013

https://www.irongeek.com/i.php?page=videos/derbycon3/4303-sandboxes-from-a-pen-tester-s-view-rahul-kashyap