Cybergenic Shade Home Edition (sandbox)

Discussion in 'Other Security for Windows' started by Windows_Security, Mar 20, 2017.

  1. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Official Website:
    http://www.shadesandbox.com/
    Hi,

    I searched for earlier threads/post on this free for home use sandbox. Anyone using it om Malware TIPS?

    Video of Shade vs Sandboxie and COMODO:


    The sandbox is fully isolated to access any files you may have downloaded see Q&A
    SHADE Sandbox - Security for Windows PC

    I run Firefox isolated and Shade does not seem to change Integrity levels. I have added a link (called Sandbox download) with a shortcut to C:\Shade\{DC366087-43F3-48F3-B7D4-3335B69A9047}\C\Users\Kees\Downloads

    Offcourse when you are using COMODO there is no need for other Sandbox, same when you have a license of Sandboxie, I will play with it for a while and wprobably will replace Sandboxie free by Shade Sandbox for family members asking whether I can install "ahum" (embarrassed cough) the XXX-browser I also installef for [name] :)

    I also added the Shade sandbox to CCleander additional folders making an exception for the Download folder. I disabled the autorun for the GUI tool, still when launching Firefox it is sandboxed automatically.

    Regards Kees
     
    #1 Windows_Security, Mar 20, 2017
    Last edited: Mar 20, 2017
  2. Spawn

    Spawn Administrator
    Staff Member

    Joined:
    Jan 8, 2011
    Messages:
    16,174
    Likes Received:
    23,647
    Email address required during installation to Activate product (post-install).
    Not all file types allowed to be added to Shade Sandbox.

    Not as easy to understand as Sandboxie.
     
  3. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    1. In return you get a free licence.

    2. Only executables probably

    3. Funny you mention that. I had the same experience because Sandboxie defined this class of security application and you expect followers to simular GUI and control options (like most Anti-Executables looked like Faronics and most HIPS looked like SSM in terms of control/GUI).

    Shade versus Sandboxie
    a) You only have to add a program to Shade, no other configuration options.

    b) You don't need the control GUI to be protected (SBIE works simular), but unlike SBIE it shows purple rectangle aroun the protected program Windows (when SBIE control is not started SBIE does not show the yellow rectangle around the protected program's Windows).

    c) Like SBIE you can delete the Sandbox through the GUI program or with external program (like CCleaner)

    d) It lacks a (immediate) recovery prompt, so you manually have to create a link to Sandbox to recover downloaded files. The developer believed in strict seperation and has rejected suggestions to make his (small) adoption to increase ease of use.

    e) It does not fiddle with Integrity Levels like Sandboxie which is a plus for me (part of the security model of LOW-IL browsers is based on the fact that page rendering Chrome.exe's or Firefox.exe's can't touch the broker process with same name because it runs at a higher integrity level).

    f) Both are free for home use (until now no "startup buy pro" delay with Shade)

    Ironically this makes it a perfect XXX-browser for non-tech people using two browsers, one (e.g. firefox) is always sandboxed for dodgy internet surfing and the other (e.g. Chrome) is used for normal surfing.
     
    #3 Windows_Security, Mar 21, 2017
    Last edited: Mar 21, 2017
  4. cruelsister

    cruelsister Level 31
    Trusted

    Joined:
    Apr 13, 2013
    Messages:
    2,007
    Likes Received:
    10,960
    This application really is mostly specific for isolating browsers as Windows Security notes. It's not an auto-sandbox like COMODO, nor does it have the bells and Whistles like SBIE- but it is adequate for its intended use.
     
    #4 cruelsister, Mar 21, 2017
    Last edited: Mar 21, 2017
  5. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Ladies and gentleman, fellow forum members, I have an announcement to make :D

    THE VIDEO I INCLUDED IN THE FIRST POST IS FROM THEIR OFFICIAL FAQ PAGE (MADE BY CRUEL SISTER)

    (I can't edit the first post anymore)

    Regards Kees
     
  6. shmu26

    shmu26 Level 40

    Joined:
    Jul 3, 2015
    Messages:
    2,949
    Likes Received:
    8,665
    OS:
    Windows 10
    I had a problem with Chrome in Shade sandbox.
    It would not automatically load my Chrome user profile, I had to log in again every time.
     
    ravi prakash saini, SHvFl and Davidov like this.
  7. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Thanks for posting. I have discovered that I have the same issue.

    With Firefox it seems to work correctly. I run Firefox Shade sandboxed with uBlock origin (with my own filterlist). When using a two browser approach for normal and risky surfing, I always use the 'strongest' browser for normal surfing, based on PWN2OWN trackk record I use Chrome for normal browsing (only allowing a few high level domains to execute javascript) with Avast as only (URL) filter.
     
  8. shmu26

    shmu26 Level 40

    Joined:
    Jul 3, 2015
    Messages:
    2,949
    Likes Received:
    8,665
    OS:
    Windows 10
    Firefox always plays better with the security softs. (But that doesn't mean it is more secure...)
     
    ravi prakash saini and SHvFl like this.
  9. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    When it lacked a LOW integrity Level rendered process it was probably the weakest browser by far. But since it runs multi process it is an option again, but still not as safe as Chrome or Edge IMO, therefore I have Shade Sandboxing Firefox ;)

    upload_2017-3-21_11-8-2.png
     
    #9 Windows_Security, Mar 21, 2017
    Last edited: Mar 21, 2017
  10. shmu26

    shmu26 Level 40

    Joined:
    Jul 3, 2015
    Messages:
    2,949
    Likes Received:
    8,665
    OS:
    Windows 10
    If you are on Windows 8-10, you can enable the Chrome flag for appcontainer, and that increases its security. It makes Chrome a little like Edge.
     
  11. Coddie

    Coddie New Member

    Joined:
    Jun 17, 2014
    Messages:
    1
    Likes Received:
    11
    Hi, I'm chief developer of Shade. Nice to meet you, guys and thanks for the comments.
    Actually there is a recovery mode :) Probably, it is not quite obvious, sorry. You have to attempt to access downloaded file. For example, in Firefox, there is a "down arrow" button which opens downloaded files list, access it and a balloon in the system tray will appear suggesting user to move recently downloaded file out of sandbox. I thought this is more convinient variant compared to prompting user about unsandboxing files immediately after download completes. But if most of you have another opinion, may be it is time to change this behaviour :) Please send your suggestions to support@cybergenic.co
    And as far as Chrome is concerned, yes, it is a real pain in ass :)) But we're dealing with issues :) Hopefully, we'll make Shade more compatible with it soon :)
     
  12. shmu26

    shmu26 Level 40

    Joined:
    Jul 3, 2015
    Messages:
    2,949
    Likes Received:
    8,665
    OS:
    Windows 10
    Welcome, and thanks for input!
     
    ravi prakash saini, frogboy and SHvFl like this.
  13. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Hi Coddie, thanks for joining this forum.

    Regards Kees
     
    ravi prakash saini and SHvFl like this.
  14. Spawn

    Spawn Administrator
    Staff Member

    Joined:
    Jan 8, 2011
    Messages:
    16,174
    Likes Received:
    23,647
    Is this because of the location of the Profile, usually found at (*C:\Users\[Username]\AppData\Local\Google\Chrome\User Data\)?
     
    ravi prakash saini and SHvFl like this.
  15. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Shade should copy the changes of the profile into the Sandbox. I noticed Chrome protects its own AppData files with ACL's also, may be some back check tells Chrome the profile has a changed ACL (because it is directed to the sandbox) and drops it.
     
    ravi prakash saini and SHvFl like this.
  16. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    I did some amateur PoC-testing and was impressed by Shade sandbox. Some compare Shade with a half baked Sandboxie because it does not offer the full monty (seperation) like Sandboxie or COMODO, but that really discredits the effectiveness of their smart selective process/memory mitigations (Shade offers full data seperation with their "file-wall" driver).

    As the video's of our resident VJ clearly shows Shade is quite effective (lnk) and has some smart features to block memory based exploits (link)

    On Windows 8.1 and higher I simply use Chrome (has AppContainer) with Avira Browser Safety (blockin 80% of ads and trackers with a small smart list) and use Shade to Sandbox firefox (and run it with one rule ABP).
     
    #16 Windows_Security, Apr 8, 2017
    Last edited: Apr 8, 2017
  17. Umbra

    Umbra Moderator
    Staff Member

    Joined:
    May 16, 2011
    Messages:
    15,922
    Likes Received:
    22,598
    OS:
    Windows 10
    AV:
    Default-Deny
    It is a good "basic user" sandbox , but i prefer ReHPS , gives me more granular control, even more than Sbie.
     
    ravi prakash saini, SHvFl and XhenEd like this.
  18. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Yep, but I asked for a beta lisence and never got it, so can't play with it :-(
     
    ravi prakash saini and SHvFl like this.
  19. XhenEd

    XhenEd Level 24
    Trusted

    Joined:
    Mar 1, 2014
    Messages:
    1,376
    Likes Received:
    6,458
    OS:
    Windows 10
    AV:
    Default-Deny
    :eek::eek::eek:

    You should have gotten it. Maybe you were overlooked. Ask again.
    Just to clarify, you won't get a "beta license", but a beta software demo. :)
     
  20. Windows_Security

    Joined:
    Mar 13, 2016
    Messages:
    254
    Likes Received:
    1,077
    OS:
    Windows 7
    Okay thanks, will ask again.
     
    ravi prakash saini and SHvFl like this.
Loading...
Other threads that you may like Forum Date
Help Me Decide Sandboxie free alternatives : Cybergenic Shade vs BitBox vs RE-HIPS(Beta) vs GeSWall War Room Archive Dec 4, 2015
Special Samples Cerber & Shade (21/6/17) Malware Vault (Samples) Yesterday at 6:02 AM
Special Samples Cerber & Shade (16/6/17) Malware Vault (Samples) Friday at 6:16 AM