Advice Request Do I still need a Sandboxing Utility ?

Please provide comments and solutions that are helpful to the author of this topic.

A

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
210
Hi,

I am just wondering if I would need to re-install a Sandboxing Program with my current set-up of :

KTS 2018
Kaspersky Secure Connection
NVT EXE Radar Pro(beta)
Browser Microsoft Edge (default) plus IE

When I use KTS Safe Money, there are certificate verification notifications for websites like Ebay and Amazon which I frequently use.

NB I tried SHADE Sandbox earlier today but it seemed buggy on my machine and whilst I have a paid license for SandBoxie, it had known conflicts in the past with Kaspersky up to version 2017 but this still seemed to be the case when I tried it again today using IE (Initialization failed for process iexplore.exe).

Havinf read some posts reference Sandboxing today, I believe that MS Edge has its own container and therefore supporting Sandboxing Software would not be necessary ?

I am only seeking to have a "safe container" when I am browsing websites.

Any thoughts appreciated.

Andy
 
  • Like
Reactions: vtqhtr413, Deletedmessiah, Electr0n and 4 others
D

Deleted member 65228

You don't need an external sandbox component, it's not mandatory. Some people like to use one.

You have Kaspersky Total Security which comes with a safe browser you can use when browsing online; Microsoft Edge is also quite secure by default and they use AppContainer - AppContainer isn't like using an external sandbox but it is still beneficial. The Kaspersky safe browser does more than prevent key-stroke interception, it also prevents screen capture catching the browser (it'll display as black AFAIK) - they also use virtualisation for it.

Kaspersky Total Security also has Application Control... I'm sure @harlan4096 can provide more insight into this among other good features of KTS.

You also have an anti-executable.

Regarding Internet Explorer, don't use that anymore. It's old and obsolete now.

Do research on new downloads, don't download from untrusted sources and don't be click-happy.

If your current configuration is not sufficient enough to protect you then nothing will. Your own actions are just as important. More security software does not equal additional security all the time. There's no golden ticket to being invincible.
 
  • Like
Reactions: tim one, vtqhtr413, XhenEd and 13 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
AMD1 said:
what does this actually achieve by disabling it ?
Click to expand...
Have a guess..? IE11 is an obsolete browser in the day of the modern web.

After the changes, C:/Program Files/Internet Explorer/ will remain, but no executable (iexplore.exe) or shortcuts in Start menu to run it.

Until Microsoft eradicate it completely from Windows 10, this is the closest method to removing IE.
 
  • Like
Reactions: Hector1, vtqhtr413, Weebarra and 4 others
F

ForgottenSeer 58943

AMD1 said:
@AMD1
For Windows 10 user:
Internet Explorer can be Uninstalled (disabled) via Settings > Apps > Under (Apps & Features) > Manage optional features.

@Spawn - what does this actually achieve by disabling it ?
Click to expand...

IE is an attack vector you don't want on your box IMO.

Also note, OSArmor has an option to block opening of IE, that's good enough without having to uninstall it, but uninstalling it only takes a moment. Occasionally, especially in the enterprise world we find Web Apps that REQUIRE IE still - believe it or not!
 
  • Like
Reactions: vtqhtr413, Sunshine-boy, simmerskool and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Sandboxing is not just for your browser. Most modern browsers are pretty safe anyway, you don't hear much about browser exploits actually affecting people these days.

The more important use of sandboxing is for Office and PDF applications. This is where the really nasty exploits are happening.
Both Sandboxie and ReHIPS will sandbox such applications.
Sandboxie will do it if you set it up, and ReHIPS will do it out of the box.
(You don't need the paid version of ReHIPS for this, by the way.)
 
  • Like
Reactions: XhenEd, vtqhtr413, AtlBo and 5 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,655
In general to run banking I use KTS + FireFox with K Safe Money, but I have also installed Sanboxie (Licensed) to run other applications.

I think part of the TAM behaviour can be emulated tweaking Application Control, but is not the same...

This thread has given me an idea: I will test the next malware samples at MWTHub with KTS2018 + Default settings + TAM On + PUP/PUA/AdWare/ and will see how it performs in dynamic tests...
 
  • Like
Reactions: vtqhtr413, AtlBo, upnorth and 3 others
D

Deleted Member 3a5v73x

harlan4096 said:
In general to run banking I use KTS + FireFox with K Safe Money, but I have also installed Sanboxie (Licensed) to run other applications.

I think part of the TAM behaviour can be emulated tweaking Application Control, but is not the same...

This thread has given me an idea: I will test the next malware samples at MWTHub with KTS2018 + Default settings + TAM On + PUP/PUA/AdWare/ and will see how it performs in dynamic tests...
Click to expand...
Pardon me, I am grateful for you testing Kaspersky, but I don't understand the point of testing it with TAM on, hunting for that 1 sample of 1000 that will slip by? Same question goes to for testing Comodo with auto-containment. Where's the catch? KTS with TAM on and Comodo with auto-containment is already 99.8% malware-protection. :rolleyes:
 
  • Like
Reactions: vtqhtr413, AtlBo, Weebarra and 1 other person
D

Deleted member 65228

davisd said:
Pardon me, but I don't understand the point of it, hunting for that 1 sample of 1000 that will slip by? Same question goes to for testing Comodo with auto-containment. Where's the catch? KTS with TAM on and Comodo with auto-containment is already 99.8% malware-protection. :rolleyes:
Click to expand...
He is just going to test KTS with some things enabled to see how it performs, that's all. He wants to see if the system will be trashed or not with a quick test of it. It doesn't mean KTS is inhumanly good if it does well or inhumanly bad if it doesn't

The point is the same point everyone has for testing their products they use

The point is just he likes testing security products with malware lol
 
  • Like
Reactions: vtqhtr413, AtlBo, simmerskool and 3 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,655
Right, just will try some malware packs with TAM On (which usually is disable by default) and check how it performs, some Kaspersky user ask about TAM from time to time in the forum, so there They will have some tests to check its behaviour :)
 
  • Like
Reactions: vtqhtr413, AtlBo, Weebarra and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Yeah, it's going to be hard to pin down the problem by running a few samples from the malware hub, because Kaspersky works too good, especially with TAM enabled.

I think the problem is that certain droppers are so common that they appear on the systems of a number of Kaspersky users, and so they get a semi-trusted rating in KSN, since they do nothing malicious in and of themselves.
Then, when no one is looking, they drop the payload...
This is only conjecture, I can't think of anything else.
 
  • Like
Reactions: vtqhtr413, AtlBo and Weebarra
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Elantris said:
I like Sandboxie and not just for the sake that it increases security. I like it for the sake that when I close my browser, it will kill it's history and any pages loaded in it, so if I accidently get a cryptojacker that runs the browser minimized behind my clock, then once I purge the sandbox I purge the cryptojacker. No need to hunt down for the process or guess if it's on or not. When, I am done browsing I just purge the sandbox.

Also I have sandbox containers for each seperate web facing solutions and the box is setup to compartmentalize each solution within it's own sandbox. I.e. my VLC player can't talk to my chrome or see any drives besides what I tell it to see. My adobe reader is the same, etc etc etc.

I see it as just an elegant method of making sure that each program stays within their boundaries and that each one of them are running with dropped rights.
Click to expand...
You know how to use SBIE right.
For those who are interested, ReHIPS does the compartmentalization automatically. But not the purging. That is SBIE's specialty.
 
  • Like
Reactions: vtqhtr413, AtlBo, simmerskool and 3 others

Similar threads

cartaphilus
    • Like
Question Can Kaspersky be ran in a container like docker and still scan the files of the host OS?
Replies
1
Views
629
Kaspersky
Xeno1234
Xeno1234
N
I Need Help Please
Replies
0
Views
593
Mobile Malware Removal Help & Support
Notthisimportant
N
O
Doescanpit live
Replies
1
Views
1,132
Mac Malware Removal Help & Support
Jack
Jack

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top