Exploits Explained: Comprehensive Exploit Prevention and Vendor Offerings

[AtlBo]

Simply, a malicious Javascript code with hard-coded malicious links and search functions, can easily send browser-level password to the remote server, and all this happens in Sandboxie.

Is it correct that such a script would have to originate outside the sandbox? The Qihoo sandbox blocks all executables located within the sandbox from running.

I guess I am assuming that the browser is in the sandbox when it runs. BTW, what about plug-ins and extensions. Running them in the sandbox helps or is useless? Firefox is getting rid of plug-in container soon, but for now sandbox it?

 

[shmu26]

Is it correct that such a script would have to originate outside the sandbox? The Qihoo sandbox blocks all executables located within the sandbox from running.

I guess I am assuming that the browser is in the sandbox when it runs. BTW, what about plug-ins and extensions. Running them in the sandbox helps or is useless? Firefox is getting rid of plug-in container soon, but for now sandbox it?

Are you talking about running your browser in Qihoo sandbox?
Have you tried it, and does it work?

 

[AtlBo]

Are you talking about running your browser in Qihoo sandbox?
Have you tried it, and does it work?

Yes, Firefox in Qihoo sandbox. It does work. I have added plugin-container and all of the Flash executables, also. I also have all of the MS Office apps in the sandbox.

EDIT add a pic:

Shows which of above start in SB when Firefox starts:

 

[shmu26]

Yes, Firefox in Qihoo sandbox. It does work. I have added plugin-container and all of the Flash executables, also. I also have all of the MS Office apps in the sandbox.

EDIT add a pic:

View attachment 125458

Shows which of above start in SB when Firefox starts:

View attachment 125459

just wondering: what happens if you download a file using firefox? can you find it and open it?

Assuming you still have COMODO installed, I think it's better to run the kind of apps you are talking about in the COMODO sandbox, which is built for with that purpose in mind, and has a good reputation for security.

 

[AtlBo]

I uninstalled Comodo, because I feel like I need to take some time to learn more. I've found alot in the configs around MT. Not sure when I'll go back, but it could be some months.

File goes into the sandbox. From there it can be retrieved from the "Files List" for the sandbox control, so if I download something I know is safe I can move it downloads. Same if I create a file with Word, etc. I used to have a problem with uploading files using Firefox in the 360 sb and then from uploading from non-sandboxed locations, but Qihoo seems to have made that possible now. Maybe there is more in 360 for detection with this kind of process now than there used to be. Not sure if it's only certain apps that can upload while in the sandbox, but there isn't a setting for it in 360 anywhere. Can block connections for all apps, but that's not going to work with a browser. Actually, I haven't tried that. Maybe it doesn't block browsers. I'll look at it and post.

 

[shmu26]

I uninstalled Comodo, because I feel like I need to take some time to learn more. I've found alot in the configs around MT. Not sure when I'll go back, but it could be some months.

File goes into the sandbox. From there it can be retrieved from the "Files List" for the sandbox control, so if I download something I know is safe I can move it downloads. Same if I create a file with Word, etc. I used to have a problem with uploading files using Firefox in the 360 sb and then from uploading from non-sandboxed locations, but Qihoo seems to have made that possible now. Maybe there is more in 360 for detection with this kind of process now than there used to be. Not sure if it's only certain apps that can upload while in the sandbox, but there isn't a setting for it in 360 anywhere. Can block connections for all apps, but that's not going to work with a browser. Actually, I haven't tried that. Maybe it doesn't block browsers. I'll look at it and post.

wow, I am impressed. I didn't know Qihoo sandbox can do all that.
I wonder what happens if you try to run Chrome, whether it can remember your user profile and login? Chrome is pretty finicky about that.

 

[AtlBo]

I wonder what happens if you try to run Chrome, whether it can remember your user profile and login? Chrome is pretty finicky about that.

It does with Firefox. It remembers everything but then it is lost if the app is removed from the sandbox configuration or if the sandbox is disabled. I have the 360 Chrome based browser on this computer that I can test, but I think it's modded in some ways for security purposes. Not sure if it would help to know, since it doesn't remember anything much. I can test Chrome on another PC, so I'll give it a try.

Looks like the connection block for all apps button does block all apps, including browsers. There is a small function bar on the top window bar of running apps that I think toggles that setting-sort of an entire machine->net kill switch. Not sure how much good that does in the present state of the feature. Just for knowledge sake, the function bar gives access to files dialog of the sandbox. Better than digging through the main app for them.

 

[shmu26]

It does with Firefox. It remembers everything but then it is lost if the app is removed from the sandbox configuration or if the sandbox is disabled. I have the 360 Chrome based browser on this computer that I can test, but I think it's modded in some ways for security purposes. Not sure if it would help to know, since it doesn't remember anything much. I can test Chrome on another PC, so I'll give it a try.

Looks like the connection block for all apps button does block all apps, including browsers. There is a small function bar on the top window bar of running apps that I think toggles that setting-sort of an entire machine->net kill switch. Not sure how much good that does in the present state of the feature. Just for knowledge sake, the function bar gives access to files dialog of the sandbox. Better than digging through the main app for them.

thanks
We still need a couple people who know how, to test how secure this sandbox really is.

 

[AtlBo]

Yes, I'm not set up for testing at the moment. Only have one PC with enough RAM (8GB), but it's the main one I use . Hope to be testing in the future though.

 

[shmu26]

If you do ever consider testing live samples of malware, the way to do it is in a virtual machine, or by using Shadow Defender. There are some guidelines about how to do this safely, in the subforum for malware testing.

 

[AtlBo]

I was going to go with a VM. I also need to come up with a key for that I guess. I'm running W7 on a few PCs here but not 10 due to some configuration difficulties with some programs. I like to test experimental apps in the optimization area and then on different levels of equipment. This covers all areas of optimization. I'm actually OK being on 7 for the next couple of years I think at least (unless I change my mind).

Having some trouble with Chrome in 360 sandbox. Warning pops up in Chrome in the top right corner that there may be some problems running from a network drive. No pages will load yet, but I will work on it for some time.

 

[AtlBo]

Trouble with Google Chrome. Not sure how to get it to connect in 360 browser. I remember that GC keeps configs on Google servers, so maybe that wouldn't be a problem. Always liked that element of GC.

Had trouble getting Office apps to run at all too, but suddenly they ran. I have some macro enabled files that run in 360 sb, so that's a good thing. Maybe Chrome will come around after some time and run or maybe I must add other elements of the program.

Just remembered. I can install Chrome into the sandbox. I'll try that. I guess the whole app will be wiped out if the sandbox is cleared though.

 

[tim one]

Is it correct that such a script would have to originate outside the sandbox? The Qihoo sandbox blocks all executables located within the sandbox from running.

I guess I am assuming that the browser is in the sandbox when it runs. BTW, what about plug-ins and extensions. Running them in the sandbox helps or is useless? Firefox is getting rid of plug-in container soon, but for now sandbox it?

Sure, I refer just to Sandboxie as said above, in the case of Qihoo sandbox, it can block scripts if detected.
But a script in Sandboxie can be detected by the installed anti-virus because SB path is part of the AV scan.
Any specific extensions that support Sandboxie can detect malicious script, for example NoScript, assuming that it is fully compatible with SB, it might block the script inside SB.

 

[AtlBo]

Sure, I refer just to Sandboxie as said above, in the case of Qihoo sandbox, it can block scripts if detected.

Makes sense. Sandboxie does have serious well deserved support from many angles.

360 apparently cannot properly run Chrome in the sandbox. It will not connect. However, one slightly interesting angle on this is that Qihoo's 360 Chrome based (webkit) browser seems to work fine.

I guess I really would like to see Qihoo drop some energy into 360 browser. I think my version is a little short of fully updated, which seems to be an issue with it. I say this because there is not a single way to update the browser within the program, not even a setting for auto-updates. Maybe this is corrected in a newer version, idk. I think I installed in 2014 based on some file ages in the folder.

This is an unusual program. It installs into the user space in AppData Local. I couldn't find anything in programs areas of W7.