Advice Request Is sandboxie safe enough for malicious site video streaming

Please provide comments and solutions that are helpful to the author of this topic.

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
I am evaluating if i shall use sandboxie to surf malicious or adult site , with video streaming and some ads. I'm using Windows 10

Will the Adobe flash player or java script malware escape sandboxie environment and go into host system?

If i clear contents in sandboxie after every browsing sessions, is that safe enough?

Or is there any other setups that can be done to enhance safety?



I have read about shadow defender , it sound great and seem safest, but I'm a computer noob.
I'm scared after reading issues about incompatibilities causing problem etc etc. Therefore i thought sandboxie is a more friendly tool for computer illiterate person like me.

Your opinions are highly welcomed.
Thanks
 
  • Like
Reactions: Nevi

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
I am evaluating if i shall use sandboxie to surf malicious or adult site , with video streaming and some ads. I'm using Windows 10

Will the Adobe flash player or java script malware escape sandboxie environment and go into host system?

If i clear contents in sandboxie after every browsing sessions, is that safe enough?

Or is there any other setups that can be done to enhance safety?
You looks like aware of the risk in general ;)

AFAIK, it's almost impossible for malware to bypass Sandboxie. But you should better using maintained Sandboxie Plus/Classic:

Just harden even more your browser-sandbox, you will find inside settings of Sandboxie:
Internet Restrictions: only allow processes related to your browser, for instance: chrome.exe, firefox.exe, msedge.exe

#1.png#2.png
 
Last edited:

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
You looks like aware of the risk in general ;)

AFAIK, it's almost impossible for malware to bypass Sandboxie. But you should better using maintained Sandboxie Plus/Classic:

Just harden even more your browser-sandbox, you will find inside settings of Sandboxie:
Internet Restrictions: there only allow processes related to your browser, for instance: chrome.exe, firefox.exe, msedge.exe

View attachment 262048View attachment 262049
Haha, yes I'm aware of the risk LOL

I had just read that sandboxie after 2019 will have compatibility issues with Windows 10, the 64 bit version.

So will i have issues using sandboxie plus?
By setting Internet restrictions for only, eg chrome.exe, does such restrictions stop the video streaming or stop the javascript or flash player from working on video streaming?
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
So will i have issues using sandboxie plus?
By setting Internet restrictions for only, eg chrome.exe, does such restrictions stop the video streaming or stop the javascript or flash player from working on video streaming?

For now Sandboxie Plus should running flawless on Windows 10, because it's still being maintained and any issues can be reported to developers:

Both javascript and flash player works as usual. However, in case Sandboxie-Plus works by default with notifications for permissions to allow internet access for certain processes, but avoid to allow every process what appears, just allow what is related to browsing session for your video streaming...

#3.png
 

VladDracul

Level 7
Verified
Well-known
Sep 28, 2011
314
I wouldn't say that you are a noob.If you are up to configure and use Sandboxie for safebrowsing I would say that Shadow Defender is easier to use.I use it on a Windows 10 laptop and now on Windows 11 without any problems.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Just to mention the downside using Shadow Defender, your personal data can be stolen by hackers, Shadow Defender can't protect against something like that but you can more restricted your personal data by using tweaked Sandboxie.
For video streaming of sports or other stuff... I would using Shadow Defender on my former PC (weak Hardware), there are not stored personal data.
 

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
For now Sandboxie Plus should running flawless on Windows 10, because it's still being maintained and any issues can be reported to developers:

Both javascript and flash player works as usual. However, in case Sandboxie-Plus works by default with notifications for permissions to allow internet access for certain processes, but avoid to allow every process what appears, just allow what is related to browsing session for your video streaming...

View attachment 262054
Thank you for your reply.

In the case of Sandboxie asking for permissions to allow video streaming, apart from browsers , i would assume sandboxie will need permission to run javascript or flash player , which shall be .exe form as well?
So when we javascript and flash player to run, is there any malware risk transmitted though this?
 

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
Just to mention the downside using Shadow Defender, your personal data can be stolen by hackers, Shadow Defender can't protect against something like that but you can more restricted your personal data by using tweaked Sandboxie.
For video streaming of sports or other stuff... I would using Shadow Defender on my former PC (weak Hardware), there are not stored personal data.
In shadow defender, only time data can be stolen would be during Internet live connection and everything will be erased once shutdown and reboot.

What kind of retweaking needs to be done in Sandboxie to avoid personal data to be stolen?
 

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
I wouldn't say that you are a noob.If you are up to configure and use Sandboxie for safebrowsing I would say that Shadow Defender is easier to use.I use it on a Windows 10 laptop and now on Windows 11 without any problems.
My only concern on Shadow defender shadow mode is that, i have read quite a number of complains elsewhere that their computer run into compatibility issues.
Such as window update reboot koop, and some other issues.

I lack knowledge in computer and trouble shooting. Such situations scares me
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
In the case of Sandboxie asking for permissions to allow video streaming, apart from browsers , i would assume sandboxie will need permission to run javascript or flash player , which shall be .exe form as well?
So when we javascript and flash player to run, is there any malware risk transmitted though this?
You have to try what exactly with Sandboxie must be allowed to watch your video streaming, depends even on different browsers.

Javascript is well-known to be abused by certain malware variants, that was what I meant "aware of the risk in general"
Always highest risk to watch this kind of streaming (sports, movies, p...). Legal streaming services are always safer and more controlled ;)

What kind of retweaking needs to be done in Sandboxie to avoid personal data to be stolen?

As I said before => Sandbox Options => Internet Restrictions: only allow processes related to your browser, for sure: chrome.exe
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
Afaik flash is dead for month. When I see a site using that I just look for an alternative site (while using sandboxie and having offline backups).
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
404
I am evaluating if i shall use sandboxie to surf malicious or adult site , with video streaming and some ads. I'm using Windows 10
Streaming video from an adult site? Here you need to use Tails at a time to be sure that you have not become infected.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
I am evaluating if i shall use sandboxie to surf malicious or adult site , with video streaming and some ads. I'm using Windows 10

Will the Adobe flash player or java script malware escape sandboxie environment and go into host system?

If i clear contents in sandboxie after every browsing sessions, is that safe enough?

Or is there any other setups that can be done to enhance safety?



I have read about shadow defender , it sound great and seem safest, but I'm a computer noob.
I'm scared after reading issues about incompatibilities causing problem etc etc. Therefore i thought sandboxie is a more friendly tool for computer illiterate person like me.

Your opinions are highly welcomed.
Thanks

I definitely suggest you to use a VM, e.g., VirtualBox, instead.
Sandboxie is better than nothing in regards to protection but unsafe to use for malware contact on a regular basis, which is what seems to be the case here.

The reasons are described in papers like these:


"The default installation of Sandboxie did not prevent any keylogging whatsoever. The attacker had full access to the key logging activity of the entire machine."

"Sandboxie allows access to the network shares from within the sandbox."

"Sandboxie was not able to prevent stealing from the clipboard and the attacker had full access to the victims host clipboard. "

"Our testing proves that due to the large exposure to the OS, a lot of sandboxes aren't able to completely protect against undesired access. This is indeed a concern since these sandboxes are designed to expect execution of 'untrusted' code."


"sandboxed code has direct access to almost full OS functionality" "Almost all kernel vulnerabilities are exploitable from within this sandbox"

"This sandbox has no means to contain malicious kernel-mode code (because they both run at the same privilege level)"

I am not aware what new features were implemented since these papers were published, but the most interesting takeaway of that: The weaknesses it has are by design of that technology. They cannot just be eradicated.
--> see first paper: "Type A sandboxes by design, are vulnerable to a relatively large attack surface."
Sandboxie is a type A sandbox.
 

Kingdiamond

Level 1
Thread author
Nov 18, 2021
17
I definitely suggest you to use a VM, e.g., VirtualBox, instead.
Sandboxie is better than nothing in regards to protection but unsafe to use for malware contact on a regular basis, which is what seems to be the case here.

The reasons are described in papers like these:







I am not aware what new features were implemented since these papers were published, but the most interesting takeaway of that: The weaknesses it has are by design of that technology. They cannot just be eradicated.
--> see first paper: "Type A sandboxes by design, are vulnerable to a relatively large attack surface."
Sandboxie is a type A sandbox.
Thanks for sharing the paper. Looks like a concern.
I'm going to have to look up at virtual box and see if it is hard to handle
 
  • Like
Reactions: struppigel

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
When we browse malicious sites using sandboxie, which is the preferred browser?
Chrome, Edge or Firefox?
I think you should be looking at a secure browser for privacy. Read below


Quick Comparison Table: Which Browser Is the Most Secure in 2021?​

Secure BrowserSecurityPrivacyExtensionsPlatforms
1. The Onion Router (Tor)ExcellentExcellentSomeNo iOS
2. Ungoogled ChromiumExcellentExcellentSomeNo iOS or Android
3. Epic Privacy BrowserGoodGoodSomeAll
4. Mozilla FirefoxGoodGoodManyAll
5. BraveExcellentExcellentSomeAll
6. Apple SafariGoodAverageSomeMac and iOS
7. VivaldiGoodAverageManyNo iOS
8. OperaGoodAverageManyNo iOS
9. Google ChromeGoodBelow AverageManyAll
10. Microsoft EdgeAverageAverageSomeAll

Actually, Ungoogled Chromium (Eloston) can use 'Many' Chrome extensions just like Google Chrome and not 'Some'. Other variants of Ungoogled Chromium (although updates frequently) do connect to Google at a larger extent than Eloston's Ungoogled Chromium.

The table does not include Librewolf browser which should put it somewhere with Ungoogled Chromium as 'Excellent', Excellent', 'Many'

IMO, having a hardened FF should be better than Epic Privacy Browser
 
Last edited:

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
I definitely suggest you to use a VM, e.g., VirtualBox, instead.
Sandboxie is better than nothing in regards to protection but unsafe to use for malware contact on a regular basis, which is what seems to be the case here.
Thanks for sharing the paper. Looks like a concern.
I'm going to have to look up at virtual box and see if it is hard to handle
I agree with @struppigel as using SB if you genuine plan to regular visit/test unsafe sites, is not a recommended platform. VirtualBox, VMware Player or also Windows own Hyper-V is a much better option, but Hyper-V got a bit steeper learning curve. Please just don't forget a VPN.

Avoid save account/private information no matter what browser you use. All those can still be lost even in a Virtual Machine.

If you ever would get a bit more curious and want to learn more, I can highly recommend AnyRun. (y):coffee:
 
F

ForgottenSeer 92963

Quick Comparison Table: Which Browser Is the Most Secure in 2021?​

I used the following criteria to evaluate each browser:

  1. Advanced security features: Secure browsers should have zero weak spots for hackers to exploit, and regularly update their defensive features.
  2. Strong privacy policy: Your data shouldn’t be tracked, shared or sold to make money. At the very least, you’ll have the option to opt-out of data collection and any other practices that breach your privacy.
  3. Support for secure extensions: Extensions can boost your browser’s functionality, but not every extension is secure or private. Some will even track everything you do during a browsing session. Secure browsers should block any extensions that may compromise your device’s security.
  4. Multi-platform support: Browsers need to be compatible with Windows, Android, Mac, iOS devices, and other popular devices.
Above is a very, very, very limited set of evaluation criteria AND they are not applied correctly, so a sad case of framed information posting

Shooting from the hip, here are just a few comments

Security
1. Just compare the per-site settings of Chromium based browsers versus other browsers. :cautious:

1. When Edge is average security wise, what about the security features of Edge which other Chromium based browsers do not have like" :cautious:
a) de-elevation on start of the broker process
b) code integrity guard applied on the renderer processes
c) super duper secure mode

Privacy
2. Unless you use a Tor-browser configured correctly (Tor-wiki advised to NOT use VPN because configuring it correctly requires advanced skills which most people using Tor fail to have), total privacy is a lost case. So when evaluating the author should show his understanding of the marketing mechanisms by telling which tracking mechanisms are applied most and what he considers stage-1, stage-2 and stage-3 privacy protection. I don't see these criteria specified anywhere in the post of Benjamin Walsh :cautious:

2. Opera is considered average, but it has a build in VPN-proxy which obfuscates the IP-addres :ROFLMAO:

Support for secure extensions
3. There only a few browsers with their own extension store. It is hilarious to read that he rates the browsers not on their efforts to provide secure extensions, but the number of extensions in the different browser stores, so he is not even evaluating against his own criteria :ROFLMAO::ROFLMAO:

Multi-platform support
Mr Benjamin Walsh I have got news for you. Most multi-platform ease of use benefits are only provided when you log-in or use the browsers cloud storage for syncing. This makes it very very very very very very very very very very (how much times should I repeat this) very very very very very very very easy to track you over different devices, especially browsers with their own advertising schemes. :ROFLMAO::ROFLMAO::ROFLMAO:
___________________________________________

Thanks posting Mr Benjamin Walsh "most secure browser analysis", I have not laughed that hard for ages
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top