L

LabZero

Hello everyone.

The sandbox now sprout everywhere, many AV vendors implement this technology in their products, even with the promise of being able to detect zero day.

I'd think so right on this point: the zero day.

Having an accurate detection means adopting a sandboxing technology more or less effective to study the behavior of malware or suspicious traffic flows, trying to analyze and determine the degree of danger/malevolence in signatureless mode. Yes, because if I don't know the malware, I can't identify it through signatures notes.

For nearly all users charmed sandbox, these continue to be considerations but are really effective?

Because everything they have in hand regarding the advanced attack is possibly a sandbox report where the malware is launched ...

It is precisely for this reason that we must never forget: the real system. I can't expect everything to be restored as before the attack ... but it is certainly possible to investigate against an alarm received from sandbox if the targeted client has Impairment indicators ... confirm the attack and understand it to the Host.

And why not, decide to make an isolation that allows us,after a precise detection, of proceeding with an analysis that provides safe answers.

-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?


This is what I expect about the sandbox of the future.

The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.
 
Last edited by a moderator:

frogboy

Level 75
Verified
Trusted
Believe it or not i have never tried a sandbox software, i have downloaded Sandboxie several times but never got around to installing it. :oops::eek::D
 
  • Like
Reactions: XhenEd and LabZero
D

Deleted member 178

The only home software i know using detection inside virtualization is Returnil (and the detection was weak...)
 
  • Like
Reactions: XhenEd and LabZero

Janl92l

New Member
The only home software i know using detection inside virtualization is Returnil (and the detection was weak...)
Isnt avast deepscreen something like detection in a virtual envrioument called ng? i am pretty sure eset use something like this too to detect threats.
 
D

Deleted member 178

CIS do it too. In the case of Returnil it virtualize the whole OS if my memory is good.
 
H

hjlbx

-What happened?
-The attack is successful?
-Other machines have been compromised?
-Data have been stolen?


This is what I expect about the sandbox of the future.

The next time someone talks to you or offers the latest wonderful sandbox beware ... make sure the overall solution ensures the visibility on the Host object.
@Klipsh

Not quite what you want but anyhow you might be interested in a Sandboxie Add-On Utility called Buster Sandbox Analyzer. It's something you'd find useful with your level of IT knowledge...

Of course, you need to be using Sandboxie.

Buster Sandbox Analyzer
Contributed by Buster, a member of the Sandboxie forum.

Buster Sandbox Analyzer is a tool designed to analyze the behaviour of sandboxed processes and determine if they are malware.

Usage and Download: See Forum Topic: forums.sandboxie.com • View topic - Buster Sandbox Analyzer

The other alternative is a Cuckoo Sandbox that uses emulation. Currently, the only two products that employ emulation for home security solutions is Comodo Internet Security (FLS integrated CAMAS and maybe now or soon Valkyrie) and VooDooShield.

  • Advanced sandboxes are the realm of the advanced users...
  • Sandboxes, by default, are "dumb"...
  • Security soft vendors - all the way around - have done a poor job of creating softs that will alert the user as to what is happening in terms of malicious activity... "Hey Mister, your data is being stolen !" Sandboxes are no different... they don't tell you anything.
  • SkyNet won't be released any time soon...
 
  • Like
Reactions: LabZero
L

LabZero

@Klipsh

Not quite what you want but anyhow you might be interested in a Sandboxie Add-On Utility called Buster Sandbox Analyzer. It's something you'd find useful with your level of IT knowledge...

Of course, you need to be using Sandboxie.

Buster Sandbox Analyzer
Contributed by Buster, a member of the Sandboxie forum.

Buster Sandbox Analyzer is a tool designed to analyze the behaviour of sandboxed processes and determine if they are malware.

Usage and Download: See Forum Topic: forums.sandboxie.com • View topic - Buster Sandbox Analyzer

The other alternative is a Cuckoo Sandbox that uses emulation. Currently, the only two products that employ emulation for home security solutions is Comodo Internet Security (FLS integrated CAMAS and maybe now or soon Valkyrie) and VooDooShield.

  • Advanced sandboxes are the realm of the advanced users...
  • Sandboxes, by default, are "dumb"...
  • Security soft vendors - all the way around - have done a poor job of creating softs that will alert the user as to what is happening in terms of malicious activity... "Hey Mister, your data is being stolen !" Sandboxes are no different... they don't tell you anything.
  • SkyNet won't be released any time soon...
Thanks @hjlbx for the information you shared :)