I found this link which says that any sandbox can by bypassed with a Windows kernel vulnerability. I think they bypassed the 3.76 version of Sandboxie. Does anyone know if this is possible with Sandboxie 4.01. I hope I do not make anyone angry by asking this but I am just wondering. Thank you for your time. Here is the link to the PDF. http://blogbromium.files.wordpress.com/2013/03/blackhat-2013-sandbox-roulette_wp.pdf
Sandbox Roulette in Sandboxie 4?
- Thread starter ad18
- Start date
- Status
Littlebits
Retired Staff
- May 3, 2011
- 3,893
If there is a vulnerability present in the Windows OS kernel, yes it is true that any security software can be bypassed.
That is why is is so important to keep Windows updated and always utilize UAC which runs above the kernel level. Whereas with all security software run below the kernel level. Always use common sense when downloading and running executable files.
Of coarse it is extremely rare for malware to exploit kernel vulnerabilities on home users systems, it usually only applies to large business systems.
It is more common for malware to exploit software vulnerabilities like Java, Flash, browser, etc. which Sandboxie does an excellent job protecting.
Thanks.
That is why is is so important to keep Windows updated and always utilize UAC which runs above the kernel level. Whereas with all security software run below the kernel level. Always use common sense when downloading and running executable files.
Of coarse it is extremely rare for malware to exploit kernel vulnerabilities on home users systems, it usually only applies to large business systems.
It is more common for malware to exploit software vulnerabilities like Java, Flash, browser, etc. which Sandboxie does an excellent job protecting.
Thanks.
I have read somewhere that it would be fixed in new version (don't remember where i read that )
Anyway thanks for share
:+1:
)Anyway thanks for share
:+1:
I know that this was a Windows flaw and not a Sandboxie flaw. I just wondered if an unpatched Windows 7 with Sandboxie 4 could have contained this an similar vulnerabilities. Any thoughts on this bo. I really like Sandboxie but am curious if Sandboxie 4 protects from kernel vulnerabilities.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
Like I tried to explain, there is no security software period (Sandboxie, Comodo, Online Armor, other HIPS, etc.) that can protect against vulnerabilities in Windows OS kernel. You just have to install all of the latest Windows Updates to patch the holes.
You have to understand how Windows operates, all software runs below the kernel level therefore an exploit can use the hole in the kernel and bypass anything that runs at the software level.
Security software like (Sandboxie, Comodo, Online Armor, other HIPS, etc.) only can protect against software level vulnerabilities. Of coarse you should always keep your web software updated as well.
Thanks.
You have to understand how Windows operates, all software runs below the kernel level therefore an exploit can use the hole in the kernel and bypass anything that runs at the software level.
Security software like (Sandboxie, Comodo, Online Armor, other HIPS, etc.) only can protect against software level vulnerabilities. Of coarse you should always keep your web software updated as well.
Thanks.
Thanks for the reply bo. I thought that tzuk might be creating Sandboxie 4 to handle these exploits. It seems like some of the things in the article were outdated though. Sandboxie 4 does not use unoffical hooks. I am learning so much about Sandboxie. It sure was worth buying the license!
Thanks bo for the infos provided
I don't use sbie personally and even i have 2 lifetime license of sbie I am not very much interested in this software.
I don't use sbie personally and even i have 2 lifetime license of sbie I am not very much interested in this software.
- Status
Similar threads
