Sandbox Roulette in Sandboxie 4?

Status
Not open for further replies.

ad18

New Member
Thread author
Verified
Jan 19, 2013
59
I found this link which says that any sandbox can by bypassed with a Windows kernel vulnerability. I think they bypassed the 3.76 version of Sandboxie. Does anyone know if this is possible with Sandboxie 4.01. I hope I do not make anyone angry by asking this but I am just wondering. Thank you for your time. Here is the link to the PDF. http://blogbromium.files.wordpress.com/2013/03/blackhat-2013-sandbox-roulette_wp.pdf
 

Littlebits

Retired Staff
May 3, 2011
3,893
If there is a vulnerability present in the Windows OS kernel, yes it is true that any security software can be bypassed.

That is why is is so important to keep Windows updated and always utilize UAC which runs above the kernel level. Whereas with all security software run below the kernel level. Always use common sense when downloading and running executable files.

Of coarse it is extremely rare for malware to exploit kernel vulnerabilities on home users systems, it usually only applies to large business systems.

It is more common for malware to exploit software vulnerabilities like Java, Flash, browser, etc. which Sandboxie does an excellent job protecting.

Thanks.:D
 

Spirit

Level 2
May 17, 2012
1,832
I have read somewhere that it would be fixed in new version (don't remember where i read that :D)

Anyway thanks for share
:+1:
 

ad18

New Member
Thread author
Verified
Jan 19, 2013
59
I know that this was a Windows flaw and not a Sandboxie flaw. I just wondered if an unpatched Windows 7 with Sandboxie 4 could have contained this an similar vulnerabilities. Any thoughts on this bo. I really like Sandboxie but am curious if Sandboxie 4 protects from kernel vulnerabilities.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Like I tried to explain, there is no security software period (Sandboxie, Comodo, Online Armor, other HIPS, etc.) that can protect against vulnerabilities in Windows OS kernel. You just have to install all of the latest Windows Updates to patch the holes.

You have to understand how Windows operates, all software runs below the kernel level therefore an exploit can use the hole in the kernel and bypass anything that runs at the software level.

Security software like (Sandboxie, Comodo, Online Armor, other HIPS, etc.) only can protect against software level vulnerabilities. Of coarse you should always keep your web software updated as well.

Thanks.:D
 

ad18

New Member
Thread author
Verified
Jan 19, 2013
59
Thanks for the reply bo. I thought that tzuk might be creating Sandboxie 4 to handle these exploits. It seems like some of the things in the article were outdated though. Sandboxie 4 does not use unoffical hooks. I am learning so much about Sandboxie. It sure was worth buying the license!
 

Spirit

Level 2
May 17, 2012
1,832
Thanks bo for the infos provided

I don't use sbie personally and even i have 2 lifetime license of sbie I am not very much interested in this software.:rolleyes:
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top