Sandboxie, or Malwarebytes Anti-Exploit

Status
Not open for further replies.

Tony Cole

Level 27
Thread author
Verified
May 11, 2014
1,639
I had a quick question. My friend and I are debating what would offer the most protection:

a) running browser inside sandboxie
b) not using sandboxie, but instead Malwarebytes Anti-Exploit Pro, Malwarebytes Pro and ESET, the first two will not block exploits/malware running inside a sandbox???

What are your suggestions?

Tony :)
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Sandboxie can isolate any incidents and will not affect your system. Anti-Exploit will only prevent exploits, but not isolate any changes on the system.

First check for any compatibility issues, but you may be able to run both Sandboxie and Malwarebytes Anti-Exploit to prevent exploits from occurring within the Sandbox Environment.

However, it's better to keep all software updated, or uninstall any security risks.

Running ESET + Malwarebytes Anti-Malware Premium + Malwarebytes Anti-Exploit Premium does NOT make your system more resistant against threats. Check ESET's site to see that they already have some Exploit Mitigation.

Malwarebytes' no longer uses the terms Pro!
 
D

Deleted member 21043

Hello,

Anti-Exploit can only do so much. In fact, an exploit could have been made to exploit both the Anti-Exploit software as well as then target the executable to exploit which the Anti-Exploit feature was meant to be protecting.

I recommend sandboxing your browser to isolate drive-by download attacks, as well as test out any newly downloaded programs in the sandbox before allowing them on your system (for all you know, a trusted website you know of could have been vulnerable and attacked by an attacker, replacing the program download with a link to the infected copy, yes, this does happen in the real world, maybe not as common as you'd believe).

You can use Sandboxie for running programs you are unsure of, you can use Anti-Exploit on your main system alongside sandboxie. This is a good idea because if the software has the servers hacked and the downloads changed and a false update released containing a copy with malicious bytes in the executable (meaning malicious code is attached to the executable which at some point will be executed), if it is an exploit, Anti-Exploit software may be able to protect you from this.

Sorry if my examples might seem like they'll never happen to you, but it's always a possibility.

I recommend using a sandbox as well as software which uses exploit mitigation techniques. If you're using Antivirus/Internet Security software which already has exploit mitigation techniques such as ESET, then another Anti-Exploit is not required, and in the worst case they may just have issues both trying to do their job (regardless of whitelisting). If you are using Antivirus/Internet Security software which does not make use of exploit mitigation techniques, then you may find using Anti-Exploit software useful to help protect you.

As an example:
You have Antivirus software, the virus definition database is up-to-date, however it does not have any anti-exploit capabilities. You are not running anti-exploit software. You find an email, with a Word document attached called "parents-evening-report.doc", and you have a child so you assume it's from your school (if you are not very knowledgable with email). You open it. It's really a document containing an exploit which uses a vulnerability in Microsoft Word to download ransomware loader. The loader is then executed in the background which injects into a legitimate program running on your system via code injection. It then closes itself and runs neatly in the background, and you won't know about this occuring on the legitimate process unless you know a lot about injection and security/malware programming. Awhile later you go back to refer to the document which to you, looked perfectly normal... It's been encrypted, and you find some files which are unencrypted with instructions to paying the ransom, with a link to a webpage you can open (saved shortcut) to pay the ransom (no screen locker involved in this).

However, your Anti-Exploit software MAY have prevented this attack from happening.

The reply @Huracan gave you is also very good, as an extension: updating your software is helpful because the developers of the product may have known of an exploit and patched it, meaning the exploit won't even work if used by malicious software in the first place.

EDIT:
I forgot to say earlier, just thought to add it now... Remember that sandboxie could always have vulnerabilities found by black hats, and then they may use this to exploit the sandboxing software to escape the sandbox.

Cheers. ;)
 
Last edited by a moderator:

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Perhaps @Umbra knows a way to implement both Malwarebytes AntiExploit and Sandboxie, or you can ask here for help.
http://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-94


Check ESET's site to see that they already have some Exploit Mitigation.
There has been an analysis by user itman in Wilders
http://www.wilderssecurity.com/threads/analysis-and-exploitation-of-an-eset-vulnerability.377379/
Too see how effective is ESET's exploit protection, especially on 64bit processes.
@kram7750, perhaps you may find it interesting.

Now back on topic, I would recommend having both. But if you can only have one then go with either.
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 21043

You will not go wrong with Sandboxie.
You can, if you manage to end up with a zero-day exploit to escape the sandbox (or if sandboxie forgot to patch up and exploit or failed to after it's release in the wild)... But don't worry, I doubt you will, or for now at least. But let's remember, if a malware writer with lots of experience who really knows what they are doing can exploit Windows features and other Antivirus software, they can exploit sandboxie.

Just remember to be cautious when browsing; don't download suspicious programs and run them on your main system (try using online sandboxing services to help), and you'll be much better protected. Also make sure to keep sandboxie up-to-date, this allows you to receive the latest security updates. If you are using an outdated version of sandboxie, then you are vulnerable to exploits released and found either by malware writers, security researchers outside of sandboxie, or by sandboxie staff (but then of course if a malware writer discovered the vulnerability the staff did, they could attack people using outdated versions).

Nothing is full-proof. I only made this post because I don't want someone thinking it's 100% full-proof.

Cheers. ;)
 

FlimFlam

Level 1
Verified
Jul 18, 2014
49
True.But,to answer the question at hand then that would still be Sandboxie by far.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Why not use both of them? One will take care and let it run on a isolated environment without any worries. That's a pretty good combination, remember don't rely very much on a piece of software; you can have a combination as long it doesn't provide conflicts.

Data Stealing will defeat every purpose of tools unless you are been trick by your knowledge. ;)
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
I had a quick question. My friend and I are debating what would offer the most protection:

a) running browser inside sandboxie
b) not using sandboxie, but instead Malwarebytes Anti-Exploit Pro, Malwarebytes Pro and ESET, the first two will not block exploits/malware running inside a sandbox???

What are your suggestions?

Tony :)
I'm glad you decided to share your friend's and your debate, Tony. Enjoying the protection of each software mentioned can (quite easily) allow ones mind to forget just how good each can be, respectively, at providing their own specific protection in their own individual fashion.
..and now I see Umbra's guide for allowing anti-exploit in Sandboxie!:cool:

Today, at the market, beneath the shopping bags on the back seart was my light jacket. Although the day was already hot and humid, inside the store was :eek:c-c-c-Cold! So, my Sandboxie-like jacket kept the freeze from the frozen food off of me. Later as we drove our car out of the lot outside, a landscaper was blowing a cloud of dust in our direction. With the windows up, dirty air was blocked from wafting in while the A/C with vents closed aided in preventing the dust from exploiting our breathing clean air, and we in our car, very much like proceeding in a browser, were kept safely within it's virtual environment.;)
 
Last edited:

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
Sandboxie. I've tested Sandboxie against adware, malware, etc (new not old ones) and they never made it out of Sandboxie. That was enough proof for me to know how good Sandboxie really is. Right now I'm not actually using an anti-exploit. Probably going to start using Sandboxie though. Didn't get around to actually using it on the host machine yet. Mind as well start using it.
 

Tony Cole

Level 27
Thread author
Verified
May 11, 2014
1,639
Thank you @Umbra and @Cats-4_Owners-2 I shall stick with using Sandboxie, and keep Malwarebytes Anti-Exploit as well. My mate Tom won't be happy, told him Sandboxie is very good, blah, blah, blah that's all I ever get!

Hope your all having a great summer, children have just broken up here in the UK, no peace and quiet for 6 weeks!
 
  • Like
Reactions: Cats-4_Owners-2

vivid

Level 5
Verified
Dec 8, 2014
206
Data Stealing will defeat every purpose of tools unless you are been trick by your knowledge. ;)
Good point. However, these applications cannot prevent that since most leaks are independent of end-user.
You'd need a firewall rule-set designed for browsers.
 
  • Like
Reactions: Cats-4_Owners-2

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
If you need to be protected from yourself, Sandboxie may help, but then again, what's stopping you from trying to infect yourself outside of the sandbox? A good AV with pup detection is still important in such cases. If you are just worried about exploits, I'd go with MBAE (or HitmanPro.Alert or an AV with good exploit protection, like Kaspersky), because it's much more comfortable to use than Sandboxie and set & forget, perfect for the average home user. I prefer that the company that's getting my money is doing the work for me and not the other way around.

I for one cannot run browsers in Sandboxie because of Battlelog / Battlefield, I cannot open documents with Softmaker Office from explorer, it's incompatible with Office 365, Netflix HTML5 doesn't work in IE11 with it and so many other issues. It's probably only going to get worse as time progresses.
 
Last edited by a moderator:

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
I tried MBAE a couple weeks ago and slow down my browsing a lot so i had to uninstall it.
As for Sandboxie i have never used it but for suspicious apps i am using now Shadow Defender
and i am satisfied with it's performance so far.
Also SD is very light on system resources
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top