- May 11, 2013
- 1,687
Umbra Virus
http://www.wilderssecurity.com/showthread.php?t=350960
http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/
TypeA sandboxes prevented certain ‘out-of-the-box’ exploits from widely used frameworks such as
Metasploit and isolated the threats as long as these are not sophisticated or targeted.
Type B sandboxes provide some security benefits against attacks exploiting vulnerabilities to break out of
the sandboxed environment. It has been proved by a few recent strains of malware that it is possible to
break out of the sandboxed process, but exploitation is not as trivial as it used to be without the
sandbox.
Lesson: Sandboxie is a good tool for sandboxing programs that do not come with their own built-in sandbox, as long as the threats are not sophisticated or targeted.
Lesson: All it takes is an OS vulnerability to bypass a ANY sandbox (Including Sandboxie)
Granted Sandboxie is GREAT and i would advise it anytime i can, but facts are facts Sandboxie does not protect you.
It only increases the standards and quality that malware needs to gain entree.
