ToolKit Item: Sandboxie by Guest Author Bo Elam

[shmu26]

By the way, ransomware is relatively rare these days. It is almost passe for home users, at least as far as spam-based attacks are concerned. Malware that is delivered by email is the most dangerous, because it is the most likely to be fresh. The stuff you download from internet sites is usually old enough for your AV to recognize it.

 

[bjm_]

If you run the malicious file in sandboxed Chrome, you will be protected from some effects of the attack. There will be no changes made to your file system, but your private info could still be stolen.

By habit....I'll run clean restrictive browser sandbox for sensitive business.

 

[broughie]

I have always run sandboxie in conjunction with key scrambler because of that one known weakness .I also now run avast in aggressive hardened mode as default deny, but overall feel that sandboxie my best insurance against my pc system being infected .Just my personal opinion.

 

[shmu26]

I have always run sandboxie in conjunction with key scrambler because of that one known weakness .I also now run avast in aggressive hardened mode as default deny, but overall feel that sandboxie my best insurance against my pc system being infected .Just my personal opinion.

I highly admire Sandboxie's ability to contain exploits of MS Office. Especially if you block internet access in the sandbox that you dedicated to MS Office, I don't think you have much left to worry about.

As for browsers, it will indeed give you a lot of protection if you accidentally run malicious downloads. That's great. But it's even more awesome to stop the malware from running at all. That's called default/deny. The disadvantage of default/deny is it doesn't give you a way to try out software in a safe environment.

 

[oldschool]

If you have a default/deny setup, you will be protected from all negative effects, because the attack will be completely blocked, not just sandboxed.

^ This is the bottom line. I don't use what I don't need. I like it @oldschool. Of course!

 

[shmu26]

I realize there is some user confusion about drive-by downloads and stuff like that, so I will try to explain.

There is a basic rule in Windows (and other OSes) that files don't run by themselves. They need to receive a command to run.
Where does the command come from?
1 User clicks on file
2 startup item
3 scheduled task
4 shell code

Now, back to drive-by downloads: your browser was tricked into downloading a malicious file. Can it run without you clicking on it?
In 2008, yes, because your browser could be exploited, causing shell code to run.
In 2019, no, because browser exploits that run shell code are gone.

Could these shell code exploits make a comeback?
Sure, who knows. But UFOs could attack us, too. I will believe it when I see it.

 

[Andy Ful]

Usually, users are simply tricked to click something that looks innocent, like: picture, video clip, or music file. In fact, the "innocent file" is an executable with embedded icon of picture, video clip, or music file. The similar trick works with documents. Very dangerous are also shortcuts in ZIP files. There is no problem if the user is simply cautious, and always checks what he wants to open from the Download folder. But most users, usually do not do it.
The chances to be infected in this way are very little if the system is protected by a good AV. But, it the user clicks everything and frequently visit shady websites, then it is better to use the web browser in the external sandbox like Sandboxie, ReHIPS, Comodo. The user should configure sandbox to not recover files automatically from the Download folder.

Edit
... or the user can apply default-deny setup.

 

[shmu26]

Usually, users are simply tricked to click something that looks innocent, like: picture, video clip, or music file. In fact, the "innocent file" is an executable with embedded icon of picture, video clip, or music file. The similar trick works with documents. Very dangerous are also shortcuts in ZIP files. There is no problem if the user is simply cautious, and always checks what he wants to open from the Download folder. But most users, usually do not do it.
The chances to be infected in this way are very little if the system is protected by a good AV. But, it the user clicks everything and frequently visit shady websites, then it is better to use the web browser in the external sandbox like Sandboxie, ReHIPS, Comodo. The user should configure sandbox to not recover files automatically from the Download folder.

If the user simply runs Comodo at CS settings, the download will be autocontained, and blocked from firewall. That's the best solution after default/deny, because with CS settings, the download has no way to call home and thereby steal personal data.