ToolKit Item: Sandboxie by Guest Author Bo Elam

Status
Not open for further replies.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is a very good introduction to Sandboxie. I used Sandboxie (paid) in this way a few years ago.
The good thing about Sandboxie is that users can install the applications in Sandboxie sandbox and make a backup copy of the sandbox. If something goes wrong, it is not necessary to install the applications again. After recovering the sandbox from the backup, all applications in it are ready to work. This also worked after the fresh installation of the new Windows version, but the Windows bitness (64-bit or 32-bit) has to be the same.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.
If you use a modern, updated browser, you don't get infected by surfing the internet anymore. That is so 2008. What year are we in now?
The advanced in-browser exploits of 2019 cannot be stopped by sandboxing, and they won't infect your system, either.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Yes, I mean flash player is phased out coming up in 2020. There goes a huge reason to use Sbie right there. OK so these "newfangled" Service Worker exploits are one thing, but wouldn't you consider Sbie a boon in case anything tries to slither out of the sandbox? Also, if you're severely limiting access to cookies, etc, isn't that inherently more secure? I want to justify its continued use, beyond the placebo effect. :emoji_pray:
 
  • Like
Reactions: bjm_

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yes, I mean flash player is phased out coming up in 2020. There goes a huge reason to use Sbie right there. OK so these "newfangled" Service Worker exploits are one thing, but wouldn't you consider Sbie a boon in case anything tries to slither out of the sandbox? Also, if you're severely limiting access to cookies, etc, isn't that inherently more secure? I want to justify its continued use, beyond the placebo effect. :emoji_pray:
As far as I understand, SBIE will not stop the service worker exploits. The attacker will still get your IP, and he will still get your file path, albeit to the sandboxed location. But he will know your real user name, so the true path will be very easy to figure out.

As for things slithering out of my browser into the system, here's the rub: I use Chrome on Windows 10. That means Chrome runs in appcontainer. If I add SBIE, Chrome will no longer run in appcontainer. So all I did was give up one sandbox for another sandbox.

I can run Chrome in ReHIPS isolation, if I want --- then Chrome is still in appcontainer. That way, I gain security.

SBIE improves the security of Firefox, though. Not that you really need it.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Like I said, the old-style browser exploits he is talking about are gone. Unless you are using Internet Explorer and you are a high-value target.
I'm curious where Bo stated:
Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.
 
  • Like
Reactions: oldschool

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I'm curious where Bo stated:
Bo's words: "I thought, “If I am going to use the internet, I am going to get infected and there’s nothing I can do about it.” The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.

So, how did I become a Sandboxie user? One day late in 2008 during a browsing session, I was hit by malware (a rootkit). "

That's it right there.

You can't get hit by malware during a browsing session unless your browser is exploited. And this just doesn't happen anymore. The worst thing that could happen is a drive-by download. But you need to manually run the downloaded file, it doesn't run by itself. And there are plenty of default/deny solutions these days that can protect you from the silly mistake of running a drive-by download. You don't need SBIE for that. If you are smart enough to use SBIE, you are smart enough not to blindly click on a file you didn't want in the first place, but was forced upon you. And if you happen to be drunk or high, your default/deny solution will protect you.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@shmu26, you consider Chrome appcontainer better than Sandboxie
This question was debated to death on the other forum. The conclusion I came away with is that appcontainer isolates the browser at least as well as SBIE at default settings. But if you tweak the SBIE settings, you can get protections that appcontainer doesn't have.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Bo wrote:
If I am going to use the internet, I am going to get infected and there’s nothing I can do about it. The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.
Reads to my ear like the AV user writing "I have not been infected since running my favored AV".
Reads to my ear like a loyal n' enthusiastic user expressing their personal experience.
Okay by my thinking.

I'll head scratch re:
Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.

shmu26 wrote:
You can't get hit by malware during a browsing session unless your browser is exploited. And this just doesn't happen anymore. The worst thing that could happen is a drive-by download. But you need to manually run the downloaded file, it doesn't run by itself. And there are plenty of default/deny solutions these days that can protect you from the mistake of running a drive-by download. You don't need SBIE for that.
I can run Chrome in ReHIPS isolation, if I want --- then Chrome is still in appcontainer. That way, I gain security.
SBIE improves the security of Firefox, though. Not that you really need it.
I hear you and feel your comments re browsing are interesting n' enlightening,
Respectfully, re SBIE....don't like, don't need, don't trust, don't want ....don't run.

Regards w Repect
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Bo wrote:

Reads to my ear like the AV user writing "I have not been infected since running my favored AV".
Reads to my ear like a loyal n' enthusiastic user expressing their personal experience.
Okay by my thinking.

I'll head scratch re:


shmu26 wrote:

Respectfully, don't like, don't need, don't trust, don't want ....don't run.

Regards w Repect
I do like SBIE, but for apps that are commonly exploited, such as MS Office. It's good for that. Unfortunately, some people are still paranoid about browser exploits, even though attack by dinosaur is more likely.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
I do like SBIE, but for apps that are commonly exploited, such as MS Office. It's good for that. Unfortunately, some people are still paranoid about browser exploits, even though attack by dinosaur is more likely.
I've run browser sandbox's for so long that I feel naked sans Sandboxie.

https://threatpost.com/zero-day-exploit-microsoft/142327/
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The article has a catchy title, but if you read a little bit, you come to the line: "The flaw allows attackers to hide exploits in weaponized Word documents "
This is where SBIE is really good. If you sandbox your Office apps, you will be protected from this kind of exploit. I very much admire SBIE for this. But I don't feel the need to protect my browser with it, because I feel like I am setting out traps for dinosaurs.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
The article has a catchy title, but if you read a little bit, you come to the line: "The flaw allows attackers to hide exploits in weaponized Word documents "
This is where SBIE is really good. If you sandbox your Office apps, you will be protected from this kind of exploit. I very much admire SBIE for this. But I don't feel the need to protect my browser with it, because I feel like I am setting out traps for dinosaurs.
Okay, now I'm gathering understanding. Thanks
 

broughie

Level 2
Verified
Sep 11, 2013
87
I had ransomware lock my pc while in chrome not long ago usual message machine locked files encrypted , luckily I was in Sandboxie , came out , rebooted ransomware gone . Im sure browser alone wouldnt have protected. Cruel Sister asserted that Sandboxie protects against ransomware and several internet tests show that to be true . Ill stick with sandboxie enough said.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I had ransomware lock my pc while in chrome not long ago usual message machine locked files encrypted , luckily I was in Sandboxie , came out , rebooted ransomware gone . Im sure browser alone wouldnt have protected. Cruel Sister asserted that Sandboxie protects against ransomware and several internet tests show that to be true . Ill stick with sandboxie enough said.
If you run a file downloaded in unsandboxed Chrome, and it is ransomware, your files will get encrypted. But that is not because of Chrome. It is because you ran the file.

If you run the malicious file in sandboxed Chrome, you will be protected from some effects of the attack. There will be no changes made to your file system, but your private info could still be stolen.

If you have a default/deny setup, you will be protected from all negative effects, because the attack will be completely blocked, not just sandboxed.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top