ToolKit Item: Sandboxie by Guest Author Bo Elam

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
By the way, ransomware is relatively rare these days. It is almost passe for home users, at least as far as spam-based attacks are concerned. Malware that is delivered by email is the most dangerous, because it is the most likely to be fresh. The stuff you download from internet sites is usually old enough for your AV to recognize it.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
If you run the malicious file in sandboxed Chrome, you will be protected from some effects of the attack. There will be no changes made to your file system, but your private info could still be stolen.
By habit....I'll run clean restrictive browser sandbox for sensitive business.
 

broughie

Level 2
Verified
Sep 11, 2013
87
I have always run sandboxie in conjunction with key scrambler because of that one known weakness .I also now run avast in aggressive hardened mode as default deny, but overall feel that sandboxie my best insurance against my pc system being infected .Just my personal opinion.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I have always run sandboxie in conjunction with key scrambler because of that one known weakness .I also now run avast in aggressive hardened mode as default deny, but overall feel that sandboxie my best insurance against my pc system being infected .Just my personal opinion.
I highly admire Sandboxie's ability to contain exploits of MS Office. Especially if you block internet access in the sandbox that you dedicated to MS Office, I don't think you have much left to worry about.

As for browsers, it will indeed give you a lot of protection if you accidentally run malicious downloads. That's great. But it's even more awesome to stop the malware from running at all. That's called default/deny. The disadvantage of default/deny is it doesn't give you a way to try out software in a safe environment.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I realize there is some user confusion about drive-by downloads and stuff like that, so I will try to explain.

There is a basic rule in Windows (and other OSes) that files don't run by themselves. They need to receive a command to run.
Where does the command come from?
1 User clicks on file
2 startup item
3 scheduled task
4 shell code

Now, back to drive-by downloads: your browser was tricked into downloading a malicious file. Can it run without you clicking on it?
In 2008, yes, because your browser could be exploited, causing shell code to run.
In 2019, no, because browser exploits that run shell code are gone.

Could these shell code exploits make a comeback?
Sure, who knows. But UFOs could attack us, too. I will believe it when I see it.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Usually, users are simply tricked to click something that looks innocent, like: picture, video clip, or music file. In fact, the "innocent file" is an executable with embedded icon of picture, video clip, or music file. The similar trick works with documents. Very dangerous are also shortcuts in ZIP files. There is no problem if the user is simply cautious, and always checks what he wants to open from the Download folder. But most users, usually do not do it.
The chances to be infected in this way are very little if the system is protected by a good AV. But, it the user clicks everything and frequently visit shady websites, then it is better to use the web browser in the external sandbox like Sandboxie, ReHIPS, Comodo. The user should configure sandbox to not recover files automatically from the Download folder.

Edit
... or the user can apply default-deny setup.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Usually, users are simply tricked to click something that looks innocent, like: picture, video clip, or music file. In fact, the "innocent file" is an executable with embedded icon of picture, video clip, or music file. The similar trick works with documents. Very dangerous are also shortcuts in ZIP files. There is no problem if the user is simply cautious, and always checks what he wants to open from the Download folder. But most users, usually do not do it.
The chances to be infected in this way are very little if the system is protected by a good AV. But, it the user clicks everything and frequently visit shady websites, then it is better to use the web browser in the external sandbox like Sandboxie, ReHIPS, Comodo. The user should configure sandbox to not recover files automatically from the Download folder.
If the user simply runs Comodo at CS settings, the download will be autocontained, and blocked from firewall. That's the best solution after default/deny, because with CS settings, the download has no way to call home and thereby steal personal data.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top