Have you ever had one of those dreams where you realize you're dreaming and then you wake up, but you just popped into another dream and you bumble along until you realize you're dreaming again and you just can't get out, well that's my approach to desktop security. What I like to do is layer my sandboxes one on top of the other for maximum security. I'll run a vm, within a vm, within a vm, then sandbox the browser with sandboxie, and then chromes own sandbox runs inside that. That way if a malware author pops the chrome sandbox he wakes up into sandboxie, and then from sandboxie into my desktop vm software over and over and over.
Why sandbox is important
- Thread starter JM Safe
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Dec 23, 2014
- 8,604
It is a nice idea (in theory).
Yet, there are some obstacles to apply the nested sandboxes in practice:
- WIndows 10 hates any additional security, so if you will try to force the nested security on your computer, then it will be hardly usable.
- Escaping the Chrome sandbox in the home environment is very improbable. So, using the nested security, would be like moving to Alaska mountains to avoid the Ebola virus.
- Sandboxie and Chrome Sandbox are not fully compatible, so you may happen to be infected by the malware that will use this incompatibility.
- Jul 3, 2015
- 8,153
Why isolate multiple times, when you can auto-block in the first place.
- Dec 23, 2014
- 8,604
This method is known in physics as the perturbation theory. You start from the roughly approximate solution (malware in the sandbox) and refine the solution many times (nested sandboxes) until you get something very close to the exact solution (malware is unarmed in the real system).
Sometimes the first approximation is very close to the exact solution (Chrome Sandbox).
Sometimes the first approximation is very close to the exact solution (Chrome Sandbox).
- Dec 23, 2014
- 8,604
There is also another solution. Maybe you will like it, too:
An Introduction to Qubes OS
The sandboxes are organized differently.
From what I learned Qubes need an high end machine, running 6+ VMs is resources hungry
- Dec 23, 2014
- 8,604
The practical solution similar to artek nested sandboxes, would be running Google Chrome portable (or even the normal version) in the Windows 10 built-in sandbox (Windows 10 Pro). After logging to the Google account, it is possible to use the sandboxing features: Strict site isolation, Enable AppContainer Lockdown, and Enable GPU AppContainer Lockdown. But, there is no proof that Windows Sandbox will be compatible with Google Chrome.
Another possibility is simply enabling Microsoft Edge Application Guard on Windows 10 Pro.
Another possibility is simply enabling Microsoft Edge Application Guard on Windows 10 Pro.
I’m using the vps as the sandbox
No problems yet occurred because I test the files if there is any problem after that I move the files to my pc
No problems yet occurred because I test the files if there is any problem after that I move the files to my pc
- Jul 3, 2015
- 8,153
Tell me if I understand it right: each qube is a VM that runs the OS of your choice, and all programs run within that OS? In other words, programs don't run on Qubes itself, but rather on the OS of the qube?
@shmu26 I don't think so, it would need a supercomputer lol.
I think It is more like each domain (aka VM) is a separate Linux desktop.
I think It is more like each domain (aka VM) is a separate Linux desktop.
Hey guys, thanks for contributing to this thread. Obviously everyone have different opinions, but it is nice to have good discussions. The concept about Sandboxie is for me very important is my personal opinion, I see someone thinks like me, others not, but the most important thing is everyone feels safe with his/her personal opinions
- Apr 1, 2017
- 1,782
what about android emulators? are they isolated from windows? I can run google chrome with a VPN inside NOX..i think it works like Sandboxie?
- Dec 23, 2014
- 8,604
NOX is a kind of virtual machine with installed Android 4.4.2 KitKat. So it is kinda isolated from Windows.
But, NOX can have problems with Windows Updates and compatibility.
For me it is nice to have sandboxie having my back while surfing not always 100% "safe" sites.
So as a rather static user i care more about a sandboxed browser than some downloaded stuff.
Apguard and rehips are nice programs im just not willing to pay business prices.
I can get like 3 norton licenses for 25€ (amaz..) and sandboxie 22€ or 56€ for 1 Rehips license. (Disclaimer: Norton was the first name that
i thought off, not using it and no clue of compatibility).
There are also a lot of nice security tools around for free: Hard_configurator, SysHardener, OS Armor, NVT AntiExe and so on.
You can mix and match stuff till you find what works for you (make a backup first)
So as a rather static user i care more about a sandboxed browser than some downloaded stuff.
Apguard and rehips are nice programs im just not willing to pay business prices.
I can get like 3 norton licenses for 25€ (amaz..) and sandboxie 22€ or 56€ for 1 Rehips license. (Disclaimer: Norton was the first name that
i thought off, not using it and no clue of compatibility).
There are also a lot of nice security tools around for free: Hard_configurator, SysHardener, OS Armor, NVT AntiExe and so on.
You can mix and match stuff till you find what works for you (make a backup first
)
- Aug 15, 2018
- 634
My idea of nested virtualization is simple. Running Sandboxed in Shadow Mode inside a VM.
You copied a joke I did years ago lol, never thought some would actually do it hahaha.My idea of nested virtualization is simple. Running Sandboxed in Shadow Mode inside a VM.
You forgot RX in the formula lol
- Dec 23, 2014
- 8,604
I really use sometimes the Shadow Mode inside a VM, but not for the security reasons.My idea of nested virtualization is simple. Running Sandboxed in Shadow Mode inside a VM.
- Aug 15, 2018
- 634
Actually I excluded Rollback RX since I read somewhere that it deactivates TRIM on SSD.
- Status
