artek

Level 5
Have you ever had one of those dreams where you realize you're dreaming and then you wake up, but you just popped into another dream and you bumble along until you realize you're dreaming again and you just can't get out, well that's my approach to desktop security. What I like to do is layer my sandboxes one on top of the other for maximum security. I'll run a vm, within a vm, within a vm, then sandbox the browser with sandboxie, and then chromes own sandbox runs inside that. That way if a malware author pops the chrome sandbox he wakes up into sandboxie, and then from sandboxie into my desktop vm software over and over and over.
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
Have you ever had one of those dreams where you realize you're dreaming and then you wake up, but you just popped into another dream and you bumble along until you realize you're dreaming again and you just can't get out, well that's my approach to desktop security. What I like to do is layer my sandboxes one on top of the other for maximum security. I'll run a vm, within a vm, within a vm, then sandbox the browser with sandboxie, and then chromes own sandbox runs inside that. That way if a malware author pops the chrome sandbox he wakes up into sandboxie, and then from sandboxie into my desktop vm software over and over and over.
It is a nice idea (in theory).:giggle:
Yet, there are some obstacles to apply the nested sandboxes in practice:
  1. WIndows 10 hates any additional security, so if you will try to force the nested security on your computer, then it will be hardly usable.
  2. Escaping the Chrome sandbox in the home environment is very improbable. So, using the nested security, would be like moving to Alaska mountains to avoid the Ebola virus.
  3. Sandboxie and Chrome Sandbox are not fully compatible, so you may happen to be infected by the malware that will use this incompatibility.
But anyway, in your case the opposite can be true. So, you can try it and make fun!:giggle:(y)
 

shmu26

Level 85
Verified
Trusted
Content Creator
Have you ever had one of those dreams where you realize you're dreaming and then you wake up, but you just popped into another dream and you bumble along until you realize you're dreaming again and you just can't get out, well that's my approach to desktop security. What I like to do is layer my sandboxes one on top of the other for maximum security. I'll run a vm, within a vm, within a vm, then sandbox the browser with sandboxie, and then chromes own sandbox runs inside that. That way if a malware author pops the chrome sandbox he wakes up into sandboxie, and then from sandboxie into my desktop vm software over and over and over.
It's "dream" security :)
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
This method is known in physics as the perturbation theory. You start from the roughly approximate solution (malware in the sandbox) and refine the solution many times (nested sandboxes) until you get something very close to the exact solution (malware is unarmed in the real system).
Sometimes the first approximation is very close to the exact solution (Chrome Sandbox).:giggle:
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
The practical solution similar to artek nested sandboxes, would be running Google Chrome portable (or even the normal version) in the Windows 10 built-in sandbox (Windows 10 Pro). After logging to the Google account, it is possible to use the sandboxing features: Strict site isolation, Enable AppContainer Lockdown, and Enable GPU AppContainer Lockdown. But, there is no proof that Windows Sandbox will be compatible with Google Chrome.
Another possibility is simply enabling Microsoft Edge Application Guard on Windows 10 Pro.
 

shmu26

Level 85
Verified
Trusted
Content Creator
From what I learned Qubes need an high end machine, running 6+ VMs is resources hungry
Tell me if I understand it right: each qube is a VM that runs the OS of your choice, and all programs run within that OS? In other words, programs don't run on Qubes itself, but rather on the OS of the qube?
 
  • Like
Reactions: Weebarra

JM Safe

Level 38
Verified
Hey guys, thanks for contributing to this thread. Obviously everyone have different opinions, but it is nice to have good discussions. The concept about Sandboxie is for me very important is my personal opinion, I see someone thinks like me, others not, but the most important thing is everyone feels safe with his/her personal opinions :)
 

Freki123

Level 8
Verified
For me it is nice to have sandboxie having my back while surfing not always 100% "safe" sites.
So as a rather static user i care more about a sandboxed browser than some downloaded stuff.
Apguard and rehips are nice programs im just not willing to pay business prices.
I can get like 3 norton licenses for 25€ (amaz..) and sandboxie 22€ or 56€ for 1 Rehips license. (Disclaimer: Norton was the first name that
i thought off, not using it and no clue of compatibility).

There are also a lot of nice security tools around for free: Hard_configurator, SysHardener, OS Armor, NVT AntiExe and so on.
You can mix and match stuff till you find what works for you (make a backup first :D)
 
Top