Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Windows Sandbox vs Edge Application Guard Window (which is safer ?)
Message
<blockquote data-quote="Deleted Member 308817310" data-source="post: 822062" data-attributes="member: 80647"><p>The end user is vulnerable to spying within the guest environment which can be discarded at the end user's discretion. This is obviously implied. I stated that Hyper-V doesn't stop malware for a reason - I didn't think that I'd have to literally outline every singe thing that malware could to do an end user when it's on a guest environment.</p><p></p><p>If a browser under Sandboxie does become compromised by an RCE vulnerability (there's been a recent one for Google Chrome that wasn't patched in the release for a few weeks and there was recently a Firefox sandbox escape) then an attacker can deploy a botnet attack without leaving the context of the browser. So, bad things can happen whilst a browser is under Sandboxie as well. I didn't think this needs to be explicitly implied either until now.</p><p></p><p></p><p>People have tried to exploit Sandboxie during it's prime time to shine and they succeeded. When Sandboxie was of interest in the market (not just within these forums), security researchers took it on and succeeded. You can google for old Sandboxie bypasses between 2010-2014 when it was of interest to people. I'm not doing your homework for you.</p><p></p><p>For everything that Sandboxie cannot officially and ethically do on the environment from a kernel-level, it moves to using rootkit techniques like from the books of the early 2000s but in user-mode. It takes the easy way out instead of doing things the proper way for isolation... which these days, would be leveraging CPU features explicitly designed for such use cases.</p><p></p><p>Sandboxie messes with the memory of processes belonging to other people's software which also makes the threat surface raise for the products being put under the sandbox. Furthermore, Sandboxie tarnishes code integrity which is there for a good reason: to help make sure that an attacker hasn't been messing with memory to control things.</p><p></p><p>You do not need to pretend to understand it because the fact you're still trying to change my opinion and voice the impression that there's little difference between Microsoft's sandbox technology and Sandboxie evidently proves that you do not understand my points. At this point, you may never understand my points. I'm fine with that. I'm content with it.</p></blockquote><p></p>
[QUOTE="Deleted Member 308817310, post: 822062, member: 80647"] The end user is vulnerable to spying within the guest environment which can be discarded at the end user's discretion. This is obviously implied. I stated that Hyper-V doesn't stop malware for a reason - I didn't think that I'd have to literally outline every singe thing that malware could to do an end user when it's on a guest environment. If a browser under Sandboxie does become compromised by an RCE vulnerability (there's been a recent one for Google Chrome that wasn't patched in the release for a few weeks and there was recently a Firefox sandbox escape) then an attacker can deploy a botnet attack without leaving the context of the browser. So, bad things can happen whilst a browser is under Sandboxie as well. I didn't think this needs to be explicitly implied either until now. People have tried to exploit Sandboxie during it's prime time to shine and they succeeded. When Sandboxie was of interest in the market (not just within these forums), security researchers took it on and succeeded. You can google for old Sandboxie bypasses between 2010-2014 when it was of interest to people. I'm not doing your homework for you. For everything that Sandboxie cannot officially and ethically do on the environment from a kernel-level, it moves to using rootkit techniques like from the books of the early 2000s but in user-mode. It takes the easy way out instead of doing things the proper way for isolation... which these days, would be leveraging CPU features explicitly designed for such use cases. Sandboxie messes with the memory of processes belonging to other people's software which also makes the threat surface raise for the products being put under the sandbox. Furthermore, Sandboxie tarnishes code integrity which is there for a good reason: to help make sure that an attacker hasn't been messing with memory to control things. You do not need to pretend to understand it because the fact you're still trying to change my opinion and voice the impression that there's little difference between Microsoft's sandbox technology and Sandboxie evidently proves that you do not understand my points. At this point, you may never understand my points. I'm fine with that. I'm content with it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
