Gave Sandboxie a trial by fire last night.
Downloaded DFK - Threat Simulator by Morgud. Ran it on my VM machine.
First pass I disabled all security software, and ran it. Geesh, did it take hold of the machine. I rebooted and it even created it's own password protected account. I was able to boot back to my account and ran a KAV scan. It found some 29 different malware.
I reset the machine back to it's pretest state, and ran another pass, this time Sandboxing the first exe that starts the whole thing. Also had security software totally disabled. While it was able to seemingly take parts of the machine, Sandboxie by blocking some of the service installs prevented some of the stuff from getting in. I rebooted, and the DFK account wasn't there. Once back in, I deleted the sandbox and did a KAV scan and the machine was clean.
Did a third test same way, only before rebooting, I just terminated all sandbox processes, which made the apparent effects of the take over go away, and then deleted the Sandbox. Again a KAV scan showed clean.
So while there were some visible effects, in fact Sandboxie alone protected me from the threat simulater. Very impressive.
Pete
Sandboxie Testing against simulated and real threats
Hi All
My last test was with a simulator. This time I tested in a VM with a real Trojan Killdisk.x Man this thing is really nasty, totally trashes your hard drive. Even doing a restore was challenging.
I ran it sandboxed with no security software, and Sandboxie contained it perfectly. Impressive.
Pete
My last test was with a simulator. This time I tested in a VM with a real Trojan Killdisk.x Man this thing is really nasty, totally trashes your hard drive. Even doing a restore was challenging.
I ran it sandboxed with no security software, and Sandboxie contained it perfectly. Impressive.
Pete
Who is online
Users browsing this forum: No registered users and 1 guest
