Make Sandboxie log suspicious behavior
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
WTF? I thought I was talking to some adults? What is this lame sh*t all about, you´re not like 12 years old are you?Rashbleed187
This is exactly my point, with process control, this would have probably never even happened in the first place. Of course it´s cool that it couldn´t do any damage because of SBIE, but I rather have no malicious processes running at all.Well I hadn't known this, but at one point one of those sites had opened IE in the background, in a hidden window.... and it turns out that due to the site(s) that had installed all that junk, I had spyware, adware, trojans and even keyloggers, running in the background without me knowing!
See my answer above.Why would you want to stop them, or are you not aware that Sandboxie already does sandbox them? Every sandboxed drive-by attack already fails to do any damage, so you’re stating that as a concern indicates that you are not aware of that.
I don´t see what you´re point is. That thread was about some guy trying to convince people that they don´t know how to use a HIPS. As a matter of fact, you two start to remind me of this guy, he also easily gets all worked up about this kind of stuff.PS; btw Mr. Elitist HIPS know-it-all guy, what happened? Finish your first semester last month?
Correct, I don´t know about all the ins and outs of SBIE, and that´s because I don´t really use it as a pure HIPS. But you´re right, it does give good enough protection, but don´t forget, you can also achieve this with regular HIPS like SSM.Let me guess, you have never used all the functions in Sandboxie, or you haven't paid for the registered version, correct? If you know how to use all Sandboxies functions in conjunction with each other, there is no need for HIPS.
-
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
Sorry, I was in a rush when I typed that cause mommy only lets me on from 6 to 9 in the evening...Rasheed187 wrote:WTF? I thought I was talking to some adults? What is this lame sh*t all about, you´re not like 12 years old are you?
Yeah but what your asking, is for every child process to be denied from executing, however, that would conflict to much in my case, I would rather this was just incorporated as an option you could turn on, not something hardcoded into the program, cause I wouldn't use it...This is exactly my point, with process control, this would have probably never even happened in the first place. Of course it´s cool that it couldn´t do any damage because of SBIE, but I rather have no malicious processes running at all.
Wth? Why do you keep saying this? Sandboxie is not a HIPS???!Correct, I don´t know about all the ins and outs of SBIE, and that´s because I don´t really use it as a pure HIPS. But you´re right, it does give good enough protection, but don´t forget, you can also achieve this with regular HIPS like SSM.
So SSM, or PS could show me all the files and folders created by a program like Sandboxie can? And then if I decided to remove the program, PS would let me delete the sandbox thus truly removing all traces of the program, just like with Sandboxie?
HAHA!
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
Now that´s funny!Sorry, I was in a rush when I typed that cause mommy only lets me on from 6 to 9 in the evening...
Of course all of this stuff should be optional. And to clarify, I think it would only make sense to block child processes from "forced apps", because they are the ones that are most vulnerable. But I also understand why Tzuk hasn´t implemented such a feature yet, because that´s not really how most sandboxes work. But as a workaround, people can perhaps add some HIPS with process control. For example, Haute Secure (IE/FF plugin) also tries to stop exploits inside the browser, the problem is that it might conflict with SBIE.I would rather this was just incorporated as an option you could turn on, not something hardcoded into the program, cause I wouldn't use it...
What do you mean? To clarify, to me, HIPS, Sandbox and Firewall are all HIPS, but when I say HIPS I mean behavior blockers like SSM/NG/PS etc.Wth? Why do you keep saying this? Sandboxie is not a HIPS???!
No, but what I meant to say was that I currently feel quite safe even without SBIE´s virtualization feature. But you would think that when it comes to isolating apps, sandboxes probably do a better job than HIPS, and they do it out of the box too, with that I mean, you don´t have to configure them.So SSM, or PS could show me all the files and folders created by a program like Sandboxie can...
Last edited by Rasheed187 on Mon Mar 10, 2008 10:33 am, edited 1 time in total.
-
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
Rasheed187 wrote:Now that´s funny!
Ok then fine, he could incorporate it as long as it is something easily enabled or disabled.Of course all of this stuff should be optional. And to clarify, I think it would only make sense to block child processes from "forced apps", because they are the ones that are most vulnerable. But I also understand why Tzuk hasn´t implemented such a feature yet, because that´s not really how most sandboxes work. But as a workaround, people can perhaps add some HIPS with process control. For example, Haute Secure (IE/FF plugin) also tries to stop exploits inside the browser, the problem is that it might conflict with SBIE.
Exactly, same here, to me something like SSM is a HIPS, not something like (old) Comodo FW...What do you mean? To clarify, to me, HIPS, Sandbox and Firewall are all HIPS, but when I say HIPS I mean behavior blockers like SSM/NG/PS etc.
Im sorry, but I have never used a single HIPS out there that isolates better then Sandboxie does...No, but what I meant to say was that I currently feel quite save even without SBIE´s virtualization feature. But you would think that when it comes to isolating apps, sandboxes would do a better job than HIPS, and they do it out of the box too.
SSM or PS for example only offer control of all processes, file actions, executions, etc.. Sandboxie allows it all, true, but it is isolated in a sandbox, something those other HIPS can't do...
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
Well, I don´t see it happening, and I guess it´s not a real big problem.Ok then fine, he could incorporate it as long as it is something easily enabled or disabled.
No, what I meant was that in fact, behavior blockers, sandboxes, firewalls and even scanners are all HIPS, after all, they all try to protect the host from intrusion right?Exactly, same here, to me something like SSM is a HIPS, not something like (old) Comodo FW...
Im sorry, but I have never used a single HIPS out there that isolates better then Sandboxie does...
It depends on what you prefer, if you think that virtualization is important, you need SBIE or SafeSpace, if not, you can use other tools. You know what the thing is, we need someone who can test sandboxes and HIPS against lots of exploits and then we can say which tool is the best solution. Because right now, my opinion is based on limited exploit/malware testing.
You know what? I will ask Matousek (professional software tester) if he can perhaps also start to test HIPS/sandboxes, right now he´s mostly into firewalls (with HIPS capabilities) and he has already found quite a few serious bugs. So at the end of the day, tools will only become stronger and more secure.
-
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
Well to an extent I guess, however, for me, a HIPS is something that offers you control over processes, nothing else. Example, SSM and Pro Security...Rasheed187 wrote:No, what I meant was that in fact, behavior blockers, sandboxes, firewalls and even scanners are all HIPS, after all, they all try to protect the host from intrusion right?
Something like Sandboxie or SafeSpace is more of an isolation program, or more accurately, a sandboxing application. I mean, after all, you wouldn't consider VMware a HIPS would you? It is more of an isolation program then it is a HIPS right?
Hmm, true, I prefer virtualization, as it allows me to do everything within the OS, but without permanent damage, with hips, even though you still have control over processes, the viruses are still running on your real OS though, you know what I mean? Also, I've done lots of malware testing with Sandboxie and it has never failed me. However, with HIPS, I did do some malware testing with them, and as far as I remember, it seemed to keep the OS safe, though I only tested about 10 different things...It depends on what you prefer, if you think that virtualization is important, you need SBIE or SafeSpace, if not, you can use other tools. You know what the thing is, we need someone who can test sandboxes and HIPS against lots of exploits and then we can say which tool is the best solution. Because right now, my opinion is based on limited exploit/malware testing.
Cool, has he done any HIPS/Sandbox testing yet?You know what? I will ask Matousek (professional software tester) if he can perhaps also start to test HIPS/sandboxes, right now he´s mostly into firewalls (with HIPS capabilities) and he has already found quite a few serious bugs. So at the end of the day, tools will only become stronger and more secure.
-
- Posts: 216
- Joined: Sat Jan 14, 2006 11:08 am
I agree, but at the end of the day SBIE is also HIPS, but we call it a sandbox because otherwise it becomes confusing.Well to an extent I guess, however, for me, a HIPS is something that offers you control over processes, nothing else. Example, SSM and Pro Security...
Yes I know what you mean, if some malware is able to install/load, it´s still trapped in the sandbox.Hmm, true, I prefer virtualization, as it allows me to do everything within the OS, but without permanent damage, with hips, even though you still have control over processes, the viruses are still running on your real OS though, you know what I mean?
No, at the moment he´s really into outbound firewall leaktesting and stuff. I also haven´t contacted him yet, I was busy with other stuff (and a bit lazy ) but would be nice if he could test SBIE for bugs. The problem is that he doesn´t do it for free.Cool, has he done any HIPS/Sandbox testing yet?
Who is online
Users browsing this forum: No registered users and 1 guest