Internet Banking on separate non-sandboxed browser

[jangozo]

Hi,

I have two browsers (Chrome and Firefox). I use Chrome with sandboxie all the time but for my internet banking I've installed Firefox. My understanding is that anything malicious downloaded through my day-to-day use with Chrome won't get the chance of entering the real system, hence using Firefox sandboxed is pointless. I'm also thinking that if a virus is in the real system then it will have no problems getting into a sandbox (in this case Firefox's).

Could you shed some light on the issue because I've been seeing suggestions of running internet banking through a sandbox and I don't see the point.

Thanks.

[SnDPhoenix]

Yeah I personally don't understand the suggestion from some that one should do his banking sandboxed, in my opinion it's the opposite. One should do their daily browsing in a sandbox (so if they get infected, its contained in the sandbox), while things like banking are done unsandboxed temporarily before running the browser sandboxed again.
Though the reason for suggesting that you do your bank browsing sandboxed probably comes from the fact that you can set particular processes to execute while others will not and also you can set processes to connect to the internet while others can't.
Therefore, I guess they're saying you should set Firefox.exe for example to be the only process that can run in the sandbox and connect to the internet, everything else is blocked.
That scenario would work great if your system was clean and the user were to get infected while Firefox was sandboxed, but as you said, if there was already malware outside the sandbox (on the real system) then it would be able to peek inside any of your sandboxes anyways.

[jangozo]

Thanks. I guess this cleared it up.

[bs1]

I have a dedicated sandbox solely for banking that is hardened* much more than my other sandboxes. I think there's a benefit to that.

* start/run, internet access, drop rights

[Blues]

I have a dedicated sandbox solely for banking that is hardened* much more than my other sandboxes. I think there's a benefit to that.

* start/run, internet access, drop rights

I agree and use a very similar method myself with very tight restrictions.

[D1G1T@L]

There is nothing wrong with running even your banking browser sandboxed. Eeven though your banking site is 100% safe and wont download viruses. IMO, its still a good practice to run all instances of your browser sandboxed just for the sake of keeping your PC in a pristine condition and being able to delete all cookies and temp files with a click.

[bo.elam]

If I was doing banking every day, I would install a new browser every time
I did banking and delete the sandbox afterward, it only takes a minute to
install Firefox.
I don't do banking often but when I do, I just make sure that its done on a
new Firefox session that gets closed after performing anything sensitive.
This is done on a hardened sandbox were only FF is allowed to do anything.


Bo

[Lumberjack]

Hi,

I have two browsers (Chrome and Firefox). I use Chrome with sandboxie all the time but for my internet banking I've installed Firefox. My understanding is that anything malicious downloaded through my day-to-day use with Chrome won't get the chance of entering the real system, hence using Firefox sandboxed is pointless. I'm also thinking that if a virus is in the real system then it will have no problems getting into a sandbox (in this case Firefox's).

Could you shed some light on the issue because I've been seeing suggestions of running internet banking through a sandbox and I don't see the point.

Thanks.

Are you 100% sure that Google Chrome without Sandboxie will prevent any malware to download on your real system?

[Kyle]

Why would you bank unsandboxed? if you get infected while youre banking unsandboxed.. youre screwed. Just run your banking session in a clean sandbox.

Tighten it up with settings in sandboxie including start\run access and itnernet restrictions, and you're much safer than running unsandboxed..

[Lumberjack]

Why would you bank unsandboxed? if you get infected while youre banking unsandboxed.. youre screwed. Just run your banking session in a clean sandbox.

Tighten it up with settings in sandboxie including start\run access and itnernet restrictions, and you're much safer than running unsandboxed..

I did listen to you, I disabled plugins and etc, plus I used internet access and start/run restrictions, so nothing exept firefox exe, can start/run and connect to the internet everything else is blocked both inbound and outbound, there are no downloads allowed in my Banking box, thanks to Sandboxie configurations.