Question for Tzuk or SnDPhoenix: Testing of sandboxie

[Unknown_User_701]

I saw on another security forum where someone downloaded a very nasty piece of malware (DFK - Threat Simulator by Morgud) and was totally protected by Sandboxie.

Do either of you have any idea how many different pieces of malware that sandboxie has been tested against? Even a rough ballpark figure?

I can say that personally, Sandboxie definitely makes me feel secure while on-line. I still use other security software, but no longer feel that I need to have the very best AV, the very best FW and the very best antispyware app.

[Peter2150]

I saw on another security forum where someone downloaded a very nasty piece of malware (DFK - Threat Simulator by Morgud) and was totally protected by Sandboxie.

Do either of you have any idea how many different pieces of malware that sandboxie has been tested against? Even a rough ballpark figure?

I can say that personally, Sandboxie definitely makes me feel secure while on-line. I still use other security software, but no longer feel that I need to have the very best AV, the very best FW and the very best antispyware app.

HI Safetynut

See my post in positive reviews. I tested Sandboxie against DFK and while I saw some results from it's actions, I was able to kill it, and delete it with Sandboxie. I was protected.

Pete

[tzuk]

I have no idea how many malwares were tested against Sandboxie, but in all fairness, most of the 'public' tests done were done against an earlier version.

On the other hand, since the Sandboxie re-design that occurred between versions 2.64 and 2.71, no-one has reported Sandboxie has gotten weaker. On the contrary, I remember one or two cases where people reported holes in 2.64 and later confirmed they were no longer there for a 2.7x release.

[SnDPhoenix]

well i dont know how much has been tested either, but i would think that regardless of what malware you run, what it does, how big or small it is, it still in the end will not ruin your system as it will be sandboxed, but i can tell you this, i have personally tested about 30 different malware and SBIE protected me from them all.

[Unknown_User_549]

Hello Pete and tzuk

Repost as suggested:

Please correct me if I am wrong, but while the DFK tool was running, even in the sandbox, it actually did/would do what it could as if it was real malware ?; ie
-steal passwords
-phone home
-steal personal info

Sandboxie would also prevent any kernel level driver installs as promised.

Sandboxie then removed all the malware/demo as promised, but it ( and or real malware) may have already stolen your details ??

Is that correct?
Can any malicious apps access any on disc data while active even in the sandbox?

Thanks.

PS: if I exit the sanboxed apps ( ie sandbox icon plain yellow) or finish a session and exit sandboxie altogether, then go to 'Default Box' and use Eraser to wipe the box is that the same as built in delete ?

regards.

[Peter2150]

Hello Pete and tzuk

Repost as suggested:

Please correct me if I am wrong, but while the DFK tool was running, even in the sandbox, it actually did/would do what it could as if it was real malware ?; ie
-steal passwords
-phone home
-steal personal info

Sandboxie would also prevent any kernel level driver installs as promised.

Sandboxie then removed all the malware/demo as promised, but it ( and or real malware) may have already stolen your details ??

Is that correct?
Can any malicious apps access any on disc data while active even in the sandbox?

Thanks.

PS: if I exit the sanboxed apps ( ie sandbox icon plain yellow) or finish a session and exit sandboxie altogether, then go to 'Default Box' and use Eraser to wipe the box is that the same as built in delete ?

regards.

Hi Longboard

Actually the threat simulator couldn't do everything while in the Sandbox then when it just ran. Also note I ran with no security software as an extreme test. In reality I'd never do that, so something phoning home isn't a concern to me. Sandboxie just represents insurance that if I miss something it can't get to my system. That in itself is invaluable.

If eraser is a secure delete then unless I am wrong no it wouldn''t be the same using Sandboxies delete function. But why do I need to worry about secure delete.
Pete

[SnDPhoenix]

well that might be possible because just as you said, even though the malware dont have access to your real hd, it is still running, BUT, unlike if it was running on your real pc, you actually know that the malware is running in SBIE, which means you wouldnt sit there filling out your credit card information online while the malware is running, and if you would, then you are a fool. also if there is malware on your real pc, then not just would you not know it is there, but you would sit there and have to remove all of the malware, which can sometimes be hard to do, in sbie, you could just terminate all processes, which would in turn terminate the malware and delete the sandbox and the malware is now gone, and then you can proceed to use your browser.

PS: if I exit the sanboxed apps ( ie sandbox icon plain yellow) or finish a session and exit sandboxie altogether, then go to 'Default Box' and use Eraser to wipe the box is that the same as built in delete ?

Not exactly, if you use sandboxie to delete a sandbox then all it does is a good ole fashioned delete, but if you use Eraser to delete a sandbox, it securely deletes the sandbox by "shredding" the sandbox, which really all that means is that it deletes the sandbox and overwrites the data so that it is unrecoverable.

[tzuk]

Sandboxie then removed all the malware/demo as promised, but it ( and or real malware) may have already stolen your details ??

Is that correct?

Yes, this is possible.

1. If you browse the internet and get infected with malware that is spying on you, then directly go on to your banking site. The malware could record your keystrokes and transmit them somewhere.

To protect against this: Stop and delete the sandbox between the two types of activities, then the malware would be gone.

2. You have passwords stored plainly in text files or remembered in your web browser. The malware could extract this data as soon as you get infected by it.

To protect against this: Store your passwords in an encrypted password safe (or perhaps, on a piece of paper next to the computer). Don't let your browser remember them. That's good practice no matter which security software you use!

You can also use ClosedFilePath to block sandboxed apps (and sandboxed malware) from being able to read important files.

Can any malicious apps access any on disc data while active even in the sandbox?

I haven't tried myself (yet?), but has anyone tried reading the physical partition from a sandboxed program?

[Unknown_User_549]

Hello all
I meant to respond to this earlier but have been sick

I might have inadvertently given the wrong impression with my post above

i am an enthusiastic supporter of Sandboxie
I think it is a killer app.

@tzuk: hi

Gizmo's review and looking around got me here: did you have a comment on Gizmo's findings which was one of the reasons I posted.

1. If you browse the internet and get infected with malware that is spying on you, then directly go on to your banking site. The malware could record your keystrokes and transmit them somewhere.
To protect against this: Stop and delete the sandbox between the two types of activities, then the malware would be gone.

Yes.

To protect against this: Store your passwords in an encrypted password safe (or perhaps, on a piece of paper next to the computer). Don't let your browser remember them. That's good practice no matter which security software you use!

Of course !
The "piece of paper solution" tool rarely gives a BSOD

You can also use ClosedFilePath to block sandboxed apps (and sandboxed malware) from being able to read important files.

Your help file and the sandbox.ini files are a serious learning experience. I love tools that work and teach.

I haven't tried myself (yet?), but has anyone tried reading the physical partition from a sandboxed program?

If you tell me how I will give it a try.

Registration sent

I prefer to shred the default box< I am not sure how to get Eraser to do this ? From what I a can see your secure delete works within Windows to remove reference to the file tree, is that the same as a shred?
(I am not any form of expert with invoking special commands)
My Eraser, http://www.heidi.ie/eraser/ , is in C;Windows;program files; eraser.exe and has Rt click shell extension?

Regards.

[SnDPhoenix]

About the secure deleting, you might find this of some help, http://www.sandboxie.com/index.php?SecureDeleteSandbox, also if you have eraser installed and have the right click extension, then that means just right click the folder (sandbox) and select erase, or secure delete, or whatever the name of the command is that eraser puts in your right click menu (i dont have eraser installed so i dont know what its called).

[Unknown_User_489]

Longboard, I use Eraser to erase my sandbox and had written a post a while back on how to do it...see both my posts under thread http://sandboxie.com/phpbb/viewtopic.ph ... highlight=

Hope it helps you!

[SnDPhoenix]

Also you could just use ccleaner seeing as it not just can it clean your system and registry (added bonus), but can be used for secure deletion and does a better job of it than eraserd, BTW, weird-ass coincidence, but i just checked download.com, and they advertise on the front page ccleaner and they say that

The latest update improves its secure-deletion feature.

check the frontpage if you dont believe me.