Something like a firewall...

Ideas for enhancements to the software
Post Reply
Xerye
Posts: 40
Joined: Thu Aug 23, 2007 2:48 pm
Location: Austria
Contact:
Contact Xerye

Something like a firewall...

Post by Xerye » Sat Dec 13, 2008 2:37 am

Hey.
What do you think:

Sandboxie is great.
But...
When you got, for example an icq trojan, sandboxie is kinda useless.
It prevents the damage that the trojan would have done to important system datas.
But he read the icq account file and sent it to someone that steals your account now.

So I thought if there is a possibility, that sandboxie will become a little firewall.
Really nothing big, just a "is this application allowed to have internet access?" question that pops up, when a program wants to connect to the internet.
I thought that this will be the last security hole, then sandboxie will be a absolutely protecting program. :D
What I thought about this feature:
---
-) You can activate this feature in sandboxie control, because some people wont linke to be asked if this and that application is allowed to have internet access, because maybe they think it nervs.

-) If you allow or denie any application to have internet access or not, you can choose that this desicion will be remembered.
So you never get asked about this program again, even you deleted the sanbox.
---

Regrets :D


And sorry for my very bad english, I hope you all can understand what I mean :lol:
Top
Shield
Posts: 29
Joined: Wed Dec 10, 2008 5:45 am

Post by Shield » Sat Dec 13, 2008 3:24 am

You can grant restrictions to certain files/folders in the sandbox.

More specifically, you have an option to allow/deny applications connecting to the internet.

So for example, you could set ICQ.exe to connect to the internet, anything else in that sandbox will be denied internet access.

EDIT: Forgot to mention this - You can enable a setting that alerts you when unauthorized apps try to connect to the internet.

Issue message SBIE1307 when access is denied: When a program is restricted due to this setting, Sandboxie can issue a notification message. Use this checkbox setting to indicate whether you would like to receive these notifications.

Read:
http://www.sandboxie.com/index.php?Rest ... s#internet
Last edited by Shield on Sat Dec 13, 2008 4:47 am, edited 1 time in total.
Top
Xerye
Posts: 40
Joined: Thu Aug 23, 2007 2:48 pm
Location: Austria
Contact:
Contact Xerye

Post by Xerye » Sat Dec 13, 2008 3:51 am

I know this.
But if you install something that includes trojan without you know it, the trojan can connect to the internet.
Thats the danger, that asking if the application is allowed to access the internet would prevent :wink:
Top
SnDPhoenix
Posts: 2690
Joined: Tue Dec 26, 2006 5:44 pm
Location: West Florida

Post by SnDPhoenix » Sat Dec 13, 2008 12:42 pm

No Xerye, with the Internet restrictions feature in Sandboxie, if you set an executable to be allowed access to the net, only THAT program can connect... nothing else could... including the trojans executable

Now you are referring to the aspect of if something included a trojan. Ok, well then use this example.
You decide to install a program, simply named "Setup.exe", you allow setup to access the internet and nothing else.
When you install the program, lets say in the installer extracts something called "Exporer.exe" and is a trojan...
Well how is that trojan going to connect to the net when only setup.exe was allowed? :lol:
Top
Shield
Posts: 29
Joined: Wed Dec 10, 2008 5:45 am

Post by Shield » Sat Dec 13, 2008 7:40 pm

I think what Xerye might've been trying to say was, what if this threat Exporer.exe somehow injects itself into Setup.exe thus giving itself internet access.

I guess you could, restrict apps from running in the sandbox but of coarse you'll have to compromise Functionality for Security.

Refer to these articles:
http://www.sandboxie.com/index.php?RestrictionsSettings
http://www.sandboxie.com/index.php?Reso ... s#overview

Then there's the possibilty that there may not be an Exporer.exe because the threat may have already been embedded into Setup.exe in the first place :shock:

You can only do so much...
Top
SnDPhoenix
Posts: 2690
Joined: Tue Dec 26, 2006 5:44 pm
Location: West Florida

Post by SnDPhoenix » Sat Dec 13, 2008 9:18 pm

Yeah I see what you're saying shield which is why I figured he made this thread in the first place.
However the reason I brought up the seperate process (in this case, the example "exporer.exe") is because even if a malicious file did exist inside another file (like the example, setup.exe), the trojan would still be running as its own seperate process, so the internet access (and restricted access you brought up) settings would apply to the trojan...

Also about injection, I think tzuk mentioned one time that exe injection is not possible inside a sandbox, but I am not sure as I can't really remember...
Top
Xerye
Posts: 40
Joined: Thu Aug 23, 2007 2:48 pm
Location: Austria
Contact:
Contact Xerye

Post by Xerye » Sun Dec 14, 2008 1:45 am

What I'm scared about is this:
http://www.sandboxie.com/img/NewGui/Int ... ttings.png
After the installation of sandboxie "All programs can access the internet".
Now you have to think about it, that many people don't know the option Sandboxie Control > Sandbox Settings > Restrictions > Internet Access.
So the people using a sandboxie, where every program can access the internet.
Now image, they install something dangerous.
Then its like here:
http://img162.imageshack.us/img162/9481 ... xieet8.png
A short internetactivation, and your e-mails and other private things where sent to a phisher...
Thats why something like a firewall will be usefule I think.
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun Dec 14, 2008 10:29 am

Why don't you just get a firewall? It could tell you a trojan.exe is trying to connect to such and such computer. And you would say to deny.
tzuk
Top
Xerye
Posts: 40
Joined: Thu Aug 23, 2007 2:48 pm
Location: Austria
Contact:
Contact Xerye

Post by Xerye » Sun Dec 14, 2008 11:43 am

But when sandboxie gets this firewall feature, it will be like a total security software.
That applications are able to access the internet without you notice, that is the biggest securityhole in my opinion.

Im sure everyone has a firewall.
But imagine sandboxie will do the same - without beeing 20MB big or even bigger.
Just a simple "Is this Application allowed to access the internet?" question.
You can decie "yes" or "no", and if this answer will be remembered.
And I thought of an option where you can deactivate this firewall feature, if someone will use normal firewalls.
But I think it would be very useful - a simple question "yes" or "no" would be much better then the hundreds of things you can configure in normal firewalls.
Top
wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Sun Dec 14, 2008 12:56 pm

Sorry dude, I can pretty much guarantee from many past discussions, this will never happen. Sandboxie was never intended to be a firewall or your idea of a "total" security solution.
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun Dec 14, 2008 7:35 pm

Well Xerye, a firewall is not a small addition that I can do in 30 minutes. It's an entire area of Windows development and it's not related to the principle of Sandboxie. Which is why I suggested you find a dedicated firewall product that you like. Surely not all of them are bloated 20MB software?
tzuk
Top
Shield
Posts: 29
Joined: Wed Dec 10, 2008 5:45 am

Post by Shield » Sun Dec 14, 2008 9:31 pm

Maybe this is unnecessary but would it be too much work to add an option to restrict port access to applications?
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Dec 16, 2008 8:01 am

Well, yes, that's essentially what I just said, because filtering port access means creating a firewall product.
tzuk
Top
Post Reply

Return to “Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest