Google Chrome Updating

Ideas for enhancements to the software
yabbadoo
Posts: 127
Joined: Sat Oct 29, 2011 5:51 am
Location: Bedford - UK

Re: Google Chrome Updating

Post by yabbadoo » Thu Aug 28, 2014 3:44 am

Curt@invincea wrote:Actually, I was not making an analogy. I was trying to point out that we are arguing over semantics. "rely" according to dictionary.com means "to depend on". That definition is highly subjective. All I am saying is that Sandboxie has many safeguards that have nothing to do with built-in Windows security. That's why you can run apps as admin, yet it still can't delete files outside the sandbox. If we "relied" on Windows security, then an admin can do anything he wants.
Thanks Curt, fully understood now the crippled Jumbo has limped home safely.

I am sorry to keep harping on about MS Windows, but with me it is a kind of "adults only" fetish - for any independent and reputable program, particularly Sandboxie to voluntarily incorporate "necessary" ingredients of MS Windows security features, gives me an uncontrollable attack of the shuddering abdabs.

The adrenaline junkies who use Linux are free from all these Sandboxie/Windows comments and simply walk on by. Sandboxie cannot use all those lovely critical Windows security features with Linux, so what happens then ? Linux = no Sandboxie ?
VIAM INVENIAM AVT FACIAM

yabbadoo
Posts: 127
Joined: Sat Oct 29, 2011 5:51 am
Location: Bedford - UK

Re: Google Chrome Updating

Post by yabbadoo » Tue Sep 16, 2014 3:20 am

@ Curt

As an after thought from reading this very interesting and informative thread, I would ask :-

Question ?
So, Sandboxie "makes use of" certain Windows security aspects. Is this "make use of" simply an internal program feature or does Sandboxie "look" for these relationships at user logon and expect to find a fully updated OS ? If so, then in the case of XP it certainly will not. As time elapses further from April 2014, the less use Sandboxie becomes to XP users. Is this true ?

That example about the Blaster worm is ridiculous to quote on this thread. Nobody is discussing how an OS can be infected outside Sandboxie, we are only concerned with OS infections which can get through Sandboxie`s defenses. If MS are so stupid as to let a hacker infect their Windows updates so that they then pass them on to all their users and infect them - who cares !
VIAM INVENIAM AVT FACIAM

Lumberjack
Posts: 91
Joined: Fri Nov 25, 2011 12:37 am

Re: Google Chrome Updating

Post by Lumberjack » Fri Sep 19, 2014 6:33 am

yabbadoo wrote:
Google Chrome has no sandbox. The term is used liberally to cover a programmable restriction which forces risk elements to inhabit a programmed "loop" where they are said to be confined. It is not remotely comparable with Sandboxie where the entire browser in engulfed in a virtual environment.

If the Chrome "sandbox" innovation does improve the browser security, fine, but I pay no credible attention to it. Every little helps.

Whatever the merits of Chrome`s "sandbox", there is no conflict with Sandboxie since the operational concept is "a box within a box".

A kind of poor man`s alternative which is based significantly on Windows security system !

To rely on MS Windows security is a joke. It is about as safe as driving on the wrong side of the road or going the wrong way down a one-way street.

In my case, using the brilliant and perfectly operating Windows XP, I have no Windows security after 1 April 2014. So how can this fictitious Chrome "sandbox" help me and millions of other XP users ? Sandboxie takes over from MS Windows with exceptional and indomitable efficiency. I have no use for Windows security and their incessant bombardment of patches.

Incidently, Chrome is my primary and well loved default browser and has been for about 6 years.
Google Chrome is a sandbox, and also look for the info I found about Google Chrome:
Exploit a Chrome tab and you have extremely restricted file-system and registry access (not even read and write for both in all cases), you can't create new processes, can't read the clipboard and and you cannot do many other things that are not mentioned (I wonder what things that might be). Exploit an Anti-Virus and you have admin rights.

Google Chrome:
"It totally isolates the code you are running in your browser using the OS internal mechanism: simply brilliant.
Only coding errors (exploits) in the underlying WIndows OS or inside the components Chrome itself uses could cause intrusions, it is that strong.
It is a theoretical near 100% (practical 100% is impossible, because every man made software or product could have errors)."

"Charle Miller quote on Chrome security: There are bugs in Chrome, but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox."

Chrome's sandbox is indeed a strong security solution (especially with --safe-plugins), but not against all types of threats. You can't compare it to Sandboxie for example.
Chrome's sandboxing is very strong against exploits and drive-by downloads, but not against ordinary malware (trojans etc.) and phishing threats. Microsoft's SmartScreen filter is unmatched in that area.
That is why I have always hoped that Internet Explorer 9 would feature the same sandboxing techniques as Chrome does, however IE9 only partially sandboxes. Since the combination of Chrome's sandboxing and Microsoft's SmartScreen filter would be unbeatable. Combine that perfect browser with built-in security measures (Windows Firewall, operating system hardening with assistance from EMET), backup and a system image and an on-demand scanner (Hitman Pro is the perfect candidate) and you have have bulletproof protection."

"Yes, it (Google Chrome) even has become better with LOW instead of UNTRUSTED as lowest integrity rights level and its own flash and PDF versions."

So yes Google Chrome is that tough sandbox, why have sandbox inside the sandbox?
I use SBIE on my old Windows XP with AppGuard, but on Windows 8.1 I use only Google Chrome with UAC, SUA and Windows 8.1 firewall inbound/outbound protection plus router protection, much more than enough protection.

The real question what is the difference between SBiE4 and Google Chrome 37, since they work the same-by using built-in Windows security mechanisms/integrity levels, I still fail to see the difference-if we ignore running and blocking malwares inside SBiE4.
Last edited by Lumberjack on Fri Sep 19, 2014 7:12 am, edited 1 time in total.

Lumberjack
Posts: 91
Joined: Fri Nov 25, 2011 12:37 am

Re: Google Chrome Updating

Post by Lumberjack » Fri Sep 19, 2014 7:05 am

Curt@invincea wrote:
DR_LaRRY_PEpPeR wrote: But the Windows permissions and security mechanisms are what prevent file/registry writes, and then Sandboxie does its thing by selectively allowing (enabling) stuff that's OK.
No, Sandboxie filters all file/registry writes. It does not use Windows security to perform this task at all.
DR_LaRRY_PEpPeR wrote: Contrast this, guys, to Sandboxie 3.x that, AFAIK, had to do everything [itself] to BLOCK stuff that wasn't allowed. Whereas now, it has Windows' own abilities take care of that, and then "re-enable" what it needs (the opposite of previous versions).

Those Windows mechanisms are so restrictive, in fact, that Sandboxie v4 needs more stuff, like the GuiProxy, to allow basic stuff to work again. Yet people still can't run some programs the way they could before, because the Windows restrictions are too severe, and Sandboxie hasn't (or possibly can't) made a way to enable or "proxy" what they need.
Sbie v4 does not remove any blocking nor shift those tasks to Windows security from Sbie v3. Sbie v4 adds many new security features on top of v3. Example: integrity levels. Sandboxed processes now run at untrusted integrity. Should they be allowed to send messages to higher integrity applications? Answer: it depends. This might enable an application to function properly, or it might enable malware to damage the host system. So Sbie by default doesn't allow it. If this breaks your application, then you have to use the resource access monitor or something like ProcMon to figure out what is being blocked and what should be allowed.
From this, what I read so far Sandboxie4 is protecting users in exactly the same way as Google Chrome, I still cannot see the diference between the 2?
They both use built-in Windows security/integrity levels/security mechanisms-what's the difference where is the catch-it seems to me that Sandboxie4 is a copy/paste of Google Chrome!!!
Last edited by Lumberjack on Fri Sep 19, 2014 7:10 am, edited 1 time in total.

Lumberjack
Posts: 91
Joined: Fri Nov 25, 2011 12:37 am

Re: Google Chrome Updating

Post by Lumberjack » Fri Sep 19, 2014 7:09 am

Curt@invincea wrote:Actually, I was not making an analogy. I was trying to point out that we are arguing over semantics. "rely" according to dictionary.com means "to depend on". That definition is highly subjective. All I am saying is that Sandboxie has many safeguards that have nothing to do with built-in Windows security. That's why you can run apps as admin, yet it still can't delete files outside the sandbox. If we "relied" on Windows security, then an admin can do anything he wants.
I'm sorry, but you're wrong here, totally wrong, yes Boeing does rely and depend on his 1 or 4 motors to fly by using them the same is true for everything else, including SBIE4.
If you say otherwise that's like saying you're using food to sustain your life, but you are not depending/reling on the food-you know this is totally wrong.

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1638
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Google Chrome Updating

Post by Curt@invincea » Fri Sep 19, 2014 12:17 pm

Lumberjack wrote:
Curt@invincea wrote:Actually, I was not making an analogy. I was trying to point out that we are arguing over semantics. "rely" according to dictionary.com means "to depend on". That definition is highly subjective. All I am saying is that Sandboxie has many safeguards that have nothing to do with built-in Windows security. That's why you can run apps as admin, yet it still can't delete files outside the sandbox. If we "relied" on Windows security, then an admin can do anything he wants.
I'm sorry, but you're wrong here, totally wrong, yes Boeing does rely and depend on his 1 or 4 motors to fly by using them the same is true for everything else, including SBIE4.
If you say otherwise that's like saying you're using food to sustain your life, but you are not depending/reling on the food-you know this is totally wrong.
Ok, nobody liked the 747 comment. How about this instead. Does Windows "rely on", "depend on", or "use" UAC as part of its security? Many users disable it. XP doesn't even have it.

catBot
Posts: 22
Joined: Mon Nov 03, 2014 8:40 am

Re: Google Chrome Updating

Post by catBot » Thu Nov 13, 2014 9:53 am

yabbadoo wrote: Question ?
So, Sandboxie "makes use of" certain Windows security aspects. Is this "make use of" simply an internal program feature or does Sandboxie "look" for these relationships at user logon and expect to find a fully updated OS ?
For any software to be more powerful that the other software - the first one must be deeper into the OS's kernel. Otherwise the second software could outsmart the first one.

A piece of software running with kernel-level of capabilities (the first one, which is considered to be the SandBoxIE) is protected from the second piece of software (an offending program, which is considered to be an exploited browser) by OS's intrinsic security features.
So SandBoxIE depends (or better to be said, relies upon) on OS's own robustness and un-exploitability. This implies the OS must be fully patched.

Now regarding the attack vector - whether it is from an exploited browser running within SandBoxIE or is it an OS itself.
Just two days ago an exploit was patched within the TCP/IP stack. Such an attack cannot be prevented by SandBoxIE and could happen even without any browser (exploitable or not) at all (at least this is my understanding of things).

And finally - regarding the winXP-SP3 patches and fixes: they will be available till some date in 2019, one must masquerade his winXP-SP3 as POSReady2009 (or simply have POSReady2009 installed).
winXP-SP3 hacked into POSReady2009.

Lumberjack
Posts: 91
Joined: Fri Nov 25, 2011 12:37 am

Re: Google Chrome Updating

Post by Lumberjack » Wed Dec 03, 2014 9:33 am

catBot wrote:
yabbadoo wrote: Question ?
So, Sandboxie "makes use of" certain Windows security aspects. Is this "make use of" simply an internal program feature or does Sandboxie "look" for these relationships at user logon and expect to find a fully updated OS ?
For any software to be more powerful that the other software - the first one must be deeper into the OS's kernel. Otherwise the second software could outsmart the first one.

A piece of software running with kernel-level of capabilities (the first one, which is considered to be the SandBoxIE) is protected from the second piece of software (an offending program, which is considered to be an exploited browser) by OS's intrinsic security features.
So SandBoxIE depends (or better to be said, relies upon) on OS's own robustness and un-exploitability. This implies the OS must be fully patched.

Now regarding the attack vector - whether it is from an exploited browser running within SandBoxIE or is it an OS itself.
Just two days ago an exploit was patched within the TCP/IP stack. Such an attack cannot be prevented by SandBoxIE and could happen even without any browser (exploitable or not) at all (at least this is my understanding of things).

And finally - regarding the winXP-SP3 patches and fixes: they will be available till some date in 2019, one must masquerade his winXP-SP3 as POSReady2009 (or simply have POSReady2009 installed).
You said:
For any software to be more powerful that the other software - the first one must be deeper into the OS's kernel. Otherwise the second software could outsmart the first one.

What about Google Chrome and Sandboxie which one gives greater security, I prefer myself running Google Chrome inside Sandboxie, because I simply feel safer/more secure, even though, this is all subjective.

catBot
Posts: 22
Joined: Mon Nov 03, 2014 8:40 am

Re: Google Chrome Updating

Post by catBot » Wed Dec 03, 2014 11:21 am

Lumberjack wrote:What about Google Chrome and Sandboxie which one gives greater security?
It depends on what you call a "security".

For me security is not just the absence of exploits.
For me it is a combination of:
1) not being vulnerable to remote attacks to root/own my computer;
2) being at control of what other computers can learn about mine.

Running any browser (or an internet-facing program) outside of SandBoxIE is not secure exploit-wise.
Running chrome - SandBoxIEd or not - is not secure privacy-wise. There are much more user-friendly browsers out there (have a look at PaleMoon for example). I - for one - am using the Opera Presto v12.17 still, because it s the only configurable browser left...
winXP-SP3 hacked into POSReady2009.

Lumberjack
Posts: 91
Joined: Fri Nov 25, 2011 12:37 am

Re: Google Chrome Updating

Post by Lumberjack » Thu Dec 04, 2014 3:52 am

catBot wrote:
Lumberjack wrote:What about Google Chrome and Sandboxie which one gives greater security?
It depends on what you call a "security".

For me security is not just the absence of exploits.
For me it is a combination of:
1) not being vulnerable to remote attacks to root/own my computer;
2) being at control of what other computers can learn about mine.

Running any browser (or an internet-facing program) outside of SandBoxIE is not secure exploit-wise.
Running chrome - SandBoxIEd or not - is not secure privacy-wise. There are much more user-friendly browsers out there (have a look at PaleMoon for example). I - for one - am using the Opera Presto v12.17 still, because it s the only configurable browser left...
These are privacy issues, I meant on security issue security like file-less malware protection, memory malware protection, all kinds of exploits, malwares browser protection and etc.

catBot
Posts: 22
Joined: Mon Nov 03, 2014 8:40 am

Re: Google Chrome Updating

Post by catBot » Thu Dec 04, 2014 8:51 am

Lumberjack wrote: ... I meant on security issue security like file-less malware protection, memory malware protection, all kinds of exploits, malwares browser protection and etc.
I'd rather stay away from chrome, SandBoxIEd or not..
winXP-SP3 hacked into POSReady2009.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests