What do you think of 'sandbox' type of software? - Firewalls

This is a discussion on What do you think of 'sandbox' type of software? - Firewalls ; The following ones in particular. GesWall http://www.gentlesecurity.com/getstarted.html Sandboxie http://www.sandboxie.com/...

+ Reply to Thread
Results 1 to 11 of 11

Thread: What do you think of 'sandbox' type of software?

  1. What do you think of 'sandbox' type of software?

    The following ones in particular.

    GesWall
    http://www.gentlesecurity.com/getstarted.html

    Sandboxie
    http://www.sandboxie.com/


  2. Re: What do you think of 'sandbox' type of software?

    Anonyma wrote:

    > The following ones in particular.
    >
    > GesWall
    > http://www.gentlesecurity.com/getstarted.html
    >
    > Sandboxie
    > http://www.sandboxie.com/


    Trivial:

    1. start up the "Windows keyboard input manager" inside such a supposed
    sandbox
    2. open the Start, Run dialog
    3. click the keys on that virtual input. 'c','a','l','c', should
    give you an obvious result

    Now draw your conclusion how much sandbox these things actually are. Or
    better, what the general reason is why no such sandbox could work.

  3. Re: What do you think of 'sandbox' type of software?

    On Fri, 12 Jan 2007 18:59:12 +0100, Sebastian Gottschalk wrote:

    > Anonyma wrote:
    >
    >> The following ones in particular.
    >>
    >> GesWall
    >> http://www.gentlesecurity.com/getstarted.html
    >>
    >> Sandboxie
    >> http://www.sandboxie.com/

    >
    > Trivial:
    >
    > 1. start up the "Windows keyboard input manager" inside such a supposed
    > sandbox
    > 2. open the Start, Run dialog
    > 3. click the keys on that virtual input. 'c','a','l','c', should
    > give you an obvious result
    >
    > Now draw your conclusion how much sandbox these things actually are. Or
    > better, what the general reason is why no such sandbox could work.


    To the OP - I don't know what GesWall claims to do but, as far as Sandboxie
    is concerned, your open-ended question is perhaps a bit meaningless in the
    comp.security.firewalls group, since (as far as I'm aware) Sandboxie makes
    no claim to be a firewall.

    However, my own opinion is that software like Sandboxie can be very useful
    in protecting a computer from the ravages of malware (or just badly
    designed software), if it lives up to its claims.

    It allows you to try software out in a manner which prevents the softwaare
    from making any permanent changes to your Hard Drive - ie any data written
    to the Hard Drive is confined to the "virtual" section of the machine and
    can be dumped later if need be. In the same way, you can use Sandboxie to
    browse internet sites without having to put up with the risk of them
    dumping unwanted cookies or trojans in the "real" section of your computer.

    I'm not competent to judge whether the claims made about Sandboxie are
    fully correct, but it seems to be reasonably well regarded. If you are
    interested in reading (what appears to me to be) a competent review of
    Sandboxie and other "virtual machine" type protection software, try the
    site at:-

    http://www.techsupportalert.com/secu...ualization.htm

    Cheers,

    John S







  4. Re: What do you think of 'sandbox' type of software?

    John S wrote:

    > On Fri, 12 Jan 2007 18:59:12 +0100, Sebastian Gottschalk wrote:
    >
    >> Anonyma wrote:
    >>
    >>> The following ones in particular.
    >>>
    >>> GesWall
    >>> http://www.gentlesecurity.com/getstarted.html
    >>>
    >>> Sandboxie
    >>> http://www.sandboxie.com/

    >>
    >> Trivial:
    >>
    >> 1. start up the "Windows keyboard input manager" inside such a supposed
    >> sandbox
    >> 2. open the Start, Run dialog
    >> 3. click the keys on that virtual input. 'c','a','l','c', should
    >> give you an obvious result
    >>
    >> Now draw your conclusion how much sandbox these things actually are. Or
    >> better, what the general reason is why no such sandbox could work.

    >
    > [...]
    > I'm not competent to judge whether the claims made about Sandboxie are
    > fully correct, but it seems to be reasonably well regarded.


    Yeah... by fools. Fools usually don't try to audit security software.

    > If you areinterested in reading (what appears to me to be) a competent
    > review of Sandboxie and other "virtual machine" type protection software,
    > try the site at:-
    >
    > http://www.techsupportalert.com/secu...ualization.htm


    Competent? My ass. Such a scenario as I described above isn't even
    considered there, therefore not tested. But for the very simply reason that
    there's no security context separation for the UI (and many other IPC
    mechanisms), the malware isolation claim totally fails, as the malware
    could simply start itself or any on-the-fly-generated code outside the
    "sandbox".

  5. Re: What do you think of 'sandbox' type of software?

    In article
    John S wrote:
    >
    >

    snipped
    >
    > I'm not competent to judge whether the claims made about Sandboxie are
    > fully correct, but it seems to be reasonably well regarded. If you are
    > interested in reading (what appears to me to be) a competent review of
    > Sandboxie and other "virtual machine" type protection software, try the
    > site at:-
    >
    > http://www.techsupportalert.com/secu...ualization.htm
    >
    > Cheers,
    >
    > John S


    That page is just what I needed. It seems that the freebie Sandboxie
    had a single vulnerability and that was promptly patched. If it isn't a
    pain in the butt to use, I'll pop for the paid-for version which
    handles more than one piece of software open at the same time.

    I know sandboxes are not firewalls. I'm just looking to make it a
    little harder for the malware boys to cause me a problem.

    Thanks!


  6. Re: What do you think of 'sandbox' type of software?

    Anonyma wrote:

    > In article
    > John S wrote:
    >>
    >>

    > snipped
    >>
    >> I'm not competent to judge whether the claims made about Sandboxie are
    >> fully correct, but it seems to be reasonably well regarded. If you are
    >> interested in reading (what appears to me to be) a competent review of
    >> Sandboxie and other "virtual machine" type protection software, try the
    >> site at:-
    >>
    >> http://www.techsupportalert.com/secu...ualization.htm
    >>
    >> Cheers,
    >>
    >> John S

    >
    > That page is just what I needed. It seems that the freebie Sandboxie
    > had a single vulnerability and that was promptly patched.


    Did you even read the stuff I wrote above? It is one big vulnerability and
    there's nothing to patch.

    Well, if you just wanted someone to support your opinion, you shouldn't
    even have asked in first place. But since you asked, I'm sorry that I
    assumed that you wanted to hear some serious critics possibly contradicting
    your neat assumptions?

    > I know sandboxes are not firewalls. I'm just looking to make it a
    > little harder for the malware boys to cause me a problem.


    Eh... then why are you making your system more complex for no benefit?

  7. Re: What do you think of 'sandbox' type of software?


    Sebastian Gottschalk;992719 Wrote:
    > Anonyma wrote:
    > Trivial:
    > 1. start up the "Windows keyboard input manager" inside such
    > supposed
    > sandbox
    > 2. open the Start, Run dialog
    > 3. click the keys on that virtual input. 'c','a','l','c', > should
    > give you an obvious result
    > Now draw your conclusion how much sandbox these things actually are
    > Or
    > better, what the general reason is why no such sandbox could work.


    well, GeSWall has passed this "Trivial", no virtual keys are succeede

    --
    bew
    -----------------------------------------------------------------------
    bewe's Profile: http://unixadmintalk.com/93
    View this thread: http://unixadmintalk.com/showthread.php?t=25856


  8. Re: What do you think of 'sandbox' type of software?

    bewe wrote:

    > Sebastian Gottschalk;992719 Wrote:
    >> Anonyma wrote:
    >> Trivial:
    >> 1. start up the "Windows keyboard input manager" inside such a
    >> supposed
    >> sandbox
    >> 2. open the Start, Run dialog
    >> 3. click the keys on that virtual input. 'c','a','l','c',
    >> should
    >> give you an obvious result
    >> Now draw your conclusion how much sandbox these things actually are.
    >> Or
    >> better, what the general reason is why no such sandbox could work.

    >
    > well, GeSWall has passed this "Trivial", no virtual keys are succeeded


    Then it obviously breaks the systems.

  9. Re: What do you think of 'sandbox' type of software?

    Sebastian Gottschalk wrote:
    > bewe wrote:
    >
    >> Sebastian Gottschalk;992719 Wrote:
    >>> Anonyma wrote:
    >>> Trivial:
    >>> 1. start up the "Windows keyboard input manager" inside such a
    >>> supposed
    >>> sandbox
    >>> 2. open the Start, Run dialog
    >>> 3. click the keys on that virtual input. 'c','a','l','c',
    >>> should
    >>> give you an obvious result
    >>> Now draw your conclusion how much sandbox these things actually are.
    >>> Or
    >>> better, what the general reason is why no such sandbox could work.

    >> well, GeSWall has passed this "Trivial", no virtual keys are succeeded

    >
    > Then it obviously breaks the systems.


    LQTM

    --
    Notan

  10. Re: What do you think of 'sandbox' type of software?

    Notan wrote:

    > Sebastian Gottschalk wrote:
    >> bewe wrote:
    >>
    >>> Sebastian Gottschalk;992719 Wrote:
    >>>> Anonyma wrote:
    >>>> Trivial:
    >>>> 1. start up the "Windows keyboard input manager" inside such a
    >>>> supposed
    >>>> sandbox
    >>>> 2. open the Start, Run dialog
    >>>> 3. click the keys on that virtual input. 'c','a','l','c',
    >>>> should
    >>>> give you an obvious result
    >>>> Now draw your conclusion how much sandbox these things actually are.
    >>>> Or
    >>>> better, what the general reason is why no such sandbox could work.
    >>> well, GeSWall has passed this "Trivial", no virtual keys are succeeded

    >>
    >> Then it obviously breaks the systems.

    >
    > LQTM


    You really don't get it, hein?

  11. Re: What do you think of 'sandbox' type of software?

    Sebastian Gottschalk wrote:

    > bewe wrote:
    >
    >> Sebastian Gottschalk;992719 Wrote:
    >>> Anonyma wrote:
    >>> Trivial:
    >>> 1. start up the "Windows keyboard input manager" inside such a
    >>> supposed
    >>> sandbox
    >>> 2. open the Start, Run dialog
    >>> 3. click the keys on that virtual input. 'c','a','l','c',
    >>> should
    >>> give you an obvious result
    >>> Now draw your conclusion how much sandbox these things actually are.
    >>> Or
    >>> better, what the general reason is why no such sandbox could work.

    >>
    >> well, GeSWall has passed this "Trivial", no virtual keys are succeeded

    >
    > Then it obviously breaks the systems.


    BTW, I tried to verify these claims. GeSWall (both Free and Pro) totally
    fails, all the keys are successfully passed to the other application.
    Doesn't depend what security context the cmd shell is running in, doesn't
    depend what security context the attacking application runs in, and neither
    does the explorer Shell as the arounds matter. Highest security settings.

    The here often advertized Sandboxie and CoreForce fail as well.

    Not that I expected anything else... anyone with some understanding of the
    internal of the Windows IPC systems knows that the desktop (literally: The
    \Desktop context) is the security boundary.

    P.S.: (@Notan) Even if it would actually filter, this would create a
    deadlock condition and break legitimate IPC.

+ Reply to Thread