Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sandbox vs. virtual machine


  • Please log in to reply
8 replies to this topic

#1 wkid

wkid

  • Members
  • 771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heart Land
  • Local time:03:55 AM

Posted 13 October 2010 - 12:13 AM

I have a basic understanding of sandbox and virtual machine, but don't understand the pros and cons of each. The research I have done indicates that a VM must have an operating system installed in it, which uses disc space. If I read between the lines properly, the VM also requires dedicated security programs, which amounts to maintaining two computers.

Is my understanding correct here?

If a computer has Windows 7 with XP Mode, is XP Mode a virtual machine?

Any information you can provide to make these two features more clear to me will be appreciated.

wkid
An ounce of prevention is worth a pound of cure. - Benjamin Franklin

BC AdBot (Login to Remove)

 


#2 ErikAlbert

ErikAlbert

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Antwerp
  • Local time:11:55 AM

Posted 13 October 2010 - 10:44 AM

I'm not familiar with Virtual Machines, as far as I understand, it's like this :

1. Windows 7 is your operating system.
2. Windows Virtual PC runs under Windows 7 (= freeware).
3. Windows Virtual PC allows you to create multiple Virtual Machines with a different OS, which can be :
- Windows XP SP3 or
- Windows Vista SP2 or
- Windows 7 itself.
but you can create as many Virtual Machines you want, even with the same OS.
Each VM has its own OS + any combination of other softwares. This requires of course alot of diskspace,
but the absolute minimum in a VM is one OS, while other software are optional.

Each OS seems to have its own virtual hardware : CPU, RAM, Monitor, Harddisk, I/O access, other devices, network access.
This is a little difficult for me to understand, but I will once I have WVPC, but I don't need WVPC.

In other words you can create different computers on YOUR single computer, which allows you to try and test any OS in combination with any other software or software-combinations.

I can do this too with FirstDefense-ISR (FD), but not with Virtual Machines, I use "snapshots" to do this.
WVPC seems to have more possibilities than FD, certainly regarding virtual hardware.

This is not possible with a sandbox. About which sandbox-software are you talking ?

Edited by ErikAlbert, 13 October 2010 - 11:12 AM.

ErikAlbert - "Simplicity is always brilliant" - "Every software sucks, some suck more than others."
WinXPproSP3 + Comodo Firewall + FirstDefense-ISR + Anti-Executable + Sandboxie + ShadowProtect - no scanners, no cleaners.
I remove superfluous and evil objects, not because they are there, but because they weren't there.

#3 wkid

wkid
  • Topic Starter

  • Members
  • 771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heart Land
  • Local time:03:55 AM

Posted 13 October 2010 - 04:26 PM

Hi ErikAlbert,

Thanks for your reply. My questions were intended to be generic in nature --- any sandbox, any VM. I just used Windows7/XP Mode as an example of the type of what I thought would be a VM rather than a sandbox. This machine is an XP machine. A couple of the programs installed on this machine have a sandboxing feature included, but my present studies have not allowed me the time to learn how to use sandboxing. In the future, I wish to add one more computer to this household, a Windows 7 machine with possible XP Mode.

The purpose of my questions relate to gathering information and understanding to determine software choices/configuration for the future purchase. Hence, I wish to gain a more complete understanding of each (VM and sandbox) to make an informed decision. My time window is about six months, which should allow me enough time to complete my information gathering.

Thanks again,
wkid
An ounce of prevention is worth a pound of cure. - Benjamin Franklin

#4 MidwestTech

MidwestTech

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:Rockford, Illinois
  • Local time:04:55 AM

Posted 13 October 2010 - 04:48 PM

Hi,

ErikAlbert got the VM part correct. The generic answer would be that a VM is a self-contained guest computing environment that can run on a properly configured host system. This can be particularly advantageous to a company with a large centralized computing environment that needs to have many virtual computers (Windows, Unix, etc) but is looking for maximum uptime and redundancy features only available from some of the big iron vendors - they may spend a lot of money upfront on the hardware but they can then scale that investment to be shared across dozens or hundreds of virtual machines.

A sandbox is something done by a particular application, in this case on your PC. They are typically used to run potentially malicious processes without those processes having full access to the PCs file system and resources. The issue with sandboxing is that you are explicitly trusting the application vendor to have done their job properly. From my experience, that would be a tough trust to earn (have you EVER had to patch software or and operating system???).

Hope this helps.

Todd

#5 wkid

wkid
  • Topic Starter

  • Members
  • 771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heart Land
  • Local time:03:55 AM

Posted 13 October 2010 - 05:03 PM

Hi MidwestTech,

have you EVER had to patch software or and operating system?


I have had one experience with step-by-step guidance from one more knowledgeable than me. The process was instructive, but I don't look forward to repeating it on one of my own machines in the foreseeable future.

Thanks for the generic information. Your description leads me to believe that both are useful for different tasks if chosen properly. I use "properly" to mean the distinction between tasks having (or not having) OS, software, or security consequences. The sandbox would be a lighter weight option for those tasks not having an OS, software, or security consequence. That would make the trust factor less important. Do I have the basic idea?

Thanks again,

wkid
An ounce of prevention is worth a pound of cure. - Benjamin Franklin

#6 MidwestTech

MidwestTech

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:Rockford, Illinois
  • Local time:04:55 AM

Posted 13 October 2010 - 05:08 PM

Sounds like you totally get the concept. BTW, by patch I was just talking about Windows updates and the like. The point there is that all software at some point will have updates...which kinda scares me if I am trusting a sandbox to contain malicious activity.

Thanks,
Todd

#7 wkid

wkid
  • Topic Starter

  • Members
  • 771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heart Land
  • Local time:03:55 AM

Posted 13 October 2010 - 05:26 PM

gotcha, Todd :thumbsup:

thanks,
wkid
An ounce of prevention is worth a pound of cure. - Benjamin Franklin

#8 ErikAlbert

ErikAlbert

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Antwerp
  • Local time:11:55 AM

Posted 13 October 2010 - 07:40 PM

Regarding malware and VM. Some malware are able to know if they are installed in a VM or not.
If the malware is installed in a VM, it won't do anything.
If the malware is not installed in a VM, but in a real system, it will do its evil job.

I don't know any real examples, but I can give you a theoretical example.
The user downloads a malicious but very beautiful screensaver (which is able to recognize VM).

In a VM the screensaver will act as a normal screensaver and the user will think the screensaver is safe.
The user installs the screensaver in his real system. Once the screensaver starts running, it will destroy or harm his computer behind his back, while he is looking at his new beautiful screensaver.

Of course not all malware recognize VMs, but some of them are smarter and can fool you.
It's not the malware that is smarter, it's the malware-writer behind the malware, who is smarter.

So keep this in mind, if you are ever working with VMs. I never used VMs myself, because I have already a tool for testing 4 different OS and each existing software, in stead of VMs, I can use upto 10 bootabel snapshots, which can be archived also. I can create several hundreds of computers this way, if I would have enough disk-space.

Regarding sandbox. As you can see in my signature, I also use sandboxing (Sandboxie) in my system.
Internet Explorer (IE) and Firefox (FF) are both sandboxed in my system, because IE and FF are dangerous software, they place my system in the most dangerous area of the world : the internet, which is responsible for all malware-troubles.
Each good and evil object that is downloaded from the internet without my knowledge, due to my actions on the internet (mouse-clicking, downloading, ...), is stored in a sandbox. Once in the sandbox these good and/or evil objects, can't hurt the rest of my system, they are ISOLATED and will be killed when I empty this sandbox.
This is my first layer of security, I have 3 other layers in total to kill malware, if they escape from the sandbox.
I also use Sandboxie to seal of my data-partition, while I'm on the internet. This way nothing or nobody (including me) can infect, steal or destroy my precious data-files.

The funny thing about malware is that they betray themselves by "changing" your system, once you understand that, you can use that "changing" against them in order to kill them. :thumbsup:
Unfortunately all security software suck and have serious shortcomings, so you have to combine them and that helps a little, but still not good enough.
So I'm waiting for sensational improvements in the security-industry, but it doesn't happen, in stead of that I get leaking firewalls and scanners with too many failures, etc. and alot of stupid excuses, why they aren't perfect. Pffft. Posted Image

Edited by ErikAlbert, 13 October 2010 - 09:24 PM.

ErikAlbert - "Simplicity is always brilliant" - "Every software sucks, some suck more than others."
WinXPproSP3 + Comodo Firewall + FirstDefense-ISR + Anti-Executable + Sandboxie + ShadowProtect - no scanners, no cleaners.
I remove superfluous and evil objects, not because they are there, but because they weren't there.

#9 wkid

wkid
  • Topic Starter

  • Members
  • 771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Heart Land
  • Local time:03:55 AM

Posted 13 October 2010 - 09:37 PM

ErikAlbert,

Thanks for the additional info. You obviously know more about computers than I, but I am learning. For the present I have to operate within the confines of my knowledge base. As my knowledge and experience increase, I may be able to experiment with some of your techniques.

Thanks again,
wkid
An ounce of prevention is worth a pound of cure. - Benjamin Franklin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users