Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is sandboxie a virus scanner?


  • Please log in to reply
5 replies to this topic

#1 mitdrissia

mitdrissia

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 12 February 2011 - 01:27 PM

Hi guys,
can anybody explain what http://sandboxie.com/ is exactly and if it is any good for my computer to use it as a virus scanner?

Also something else: sometimes i download from free sites like speedyshare and others.I can scan the download url with virustotal and download the zipped file to my computer. Sometimes i check the zipped file also in virustotal.com and one time i found a trojan. My question is: The moment i download the software on my computer as a zip file will my computer be infected if it contains virus/trojan?Or will my computer only be in danger when i unzip the file? My virusscanner and real time spyware scanner did not pick it up but virustotal did.

So if i am correct for every software i download i need to scan it with virustotal to be sure?

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:02:31 AM

Posted 12 February 2011 - 04:47 PM

Hi, no Sandboxie is not a virus scanner, or any kind of scanner.
Sandboxie is a program that runs certain programs on your computer in a sandbox. Once you close the programs, everything in the sandbox is erased. So if you visit a malicious website while running a sandboxed browser, no system settings will be changed and the malware will be gone with a simple erase of the sandbox.

Regarding your second question, most, if not all, malware that is downloaded in a zip file cannot execute before being unzipped as far as I know. I could be completely wrong about this, but many times a zip file contains an exe file, which upon execution infects the computer.

#3 mitdrissia

mitdrissia
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 14 February 2011 - 05:02 AM

So lets say for example i go to a speedyshare link and i download a file. What if the file is infected?Will my computer also be infected or by using sandboxie this can be prevented?This is something new.I will try to download sandboxie now and see what it actually does.

#4 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:02:31 AM

Posted 14 February 2011 - 08:01 AM

Sandboxie does not protect against files you knowingly download to your desktop. Upon exit, the sandbox is cleared, which contains your browser, all desktop files, folders, etc remain untouched.

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 14 February 2011 - 08:45 AM

So if i am correct for every software i download i need to scan it with virustotal to be sure?


Yes, that's a good habit to have. If you don't trust the origin of your downloads, scan them with VirusTotal. If you use Firefox, there is a VirusTotal add-on that allows you to easily scan files before you download them.

But even VirusTotal can't give you 100% guarantee that a file you downloaded is not malware, opening these untrusted files inside a sandbox is also a good idea.

Edited by Didier Stevens, 14 February 2011 - 08:45 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:01:31 AM

Posted 14 February 2011 - 09:11 AM

You can find the Mozilla add-on and the Chrome extension, which Didier Stevens mentioned here : http://www.virustotal.com/advanced.html#browser-addons

If you have already downloaded a file, you do not want to waste your time uploading them to VirusTotal. So first find out the SHA or MD5 hash for the file. And search VirusTotal for that hash. There is a high possibility that someone else has already uploaded that file and you can see the results without actually uploading. If this fails, then you have to upload.

You can use Hash It to calculate MD5 and SHA hashes easily. There is another one I like VisualHash, but its programmed in .NET and you need .NET installed to run it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users