Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sandboxes


  • Please log in to reply
6 replies to this topic

#1 Ozzie Isaac

Ozzie Isaac

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 29 November 2012 - 04:17 PM

Are programs Luke sandboxie truly safe environments for running questionable programs? Can they contain malware?

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 29 November 2012 - 08:54 PM

Hi Ozzie -
The Sandboxie FAQ is the best place to start your questions -
Most answers are posted there, so I just left the link rather than just quote bits from it -

Thank You -

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 30 November 2012 - 03:25 PM

Are programs Luke sandboxie truly safe environments for running questionable programs? Can they contain malware?


Yes they can contain malware, but they have to be configured properly.

And even malware contained in a sandbox can harm you. If it's a password stealer for example, and the sandbox gives it full read access, it can still steal your passwords.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:21 AM

Posted 01 December 2012 - 12:13 PM

I'm going to ask this question for clarification purposes as some people reading this may become confused.

@Ozzie Isaac when you ask, "Can they contain malware?"

Do you mean will the sandbox application quarantine malware and 'containerize' it? Or are you asking if sandbox applications themselves have malware properties and could be potentially unsafe to use?

Didier's explanation refers to the first scenario I mention. I just want to be sure you have the answer you're looking for.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Ozzie Isaac

Ozzie Isaac
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 01 December 2012 - 01:00 PM

@Animal

I meant containerize. Keep malware from making changes to the system that will not be undone when the sandbox is closed.

#6 DarkSnake-Kobra

DarkSnake-Kobra

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa, USA
  • Local time:06:21 AM

Posted 01 December 2012 - 01:00 PM

Can they contain malware?


If you are referring to if malware can break out of the sandbox than yes. Programs like Sandboxie and security software occasionally will receive updates and patch holes which can allow the malware to bypass the sandbox. No software is perfect and malware authors are constantly trying new things and attempting to find new holes in software. It's a never ending game of cat and mouse.

#7 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:21 AM

Posted 02 December 2012 - 01:06 AM

Thank you for confirming what it is you were asking. :thumbup2:

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users