Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is a Virtual Environment the Best Security Protection Available ?


  • Please log in to reply
10 replies to this topic

#1 yabbadoo

yabbadoo

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 27 July 2013 - 12:55 PM

I read of all the serious infections users are getting and asking for help on the Forum and wonder why all these troubles are so prevalent. All Forums are inundated with similar calls for help.

 

For probably the past 8-10 years I have exclusively used Sandboxie, an extremely user friendly virtual program invented and marketed by that brilliant entrepreneur Tzuk.

 

My understanding of a virtual concept is that the computer is open to the world, but completely sealed off from the PC operating system. The bugs are allowed to fly around in their virtual environment but can go nowhere.

 

On browser shut down, all the virtual environment is killed off, complete with bugs. Whatever creepy crawlies were about have not even sniffed the outside of the virtual box - a sealed operating quarantine area. The Fox never gets anywhere near the Chickens.

 

I have never had a single infection of any worth in all those 8-10 years. A few minor offenders got through at times, but were soon killed of by my AV`s. I have surfed through the Valley of Death many times, you name it, I have been there, but always come out without a scratch.

 

My question is, why do users ignore the futuristic security prospect of using a virtual system, still plod on with the old AV stuff and get all kinds of bugs invade their PC`s ?

 

A virtual system has no restrictions, it is infinite, whereas all other security programs depend on constantly updating their data bases in a mad dash to keep up with the bug Maestros. A losing battle of "follow the leader".  In A virtual  environment, new bugs are no different from old bugs, they are all safely contained and the program never lags behind the bug generators.

 

I operate the Free Sandboxie program. It has never given a single iota of trouble and updates as necessary. I just never know it is there, battling the bugs, except that I never get any infections as a result. For a short period I did try Returnil, but soon went back to Sandboxie, it is far more simple and easy to operate.

 

I do on rare occasions have to have an unsandboxed browser, Perhaps this is where the few bugs I have had over the years have got through. I never have any Death Wish with an unsandboxed browser, just do what is necessary and close it.


Edited by yabbadoo, 27 July 2013 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 Darktune

Darktune

    Very Purple


  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:05:18 PM

Posted 29 July 2013 - 05:55 PM

Hey, 

 

You do raise a good point virtual desktops are great and people should use them. But I think the main reason people are not using this type of software is because many non-IT literate people don't really know what it is. People get told to have one AV and one Firewall and that's it.

 

I have a virtual desktop but never used Sandboxie so I will have to try that out. My virtual desktop isn't that great but it's still pretty good it's the COMODO one.

 

A question I do have if you could answer it, if for example I didn't have the latest version of Java, but that was installed on my PC and not run in the virtual desktop, obviously outdated version of Java are at the greatest risk to get you an infection would the virtual desktop prevent the bug coming through the Java version or would it get through?

 

Craig


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#3 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 30 July 2013 - 05:24 AM

A question I do have if you could answer it, if for example I didn't have the latest version of Java, but that was installed on my PC and not run in the virtual desktop, obviously outdated version of Java are at the greatest risk to get you an infection would the virtual desktop prevent the bug coming through the Java version or would it get through?

 

Craig

Craig,

 

I do have essential Javascript but as far as I can see (and hope) I do not have Java. I dumped Java some time ago after surfing the web on the  subject. General opinion was that only old sites require Java, plus the fact it is a PITA system and can lead to exploitation and infections being transmitted from some of the sites using this old system.

 

Java is not installed by default with any modern version of Windows, thanks to an April 2004 antitrust settlement between Microsoft and Sun Microsystems.

 

I wiped everything Java off my PC and if a site still needs Java and very few do, I just walk away from it.

 

NOTHING gets past Sandboxie, it is as tight as a Ducks anus. But all downloads are OUR responsibility. Sandboxie asks whether you wish to recover the item and where to send it. Once you hit "Recover", you have authorised Sandboxie to let the item loose from the virtual cage, so if the item is infected, it is your responsibility and lack of judgement which is responsible.

 

I download hundreds of programs etc. with no problem. I just know whether to trust letting the item fly into my system or not. 99.9% of my downloads  come  from very trusted and reputable sites.

 

Providing the download program you install is of a secure nature, then no problem. Any Java site operating within Sandboxie is in a padded cell, bugs which float around within the sandbox due to Java/Site threats, go nowhere and are killed of on browser closure.

 

The only door to your PC for bugs to use is under your control - you have the key. Any bugs within the sandbox become the responsibility of your AV and FW in the normal way. If a threat is present via Java sites or otherwise, these programs should do their work as usual.

 

All Sandboxie does is to provide a virtual safe environment, it is not a bug detector within that environment, that is where your AV and FW  come in. It does not matter how nasty the site is, it stays in a  virtual limbo and goes nowhere. Theoretically an AV is unnecessary  when using Sandboxie, but it is recommended you have one - belt and braces.

 

Like I said, Sandboxie operates totally hidden, you never know it is there and it never gives any trouble in any shape or form. Updates are automatic.

 

You have to configure Sandboxie to your own liking over and above the standard setting, but once that is  done, it just becomes a  sleeping partner.

 

Just a point. the download and installation of Sandboxie is a 30 day free trial job. Ignore it, there is no commitment and after 30 days if you do not buy the program, it automatically goes to a freebie, like I have been using for yonks. Like all other programs, the difference between a freebie and a paid version is really in the mind rather than practical benefits.


Edited by yabbadoo, 30 July 2013 - 06:29 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 PM

Posted 30 July 2013 - 08:27 AM

A question I do have if you could answer it, if for example I didn't have the latest version of Java...

You don't need Java

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications...According to W3Techs, only four percent of websites use Java on the server side...it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality...there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system...

W3Techs usage statistics and market share data of Java on the web


But I think the main reason people are not using this type of software is because many non-IT literate people don't really know what it is.

Sandboxing has been around for years and I see it recommended from time to time. However, it has become more popular and is built in as a feature with some anti-virus programs.

Starting with avast! 6, the vendor offered several new protection features to include the AutoSandbox. avast! Free Antivirus 6 does not include the full Sandbox module or its enhancements. avast! 7 extends virtualization sandbox. For more information about this feature, how it works and how it differs from avast! Pro and avast! Internet Security, please refer to:Comodo Internet Security also offers Sandboxing.

Anyway, for those who do not know much about sandboxing, here are a few helpful links.
About Sandboxing
Sandbox(ing)
A Taste of Computer Security: Sandboxing
How to Keep Your PC Safe With Sandboxing
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 30 July 2013 - 09:53 AM

@ Quietman

 

As always, no arguments or wrist slaps, just an impeccable, impartial and thoroughly informative resume of the matter in hand, which gives the reader a more than adequate bite of the cake.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 PM

Posted 30 July 2013 - 10:31 AM

Thank you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 PM

Posted 30 July 2013 - 03:52 PM

In A virtual  environment, new bugs are no different from old bugs, they are all safely contained and the program never lags behind the bug generators.
 

 

There is a type of bug for which a sandbox can not contain the exploit: kernel bugs (ring 0) that can be exploited from userland (ring 3).

 

Examples are the recent True Type Font exploits. Microsoft released MS13-053 to patch some of these bugs.

https://technet.microsoft.com/en-us/security/bulletin/ms13-053

 

When such a specially crafted TTF file is used under a normal user account (even in a sandbox), the TTF file is parsed inside the kernel, the exploit triggers the bug in the parser and thus executes directly in the kernel. These bugs also imply a privilege escalation: the exploit code gains elevated access.


Edited by Didier Stevens, 30 July 2013 - 03:55 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 31 July 2013 - 06:22 AM

@ Didier Stevens

 

Didier,

 

What an excellent observation and contribution, outlining a tricky bug that could avoid Sandboxie. I say Sandboxie because it is a unique and professional virtual program as against the sandboxes provided by some AV vendors.

 

It seems from what is being said that all conventional AV "lag behind" programs do not stand a chance, but the ability of Sandboxie remains to be challenged.

 

It reinforces the security properties of using a virtual environment as against using an ordinary an AV program. I cannot see how  AV programs depending on a "follow the leader" data base can survive and that using a virtual  environment is the only logical path to future PC security

 

I would point out that the observation you describe will not have eluded Tzuk and he is not going to stand by  and  do nothing. Sandboxie is his only revenue and Tzuk will not allow any escape  routes from his sandbox if he can possibly help it and Tzuk is an extremely clever and articulate genius.


Edited by yabbadoo, 31 July 2013 - 06:35 AM.


#9 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 06 August 2013 - 07:42 AM

It looks like this thread has passed its "sell by date" according to activity, so I would simply   end it by a Yabbadoo swan song.

 

Readers may think that Yabbadoo is entirely  devoted to Chat subjects - WRONG. The reason why I post most of my material in Chat shows, is that unlike many users who appear to get a multiplicity of infections and trouble, I get none. A  few minor hiccups, but nothing  serious like others do. So I enjoy the benefit of  chatting to a wonderful community as an alternative social pleasure.

 

Why do I get no infections ? The reason is inherent in this thread - I USE SANDBOXIE !   I  would challenge anybody to have been to worse sites than I have and emerge with no bruises. No creepy crawlies  for me, they are all yours.

 

When users stop using those outdated AV and other security programs and use a virtual system, then perhaps the immense activity currently present on the "threat, infections and trouble" sections of the Forum  will reduce to a mere trickle.and that due to the diehards who refuse to change.

 

Dump all that risk and threat stuff out of your life, keep your PC clean and safe by using Sandboxie. Returnil is a good program, but Sandboxie is more user friendly and needs no attention. It just protects you 100% as a hidden Minder.


Edited by yabbadoo, 06 August 2013 - 09:55 AM.


#10 clas

clas

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 26 January 2014 - 09:52 AM

hi all, i just had to say this has been a good discussion.  i am a long time user of the free sandboxie and work long and hard each and everyday on this box.  i keep up to date on most things.  i would have to say that using sandboxie has been the easiest way i have found to keep the nasties at bay.  along with doing image backups weekly which i also think is a top priority.  you just cant teach most people to do what is right.  so its refreshing to find people here that really take the time to understand and help others.... good site...thanks...Clas



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 PM

Posted 26 January 2014 - 09:58 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users