SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Geek Stuff

Sandbox??

(23 posts)
  • Started 6 years ago by BobJam
  • Latest reply from BobJam
  • Topic Viewed 2336 times

BobJam
BobJam
Posts: 1052

I haven't used a sandbox . . . yet . . . but I've been thinking about it.

On another forum someone was touting the security advantages of using a sandbox to surf, and that renewed my interest in it.

They said, "When you finish browsing and delete the sandbox, all cookies, browser exploits, viruses, trojans etc evaporate." That seems pretty secure, and very much like 100% security. I'm not so intrigued by tracking cookies being deleted (though that is certainly a plus), but the part about " . . . browser exploits, viruses, trojans . . . " is particularly enticing.

So, the malware writers (a scurrilous bunch) haven't figured out a way to deposit their infectious packages outside of the sandbox?? Is this malware essentially "quarantined" within the sandbox, and it cannot get out unless the user (which would be a fool) does that recover function on the infected file?? Wow, if that's the case then this sandbox thing is 100% secure (other than an idiot user who let the thing out).

I've always subscribed to the Steve Gibson notion that there's no such thing as 100% security, but if this sandbox thing is what it looks like to me (I've looked at "Sandboxie"), then perhaps I need to rethink that notion.

I also subscribe to the notion that "If it's too good to be true, it usually is . . . not true". So, what am I missing? And I'd be interested to hear recommendations, pro and con, on it.

I had a question about Bookmarks. Specifically, I frequently Bookmark sites. If I do this in Sandboxie, is the Bookmark lost when I delete the Sandboxie browser session?? I read the Sandboxie tutorial, and it seems like you can use the recover function to save the bookmarks permanently, but it wasn't clear to me. Can I do this while I'm in Sandboxie, and if so, how?

The response I got back was "As for bookmarks, if I'm confident a site is safe, I just paste the URL temporarily into notepad. After killing the sandbox, I re-launch the browser without the sandbox, paste in the URL, save and exit. That's fairly bullet-proof."

I did try a LUA for a while, but as ScottW pointed out, it is very tedious. I found the same to be true, so I stopped using it. I'd like to hit a happy medium between security and user friendliness. Will this sandbox thing do it (if I configure it that way), or is that a hassle no matter what too??

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

What you say is about what I experienced using Sandboxie. It was pretty easy to use. Reason I do not use it any more is the fact that I now make weekly system backups with Norton Ghost. So I am pretty safe and can always reset to last Sunday.
Reason why the sandbox works so well is that you are working in a virtual machine. An attacker will not know how to get to your actual system. Everything is with "mirrors". But as you say, you can save stuff from the sandbox into the real system before you close the sandbox - else, everything goes up in smoke.

Posted 6 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

@whs do you keep all of your backups? or do you delete older ones? just wondering becuase what if you get a virus but don't know that you have it then you do backups and keep saving the virus so when you do have to restore you are restoring a virus.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

jack, that is a judgement call. I have set Ghost such that it keeps as many as fit on the disk (250GB's). So I have quite a few. But when it comes to a restore, you have to, of course, pick one that you think is clean. And if that does not work, you can always go further back - in my case quite a few months back is possible. But the further you go back, the more stuff you loose. That's why I back-up my data seperately each week. Plus, since my Ghost backups go to an internal second disk (because of speed), I also copy that once a month to an external disk that I disconnect. It's like Fort Knox.

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

@whs,

Do you have an ABSOLUTE Clean Install Ghost Image backed up on a 2nd or 3rd HD that you can get going in about 10 minutes or so ??

Kindest Regards,
Rick P. ♥ :)

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Rick, I think you are pulling my leg. But seriously, I use the additional external disk because the internal back-up disk can get attacked too - theoretically. And it can crash.

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Wait a minute . . . wait a minute . . . I think I got hijacked here <grin>. This is getting into the virtues of an image, and I certainly agree with that.

But, seriously, I'm looking for more input (thanks for yours, whs) on using a sandbox for surfing.

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

@whs,

NOT kidding at all !!!!

I have ABSOLUTE Clean Install images backed up on multiple HDs which are disconnected from the system.
Merely a matter of opening the case and connecting a HD up.
One image is not even PAed yet.
Kindest Regards,
Rick P. ♥ :)

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Sorry BobJam. I was just trying to answer questions that came up. On the sandbox question, I think it is best if you just try it. It is no rocket science and you will quickly be able to draw your own conclusions. My link above would be a good starting point.

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

Bob, since you and I are both fans of Steve Gibson, you should check out the Security Now podcasts #53 and #55. The first talks about VMware and how the free player can be used to run an "appliance" that runs Firefox in a virtual machine. The second one talks about Sandboxie and other application sandbox solutions. An application running in a virtual machine is well isolated from the host operating system. The way that information can leak out from the VM into the host is when the user executes a file transfer or mounts a drive or directory from the host system on the VM. Avoid doing this -- or be careful with them -- and your VM is very secure. The file transfer would be a good way to get your FF bookmarks from the host into the VM. As long is that's a one way transfer there is no leak.

As with many Security Now podcasts, when I first heard these ideas I thought, "I have to try this!" However, with a little time to cool off and think about it, I feel good about my security measures and I am willing to accept the (slightly) increased risk in order to preserve the convenience that I'm used to. Maybe I'll change my mind if I get infected. Or, maybe, like whs and Rick I'll just restore from my latest Ghost image and move on! :-)

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

@ScottW,
Appreciate your last sentence in your post.
I think of a computer and network as just a bunch of parts to include the O/S.
If a part breaks including the O/S, it is just much faster to replace and "Move On" than to "fiddle around" and further tear-up the registry. (LOL) (LOL)
=============
Admit: if one only has a laptop, my philosophy won't hold water.
=============
Kindest Regards,
Rick P. ♥ :)

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Rick, you lost me. Why would the approach you stated be different for a laptop?

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Echo on whs's question for Rick. (Now I'm hijacking my own thread!)

ScottW,

I'll have to read over your post again and listen to Gibson's podcasts and digest it all before I respond to it.

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

@whs,

Most Laptops do not have Multiple HDs on which to store Ghost Compressed Total Partition Images.
My machines have at least (6) HDs so no problem re-imaging a fresh TOTAL Clean Install of a total start partition in less than (10) Minutes.
==============
With a (1) HD Laptop and NO Floppy Disk Drive, this would be rather hard to do.
==============
ScottW is referring to how fast we can totally recover from a virus infection and "move on" without having to go through all the virus removal gyrations because we have total system back-ups on multiple HDs.
==============
Kindest Regards,
Rick P. ♥ :)

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Hey Rick,

But you can swap out HDD's on a laptop just like you can on a desktop, so if you have a cloned HDD (clean, of course) available to swap, you're OK on a laptop. And you can restore an image from a USB external HDD also. With Acronis TI or Ghost (I think, I haven't used Ghost), you can easily make a clone or an image to restore (from that external USB HDD) for a laptop. Other than the fact that laptops generally don't have multiple internal HDD's, which you pointed out and I agree with, there really is no difference in image restoration or cloning capabilities.

And if you're saying it's more tedious on a laptop . . . well, maybe if you consider the extra few seconds it takes to plug in a USB external HDD, or swap out an internal HDD (though in that case, I think the time taken is a wash . . . don't know for sure because I've never owned a desktop except for that first IBM 8086 clone in the early 80's. . . am a laptop kinda' guy).

So I really don't see how you're hosed with a laptop . . . whs, help me out here.

(BTW, my laptop - an HPze4700 - DOES have a floppy drive)

Geeezzz, here I go again hijacking my own thread. I got hooked with that laptop thing you mentioned, Rick.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

I think BobJam is right. Anything you can do on a desktop is possible on a laptop. Granted, the internal disk provides better performance versus a USB attached disk. But the downside is that it is internal and can become the target of an attack. On the wife's laptops I use a USB powered 120GB disk for Ghost and that works great (I only attach it when needed). A while ago I reset to a recovery point with it and that took 25 minutes. I think that is acceptable. (I don't have a comparison figure from my desktop's internal disk because I never had to recover yet - knock on wood). For additional safety, I copy my internal disk Ghost shadows to a USB powered external disk (there is such a function provided in Ghost). I do this once a month whilst I write weekly Ghost recovery points (I think Lighthouse does it even daily - but he needs it). So bottom line, I see no difference in capability except a minor performance advantage for the internal disk - but more exposure. And in any case, all this runs in the background (except recovery, of course) - so performance is not really an issue.

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Thanks, whs, you helped me out there as I requested.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Any time - and it's the truth and nothing but the truth.

Posted 6 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

@whs,

There is really NO difference in the way we have Back-ups stored.
I have DISCONNECTED internal HDs and you have DISCONNECTED external HDs for safe back-up storage.
I just have to take a case side panel off to plug-in a HD and you just plug-in using a USB port.
My case sides have large (quarter turn screws) so it just takes a moment to remove a side panel, hook-up and go.
I'm sure you have seen similar screws on aircraft inspection point panels.

Kindest Regards,
Rick P. ♥ :)

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

I would hate to fumble inside the box with the power on. So power-off is another step. With my next system (which I will have custom built or build it myself) I will make sure to get an eSata port. That would be the optimal solution.

Posted 6 years ago
Top
 



Topic Closed

This topic has been closed to new replies.