Re: MICROSOFT SECURITY ESSENTIALS

Discussion in 'Computer Security' started by Juarez, Jul 20, 2009.

  1. Juarez

    Juarez Guest

    You can stop 100% by downloading Sandboxie and running your browser in a
    sandbox.
     
    Juarez, Jul 20, 2009
    #1
    1. Advertisements

  2. That's a neat trick considering that "100%" of malware doesn't come in
    through the browser.
     
    FromTheRafters, Jul 20, 2009
    #2
    1. Advertisements

  3. Juarez

    Juarez Guest


    ???

    Put down the bottle of scotch.
     
    Juarez, Jul 21, 2009
    #3
  4. ===
    You can stop 100% by downloading Sandboxie and running your browser in a
    sandbox.
    ===
    You can't stop 100% of malware by closing off only one ingress vector.
    ....when I'm done with it!!
     
    FromTheRafters, Jul 21, 2009
    #4
  5. From: "FromTheRafters" <erratic @nomail.afraid.org>


    | ===

    | You can stop 100% by downloading Sandboxie and running your browser in a
    | sandbox.
    | ===

    | You can't stop 100% of malware by closing off only one ingress vector.

    | ...when I'm done with it!!



    Hey, save me a shot. :)
     
    David H. Lipman, Jul 21, 2009
    #5
  6. Ó¿Ò here ya go --> \=/
    -
     
    FromTheRafters, Jul 21, 2009
    #6
  7. Juarez

    Dustin Cook Guest

    I'm a huge fan of sandboxie myself; I use it often, have been a registered
    user for several versions now... This claim of yours isn't accurate. It'll
    significantly reduce your chances, but it will not prevent something from
    happening.
     
    Dustin Cook, Jul 22, 2009
    #7
  8. Juarez

    Juarez Guest

    No? How can malware infect the OS via a script in a website if it is
    walled off from the OS? Chrome runs in a sandbox without having to use
    sandboxie and at the hacker convention to see how quickly they can hack
    a brwoser the guy who won the contest couldn't hack Chrome in the time
    alloted and said he could with a bit more time but said there isn't much
    use to that because it is walled off from the OS anyway in a sandbox so
    can't do any harm to the OS. If you are saying that the browser can
    still be insecure for doing secure activities via the web browser then I
    agree but running in a sandbox is far from the only security measures I
    use. I use Cometbird browser so have noscript, adblock etc. Also use
    Spybot and Spywareblaster pre-emptive strike blocking.
     
    Juarez, Jul 22, 2009
    #8
  9. From: "Juarez" <>




    | No? How can malware infect the OS via a script in a website if it is
    | walled off from the OS? Chrome runs in a sandbox without having to use
    | sandboxie and at the hacker convention to see how quickly they can hack
    | a brwoser the guy who won the contest couldn't hack Chrome in the time
    | alloted and said he could with a bit more time but said there isn't much
    | use to that because it is walled off from the OS anyway in a sandbox so
    | can't do any harm to the OS. If you are saying that the browser can
    | still be insecure for doing secure activities via the web browser then I
    | agree but running in a sandbox is far from the only security measures I
    | use. I use Cometbird browser so have noscript, adblock etc. Also use
    | Spybot and Spywareblaster pre-emptive strike blocking.

    Easily. It is not just about your browser. There are many infection vectors due to the
    vulnerability/exploitation factor.

    To name some...
    Quicktime
    Adobe Reader
    FoxIt Reader
    Adobe Flash
    Sun Java
    The OS and OS components/modules
    MS Office and Office components/modules
     
    David H. Lipman, Jul 22, 2009
    #9
  10. Juarez

    Juarez Guest

    If they are run from within the sandboxed browser then they can't do
    jack shit either. Yea, if I ran Quicktime or Adobe reader outside of the
    browser then that is a different matter. But I don't and as I have
    already said I have other other methods in place to avoid the possible
    issues you talk of. I don't even have Java enabled in my browser.
     
    Juarez, Jul 22, 2009
    #10
  11. From: "Juarez" <>



    | If they are run from within the sandboxed browser then they can't do
    | jack shit either. Yea, if I ran Quicktime or Adobe reader outside of the
    | browser then that is a different matter. But I don't and as I have
    | already said I have other other methods in place to avoid the possible
    | issues you talk of. I don't even have Java enabled in my browser.

    This isn't about you. It is the statement(s) in general.
     
    David H. Lipman, Jul 23, 2009
    #11
  12. Not all malware will use that method. Basically, any program that
    consumes data from outside the system can be an ingress vector by
    mishandling said data or causing the user to do so.

    I don't think anybody here will say Sandboxie (or sandboxing) is a bad
    thing, but your claim of 100% is over the top.
     
    FromTheRafters, Jul 23, 2009
    #12
  13. Juarez

    Dustin Cook Guest

    Your so good with words. :)
     
    Dustin Cook, Jul 23, 2009
    #13
  14. Juarez

    Juarez Guest

    I know that but I was talking purely about the web browser and not all those
    other things that are not a web browser. One can easily sandbox all those
    other apps too if they choose. In fact sanboxie warns you if you click on
    something that opens another app in your web browser if it is not sandboxed.
    Happened to me just yesterday when I was going to send an email via the
    browser and it warned me that Outlook Express was not sandboxed and asked me
    if I wanted to sandbox it. Like I said, with sanboxie you can run on the web
    100% with safety if you know what you are doing. That's about everyone and
    not just me.
     
    Juarez, Jul 24, 2009
    #14
  15. Juarez

    Juarez Guest

    Read the post I just made to Mr. Lipman. Sandboxie warns you if you are
    about to open something from the browser that is not sandboxed so it is 100%
    safe if you also sandbox the app it is warning you about. OK, 99.9%.
     
    Juarez, Jul 24, 2009
    #15
  16. Juarez

    ~BD~ Guest

    *You're* not (improving) Dustin!

    But heck, no-one is good at everything!
     
    ~BD~, Jul 24, 2009
    #16
  17. Okay...

    ....but your first claim of 100% was in response to a claim of 80% of
    "malware" (not browser vector malware) being basically thwarted by
    running as a restricted user rather than an administrator. That claim
    "80% of malware..." was probably correct, whereas your claim of 100% was
    not - unless you change the set of "malware" to the set of "browser
    vector malware".

    Another point to note is that preventing malware from having the ability
    to "install" or be persistent (surviving a reboot for instance) does not
    preclude it from still being active malware *during* a session.
     
    FromTheRafters, Jul 25, 2009
    #17
  18. Juarez

    Dustin Cook Guest

    Bah. :)
     
    Dustin Cook, Jul 25, 2009
    #18
  19. Juarez

    Dustin Cook Guest

    I wasn't even going to mention this, but on occasion some malware author
    gets creative and finds a way to escape the sandboxie confinement. It
    doesn't happen everyday, but it certainly has been known to happen. :)
     
    Dustin Cook, Jul 25, 2009
    #19
  20. Juarez

    Juarez Guest

    You delete the sanboxed session after finishing with it so there is no
    persistent malware surviving a reboot. Everything that runs in a sanbox
    are temp files in the session and get deleted when you finish the session.

    Here is my latest method that I have been just trying out ten minutes
    ago. Put Portable Ubuntu on your HDD and then run that sandboxed. Now
    everything that runs from the portable Ubuntu is sandboxed, including,
    of course, the web browser. Only problem is that it runs very slow so I
    doubt many people would put up with that. For those that like to check
    out known bad sites this is a good way to go about it though.

    I admit saying 100% was hyperbole and was negligent of me, my apologies.
    Still, it's far better than 80%.
     
    Juarez, Jul 25, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.