Question

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Question

Post by Rico on 27/1/2011, 00:57

Regarding the location of the registry: http://help.lockergnome.com/windows2/file-located--ftopict484827.html

It seems that they are a number of 'files' located throughout the C drive which mean that they are already set to readonly with the settings you have devised. If any of what I'm saying is wrong please feel free to correct me.

p2u wrote: Dll's can be readily downloaded from online resources, but if you have "copy"- protection on in AE2, the download will be blocked.

Paul, are the C:/ read only settings that are discussed here act in the same way? Do they provide copy protection too?

ssj100 wrote:what about malware which only exists in memory?

Is there memory only malware with no executable or file involved or did I misunderstand?


Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Question

Post by p2u on 27/1/2011, 01:09

Rico wrote:Paul, are the C:/ read only settings that are discussed here act in the same way? Do they provide copy protection too?
Let me say first that "C:/ read only" doesn't seem workable to me.
P.S.: For Firefox it's enough to set it to start always in Private Mode.
Code:
browser.privatebrowsing.autostart = true
Nothing will be written to disk unless you specifically download something. When exiting Firefox, everything from memory cache is safely deleted.

The copy protection in AE2 has nothing to do with user (or program) access rights. AE2 determines that you want to download (= copy) an executable file from the Internet and will block that download.
P.S.: I believe this protection was also removed from AE3.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Question

Post by ssj100 on 27/1/2011, 02:12

p2u wrote:Let me say first that "C:/ read only" doesn't seem workable to me.
It's fine when specified to IE's virtual environment only (and apparently Chrome's?), and is a viable method of locking down the environment further (eg. for internet banking purposes). This is the flexibility of application virtualisation (Sandboxie in particular).

As I mentioned in the Sandboxie configuration thread, making C:\ read only will prevent all newly introduced file types from being downloaded/executed (written to disk). I think AE2 only prevents .EXE and .DLL types.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Question

Post by ssj100 on 27/1/2011, 02:17

Rico wrote:Is there memory only malware with no executable or file involved or did I misunderstand?
I was meaning malware which doesn't need to write to disk to perform malicious actions (eg. clip-board logging). Therefore, they execute and perform their actions only in memory. I'm not aware of such malware in-the-wild.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Question

Post by Rico on 27/1/2011, 02:24

p2u wrote:Let me say first that "C:/ read only" doesn't seem workable to me.
P.S.: For Firefox it's enough to set it to start always in Private Mode.

I don't think this can prevent a driveby as a malicious site exploits vulnerabilities to be able to download anything without consent. In a perfect world, one would think that if they didn't explicitly permit the download of an executable it wouldn't be there. This however would be a vastly superior safety net that can't be beat.

@ ssj, so basically its not virus types that infest/ install on the PC? Clipboard logging shouldnt be an issue if you deisgnate a sandbox for unsafe vs safe browsing.

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Question

Post by ssj100 on 27/1/2011, 03:36

Rico wrote:@ ssj, so basically its not virus types that infest/ install on the PC? Clipboard logging shouldnt be an issue if you deisgnate a sandbox for unsafe vs safe browsing.
Yes, I would suppose so. And yes, a good security approach with Sandboxie is also necessary to realise its potential.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Question

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum