Something worries me about Sandboxie...

View previous topic View next topic Go down

Something worries me about Sandboxie...

Post by Solar on 12/6/2011, 21:33

Hello, everybody. I'm new to these forums. It took months for me just to have enough courage to register on these forums. Since I consider this forum very friendly from what I've seen, I decided to give a shot what tortures me about Sandboxie (including the newest version):
Basically when I say "a torture" is hyper-exaggeration, but still represents a slight concern.
I found on you tube that Sandboxie failed to prevent Trojan.Spyeyes and Trojan.Banker from running, for example
http://www.youtube.com/watch?v=SpO35OM_6_w&feature=related
Here MBAM picked up Hijack.Help

Here Sandboxie left 3 malwares which MBAM picked it up:
http://www.youtube.com/watch?v=rPQui1fs6Lg&feature=related
It did let 3 malwares on the computer according to MBAM (MBAM=Malwarebytes Anti-Malware). Maybe that's only a mistake because the processes (exe.files) of malware samples are deleted/terminated, folders are not, like in GesWall testing???

Question: What is the difference between GesWall and Sandboxie: Does Sandboxie have more limitations than GesWall or DefenseWall and what are those limitations?
For example, I heard that Sandboxie can't prevent driver/kernel level malware installation???
That was 3 years ago written by Iliya on Wilders security forums, I read it.
I don't know if anything was changed since than?

However that was than, now it seems that Sandboxie is vulnerable to rogue anti-malware programs (like WinXP antivirus)?
Maybe that's only a mistake because the processes (exe.files) of malware samples are deleted/terminated, folders are not, like in GesWall testing...

From what I know: GeSWall uses windows internals, therefore it cannot overcome the limitations of NTFS security, while Sandboxie can?
And Geswall was bypassed exactly 1 year ago:
http://www.freepcsecurity.co.uk/2010/05/17/geswall-test/

The reason why I picked up Sandboxie is because of continuous testing against malware, excellent forum support and you're always here if I'm stuck with something.
Well I'd be happy if I could find the way to fully configurate Sandboxie and save that configuration if somehow possible.
And one more thing how can I change my administrator account to limited user account?
Am I safe to use sandboxie and surf the net as administrator?
Thanks to all.






Solar
New Member
New Member

Posts : 2
Join date : 2011-06-12

View user profile

Back to top Go down

Re: Something worries me about Sandboxie...

Post by ssj100 on 13/6/2011, 10:54

Hi Solar, I'd suggest posting your queries here if you don't get any replies:
http://www.sandboxie.com/phpbb/index.php

Cheers.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Something worries me about Sandboxie...

Post by Solar on 2/12/2011, 21:21

ssj100 wrote:Hi Solar, I'd suggest posting your queries here if you don't get any replies:
http://www.sandboxie.com/phpbb/index.php

Cheers.

No worries, I have contacted the tester "Ahmed" and he said to me that the only that was left were 3 empty temp files each with 0 bytes, malwares themselves were all deleted/terminated.
So, sandboxie protected against all malware samples in this test.



Solar
New Member
New Member

Posts : 2
Join date : 2011-06-12

View user profile

Back to top Go down

Re: Something worries me about Sandboxie...

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum