Malware and Sandboxed vulnerable programs with driver components.

View previous topic View next topic Go down

Malware and Sandboxed vulnerable programs with driver components.

Post by D1G1T@L on 5/6/2012, 01:36

I was thinking about this the other day. If a trusted program on the host that has a driver component, and its running in the sandbox and a malicious executable finds a hole in that programs driver, can it potentially escape? I know that for example there are PDF reader programs that have virtual printers.


D1G1T@L
Moderator
Moderator

Posts : 13
Join date : 2012-06-04

View user profile

Back to top Go down

Re: Malware and Sandboxed vulnerable programs with driver components.

Post by ssj100 on 5/6/2012, 02:20

I thought Sandboxie 32-bit (and 64-bit with Experimental Protection enabled) had no issues with containing "driver components"?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware and Sandboxed vulnerable programs with driver components.

Post by D1G1T@L on 5/6/2012, 03:10

I understand that new drivers cannot be installed in the sandbox however, what I am talking about is programs installed outside the sandbox and are being executed sandboxed. They are still able to communicate with their drivers that are run outside. That's how AV's are still able to scan within the sandbox when a manual scan is initiated in a sandboxed windows explorer.

What I am curious about is if something could compromise such a sandboxed legit process outside that has a driver component outside and drawbridge out of isolation.

D1G1T@L
Moderator
Moderator

Posts : 13
Join date : 2012-06-04

View user profile

Back to top Go down

Re: Malware and Sandboxed vulnerable programs with driver components.

Post by Hungry Man on 25/9/2012, 04:23

I doubt it. Drivers just allow a program to interact with a specific set of hardware. If I install program A and it uses a driver to interact with the webcam it'll install that driver. I then sandbox A with, say, Sandboxie. It should still be able to use that driver to interact with the hardware, but that's all.

It's only a set of instructions on how to do something, it can't do anything on its own as far as I know. Obviously if you give Program A write access to the driver it could turn it into anything but you already know that.

Hungry Man
Member
Member

Posts : 10
Join date : 2012-09-25

View user profile

Back to top Go down

Re: Malware and Sandboxed vulnerable programs with driver components.

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum