Integrity Levels Vs. Sandboxie

View previous topic View next topic Go down

Integrity Levels Vs. Sandboxie

Post by exus69 on 10/6/2013, 07:48

Hello,

I just read about Windows IL and following is what I've understood about it. Please correct me if I am wrong.

Windows IL mechanism helps to protect processes and files/folders from malwares by restricting access (read,write or execute) by running the vulnerable process (for eg. browser) with Low IL so that it cannot access (read, write or execute) those processes or files/folders running with medium IL or higher.

If my above understanding is correct then let's take a real world scenario of IL and try to fit in the role of Sandboxie in the same.

Assuming that I am running Firefox (5 tabs open) with Low IL and a malware hits it.

- The malware can access data on other tabs.
- The malware cannot access Office applications, Adobe Reader, Chrome, files/folders on my D: since they all have Medium IL

According to the above scenario, if I visit a genuine site for work which is clean and I need to read a pdf/word/excel file then how can I read it ? Is downloading it and then opening it separately the only option ? Or lets suppose I open gmail.com using Firefox (Low IL) and I need to attach some pdf/word/excel files (Medium IL). How can I do it ? In the latter scenario,
one thing I can do is give those pdf/word/excel files Low IL as well but then it will defeat the very purpose of Integrity Levels.

After reading about ILs I was wondering if Sandboxie was doing anything different ?? You can give the same kind of restrictions that ILs give in SB. In fact, SB does it all in virtual environment unlike ILs. Additionally, ILs is an inbuilt Windows feature so I guess the bad guys would be more interested in bypassing it than SB. Agreed more security softwares increases the attack surface but SB has been pretty solid over the years with its developer quickly closing any holes.

So is it necessary to configure ILs if you have a well configured SB ?

exus69
New Member
New Member

Posts : 6
Join date : 2011-07-22

View user profile

Back to top Go down

Re: Integrity Levels Vs. Sandboxie

Post by Throwawayaccount123456 on 23/9/2013, 18:39

exus69 wrote:Windows IL mechanism helps to protect processes and files/folders from malwares by restricting access (read,write or execute) by running the vulnerable process (for eg. browser) with Low IL so that it cannot access (read, write or execute) those processes or files/folders running with medium IL or higher.
By default, a lower integrity level object cannot write to a higher integrity level object, but it can read and execute.

This default setting can be changed to deny even reading. [1]



[1] h t t p : / / blog.zeltser.com/post/3853226320/windows-integrity-levels-malware-protection-files

Throwawayaccount123456
New Member
New Member

Posts : 4
Join date : 2013-09-23

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum