Re: Sandboxie

Roger,

Thanks for the good info. Have you tried running IE in Altiris SVS? If
so, I would like to hear your views on it.

Thanks
Saqib
http://www.full-disk-encryption.net


On 10/27/06, Roger A. Grimes <roger@xxxxxxxxxxxxxx> wrote:
I haven't tried Sandboxie, but as the InfoWorld magazine columnist I get
to test lots of security products. I've tested many similar products
like Sandboxie over the last two years, including GreenBorder and even
Microsoft Vista's own file and registry virtualization. While there are
certainly benefits to these sandbox or virtualization products, these
class of products suffer the same problems as Java or Linux/Unix's jail
products. Problems include:

1. No sandbox product is fool proof. While they might appear to be 99%
foolproof early on, I've yet to meet one that could not be easily
circumvented. So, while they might give you a moderate amount of
protection early on, if they become popular, they will be hacked and
circumvented. The underlying concept is flawed in its design, so that
they will always be circumventable.

2. They all prevent some small percentage of legitimate applications
from running. At worst, many of these products can't tell the difference
between a Microsoft IE patch and malware. They simply prevent both. Or
at best, although they prevent most malware programs, they do so at the
risk of higher false-positives.

For example, Java's first security model was fairly secure. But it was
so secure that legitimate apps couldn't be run or store data. So they
had to modify the original security model to be more flexible, and when
they did that, the vulnerabilities began to appear in earnest.

3. Many, if not most, of these products contain their own
vulnerabilities (e.g. buffer overflows, bugs that crash the system,
etc.). So you end up trading off one set of bugs for another. Albeit,
the program's buffer overflow vulnerability is less likely to be
exploited than IE's, of course.

4. Most of these add-ons do not have enterprise deployment and
management tools. Many do, but most don't.

5. When the underlying OS or app is updated, the sandbox has to be
updated. For example, you install IE 7 and something no longer works. Is
it IE 7 or the third party app.

So, while any of these sandbox or virtualization applications can
provide additional security, don't begin to believe that they are a
panacea. Nothing beats a more secure app and OS.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@xxxxxxxxxxxxx or roger@xxxxxxxxxxxxxx
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
On 25 Oct 2006 07:18:14 -0000, barcajax@xxxxxxxxx <barcajax@xxxxxxxxx>
wrote:
> Anyone tried this product and does it perform as advertised?
> http://www.sandboxie.com/
> Would appreciate any feedback.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RE: A degree in MSIA - the various programs
    ... I am a 2005 graduate of the Norwich University Information Assurance ... Norwich is the well-known Information Security Specialist, ...
    (Security-Basics)
  • How to get into Penetration testing?
    ... I think it is very good for a pen tester to have programming ... security company's position. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • Re: Changing user password policy
    ... doing this with good security. ... > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... > The NSA has designated Norwich University a center of Academic Excellence ... Our program offers unparalleled Infosec management ...
    (Security-Basics)
  • RE: Sandboxie
    ... No sandbox product is fool proof. ... Java's first security model was fairly secure. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
    (Security-Basics)
  • Re: lock down personal Win XP workstation
    ... IRC over public wireless sparingly. ... Additionally I use "Security Configuration and Analysis" MMC ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
    (Security-Basics)