RE: Sandboxie
- From: "Laundrup, Jens" <Jens.Laundrup@xxxxxxxxxxx>
- Date: Tue, 31 Oct 2006 07:07:06 -0800
You may also want to look at green border www.greenborder.com. It is
more of an enterprise solution and we have been impressed with it.
Jens
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Saqib Ali
Sent: Saturday, October 28, 2006 8:28 AM
To: Roger A. Grimes
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Sandboxie
Roger,
Thanks for the good info. Have you tried running IE in Altiris SVS? If
so, I would like to hear your views on it.
Thanks
Saqib
http://www.full-disk-encryption.net
On 10/27/06, Roger A. Grimes <roger@xxxxxxxxxxxxxx> wrote:
I haven't tried Sandboxie, but as the InfoWorld magazine columnist Iget
to test lots of security products. I've tested many similar productsare
like Sandboxie over the last two years, including GreenBorder and even
Microsoft Vista's own file and registry virtualization. While there
certainly benefits to these sandbox or virtualization products, thesejail
class of products suffer the same problems as Java or Linux/Unix's
products. Problems include:difference
1. No sandbox product is fool proof. While they might appear to be 99%
foolproof early on, I've yet to meet one that could not be easily
circumvented. So, while they might give you a moderate amount of
protection early on, if they become popular, they will be hacked and
circumvented. The underlying concept is flawed in its design, so that
they will always be circumventable.
2. They all prevent some small percentage of legitimate applications
from running. At worst, many of these products can't tell the
between a Microsoft IE patch and malware. They simply prevent both. Orthe
at best, although they prevent most malware programs, they do so at
risk of higher false-positives.when
For example, Java's first security model was fairly secure. But it was
so secure that legitimate apps couldn't be run or store data. So they
had to modify the original security model to be more flexible, and
they did that, the vulnerabilities began to appear in earnest.Is
3. Many, if not most, of these products contain their own
vulnerabilities (e.g. buffer overflows, bugs that crash the system,
etc.). So you end up trading off one set of bugs for another. Albeit,
the program's buffer overflow vulnerability is less likely to be
exploited than IE's, of course.
4. Most of these add-ons do not have enterprise deployment and
management tools. Many do, but most don't.
5. When the underlying OS or app is updated, the sandbox has to be
updated. For example, you install IE 7 and something no longer works.
it IE 7 or the third party app.------------------------------------------------------------------------
So, while any of these sandbox or virtualization applications can
provide additional security, don't begin to believe that they are a
panacea. Nothing beats a more secure app and OS.
Roger
*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@xxxxxxxxxxxxx or roger@xxxxxxxxxxxxxx
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************
-----Original Message-----
On 25 Oct 2006 07:18:14 -0000, barcajax@xxxxxxxxx <barcajax@xxxxxxxxx>
wrote:
Anyone tried this product and does it perform as advertised?
http://www.sandboxie.com/
Would appreciate any feedback.
---
This list is sponsored by: Norwich UniversityExcellence
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
in Information Security. Our program offers unparalleled Infosecmanagement
education and the case study affords you unmatched consultingexperience.
Using interactive e-Learning technology, you can earn this esteemeddegree,
without disrupting your career or home life.------------------------------------------------------------------------
http://www.msia.norwich.edu/secfocus
---
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
------------------------------------------------------------------------
---
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: Re: Enterprise Level Email Encryption
- Next by Date: RE: Sandboxie
- Previous by thread: RE: Sandboxie
- Next by thread: RE: Sandboxie
- Index(es):
Relevant Pages
|
