Security Basics mailing list archives
RE: Sandboxie
From: "Laundrup, Jens" <Jens.Laundrup () METROKC GOV>
Date: Tue, 31 Oct 2006 07:07:06 -0800
You may also want to look at green border www.greenborder.com. It is more of an enterprise solution and we have been impressed with it. Jens -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali Sent: Saturday, October 28, 2006 8:28 AM To: Roger A. Grimes Cc: security-basics () securityfocus com Subject: Re: Sandboxie Roger, Thanks for the good info. Have you tried running IE in Altiris SVS? If so, I would like to hear your views on it. Thanks Saqib http://www.full-disk-encryption.net On 10/27/06, Roger A. Grimes <roger () banneretcs com> wrote:
I haven't tried Sandboxie, but as the InfoWorld magazine columnist I
get
to test lots of security products. I've tested many similar products like Sandboxie over the last two years, including GreenBorder and even Microsoft Vista's own file and registry virtualization. While there
are
certainly benefits to these sandbox or virtualization products, these class of products suffer the same problems as Java or Linux/Unix's
jail
products. Problems include: 1. No sandbox product is fool proof. While they might appear to be 99% foolproof early on, I've yet to meet one that could not be easily circumvented. So, while they might give you a moderate amount of protection early on, if they become popular, they will be hacked and circumvented. The underlying concept is flawed in its design, so that they will always be circumventable. 2. They all prevent some small percentage of legitimate applications from running. At worst, many of these products can't tell the
difference
between a Microsoft IE patch and malware. They simply prevent both. Or at best, although they prevent most malware programs, they do so at
the
risk of higher false-positives. For example, Java's first security model was fairly secure. But it was so secure that legitimate apps couldn't be run or store data. So they had to modify the original security model to be more flexible, and
when
they did that, the vulnerabilities began to appear in earnest. 3. Many, if not most, of these products contain their own vulnerabilities (e.g. buffer overflows, bugs that crash the system, etc.). So you end up trading off one set of bugs for another. Albeit, the program's buffer overflow vulnerability is less likely to be exploited than IE's, of course. 4. Most of these add-ons do not have enterprise deployment and management tools. Many do, but most don't. 5. When the underlying OS or app is updated, the sandbox has to be updated. For example, you install IE 7 and something no longer works.
Is
it IE 7 or the third party app. So, while any of these sandbox or virtualization applications can provide additional security, don't begin to believe that they are a panacea. Nothing beats a more secure app and OS. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- On 25 Oct 2006 07:18:14 -0000, barcajax () gmail com <barcajax () gmail com> wrote:Anyone tried this product and does it perform as advertised? http://www.sandboxie.com/ Would appreciate any feedback.
------------------------------------------------------------------------ ---
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life. http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------ ---
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Sandboxie barcajax (Oct 25)
- Re: Sandboxie Tsu (Oct 25)
- Re: Sandboxie Matt Lye (Oct 27)
- Re: Sandboxie Saqib Ali (Oct 27)
- RE: Sandboxie Roger A. Grimes (Oct 27)
- Re: Sandboxie Saqib Ali (Oct 31)
- RE: Sandboxie Patrick Wade (Oct 27)
- RE: Sandboxie Paul McGovern (Oct 31)
- RE: Sandboxie Roger A. Grimes (Oct 27)
- RE: Sandboxie Andrew Aris (Oct 27)
- <Possible follow-ups>
- RE: Sandboxie Laundrup, Jens (Oct 31)
- RE: Sandboxie Kimberly F. Adams (Oct 31)
- RE: Sandboxie Nathan B. Heck (Oct 31)