Security Basics mailing list archives
RE: Sandboxie
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 27 Oct 2006 10:58:09 -0400
I haven't tried Sandboxie, but as the InfoWorld magazine columnist I get to test lots of security products. I've tested many similar products like Sandboxie over the last two years, including GreenBorder and even Microsoft Vista's own file and registry virtualization. While there are certainly benefits to these sandbox or virtualization products, these class of products suffer the same problems as Java or Linux/Unix's jail products. Problems include: 1. No sandbox product is fool proof. While they might appear to be 99% foolproof early on, I've yet to meet one that could not be easily circumvented. So, while they might give you a moderate amount of protection early on, if they become popular, they will be hacked and circumvented. The underlying concept is flawed in its design, so that they will always be circumventable. 2. They all prevent some small percentage of legitimate applications from running. At worst, many of these products can't tell the difference between a Microsoft IE patch and malware. They simply prevent both. Or at best, although they prevent most malware programs, they do so at the risk of higher false-positives. For example, Java's first security model was fairly secure. But it was so secure that legitimate apps couldn't be run or store data. So they had to modify the original security model to be more flexible, and when they did that, the vulnerabilities began to appear in earnest. 3. Many, if not most, of these products contain their own vulnerabilities (e.g. buffer overflows, bugs that crash the system, etc.). So you end up trading off one set of bugs for another. Albeit, the program's buffer overflow vulnerability is less likely to be exploited than IE's, of course. 4. Most of these add-ons do not have enterprise deployment and management tools. Many do, but most don't. 5. When the underlying OS or app is updated, the sandbox has to be updated. For example, you install IE 7 and something no longer works. Is it IE 7 or the third party app. So, while any of these sandbox or virtualization applications can provide additional security, don't begin to believe that they are a panacea. Nothing beats a more secure app and OS. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- On 25 Oct 2006 07:18:14 -0000, barcajax () gmail com <barcajax () gmail com> wrote:
Anyone tried this product and does it perform as advertised? http://www.sandboxie.com/ Would appreciate any feedback.
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Sandboxie barcajax (Oct 25)
- Re: Sandboxie Tsu (Oct 25)
- Re: Sandboxie Matt Lye (Oct 27)
- Re: Sandboxie Saqib Ali (Oct 27)
- RE: Sandboxie Roger A. Grimes (Oct 27)
- Re: Sandboxie Saqib Ali (Oct 31)
- RE: Sandboxie Patrick Wade (Oct 27)
- RE: Sandboxie Paul McGovern (Oct 31)
- RE: Sandboxie Roger A. Grimes (Oct 27)
- RE: Sandboxie Andrew Aris (Oct 27)
- <Possible follow-ups>
- RE: Sandboxie Laundrup, Jens (Oct 31)
- RE: Sandboxie Kimberly F. Adams (Oct 31)
- RE: Sandboxie Nathan B. Heck (Oct 31)