RE: Sandboxie

["Roger A. Grimes" <roger () banneretcs com>]

I haven't tried Sandboxie, but as the InfoWorld magazine columnist I get
to test lots of security products. I've tested many similar products
like Sandboxie over the last two years, including GreenBorder and even
Microsoft Vista's own file and registry virtualization.  While there are
certainly benefits to these sandbox or virtualization products, these
class of products suffer the same problems as Java or Linux/Unix's jail
products.  Problems include:

1. No sandbox product is fool proof. While they might appear to be 99%
foolproof early on, I've yet to meet one that could not be easily
circumvented. So, while they might give you a moderate amount of
protection early on, if they become popular, they will be hacked and
circumvented. The underlying concept is flawed in its design, so that
they will always be circumventable.

2. They all prevent some small percentage of legitimate applications
from running. At worst, many of these products can't tell the difference
between a Microsoft IE patch and malware. They simply prevent both. Or
at best, although they prevent most malware programs, they do so at the
risk of higher false-positives.

For example, Java's first security model was fairly secure. But it was
so secure that legitimate apps couldn't be run or store data. So they
had to modify the original security model to be more flexible, and when
they did that, the vulnerabilities began to appear in earnest.

3. Many, if not most, of these products contain their own
vulnerabilities (e.g. buffer overflows, bugs that crash the system,
etc.). So you end up trading off one set of bugs for another. Albeit,
the program's buffer overflow vulnerability is less likely to be
exploited than IE's, of course.

4. Most of these add-ons do not have enterprise deployment and
management tools. Many do, but most don't.

5. When the underlying OS or app is updated, the sandbox has to be
updated. For example, you install IE 7 and something no longer works. Is
it IE 7 or the third party app.

So, while any of these sandbox or virtualization applications can
provide additional security, don't begin to believe that they are a
panacea. Nothing beats a more secure app and OS.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
On 25 Oct 2006 07:18:14 -0000, barcajax () gmail com <barcajax () gmail com>
wrote:
> Anyone tried this product and does it perform as advertised?
> http://www.sandboxie.com/
> Would appreciate any feedback.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------