A Few Questions Regarding AIS

[whitedragon551]

I have both IE and Firefox virtualized. They both have issues with flash sites. Is there a way to allow flash to be virtualized as well without allowing all addons via the Browsers All Setting check box?

Also is there a way to allow the sandbox to delete contents when IE and FF are closed or does it have to be done manually?

[Gargamel360]

Using a 64bit OS, I guess?  If so, this is an old issue, and apparently a tough one to crack for the developers.  If I am right, the sandboxed browsers are not so much "having issues with Flash", but failing to load up your Flash plugin (and a couple others you might not even notice are not running) when you launch your browser . 

But maybe you meant something else by saying "Having issues with Flash"?  If so, please clarify.

Is there a way to allow flash to be virtualized as well without allowing all addons via the Browsers All Setting check box?

Not that I am aware of.  It will load up sooner or later, if you are stubborn enough. Just keep running it sandboxed and checking to see if they (plugins) loaded right. Success/fail rate greatly varies, i.e. sometimes it loads up right 5 times in a row sandboxed, sometimes it fails 15 times straight( ).

Also is there a way to allow the sandbox to delete contents when IE and FF are closed or does it have to be done manually?

No, but that is a decent idea, add it to the wishlist on this forum maybe.   

[whitedragon551]

Using Windows 7 x64 Pro.

I visit alot of sites that need flash. All of them say Im missing the plugin, but Im clearly not. Happens in IE, IEx64, and FF.

So in reality the Avast sandbox is extremely crippled compared to the Sandboxie counterpart.

[Gargamel360]

Everyone visits sites that need Flash.  It is pretty hard to avoid.  The sites are correct, you are missing the plugin (while sandboxed) as it simply fails to load with the rest of the browser.

So in reality the Avast sandbox is extremely crippled compared to the Sandboxie counterpart.

Could not say, having never used Sandboxie.  This problem has been a thorn in my side for some time, I gave up the "Always run in Sandbox" option because of it.  Still use it for financial stuff and ....other things....

I am hoping the coming expansion of the Avast! Sandbox to a "Secure Desktop" fixes these nagging problems, as it seems the more "broad" virtualization is run, the smoother it is.

[whitedragon551]

Basically sandboxie allows the auto delete of the sandbox as soon as what ever is sandboxed is closed whereas Avast keeps it on the HD in a hidden folder. Not so great for security if I say so myself.

Another issue is that Sandboxie allows the ability to add FF addons into the sandbox and allows them to be sandboxed with the browser so the browser is fully functional where as Avast doesnt. It just cripples.

[Gargamel360]

Basically sandboxie allows the auto delete of the sandbox as soon as what ever is sandboxed is closed whereas Avast keeps it on the HD in a hidden folder. Not so great for security if I say so myself.

Could you explain why it is less safe?  Being as whatever is in the sandbox is essentially isolated anyway, why the need to auto delete it?  If your point was it offers less end-user control than Sandboxie, I could see that.  But end-user control only equals more security for a handful of well-educated users.

Another issue is that Sandboxie allows the ability to add FF addons into the sandbox and allows them to be sandboxed with the browser so the browser is fully functional where as Avast doesnt. It just cripples.

Remember this is a 64bit problem, the plugins load at launch great for 32bit users.  I don't know, maybe this has something to do with Kernel Patch Protection (only present on 64bit OS's), and every time Avast! figures the plugin problem out, a new kernel patch comes and botches it (just speculation)

Either way, it can and will work, it is not a total failure.  But it is very irritating.

[whitedragon551]

Basically sandboxie allows the auto delete of the sandbox as soon as what ever is sandboxed is closed whereas Avast keeps it on the HD in a hidden folder. Not so great for security if I say so myself.

Could you explain why it is less safe?  Being as whatever is in the sandbox is essentially isolated anyway, why the need to auto delete it?  If your point was it offers less end-user control than Sandboxie, I could see that.  But end-user control only equals more security for a handful of well-educated users.

Another issue is that Sandboxie allows the ability to add FF addons into the sandbox and allows them to be sandboxed with the browser so the browser is fully functional where as Avast doesnt. It just cripples.

Remember this is a 64bit problem, the plugins load at launch great for 32bit users.  I don't know, maybe this has something to do with Kernel Patch Protection (only present on 64bit OS's), and every time Avast! figures the plugin problem out, a new kernel patch comes and botches it (just speculation)

Either way, it can and will work, it is not a total failure.  But it is very irritating.

Why would you want malware residing on your PC in a hidden folder? That in itself is insecure.

As for addons. Flash doesnt need to patch the kernel. There is no reason for KPP to effect it. It gets installed to a folder just like other basic applications.

[Gargamel360]

Why would you want malware residing on your PC in a hidden folder? That in itself is insecure.

I would certainly not want that.  But, as I said, if it is isolated, similar to the virus chest, and it can't touch you system, is your system not safe regardless?  Really, I flush the sandbox after every use, I am with you there.  But not all users of the sandbox will do that, and they should not be expected to be less safe for not doing it, especially since the delete button is so snugged away in expert settings, where many users fear to tread.

As for addons. Flash doesnt need to patch the kernel. There is no reason for KPP to effect it. It gets installed to a folder just like other basic applications.

I was referring not to Flash, but the Sandbox (in relation to KPP).  Which, like all sandbox software, has more hooks than a tackle box.

[whitedragon551]

As for addons. Flash doesnt need to patch the kernel. There is no reason for KPP to effect it. It gets installed to a folder just like other basic applications.

I was referring not to Flash, but the Sandbox (in relation to KPP).  Which, like all sandbox software, has more hooks than a tackle box.

I understand what your saying here, but if FF works in the sandbox and works through KPP then why should Flash not? Its a fundamental part of the browser and its directly tied into the browser. The way I see it is there is no reason it shouldnt work.

[Gargamel360]

I understand what your saying here, but if FF works in the sandbox and works through KPP then why should Flash not? Its a fundamental part of the browser and its directly tied into the browser.

Well, we disagree on one point for sure.  Flash is not, imo, directly "tied in" to any browser.  It is a buggy plugin with as many security holes as the Swissest of cheeses.  But, they have cleverly become nearly essential to a rich browsing experience, yes. 

The way I see it is there is no reason it shouldnt work.

There is no debating this.....if you pay for something, it should work as advertised, no?

[GloobyGoob]

Basically sandboxie allows the auto delete of the sandbox as soon as what ever is sandboxed is closed whereas Avast keeps it on the HD in a hidden folder. Not so great for security if I say so myself.

This can be adjusted in the Expert Settings. Just untick "Store files in special storage."

Normally, whenever an application is launched in the sandbox, avast! creates a special sandbox storage area for that application and where virtualized files/folders are saved. This sandbox storage is then normally deleted when the application is terminated. If the box "Store files in special storage in the sandbox..." is checked, a completely separate sandbox storage will be used for web browsers and this will not be automatically deleted when the browser is terminated. This means that the next time the browser is launched, it will use the same sandbox storage from the previous browser session, which will therefore improve the browser's performance.