Sandbox Technical Details & Comparison Please?

[REDACTED]

^Greetings,

In Avast Internet Security 2015 there's a sanbox which you can canfigure to automatically run with software, directories in software, etc. So far I haven't been able to find any super technical details on how the sandbox works. I have noticed that in comparison to Sandboxie it allows information to be brought in and future information to be stored (such as browser history, bookmarks, cookies, etc.). Are programs given full access to the machine even though they're sandboxed? How exactly are we bring protected.

Another important question: How does Avast sandbox compare to sandboxie as far as what it does and how secure it is? Which is stronger and why? I really like the ease of use of the Avast sandbox but as we know ease of use often means a sacrifice of security. Can someone who knows or an Avast employee please address these issues as technically as possible (I'm an accomplished computer scientist and can handle the details).

Thank you.

[Eddy]

https://blog.avast.com/2012/11/16/what-is-the-avast-autosandbox-and-how-does-it-work/

[REDACTED]

https://blog.avast.com/2012/11/16/what-is-the-avast-autosandbox-and-how-does-it-work/

Thank you but that doesn't explain the technical side of things. I want to know how it does what it does (What steps it takes to sandbox something in order to protect the system). Also I've just noticed that in firefox when I download something I can't find it in the specified download location. I would also like to know everything that happens as far as the browser. That post you linked me to is from 2012 and doesn't explain much. If I sandbox firefox no settings I make will be present the next time I start it inside or outside the sandbox (bookmarks, extensions, history, extension settings, downloads, cookies, etc)?

I would like to know the answers to these questions and all useful technical specifications of how it works in Its current version.

Thanks

[REDACTED]

The point here is to know how safe I am and what inconveniences the current version might present using it with different types of software such as browsers (browsers are of course one of Its most important applications). Knowing the technical details of what this sandbox actually does gives me an idea of how safe it actually is and what consequences there are of using it. For instance I have no idea how safe it actually is and why I can't access my firefox downloads when using it. I've activated the exceptions for bookmarks, cookies, cache but not the exception for addons. I'm assuming this means any changes I make to my browser involving extensions wont keep.

[REDACTED]

:bump: I would like some answers please. I'm considering purchasing licensing for my company but I'm not going to deploy software on machines without technical explanations.

[mchain]

:bump: I would like some answers please. I'm considering purchasing licensing for my company but I'm not going to deploy software on machines without technical explanations.

Hi Tom20,

Sounds like consideration is being given to an enterprise version of avast, rather than a consumer copy, as here.

Business:  https://forum.avast.com/index.php?board=33.0
Server:  https://forum.avast.com/index.php?board=8.0
Education:  https://forum.avast.com/index.php?board=55.0

[pk]

We don't publish any technical details -- if you have some internal/additional questions, you can write me email: kurtin@avast.com
Our sandbox have some special settings for common web browser (IE/FF/Chrome/Opera) and you can set if history/cookies/... will be saved for next web browser run, or deleted. When you download something from web browser, it should be detected (as standard Save-As operation) and excluded automatically from the sandbox (if you think it's not working, let me know your OS + web browser version, I'll try to repro it here).

>> Are programs given full access to the machine even though they're sandboxed?
Sandboxed apps, even with maximum access rights, will be automatically blocked from destructive operations (i.e. all their changes will remain in the sandbox; once they're terminated, their changes will be destroyed). Those changes are visible only from view of the sandbox.

>> sandboxie comparison
Some features are implemented better in sandboxie, some of them in avast. I tried to add features to support web browsers, we also use hardware virtualization CPU feature (VT-x/AMD-v) for sandbox on 64-bit OSes (sandboxie does not) and I think this is very significant difference.

If you need more technical details, write me email; if you need add a feature to sandbox, let me know as well. Thanks.

[REDACTED]

Good enough answer for now I suppose. Its just that with sandboxie I could actually see as a program runs a tree of what its doing. The whole 64 bit thing with Avast sounds encouraging. BTW on windows8.1 putting the google chrome directory in program files in the sandbox presents some problem where whenever the chrome auto-update happens the windows "open .exe file as" dialogue always pops up asking me what to open the .exe file with. This doesnt happen every time the updater runs. I can't explain it but i know thats what it is because I opened it once in a text editor and saw the file location.

This leads me to believe that something is then happening outside the sandbox at that point.