Author Topic: Info on use of Sandbox  (Read 6241 times)

0 Members and 1 Guest are viewing this topic.

onepk

  • Guest
Info on use of Sandbox
« on: September 17, 2010, 03:40:43 PM »
I was attracted to AIS by the claims of the new Sandbox feature.  It sounds great and, so far, looks and feels great (notwithstanding with a small local difficulty currently being looked at in another topic - FireFox 3.6.10).  I can't help but feel though that my confidence in it and use of it would be greatly enhanced if more advice were available.  The info given in the current help menu is fine in terms of setup but I wonder is there, or might there be in the near future, something more akin to a "tutorial" on its pros and cons and general use for the novice user (and since it is such a new feature I assume there will be quite a few of those/us around)?

To start with for example I'm really looking for answers to questions like:
1) are there any downsides to always running your browser Sandboxed? Well, yes if you want to download and save files...any others I haven't discovered yet?
2) Is there a way of extracting downloaded files (eg "safe" email attachments) from the SB and saving them - or would that be silly and against the SB philosophy? 
3) Some programs (eg Skype - previous topic) are not Sandboxable.  Is there a way to press for this to change? 
4) Are there any other major programs that are currently not amenable?
5) The AIS help file says the SB is a "completely safe environment" in which to browse and run files.  "Completely" - really?  Does that mean I can relax and sleep at night?!

I'm sure I could get answers to these questions individually on the forums, but it would be nice also to get answers to questions I didn't know I had!

Sorry for the paranoia (only just got over a bad bout of Security Tool 2010!), but response on this forum to previous posts I've been interested in has been fantastic so thought I would try my luck.
 

Gargamel360

  • Guest
Re: Info on use of Sandbox
« Reply #1 on: September 17, 2010, 07:20:13 PM »
1: The possible instability of things running in sandbox.  Incompatibility, as you have noticed by your 3rd question about Skype.  Also possible conflicts with other "virtual" applications.

2: Lol@(safe email attachments)  ;D   No offense, but I believe in "safe email attachments" like I believe in Santa.  You already have the right idea, saving them rather than just opening them.  Last I tried that while sandboxed, it saved the attachment, no fuss.  Is it silly?  No, but the idea of the sandbox is being able to safely open/run things, so the user doesn't need the old protocol of saving attachments.  I guess it comes down to how far you are willing to trust it, but I will keep using the old way for now.

3: Be loud?  ;)  It is murky to me who you would need to talk to about it, though, Skype or Avast!, or both.

4: Not that I am aware of, but that changes.  Updates of both Avast! and whatever you want to run sandboxed can change things day-to-day.

5: ......No.  Do not mistake marketing for fact.  Nothing is 100% safe, I doubt the sandbox is bulletproof.  That said, on 2 occasions it has helped me, and not failed me ever that I know of.  And it has gotten smoother and smarter as well.  

There was a post here>>http://forum.avast.com/index.php?topic=63367.0 by a forum user about Avast! developing a "Secure Desktop" function.  He does not work for Avast!, mind you, but he has a good dialog with Avast!'s sandbox developer, so I am inclined to believe him.  This would likely replace the sandbox, should all go well and they go ahead with the idea and no problems happen with its development.  (a lot of "ifs" since there is nothing official yet)  Just something to look forward to  ;)

I ran into a rouge much like "Security Tool" right after I installed AIS, and the sandbox served me well, allowing me to close out my locked-up browser from the Avast! UI, taking the nasty thing down the toilet with it, leaving just a single altered registry key.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: Info on use of Sandbox
« Reply #2 on: September 17, 2010, 07:50:35 PM »
onepk, please let me know what's your exact OS and web browser

1) are there any downsides to always running your browser Sandboxed? Well, yes if you want to download and save files...any others I haven't discovered yet?
I imagine that avast sandbox should be mainly used for web browsers and therefore any compatibility issues should be fixed asap. If you find something strange/missing feature, please let me know. Web browsers's downloads should be automatically detected by avast sandbox and excluded from the sandboxing - they should be stored directly on disk (see "Automatically detect safe locations..." checkbox in the settings). Two days ago, I found out there was a problem with detection of the default download location in Firefox browser (only on XP systems). It's still under investigation, because I haven't find a solution for this yet.. So, everything what's downloaded in web browsers or over SaveAs dialog, this operation is detected and considered as trusted operation.

Quote
2) Is there a way of extracting downloaded files (eg "safe" email attachments) from the SB and saving them - or would that be silly and against the SB philosophy?
not at all, but there's no UI for that in the current avast version.. it wasn't time to do that yet, but i'll implement it probably in v6.0 (because v5.1 is already knocking on the door). It will be called something like sandboxes manager to support multiple sandbox containers, web browsers, secure desktop, etc. You'll be able to extract files/registry outside the sandboxes or copy something inside.

Quote
3) Some programs (eg Skype - previous topic) are not Sandboxable.  Is there a way to press for this to change?
Oh, I haven't read that topic yet, thanks for info. I'll add support for these apps - the problem is, that skype shortcut doesn't use direct filename path, so sandbox wasn't able to determine which EXE belongs to this shortcut. That's the reason why sandbox actions were not shown in the right-click menu. I think even "avast scan" action was missing. In past I added support for IE - and I know also MS Office/Safari shortcuts are not resolved yet.

Quote
4) Are there any other major programs that are currently not amenable?
e.g. some installers, because they're little hard to virtualize... usually you won't be able to run them properly, that's because they use lot of complex system APIs to register themselves to the system (COM interface, SCM, ...). This is on my to-do list to improve this situation.

Quote
5) The AIS help file says the SB is a "completely safe environment" in which to browse and run files.  "Completely" - really?  Does that mean I can relax and sleep at night?!
In recent times I tested a lot of viruses/malware/web attacks in sandbox environment and nothing leaked from the sandbox. I know there are some weak parts, which are not fully virtualized yet (e.g. SCM, COM, RPC interfaces, OB), but it's really improved with each build. These interfaces aren't easy to abuse, but they mainly improve software compatibility (e.g. with the mentioned installers). All sandboxed programs are also automatically run with the lower access rights. Last fixed leak was caused by improper virtualization of Print Server in Windows.

Quote
This would likely replace the sandbox
@Gargamel360: no, secure desktop will only extend avast sandbox functionality; it won't replace the current sandbox modes

Gargamel360

  • Guest
Re: Info on use of Sandbox
« Reply #3 on: September 17, 2010, 08:04:31 PM »
@Gargamel360: no, secure desktop will only extend avast sandbox functionality; it won't replace the current sandbox modes

I stand enlightened, thanks, looking forward to it :)

Offline Rednose

  • Pirate Party Member
  • Avast √úberevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Info on use of Sandbox
« Reply #4 on: September 18, 2010, 12:08:06 AM »
@Gargamel360: no, secure desktop will only extend avast sandbox functionality; it won't replace the current sandbox modes

Yes and no :) There is more to tell about this feature ;)

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline jadinolf

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1090
Re: Info on use of Sandbox
« Reply #5 on: September 18, 2010, 01:18:41 AM »
I jumped on AIS much too fast. I notice that Virtualization removes passwords from many  the sites that I visit. Even though I tell my browser to remember, it doesn't. I then have to type in my user name and password on many of these sites every time I check in..Beginning to regret that I bought AIS.
printed on 100% recycled bytes

onepk

  • Guest
Re: Info on use of Sandbox
« Reply #6 on: September 18, 2010, 10:20:02 AM »
Thanks everyone for the replies - informative and interesting as usual.  One final point for now - when eventually I get back to being able to Sandbox Firefox 3.6.10, what is the recommended procedure in the event of an infection/attack?  Simply to close the browser session and start again? Sounds far too easy!  Alterations to the registry were also indicated as a possibility even after being in Sandbox mode - so should that subsequently be checked via MBAM, say?


Gargamel360

  • Guest
Re: Info on use of Sandbox
« Reply #7 on: September 18, 2010, 06:41:58 PM »
what is the recommended procedure in the event of an infection/attack?  Simply to close the browser session and start again? Sounds far too easy!  Alterations to the registry were also indicated as a possibility even after being in Sandbox mode - so should that subsequently be checked via MBAM, say?
There is no "recommended procedure", that would depend on many things.  I freaked out and ran a Avast! full scan, followed up with SAS and Mbam, then used an online scanner just for my peace of mind.  Mbam was the only engine that turned up anything, a single registry key, which I have been told is harmless all by itself anyway. 

What I said about closing out the sandboxed browser worked in this instance, whether or not it would protect you from other infection is hard to say for 100% certain.  I use this example of a rouge because rouges are a ...."loud" infection, there is no questioning something is there, but if it was something quiet that Avast! misses detection on, you would ideally never know it was there, flushed away when you close the sandbox. 

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: Info on use of Sandbox
« Reply #8 on: September 18, 2010, 06:52:58 PM »
Simply to close the browser session and start again?

Juck click "delete contents" button in Expert Settings, this will erase all files in the sandbox and all sandboxed registry entries.

MasterTB

  • Guest
Re: Info on use of Sandbox
« Reply #9 on: September 19, 2010, 12:14:26 AM »
What happens if, in order to get stability I disable the option to store the files on a special Sandbox Store as seen in the "Web Browsers" section of the Advanced Options for Sandbox (picture coming in Spanish).
My question is, there is no Delete Files option as suggested by "pk", what's the risk in disabling this?...
I've had a lot of problems running Opera in the sandbox, not to mention a ton others with IE8 and now IE9 beta.

And another question: is it safe to run add ons, plug ins, etc outside the sandbox? I ask because flash crashes a lot when sandboxed and sometimes it doesn't even load at all.

Martin.-

edit: forgot the pic..