Why can't I acess an infected site when in Sandbox mode?

[shambolic]

Hi all, I have just purchased the full license purely for the sandbox mode. This is because a forum that I visit regularly seems to have some Rogue code going on. I was thinking to run my browser in sandbox mode and have a look, see if there is any discussion about what is happening on the forum but when I do it seems that AVAST itself won't allow me to access. There doesn't seem to be much point to the sandbox if this is the case? Is there any way I can access this Forum in sandbox mode?

[Lisandro]

All pages should be possible to run with your browser sandboxed...
Well, if not, something need to be corrected.
Which is your browser and which is that particular forum?

[shambolic]

The forum is Richardhawleyforum.co.uk I usually use firefox but as it didn't show the red surround when sandboxed I couldn't be sure it was running. So I used Internet explorer

[spg SCOTT]

Hi shambolic,

The site (I know nothing about the sandbox/AIS...)

http://www.UnmaskParasites.com/security-report/?page=richardhawleyforum.co.uk
http://www.virustotal.com/url-scan/report.html?id=a031b184ebcfd3724dae9a9619d114df-1284715000
http://www.virustotal.com/file-scan/report.html?id=94fef63144a7e70419bb80822eb9ff1da0343e458f0cd1d39727800d5dc8e1ac-1284722203

To be honest it is probably a good thing that you cannot access the site...
It appears that any and all content that was there has now been removed and replaced with 5 hidden iframes pointing to a malicous site.


This site that the iframes point to are also blocked by the network shield.

 

[Lisandro]

If you set the red borders to be shown and if you set Firefox to run sandboxed
AND you don't see the red borders, well Firefox is not being sandboxed or your avast installation is messed.
If the site is infected, most probably avast will block regardless Firefox is running in/out of the sandbox.

[shambolic]

If you set the red borders to be shown and if you set Firefox to run sandboxed
AND you don't see the red borders, well Firefox is not being sandboxed or your avast installation is messed.
If the site is infected, most probably avast will block regardless Firefox is running in/out of the sandbox.

That makes me wonder what is the point of sandboxing the browser?

[Lisandro]

That makes me wonder what is the point of sandboxing the browser?

1. avoid browser exploits to be abused.
2. most important: avoid executables, scripts, etc. to infect the system or make damage with admin rights.

[shambolic]

Isn't that what an infected site such as the forum I mentioned does?

[DavidR]

That makes me wonder what is the point of sandboxing the browser?

1. avoid browser exploits to be abused.
2. most important: avoid executables, scripts, etc. to infect the system or make damage with admin rights.

@ shambolic
Running in a sandbox, doesn't turn off the web or network shields, so avast is going to alert in the same way.

The reason for sandboxing is to limit the harm/damage that an infection can do should it be a zero day exploit/infection, that otherwise avast's shields may not detect. It is another level of protection.

[pk]

@shambolic, what's your OS type? 32-bit or 64-bit? Is sandboxed Firefox listed in "Process Virtualization" list in avast UI?

[shambolic]

Hi, it's 32 bit windows 7 and Firefox is not showing in the prcess virtualization list when I run it virtualized