Author Topic: AIS5's Sandbox and Google Chrome updates  (Read 2881 times)

0 Members and 1 Guest are viewing this topic.

DigiDis

  • Guest
AIS5's Sandbox and Google Chrome updates
« on: October 05, 2010, 03:57:08 PM »
Just installed AIS 5 yesterday and immediately chose to always sandbox Chrome. There are no problems so far, but I wonder what will happen when Chrome decides to update itself while sandboxed?

Are there any known problems with Chrome?

Thanks!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: AIS5's Sandbox and Google Chrome updates
« Reply #1 on: October 05, 2010, 04:15:56 PM »
Generally, programs need to run outside of the sandbox to update themselves.
The best things in life are free.

Hermite15

  • Guest
Re: AIS5's Sandbox and Google Chrome updates
« Reply #2 on: October 05, 2010, 04:41:59 PM »
+ Chrome has native sandboxing abilities, it's completely useless to sandbox it with AIS.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2084
Re: AIS5's Sandbox and Google Chrome updates
« Reply #3 on: October 05, 2010, 07:32:07 PM »
Just installed AIS 5 yesterday and immediately chose to always sandbox Chrome. There are no problems so far, but I wonder what will happen when Chrome decides to update itself while sandboxed?

I didn't try that, but I would suggest you to update Chrome out of sandbox.

Quote
+ Chrome has native sandboxing abilities, it's completely useless to sandbox it with AIS.

@Logos, those are totally two different things called similar: Chrome sandbox is nothing more than a way of separating every component of the browser into the own process. It has a lot of mechanism to prevent inter-process communication, each process is isolated from others. It uses only Windows API to set up permissions/rights to other objects. On the contrary, avast sandbox virtualizes everything what that program writes, modifies, moves, etc. It works in kernel-mode (very low in system) so an unwanted malware executed from Chrome will be caught (= any registry/filesystem/hdd writes, hooks, process/thread injections, etc).

Hermite15

  • Guest
Re: AIS5's Sandbox and Google Chrome updates
« Reply #4 on: October 05, 2010, 08:23:21 PM »
@pk: I know that to achieve sandboxing Chrome uses Windows API, but still, according to these pages, it seems a bit more efficient than you say. And yes, I know as well that it's not done the same way at all ;D I haven't tested any of them with malware, so I can't tell which method would be more successful. This said, I know and read that Chrome has been tested as particularly resistant.

http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
http://www.chromium.org/developers/design-documents/sandbox

DigiDis

  • Guest
Re: AIS5's Sandbox and Google Chrome updates
« Reply #5 on: October 05, 2010, 09:15:33 PM »
Thanks for the info so far. AFAIK, Chrome is very secure because of the sandboxing technology (which I believe comes from the GreenBorder technology) but I still don't think it is at the level of say Firefox behind Sandboxie. Since I am not the only one who uses my machines, unfortunately my wife and young daughter use them, I want to be sure that in my absence nothing horrific happens. 

I bought the AIS suite hoping, in part, to get away from Sandboxie which is too much for my modest needs, and drives my daughter and wife crazy. It seems that the sandbox in AIS is very unobtrusive and my girls don't even know its on.

Let me know if there is more on the Chrome updates while sandboxed.

Thanks again