Question

Regarding the location of the registry: http://help.lockergnome.com/windows2/file-located--ftopict484827.html

It seems that they are a number of 'files' located throughout the C drive which mean that they are already set to readonly with the settings you have devised. If any of what I'm saying is wrong please feel free to correct me.

p2u wrote: Dll's can be readily downloaded from online resources, but if you have "copy"- protection on in AE2, the download will be blocked.

Paul, are the C:/ read only settings that are discussed here act in the same way? Do they provide copy protection too?

ssj100 wrote:what about malware which only exists in memory?

Is there memory only malware with no executable or file involved or did I misunderstand?

Rico wrote:Paul, are the C:/ read only settings that are discussed here act in the same way? Do they provide copy protection too?

Let me say first that "C:/ read only" doesn't seem workable to me.
P.S.: For Firefox it's enough to set it to start always in Private Mode.

Code:

browser.privatebrowsing.autostart = true

Nothing will be written to disk unless you specifically download something. When exiting Firefox, everything from memory cache is safely deleted.

The copy protection in AE2 has nothing to do with user (or program) access rights. AE2 determines that you want to download (= copy) an executable file from the Internet and will block that download.
P.S.: I believe this protection was also removed from AE3.

Paul

p2u wrote:Let me say first that "C:/ read only" doesn't seem workable to me.

It's fine when specified to IE's virtual environment only (and apparently Chrome's?), and is a viable method of locking down the environment further (eg. for internet banking purposes). This is the flexibility of application virtualisation (Sandboxie in particular).

As I mentioned in the Sandboxie configuration thread, making C:\ read only will prevent all newly introduced file types from being downloaded/executed (written to disk). I think AE2 only prevents .EXE and .DLL types.

Rico wrote:Is there memory only malware with no executable or file involved or did I misunderstand?

I was meaning malware which doesn't need to write to disk to perform malicious actions (eg. clip-board logging). Therefore, they execute and perform their actions only in memory. I'm not aware of such malware in-the-wild.

p2u wrote:Let me say first that "C:/ read only" doesn't seem workable to me.
P.S.: For Firefox it's enough to set it to start always in Private Mode.

I don't think this can prevent a driveby as a malicious site exploits vulnerabilities to be able to download anything without consent. In a perfect world, one would think that if they didn't explicitly permit the download of an executable it wouldn't be there. This however would be a vastly superior safety net that can't be beat.

@ ssj, so basically its not virus types that infest/ install on the PC? Clipboard logging shouldnt be an issue if you deisgnate a sandbox for unsafe vs safe browsing.

Rico wrote:@ ssj, so basically its not virus types that infest/ install on the PC? Clipboard logging shouldnt be an issue if you deisgnate a sandbox for unsafe vs safe browsing.

Yes, I would suppose so. And yes, a good security approach with Sandboxie is also necessary to realise its potential.