Malware and Sandboxed vulnerable programs with driver components.
3 posters
Page 1 of 1
Malware and Sandboxed vulnerable programs with driver components.
I was thinking about this the other day. If a trusted program on the host that has a driver component, and its running in the sandbox and a malicious executable finds a hole in that programs driver, can it potentially escape? I know that for example there are PDF reader programs that have virtual printers.
D1G1T@L- Moderator
- Posts : 13
Join date : 2012-06-04
Re: Malware and Sandboxed vulnerable programs with driver components.
I thought Sandboxie 32-bit (and 64-bit with Experimental Protection enabled) had no issues with containing "driver components"?
Re: Malware and Sandboxed vulnerable programs with driver components.
I understand that new drivers cannot be installed in the sandbox however, what I am talking about is programs installed outside the sandbox and are being executed sandboxed. They are still able to communicate with their drivers that are run outside. That's how AV's are still able to scan within the sandbox when a manual scan is initiated in a sandboxed windows explorer.
What I am curious about is if something could compromise such a sandboxed legit process outside that has a driver component outside and drawbridge out of isolation.
What I am curious about is if something could compromise such a sandboxed legit process outside that has a driver component outside and drawbridge out of isolation.
D1G1T@L- Moderator
- Posts : 13
Join date : 2012-06-04
Re: Malware and Sandboxed vulnerable programs with driver components.
I doubt it. Drivers just allow a program to interact with a specific set of hardware. If I install program A and it uses a driver to interact with the webcam it'll install that driver. I then sandbox A with, say, Sandboxie. It should still be able to use that driver to interact with the hardware, but that's all.
It's only a set of instructions on how to do something, it can't do anything on its own as far as I know. Obviously if you give Program A write access to the driver it could turn it into anything but you already know that.
It's only a set of instructions on how to do something, it can't do anything on its own as far as I know. Obviously if you give Program A write access to the driver it could turn it into anything but you already know that.
Hungry Man- Member
- Posts : 10
Join date : 2012-09-25
Similar topics
» DW still vulnerable on anti-TOCTTOU BY mj0011
» Tracking down malware
» Sandboxed imaging
» FUN: Help me write a filter driver
» Malware: certified trustworthy
» Tracking down malware
» Sandboxed imaging
» FUN: Help me write a filter driver
» Malware: certified trustworthy
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|