Sandboxie configurations
5 posters
Page 2 of 2
Page 2 of 2 • 1, 2
Re: Sandboxie configurations
Rico, not much else to add - you summed it up well.
The configuration of "ReadFilePath=C:" seems to work well with IE (which happens to be my "banking" browser). To be honest, it's a nice idea (I guess it has to be since I came up with it haha), but I really don't see much point for it personally. For example, if I wanted to do online banking:
1. Open IE 8 in its sandbox (which is definitely "clean", given step 5 below).
2. Go to banking site.
3. Perform banking.
4. Quit IE 8.
5. Delete sandbox.
With the above approach, I can't really see how a Read Only C:\ will help. Thoughts?
The configuration of "ReadFilePath=C:" seems to work well with IE (which happens to be my "banking" browser). To be honest, it's a nice idea (I guess it has to be since I came up with it haha), but I really don't see much point for it personally. For example, if I wanted to do online banking:
1. Open IE 8 in its sandbox (which is definitely "clean", given step 5 below).
2. Go to banking site.
3. Perform banking.
4. Quit IE 8.
5. Delete sandbox.
With the above approach, I can't really see how a Read Only C:\ will help. Thoughts?
Re: Sandboxie configurations
I think it only helps in quite opposite of the situation you mentioned. This setup would be ideal for the general/unsafe browsing box, especially when used on x64 windows. All the mentioned drawbacks for Sandboxie on that platform would be a complete non-issue then. You have figured out how to coverup the potential Patchguard imposed weaknesses on Sandboxie.
A bank-only box wouldnt need much tightening up as it is only used for 1 thing only, on 1 type of sites only, which are secure.
A bank-only box wouldnt need much tightening up as it is only used for 1 thing only, on 1 type of sites only, which are secure.
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Sandboxie configurations
I see what you mean. However, it's not going to be very practical for most people. I don't know about you (or most people), but I regularly download files with my general browsing box. Obviously by making C:\ Read Only, this would not be possible.
Furthermore, for those who like creating new favourites, maintaining browser history etc, this would also be a nuisance.
Considering the fact that none of us have seen in-the-wild malware which doesn't utilise a .EXE file, is this configuration really worth-while? In general, I think I would have to agree with p2u that this configuration is not "workable" (or convenient), with regards to general everyday browsing. Perhaps if certain exceptions were made (eg. allow writing access to a specific folder), then this would become more "workable". However, I don't think it's possible to do this with Sandboxie at present - there's no way to specifically exempt a folder once you've configured ReadFilePath=C:\. That is, there's no way to exempt sub-folders. Perhaps a Feature Request is warranted? I'll post it on the Sandboxie forums and see what others think.
Furthermore, for those who like creating new favourites, maintaining browser history etc, this would also be a nuisance.
Considering the fact that none of us have seen in-the-wild malware which doesn't utilise a .EXE file, is this configuration really worth-while? In general, I think I would have to agree with p2u that this configuration is not "workable" (or convenient), with regards to general everyday browsing. Perhaps if certain exceptions were made (eg. allow writing access to a specific folder), then this would become more "workable". However, I don't think it's possible to do this with Sandboxie at present - there's no way to specifically exempt a folder once you've configured ReadFilePath=C:\. That is, there's no way to exempt sub-folders. Perhaps a Feature Request is warranted? I'll post it on the Sandboxie forums and see what others think.
Re: Sandboxie configurations
Actually, I think and readfilepath exclusions would defeat the purpose, even if they were possible. The best course of action is to allow start/run access to a trusted download manager on your computer -- in another sandbox besides the the read-only browsing one.
Then you could copy/paste you link from your read-only browser sandbox, into the download manager sandbox which should fetch the file for you. With favorites links, users can copy paste them in a text file on the desktop for future reference. Now it may not be the most convenient thing in the world, but I am the type of person who would make concessions to achieve ultimate security. Its a fact that convenience and security are inversely related. Color me paranoid, haha
This workflow would be possible for registered users only, because its a could run sandboxes simultaneously. I know that this isn't exactly for everyone but I thought I'd share the latest config I have reached.
Then you could copy/paste you link from your read-only browser sandbox, into the download manager sandbox which should fetch the file for you. With favorites links, users can copy paste them in a text file on the desktop for future reference. Now it may not be the most convenient thing in the world, but I am the type of person who would make concessions to achieve ultimate security. Its a fact that convenience and security are inversely related. Color me paranoid, haha
This workflow would be possible for registered users only, because its a could run sandboxes simultaneously. I know that this isn't exactly for everyone but I thought I'd share the latest config I have reached.
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Sandboxie configurations
Or better yet, one could apply the read only setting to only the browser executable, yet have everything else in the sandbox able to write to disk. That way a download manager could run in the same sandbox and do its job. That way its much more practical
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Sandboxie configurations
By the way guys, who here removes the following default template from their sandbox configurations?:
http://www.sandboxie.com/phpbb/viewtopic.php?t=7655
Some further information here:[Template_Firefox_Phishing_DirectAccess]
Tmpl.Title=#4337,Firefox
Tmpl.Class=WebBrowser
OpenFilePath=firefox.exe,*\urlclassifier*.sqlite*
http://www.sandboxie.com/phpbb/viewtopic.php?t=7655
Page 2 of 2 • 1, 2
Similar topics
» Configurations?
» Mis-understandings about Sandboxie
» breakout sandboxie 3.46 x64
» Sandboxie Discount?
» Sandboxie's future
» Mis-understandings about Sandboxie
» breakout sandboxie 3.46 x64
» Sandboxie Discount?
» Sandboxie's future
Page 2 of 2
Permissions in this forum:
You cannot reply to topics in this forum
|
|