Spyware, Viruses, & Security forum

General discussion

Sandboxing?

Discussion is locked
You are posting a reply to: Sandboxing?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Sandboxing?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Nice idea.

In reply to: Sandboxing?

It's right up there with private virtual machines. This and the others are all attempts to keep danger contained in some small box.

Collapse -
Quite useful

In reply to: Sandboxing?

I am using Virtual PC if I want to do it in another system but in my non-testing box, I use Windows SteadyState's Windows Disk Protection. Anything I did is trashed after a reboot or after scheduled date I asked it to trash the changes.

Collapse -
Hmmmm

In reply to: Quite useful

So I could run Linux on the virtual PC? And does the pretty girl come with it?

Collapse -
Yes

In reply to: Hmmmm

Yes, you can run Linux OS on a virtual PC Happy

I see cool guy on it.

Collapse -
I was wondering

In reply to: Quite useful

If you had one of these programs set up, could you use it to purposely download malware or virus to see if you could figure out how to get rid of it? Or whether or not a certain program keeps it out?

Collapse -
Not recommending that unless

In reply to: I was wondering

you are in controlled network and configuration.
Some malware will find the personal information so I really do not recommend that you test unless your network is under control.

Yes you can test to install, observe what the malware will do and figure out what's the best way to remove it but most malware nowadays requires internet connection to download and installer another malware or rogue software and if you blocked connections, the malware is not fully installed or not all abilities of the malware is tested.

Remember, if you will allow the connection, you are putting your network at risk (if you have more than 1 computer).

I personally do not use Windows SteadyState and VPC 2007 for malware testing only. Windows SteadyState is also useful when trying a software or an update before I decide to allow it permanently in the computer.

>>>Or whether or not a certain program keeps it out?
Some malware itself can stop you installing because some of them is not VM-aware or not VM-compatible.

Collapse -
OK so bottom line

In reply to: Not recommending that unless

If you have Sandboxie or SafeSpace, you still need all your AV and maleware programs.

Collapse -
Yes, if you want to be safe

In reply to: OK so bottom line

Also firewall.

Collapse -
I'm a wee bit disappointed

In reply to: Yes, if you want to be safe

But I do appreciate the information.

Collapse -
You're welcome

In reply to: I'm a wee bit disappointed

It's really risky because there are reports of VM-aware malware rootkit that can even hose the host system (the non-test system) so really... it is not safe to malware testing in non-controlled environment.

Collapse -
Rootkit defense

In reply to: You're welcome

Are most active programs defending against rootkits? Avast, Spybot, and so forth?

Collapse -
Some of them have rootkit detections but...

In reply to: Rootkit defense

not all rootkit it easily identified.

Few months ago, I let some scanners to try to detect 2 rootkits for a test. Tested products: SUPERAntispyware, Malwarebytes Antimalware, A-squared Free, Ad-Aware, Spybot-S&D, Windows Defender and PC Tools Spyware Doctor.
Only SUPERAntispyware manage to detect 1 out of 2 rootkits. Others did not detect the rootkit at all.

Most standalone anti-rootkit scanners detected the 2 rootkits.

So.. no. Not all widely-use programs can defend and detect against rootkits. Standalone rootkit scanners is needed in addition to what others can try to find.

See: Anti-Rootkit Tools and Resources

Collapse -
Interesting:

In reply to: Some of them have rootkit detections but...

"Avira AntiRootkit Protection recognizes active rootkits. However, there are rootkits, which are used legally in programs. Avira AntiRootkit Protection also detects those. Please note that using reported rootkits is at your own risk and it can cause program errors."

I guess a person wouldn't want to remove a legal rootkit...

Collapse -
OK, I ran RootAlyzer

In reply to: Some of them have rootkit detections but...

I did the quick scan, which was very quick, then did the deep scan, which took 4:59 checking the registry, and 20:36 checking C. I used the default settings and the computer came up clean.

BTW, there was another poster who suspected a keylogger. I wonder if he could have a rootkit. I was just now doing a bit of reading on what this rootkit was, so I thought I'd make a link to the article.

Collapse -
One more question

In reply to: Quite useful

I'm assuming that any downloads you want to make would be to the virtual computer (VC), only. If you are on the Internet and see a program (or other files) that interest you, then it would only work in the VC and would disappear once the VC is gone? Maybe I have to play with it to get a good feel of it.

Collapse -
Yes

In reply to: One more question

Anything you will download to virtual PC is in VPC only. If you will execute, it will affect the VPC only unless the program is coded or programmed to detect that there is shared folders in the guest system (guest system is the system in the VPC) and the program added files or modify the shared folders.

Just don't add shared folders for the guest and host Happy

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.