To Customer Support To Customer Support
Solved

Fact or Myth - If you Sandbox Your Browser Your Completely Safe

  • 31 May 2013
  • 5 replies
  • 272 views
tsr
Rank
Userlevel 5
  • tsr
  • Popular Voice
  • 141 replies
Here is a question for our members. If you sandbox your browser your completely safe and don't need a antivirus software.
We are all well aware that numerous antivirus software's have sandbox feature incorporated within its app.
    So based on this premise you should be able to surf the web..............Download apps in the sandbox and when your done, simply empty the sandbox and no harm is done to your PC......................Right????  or wrong??????????????
 
Conclusion:
    Need input on this issue pro's and cons;)
 
icon

Best answer by explanoit 2 June 2013, 02:29

View original

5 replies

shorTcircuiT
Rank
Userlevel 7
Wrong.  Malware can sometimes still slip out of the sandbox, so you need to have an AV solution on the computer.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
I agree with David a sandbox can be exploited by certain malware it's like any security software they are not 100% effective but WSA has the Rollback feature and if a infection does get by and determined bad your system can go back to pre-infection status.
 
Daniel
explanoit
Rank
Userlevel 7
Badge +6
(Background: I run WSA and the commercial edition of Sandboxie in addition to several virtual machines)
 
For all practical purposes no general use computer is ever safe. And for many users, sandboxing is not a plug and play, silver-bullet  technology - it requires you understand what they do and follow certain rules for them to be most effective. A sandbox is a tool not a solution.
 
WSA employs limited sandboxing against unknown executables in addition to journaling. In this regard it's above arguments about "antivirus is worthless because it only detects common things with signatures generated." However, it's not a hard sandbox that can be directly controlled or monitored. Other sandboxes out there will isolate a program from making any writes outside of its box which will protect the rest of the system.
 
The weakness in running most sandboxes is that they only block writes and also reads to certain sensitive areas - they usually don't block reads of your tax documents or files or programs. Just running a sandbox doesn't mean you're now free to let anything you find on the internet run forever inside that box.
 
If you're willing to split your life up into multiple sandboxes that you have customized to specially store data, limit reading, and delete the state after use, you can run a very tight ship when it comes to computer security that exceeds the protection of antivirus for almost anybody. However, in my opinion you still want the AV protecting Windows in case you screw up or something gets past/comes in a vector you didn't design for. Not everything can be sandboxed. Considering the light footprint and cost of a modern AV compared to the information you're trying to protect, there aren't very many great arguments for not running antivirus.
 
As with anything computer security related, this is an extremely complicated topic and this post glosses over many things. I'm just saying for the average user you still want the AV.
 
(Side note: If you're hardcore about sandboxing, check out http://qubes-os.org/trac which instead of running software sandboxes, runs entire operating systems)
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
BlazeTen
Rank
Userlevel 7
Badge +7
As always... A Great "Explanation" from you...I learned a lot...Very very good !  Can it be this is how you came about your Username ?
explanoit
Rank
Userlevel 7
Badge +6
Thanks @ :cathappy:
 
I needed a new identity for computer security related activities a few years ago. This was mostly after someone trolled me out of being a Wikipedia administrator :catsad: <humblebrag>
My name is a shortening of either
 
explain the exploit
or
explain, exploit
 
I was originally going to be explainoit but it didn't sound right to me.
 
I will need to write a followup to this post since I didn't address kernel attacks which almost no methods protect against.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.