Bitcoin Forum
November 17, 2024, 11:22:09 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Would Sandboxie help users from losing their bitcoins?  (Read 2601 times)
Icy- (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 21, 2011, 04:31:59 AM
 #1

I haven't looked into this further, but I use to use this program for video games to prevent certain things from being detected with modifications on the game I was playing.

I'm not sure if this would even work with bitcoin app, purhaps someone could take a look? Personally I don't understand whats going on with everyone left and right reporting getting their shit stolen, like shit what the hell. I hope something gets resolved to this ever growing serious problem.

If the people who use bitcoin now are getting their ewallets stolen, then for sure the rest of the world will be even more likely to have this happen and be very turned off.

Anyway, here is the site.
http://www.sandboxie.com/

Very easy program to use.

Benefits of the Isolated Sandbox

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 04:33:05 AM
 #2

I've been using this program for months now (even before I found Bitcoin). It would help, yes.
zhalox
Full Member
***
Offline Offline

Activity: 176
Merit: 106


XMR = BTC in 2010. Rise chikun.


View Profile
June 21, 2011, 04:43:07 AM
Last edit: June 21, 2011, 05:47:33 AM by zhalox
 #3

Sandboxie wouldn't protect your PC if a trojan read the wallet.dat file and secretly uploaded it to a foreign server.  Sandboxie simply helps protect from writing malicious data to your HDD, not reading from it...

EDIT: Apparently the new version can block sandboxed programs from accessing certain directories...

imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 04:46:09 AM
 #4

Sandboxie wouldn't protect your PC if a trojan read the wallet.dat file and secretly uploaded it to a foreign server.  Sandboxie simply helps protect from writing malicious data to your HDD, not reading from it...

You can block all sandboxed programs from accessing the Internet except for your browser.

edit:

You can also set it so certain directories cannot be accessed by any sandboxed program.
Icy- (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 21, 2011, 04:53:39 AM
 #5

Sandboxie wouldn't protect your PC if a trojan read the wallet.dat file and secretly uploaded it to a foreign server.  Sandboxie simply helps protect from writing malicious data to your HDD, not reading from it...

This is wrong.
Bunghole
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile
June 21, 2011, 04:54:49 AM
 #6

How is Sandboxie any better than running Ubuntu (for example) in a virtual machine (like VMware or Virtualbox)?
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 04:55:44 AM
 #7

How is Sandboxie any better than running Ubuntu (for example) in a virtual machine (like VMware or Virtualbox)?

It's easy to setup. It's really efficient to launch your browser within it. Full virtual machines are clunkier. Sandboxie is streamlined for this specific task basically.

Also, don't you like webpages to render quickly?
zhalox
Full Member
***
Offline Offline

Activity: 176
Merit: 106


XMR = BTC in 2010. Rise chikun.


View Profile
June 21, 2011, 04:58:30 AM
 #8

I personally would recommend a VM or clean Linux system rather than Sandboxie.  I use Sandboxie for other things, but believe me, malware exists that can break out of Sandboxie's "sandbox."  By all means, feel free to use it if you want, but if you really want to maximize security, you'll see that the "paranoid"/security conscious actually end up winning Smiley

Icy- (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 21, 2011, 04:59:38 AM
 #9

I personally would recommend a VM or clean Linux system rather than Sandboxie.  I use Sandboxie for other things, but believe me, malware exists that can break out of Sandboxie's "sandbox."

Same for VM

Plus sandboxie is a lot easier to use and takes seconds to install.
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 05:00:28 AM
 #10

I personally would recommend a VM or clean Linux system rather than Sandboxie.  I use Sandboxie for other things, but believe me, malware exists that can break out of Sandboxie's "sandbox."

You can't prove it. But sure, if you want to make up stuff, then go right ahead.
jkminkov
Hero Member
*****
Offline Offline

Activity: 698
Merit: 500


View Profile
June 21, 2011, 05:16:48 AM
 #11

How is Sandboxie any better than running Ubuntu (for example) in a virtual machine (like VMware or Virtualbox)?

you can see a trojan is making changes in that sandbox registry, installing itself somewhere and if it runs some not-anymore-hidden_executables

.:31211457:. 100 dollars in one place talking - Dudes, hooray, Bitcoin against us just one, but we are growing in numbers!
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 05:21:23 AM
 #12

Sandboxie was made specifically for this purpose. VMware was not.

Like jkminkov said, Sandboxie gives you great tools for seeing which files the sandboxed programs tried to modify or run. It also has other features I haven't explored yet.

I blocked off my %APPDATA%\BitCoin folder, and tested trying to open it with sandboxed Google chrome, and it didn't work, as intended.
zhalox
Full Member
***
Offline Offline

Activity: 176
Merit: 106


XMR = BTC in 2010. Rise chikun.


View Profile
June 21, 2011, 05:42:27 AM
 #13

Sandboxie may be more secure at the present time, but it has been hacked in the past as seen by some quick googling:

http://ssj100.fullsubject.com/t188-yet-another-proposed-sandboxie-bypass

http://www.wilderssecurity.com/showpost.php?s=14a8705973037892395c6143a80d11ab&p=1709792&postcount=39

http://www.wilderssecurity.com/showpost.php?p=1707945&postcount=77

Fortunately, the developer of Sandboxie seems to be active in updating when vulnerabilities are discovered, which at least adds some additional security in that respect.

I do acknowledge that I haven't fully investigated the latest version of Sandboxie, but my earlier post was simply responding as a former user of the program from a couple of years ago.  For the version I used a couple of years ago however, my original post was still legitimate in the sense that Sandboxie's functionality (at that point in time) was to protect your PC from getting infected with malware that corrupts the system's integrity by writing data to critical system disk locations, but did not function as a complete HIPS/firewall, and did not stop malware (even running within the sandbox) from reading data from your PC.  Just now, you've informed that you can supposedly block certain directories from access by sandboxed programs).  According to some of you, apparently its features have grown substantially, so I may need to investigate it.

As for me, I'm going to stick with keeping my BTC bank inside a VM on an encrypted virtual disk using a 40+ character password with multiple ciphers and an undisclosed hash algorithm  Cool

imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 05:44:12 AM
 #14

As for me, I'm going to stick with keeping my BTC bank inside a VM on an encrypted virtual disk using a 40+ character password with multiple ciphers and an undisclosed hash algorithm  Cool

Seems pretty bad-ass. Hopefully you're storing it in redundant places though?
zhalox
Full Member
***
Offline Offline

Activity: 176
Merit: 106


XMR = BTC in 2010. Rise chikun.


View Profile
June 21, 2011, 05:48:47 AM
 #15

Most definitely of course, different locations, various encrypted backups.  Heck, maybe I'll put a backup microSD card in my physical wallet lol Smiley

jkminkov
Hero Member
*****
Offline Offline

Activity: 698
Merit: 500


View Profile
June 21, 2011, 06:25:24 AM
 #16

sandboxie looks good as no external program can read its memory, but it just stores files unencrypted on hdd, so it is unusable only to run bitcoin inside a sandbox

.:31211457:. 100 dollars in one place talking - Dudes, hooray, Bitcoin against us just one, but we are growing in numbers!
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 06:30:25 AM
 #17

sandboxie looks good as no external program can read its memory, but it just stores files unencrypted on hdd, so it is unusable only to run bitcoin inside a sandbox

You have it backwards... bitcoin should be run outside of Sandbox, while your web-browser should be inside Sandbox.
jkminkov
Hero Member
*****
Offline Offline

Activity: 698
Merit: 500


View Profile
June 21, 2011, 02:52:22 PM
 #18

I just said that IF sandbox container had its content encrypted on hard drive, you can run that bitcoin.exe inside and no other app can't read its files or its RAM, upload that wallet somewhere or use script - to fake mouse moves, typing amount and sending it to another wallet.

.:31211457:. 100 dollars in one place talking - Dudes, hooray, Bitcoin against us just one, but we are growing in numbers!
elggawf
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
June 21, 2011, 02:57:29 PM
 #19

I just said that IF sandbox container had its content encrypted on hard drive, you can run that bitcoin.exe inside and no other app can't read its files or its RAM, upload that wallet somewhere or use script - to fake mouse moves, typing amount and sending it to another wallet.

Except that sandboxes don't work that way. If you can invent a VM, jail, zone, or sandbox that protects it's contents from the host system, you will make millions selling it.

^_^
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!