Sandboxing vs Virtual machine

Some while ago I was in search for solution for secure browsing and for way to securely execute some untrusted programs downloaded from internet in secure manner. There are a lot of recommendation how to stay safe on internet, like browsing habits and not downloading untrusted programs. But still I want to download those programs from untrusted sites and browse not recommended sites.

So I found two solutions how can I do it:

  1. Sandboxing;
  2. Virtual machines.

SANDBOXING

What is sandboxing? The strange name “sandbox” derives from the Java world where it refers to the highly contained and restricted environment in which Java programs (applets) are allowed to run. They are allowed to “play in the sandbox” but not go outside it. The important point is that while running in the sandbox, the programs have no access to your real PC. In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.

Normally, when you run a program like your browser, it makes changes to your system, registry settings, internet caches, browsing history and the like are all written to disk. When run in a sandbox, all those changes still appear to happen, except that they’re never actually permanently placed on disk. When you exit the browser and it’s containing sandbox, all those changes can disappear, if you want.

Sandboxie is the solution that I use for windows and here is a graphical view how it works.

It is really great solution, I can download files and documents in sandboxie and after scanning them and making sure that they are safe I can save them outside of sandboxie. You can also run whole bunch of software in sanboxie, I even tried to run Photoshop and it worked. And you can make by default that you web browser start sandboxed. Well some drawbacks is that still if you provide some sensitive information it could be leaked to unwanted person, but at least it is not so easy to get in.

Sanboxie is only for windows and only solution so far that I found for Linux OS is that you can use CHROOT environment.

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a “chroot jail” or (less commonly) a “chroot prison”.

Benefits of the Isolated Sandbox – info from sandboxie.com

  • Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
  • Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
  • Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
  • Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

And more and more programs start implement sandbox technology, even Adobe acrobat reader, so it makes sense to try it.

VIRTUAL MACHINE

Virtual machines such as VMWare, Microsoft’s Virtual PC and Sun’s VirtualBox are similar to sandboxing but take the idea one step further by completely separating the virtual machine from the real PC at a conceptual level. Rather than have a sandbox as part of your real PC you have a virtual PC that is notionally fully distinct from your PC. This is also great solution but resources costly solution. Virtual machines usually take up a lot of space and memory. You may use Virtual machines to test some specific stuff but for secure browsing it is not the convenient way. And also if you are not professional user of system them it will confuse you a big time. Sandboxie in other hand can be installed on user pc and configured to make to use sandboxed web browser by default and user will not even notice that.

Off course this is only one solution of staying secure but it should not be the only solution to secure your system.

I have read that some malware are able to know if they are installed in a virtual machine or not. If the malware is installed in a virtual machine, it won’t do anything. If the malware is not installed in a virtual machine, but in a real system, it will do its job. Also found some information regarding that in virtual machine guest to host codes can be made There is a videodemonstrating it and a paper from Immunity detailing their success on VMware Workstation 6.5.0 build­118166 on a Windows Vista SP1, VMware Workstation 6.5.1 build­126130 on a Windows Vista SP1, and (even more scary) VMware ESX Server 4.0.0 build­133495.

References:

http://ask-leo.com/does_a_sandbox_or_virtual_machine_help_protect_your_privacy.html

http://www.techsupportalert.com/how-to-secure-your-pc.php

http://en.wikipedia.org/wiki/Sandbox_(computer_security)

http://www.sandboxie.com/

http://en.wikipedia.org/wiki/Chroot

Advertisements
This entry was posted in IT Security, Week 18. Bookmark the permalink.

One Response to Sandboxing vs Virtual machine

  1. Pingback: NSA Best Practices | Scientia Group, Inc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s