topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 1:08 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: BufferZone and other virtual machine like safe program executors  (Read 14186 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
can someone reply to this post with links to the other posts on the forum where we talked about similar programs.. their names escape me at the moment.

Trustware tm Patent Pending BufferZone virtualization technology provides you with an easy to use solution, it allows you to safely run any software from any source with the confidence that BufferZone will continue to safe keep your PC assets. BufferZone provides you with a complete protection against both known and unknown Viruses, Spyware and Malware on a contiuous basis with no need for any updates.



from osnews.com
« Last Edit: July 19, 2006, 02:56 AM by mouser »

Rover

  • Master of Smilies
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 632
    • View Profile
    • Donate to Member
Re: BufferZone - virtual machine like safe program executor
« Reply #1 on: July 18, 2006, 06:33 PM »
As requested:
Another intresting option is to use a sandbox tool, for example the free Sandboxie.

Once an app is run trough Sandboxie, all disk & registry access go trough a transient temporary area.
That is, if you run Notepad trough Sandboxie, open a file, modify and save it, that file will results modified for that Notepad instance, but the "real" file (outside the sandbox) will remain intact.

You could also run a virus trough it, without worrying about it infecting/modifying the registry or any files, so it come handy if you need to run some EXE that you don't trust too much.

Topic: better than using an unistaller? Altiris SVS
https://www.donation...76.msg22102#msg22102
This is nice if you test many new apps a day. it does not change your system, as all the changes are captured in the virtualization layer. I guess it is safer than writing to the registry etc and then undo the changes *using e.g., your uninstaller 2006). It's kind of like UT3 but clearer (to me).

Insert Brilliant Sig line here

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: BufferZone - virtual machine like safe program executor
« Reply #2 on: July 19, 2006, 02:56 AM »
thanks rover.

also let's add to the collection:
http://greenborder.com/

this also seems to be specialize for internet explorer.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
has anyone tried runasadmin
that is  RunAsAdmin Explorer Shim

available from Sourceforge
https://sourceforge..../projects/runasadmin

I tried it myself a while back & had some problems with my machine, but i was pretty sure afterwards they were to do with something else.

As far as I remember everything runs as a user (?- NOT as administrator) unless you dictate otherwise, but think there were various options\settings.

They have a new beta out i might give it a go - just got DSL\broadband\cable whatever you call it & find it a bit scary being simply connected all the time

Tom

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.
Yeah, it's more secure. Anything based on API hooking shouldn't be too hard to circumvent. BufferZone does sound a bit interesting, though, in that it uses a kernel mode filter driver instead of simple ring3 API hooking.
- carpe noctem

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: BufferZone and other virtual machine like safe program executors
« Reply #6 on: August 24, 2007, 10:02 AM »
BufferZone PRO is the GiveAwayOfTheDay today, Friday 24'th of August 2007

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: BufferZone and other virtual machine like safe program executors
« Reply #7 on: August 24, 2007, 10:08 AM »
You should try some of the tools listed at http://nonadmin.editme.com/UsefulTools
for example DropMyRights can run applications as Limited User.
Not the same as sandbox, but using limited and restricted windows account spyware can't infect either.

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: BufferZone and other virtual machine like safe program executors
« Reply #8 on: August 24, 2007, 11:04 AM »
Besides full-blown Virtual machines (VirtualPC, VMware server is free) there are application level virtualization sandboxes..

Sandboxie is perhaps the most famous - http://www.sandboxie.com/

A recent new entry is SafeSpace (beta/freeware) - http://www.artificia...gister-personal.aspx

BufferZone as already being mentioned (freeware for single app), GreenBorder has being sold to google and might be released free in the future.

Another one  lesser known is Virtual Sandbox  - http://www.fortresgrand.com/

There's also http://www.vappware.com/vapp/ but I don't recommend it.

There are other sandboxes that are "policy control type sandboxes" , they don't virtualize the file system but just sandbox programs and prevents them from carrying out certain potentially dangerous actions.

Popular examples are

GeSWall (free version), Coreforce (free), Defensewall, DriveSentry (free) etc

http://www.gentlesec....com/getstarted.html
http://www.drivesentry.com/index.htm
http://force.coresec...se&page=download

Next there are apps that use windows own built in policy management. They either make it easier to run all the time in none-admin accounts (Sudown) or conversely run selected programs like browsers with restricted rights (drop myrights).

http://sudown.sourceforge.net/
http://cybercoyote.o.../security/drop.shtml

There's also Altiris Software Virtualization Solution (free)- http://www.svsdownloads.com/ which I don't know how to classify but that one isn't meant as a sandbox/ for security purposes.

Lastly there is Retunril (free) , PowerShadow, Shadowsurfer, firstdefense, rollback rx, Windows SteadyState (free) which are often called virtualization, but are closer to rollback tools.

These software allow you to "freeze" the system partition (and sometimes other partitions). Once in this frozen stages (often called Shadow , virtualization or protected mode as well) any further file changes made to the partition during this period will only be temporary stored elsewhere (though it appears as normal to the user) and will be discarded once the system gets out of the frozen or protected state (typically at the next re-start).

There is 0% protection while in that state, malware is free to act as usual, but you are certain to restore back to pre-clean state.

Of course if you are the paranoid type and want to watch all programs and want granular control so you can give specific and indidivual permissions to each and every program as compared to sandboxing where the bunch of permissions of sandboxed processes are generally fixed, you should try out other HIPS like System Safety monitor or ProSecurity, but that's a whole other kettle of fish.


http://wiki.castleco...ization_-_Comparison
http://wiki.castleco...ticing_Safe_Installs
http://wiki.castleco...f_freeware_sandboxes
http://wiki.castleco...eware_virtualization







 

« Last Edit: August 24, 2007, 11:09 AM by Lusher »

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: BufferZone and other virtual machine like safe program executors
« Reply #9 on: August 24, 2007, 11:19 AM »
truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.
Yeah, it's more secure. Anything based on API hooking shouldn't be too hard to circumvent. BufferZone does sound a bit interesting, though, in that it uses a kernel mode filter driver instead of simple ring3 API hooking.


Actually most of the good ones implement drivers but it doesn't mean that 100% of the implementation is ring zero.

I think it doesn't provide as much protection as running a flow blown vmachine (not that those are 100% protection either) of course, but it
provides reasonable protection. While they don't stop zero days from say browsers from starting, they can prove to be fairly effective in mitigating the damage and preventing it from spreading , and in most cases,  clearing the sandbox will remove everything


CWuestefeld

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,009
    • View Profile
    • Donate to Member
Re: BufferZone and other virtual machine like safe program executors
« Reply #10 on: August 28, 2007, 05:12 PM »
I just spent a day and a half with BufferZone, and nuked it. I was rebuilding my machine after being pretty seriously hacked over the weekend, and thought this might prevent a recurrence.

My first problem with it was that I couldn't install Microsoft Office with BufferZone running. That is, simply running -- I wasn't trying to install office into the buffer zone, I was trying to do a regular install and BZ happened to be running. I wasted 1.5 hours getting to the bottom of that.

I had already installed Firefox, but I wanted to install all of the FF extensions I use at work. I'd packaged them all with FEBE, so I just needed to install them from the local disk. Unfortunately, this doesn't work. I restarted FF, and they were gone -- probably because you read them from protected disk space or something. So then I told BZ to "surf out of buffer zone", and installed the extensions there. Then I hopped back into the buffer zone, and FF wouldn't even start anymore! Played around some, and nothing would work. I went back to "surf out of buffer" and it won't work there anymore, either. I uninstalled BZ, and it still wouldn't work. I uninstalled and re-installed FF, and it still wouldn't work. Finally I blasted the directories that FF stores settings and extensions in, and that allowed it to work.

So the bottom line is that BZ is incompatible with some programs. And its sandboxing approach fundamentally clashes with the way FF handles extensions, at least if you ever intend to hop in and out of sandboxed surfing (I suspect any sandbox would have this problem).