Welcome Guest.   Make a donation to an author on the site October 22, 2014, 11:40:40 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the full one-year retrospective report on DonationCoder.com.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: BufferZone and other virtual machine like safe program executors  (Read 9044 times)
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: July 18, 2006, 02:48:48 PM »

can someone reply to this post with links to the other posts on the forum where we talked about similar programs.. their names escape me at the moment.

Quote
Trustware tm Patent Pending BufferZone virtualization technology provides you with an easy to use solution, it allows you to safely run any software from any source with the confidence that BufferZone will continue to safe keep your PC assets. BufferZone provides you with a complete protection against both known and unknown Viruses, Spyware and Malware on a contiuous basis with no need for any updates.



from osnews.com
« Last Edit: July 19, 2006, 02:56:28 AM by mouser » Logged
Rover
Master of Smilies
Charter Member
***
Posts: 628



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: July 18, 2006, 06:33:48 PM »

As requested:
Another intresting option is to use a sandbox tool, for example the free Sandboxie.

Once an app is run trough Sandboxie, all disk & registry access go trough a transient temporary area.
That is, if you run Notepad trough Sandboxie, open a file, modify and save it, that file will results modified for that Notepad instance, but the "real" file (outside the sandbox) will remain intact.

You could also run a virus trough it, without worrying about it infecting/modifying the registry or any files, so it come handy if you need to run some EXE that you don't trust too much.

Topic: better than using an unistaller? Altiris SVS
http://www.donationcoder....ic=3176.msg22102#msg22102
Quote
This is nice if you test many new apps a day. it does not change your system, as all the changes are captured in the virtualization layer. I guess it is safer than writing to the registry etc and then undo the changes *using e.g., your uninstaller 2006). It's kind of like UT3 but clearer (to me).

Logged

Insert Brilliant Sig line here
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: July 19, 2006, 02:56:15 AM »

thanks rover.

also let's add to the collection:
http://greenborder.com/

this also seems to be specialize for internet explorer.
Logged
tomos
Charter Member
***
Posts: 8,607



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: July 19, 2006, 09:35:36 AM »

has anyone tried runasadmin
that is  RunAsAdmin Explorer Shim

available from Sourceforge
https://sourceforge.net/projects/runasadmin

I tried it myself a while back & had some problems with my machine, but i was pretty sure afterwards they were to do with something else.

As far as I remember everything runs as a user (?- NOT as administrator) unless you dictate otherwise, but think there were various options\settings.

They have a new beta out i might give it a go - just got DSL\broadband\cable whatever you call it & find it a bit scary being simply connected all the time

Logged

Tom
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: July 19, 2006, 09:45:20 AM »

truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: July 19, 2006, 01:42:39 PM »

truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.
Yeah, it's more secure. Anything based on API hooking shouldn't be too hard to circumvent. BufferZone does sound a bit interesting, though, in that it uses a kernel mode filter driver instead of simple ring3 API hooking.
Logged

- carpe noctem
Curt
Supporting Member
**
Posts: 6,338

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #6 on: August 24, 2007, 10:02:09 AM »

BufferZone PRO is the GiveAwayOfTheDay today, Friday 24'th of August 2007
Logged
justice
Supporting Member
**
Posts: 1,889



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: August 24, 2007, 10:08:46 AM »

You should try some of the tools listed at http://nonadmin.editme.com/UsefulTools
for example DropMyRights can run applications as Limited User.
Not the same as sandbox, but using limited and restricted windows account spyware can't infect either.
Logged

Lusher
Participant
*
Posts: 46

View Profile Give some DonationCredits to this forum member
« Reply #8 on: August 24, 2007, 11:04:28 AM »

Besides full-blown Virtual machines (VirtualPC, VMware server is free) there are application level virtualization sandboxes..

Sandboxie is perhaps the most famous - http://www.sandboxie.com/

A recent new entry is SafeSpace (beta/freeware) - http://www.artificialdyna...ts/register-personal.aspx

BufferZone as already being mentioned (freeware for single app), GreenBorder has being sold to google and might be released free in the future.

Another one  lesser known is Virtual Sandbox  - http://www.fortresgrand.com/

There's also http://www.vappware.com/vapp/ but I don't recommend it.

There are other sandboxes that are "policy control type sandboxes" , they don't virtualize the file system but just sandbox programs and prevents them from carrying out certain potentially dangerous actions.

Popular examples are

GeSWall (free version), Coreforce (free), Defensewall, DriveSentry (free) etc

http://www.gentlesecurity.com/getstarted.html
http://www.drivesentry.com/index.htm
http://force.coresecurity...le=base&page=download

Next there are apps that use windows own built in policy management. They either make it easier to run all the time in none-admin accounts (Sudown) or conversely run selected programs like browsers with restricted rights (drop myrights).

http://sudown.sourceforge.net/
http://cybercoyote.org/security/drop.shtml

There's also Altiris Software Virtualization Solution (free)- http://www.svsdownloads.com/ which I don't know how to classify but that one isn't meant as a sandbox/ for security purposes.

Lastly there is Retunril (free) , PowerShadow, Shadowsurfer, firstdefense, rollback rx, Windows SteadyState (free) which are often called virtualization, but are closer to rollback tools.

These software allow you to "freeze" the system partition (and sometimes other partitions). Once in this frozen stages (often called Shadow , virtualization or protected mode as well) any further file changes made to the partition during this period will only be temporary stored elsewhere (though it appears as normal to the user) and will be discarded once the system gets out of the frozen or protected state (typically at the next re-start).

There is 0% protection while in that state, malware is free to act as usual, but you are certain to restore back to pre-clean state.

Of course if you are the paranoid type and want to watch all programs and want granular control so you can give specific and indidivual permissions to each and every program as compared to sandboxing where the bunch of permissions of sandboxed processes are generally fixed, you should try out other HIPS like System Safety monitor or ProSecurity, but that's a whole other kettle of fish.


http://wiki.castlecops.co...rtualization_-_Comparison
http://wiki.castlecops.co.../Practicing_Safe_Installs
http://wiki.castlecops.co...sts_of_freeware_sandboxes
http://wiki.castlecops.co...f_freeware_virtualization







 

« Last Edit: August 24, 2007, 11:09:11 AM by Lusher » Logged
Lusher
Participant
*
Posts: 46

View Profile Give some DonationCredits to this forum member
« Reply #9 on: August 24, 2007, 11:19:33 AM »

truth be told i'm wary of all of these executable-wrapper protection tools, and prefer using a full virtual machine tool like vwware or virtualpc.
Yeah, it's more secure. Anything based on API hooking shouldn't be too hard to circumvent. BufferZone does sound a bit interesting, though, in that it uses a kernel mode filter driver instead of simple ring3 API hooking.


Actually most of the good ones implement drivers but it doesn't mean that 100% of the implementation is ring zero.

I think it doesn't provide as much protection as running a flow blown vmachine (not that those are 100% protection either) of course, but it
provides reasonable protection. While they don't stop zero days from say browsers from starting, they can prove to be fairly effective in mitigating the damage and preventing it from spreading , and in most cases,  clearing the sandbox will remove everything

Logged
CWuestefeld
Supporting Member
**
Posts: 939



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: August 28, 2007, 05:12:47 PM »

I just spent a day and a half with BufferZone, and nuked it. I was rebuilding my machine after being pretty seriously hacked over the weekend, and thought this might prevent a recurrence.

My first problem with it was that I couldn't install Microsoft Office with BufferZone running. That is, simply running -- I wasn't trying to install office into the buffer zone, I was trying to do a regular install and BZ happened to be running. I wasted 1.5 hours getting to the bottom of that.

I had already installed Firefox, but I wanted to install all of the FF extensions I use at work. I'd packaged them all with FEBE, so I just needed to install them from the local disk. Unfortunately, this doesn't work. I restarted FF, and they were gone -- probably because you read them from protected disk space or something. So then I told BZ to "surf out of buffer zone", and installed the extensions there. Then I hopped back into the buffer zone, and FF wouldn't even start anymore! Played around some, and nothing would work. I went back to "surf out of buffer" and it won't work there anymore, either. I uninstalled BZ, and it still wouldn't work. I uninstalled and re-installed FF, and it still wouldn't work. Finally I blasted the directories that FF stores settings and extensions in, and that allowed it to work.

So the bottom line is that BZ is incompatible with some programs. And its sandboxing approach fundamentally clashes with the way FF handles extensions, at least if you ever intend to hop in and out of sandboxed surfing (I suspect any sandbox would have this problem).
Logged



Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.044s | Server load: 0.14 ]