Sandboxie : A new layer of Computer Security

The amount malware continued to grow at a record pace throughout 2009, primarily targeting naive computer users . On an average about 35,000 samples of malware are identified everyday the number itself is quite astonishing and it may not be possible that traditional Antivirus database would be able to detect the malware. This are termed as Zero-day threats it is very much difficult for AV to detect these Zero-day threats as their signatures are not updated to identify the malware. Malware has increased in an exponential manner, and the absolutely most persistent threat have been trojans, malicious software designed for stealing sensitive data, installing backdoors, deleting or encrypting files and downloading other malware from the internet. Hence the user's sensitive information is compromised.

Here comes the technology of sandboxing. Technically when you run a program it gets executed in real computer environment but when that same program is sandboxed it runs in an isolated environment and with some restricted privileges. It is similar to that you log on to your computer as Guest and not as admin or your username. Hence program running in isolated environment will be prevented from making changes that could be damaging to a system or which could simply be difficult to revert back.

Sandboxie

It is a freeware and the latest stable version can be downloaded from here.


The main idea behind this program is like it defines a space in your HD and executes the programs within that defined space only(preferably called as sandbox) which prevents them from making permanent changes to other programs and data in user's computer.


The red arrows indicate changes flowing from a running program into user's computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie.

The installer size is small(~1.44MB) the installation is quite easy





By default there will be a new shortcut on desktop named sandboxed web browser on double clicking it your default web browser(Mozilla or Internet Explorer) will be opened.

In order to run a program isolated right click on the program------>Run Sandboxed. When an application is run in sandbox it appears like this [#]Program Name[#]



+ points of sandboxie

• Safe Web Browsing : Running web browsers in sandbox protects from any malicious changes as the program is in sandbox and hence all the software that is downloaded via this browser is trapped in sandbox.
• Better Privacy : All the cookies, temporary data, browsing history are in sandbox and don't leak into Windows.
• Safe Windows : Prevents windows getting corrupted by a certain program as that program is executed in an isolated environment.
• Easy to use
• FREE!!
  

I definitely suggest users to try this program it is easy to use and configure will also keep you protected it is very good when used in an offline computers where Antivirus signatures are not constantly updated. Sandbox is quite new technology but gaining good ground even some of the security vendors try to incorporate this technique so that even if traditional scanning misses some malware still the user is very much protected. For the average user, Sandboxie is preconfigured for optimal protection - no further configuration is needed. Users can access the internet check email and run programs from the start of this program. With the advanced options, it allows you to tweak Sandboxie as needed.

There is a paid version of sandboxie which unlocks all the limitations that are present in free version. In free mode, the program displays a pop-up prompt to register the program once 30 days have expired. In free mode, Sandboxie does not allow the Forced Programs and Forced Folders feature and does not allow for more than one sandbox to be run simultaneously.A lifetime registration for the current version and future versions is only €22 Euros (roughly $30) which is an extremely small price to pay for the security which Sandoxie provides.


To Visitors:
This is my first post in my blog so it might be possible that I may have not covered all the points regarding the topic I have started. I tried my best to make it easy to understand and be precise on the topic. Feel free to suggest any modifications that are required in the post.
Thank You for you time and have a nice day.......

-ISHAN

Comodo Internet Security v4

Comodo released its security suite(Comodo internet security) their v4 a month before and is drastically improved from its predecessor v3. The v3 was said to produce too many false positives and also its HIPS functionality was also quite annoying. It irritated users with its endless pop-ups but that was past. Here is the new version of comodo they got rid of the useless HIPS no one ever wanted. And replaced it with a much better solution sandbox. And it is not others do it. They opted for a more unique approach which actually works for a change. The working is like if the application is trusted, it works in unrestricted mode. If the application is unknown, it automatically runs it in sandbox until tested to be safe. And sandbox is not a very slow emulated environment. Everything runs on host level with host performance. It's just that Comodo restricts certain stuff to the application run through sandbox.

I am currently trying comodo v4 it can be downloaded from here comodo gives hell of free products(You can browse their site and check) but as my discussions is of only CIS so i'll focus on CIS only. The installer size is about 60MB plus the additional download of signature updates after installation which is about 85MB. Yeah the signature size is quite large but the comodo team is working on it. Actually they already have compacted their virus databases i still remember when i installed v3 i downloaded more than 100MB of virus database updates. So only time will take to trim down the size of virus database without losing its detection ability.

When installation is started the user is prompted to install standalone Firewall or Antivirus or the entire suite. Comodo is one of the few suites that provide tons of features for free. By default all the features are installed viz..

1. Antivirus : For detection of known as well as unknown malwares. Comodo's AV part is still new and needs some work on the detection part. It detects high percentage of false positives.
2. Firewall : It is considered as one of the best FREE firewalls out there on net.
   
3. Defense+ : The best part of comodo v3 included in v4 also but notable difference it that it included sandbox which is really good and doesn't have much of impact on system performance.

I tested 20 zero day threats against comodo and it was able to detect 14 (i.e. by the AV part) while the undetected were automatically placed in sandbox(Defense+ part) on execution so I can say that I had a clean system after testing comodo against these threats which is really a good sign as no AV can detect 100% so layered approach is preferred like even those 6 threats were undetected by comodo it made sure that those undetected were placed in sandbox while execution.

But the main demerit of comodo is still is high percentage of False +ves like it detected Malware Defender beta02 and 03 installer as Heur.Suspious.

Bottomline: Comodo offers a great free product which has all the necessary requirements to be one of the top competitors. I would advice it to give it a try you won't be disappointed with it.