Beware of keyloggers while banking within Sandboxie

If it's not about a problem in the program
Post Reply
OldGrantonian
Posts: 45
Joined: Mon Mar 23, 2015 8:16 am
Location: Highlands

Beware of keyloggers while banking within Sandboxie

Post by OldGrantonian » Sat May 12, 2018 3:16 pm

This post refers to another post in this forum, relating to Sophos:

https://bit.ly/2jQV1SD

I searched the entire Sophos site for any item referring to Sophos and the future of Sandboxie. I wasn't able to find anything. However, I found a useful tip in this link:

https://community.sophos.com/products/u ... -disgusted

Part-way down the page is the following:
Sophos user wrote:
The down side is that a user needs to close the browser before doing any sensitive work after any surfing. They need to understand this fact or Sandboxie won't be much help. If the user gets a keylogger or some other virus in the sandbox while surfing th en goes and does some banking in that infected sandbox... they may lose their passwordetc.
When I use a browser, it's always within SB. But I forgot all about the keyloggers. Here's some advice on how to deal with them:

https://www.sandboxie.com/DetectingKeyLoggers
.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2861
Joined: Wed Apr 22, 2009 9:17 pm

Re: Beware of keyloggers while banking within Sandboxie

Post by bo.elam » Sat May 12, 2018 6:01 pm

Using or not using Sandboxie, its safer when you do sensitive browsing, to do it in a fresh browsing session, after opening the browser, immediately you go to the bank site, do purchases, or whatever, and when you finish, you close the browser and delete the sandbox. And then you go back to regular browsing. Dont mix regular and sensitive browsing. With SBIE, in a clean computer, thats all you got to do to protect yourself against keylogger.

Bo

lylejk
Posts: 119
Joined: Thu Mar 26, 2009 5:19 pm

Re: Beware of keyloggers while banking within Sandboxie

Post by lylejk » Sat May 12, 2018 11:46 pm

That's why I have a SB session dedicated just for banking; don't do anything else withing that session. Still, keyloggers is a concern, so I run SBIE in a virtual machine and recover the VM often to mitigate keyloggers. In essence, I'm double-sandboxed. :)

OldGrantonian
Posts: 45
Joined: Mon Mar 23, 2015 8:16 am
Location: Highlands

Re: Beware of keyloggers while banking within Sandboxie

Post by OldGrantonian » Sun May 13, 2018 3:41 am

.
bo.elam wrote:
Sat May 12, 2018 6:01 pm

With SBIE, in a clean computer [my italics], thats all you got to do to protect yourself against keylogger.

Bo

Having a clean computer before I start is obviously practical - but impracticable. MalwareBytes takes 1 hour, Windows Defender takes 3 hours. So the combined time is just over 3 hours.

Question: Surely it must be OK to simply scan C:\Sandbox ? That takes about 8 seconds for each scanning tool.

Thanks.
.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2861
Joined: Wed Apr 22, 2009 9:17 pm

Re: Beware of keyloggers while banking within Sandboxie

Post by bo.elam » Sun May 13, 2018 4:09 am

OldGrantonian wrote:
Sun May 13, 2018 3:41 am
Having a clean computer before I start is obviously practical - but impracticable. MalwareBytes takes 1 hour, Windows Defender takes 3 hours. So the combined time is just over 3 hours.
For me, one of the important purposes for using Sandboxie is to keep my computer from getting infected. It should be for you also, Grantonian. Since you are a Sandboxie user, theres no reason for that not to be so. In my opinion, if you are still getting infected, then you are not doing something right regarding security. For me personally, one infection is one infection too many. Thats my attitude.

Ever since I started using Sandboxie and NoScript in early 2009, and learning the basics about computer security, infections completely disappeared. I haven't had any kind of infection (malware, adware, spyware, nothing of nothing) since early 2009. To me, thats the way it is supposed to be. You are SBIE user, dont accept getting infected as something that its supposed to happen once in a while.

Perhaps you need to start using Sandboxie more. And rely less in antiviruses and scanners. I bought my W10 in early July last year. To this day, I havent ran (no waste of time) any scan or installed any antivirus or scanner (less wear and tear to the computer). Thanks to Sandboxie, theres no need. :)

Bo

OldGrantonian
Posts: 45
Joined: Mon Mar 23, 2015 8:16 am
Location: Highlands

Re: Beware of keyloggers while banking within Sandboxie

Post by OldGrantonian » Wed May 16, 2018 3:21 am

.
Due to the importance of using anti-virus and MalwareBytes, I searched the complete Sandboxie site for any references to "virus" and "malware".

Any links that I found are listed below. If anyone notices that I've missed any links, please add them to the thread.

Under each link, I've added some important quotes that I found in the link. Everyone should read the first quote below

https://www.sandboxie.com/FrequentlyAsk ... rSolutions

Sandboxie may be your first line of defense, but it should certainly be complemented by the more traditional anti-virus and anti-malware solutions.

---------------------------------------------------------

https://www.sandboxie.com/FAQ_Virus

If you get a virus in your sandbox, you simply delete the contents of that sandbox and move along. Your host machine, software and browser is not touched. Nothing on your host machine is harmed.
---
The program cannot escape the sandbox, and therefore cannot change, harm or infect your computer in any way. When you're done with the program, you delete the sandbox.
---
...common sense dictates that it is preferable to prevent the virus from running in the first place. Therefore it is a good idea to use anti-virus software to prevent known threats, while relying on Sandboxie to be your first line of defense against threats that are not yet known to the anti-virus.
---
...there is nothing special about the [Sandboxie] folder itself. The anti-virus software may detect viruses as they arrive into this folder, or at any later time.

[This is important. If you use "real-time" AV or MalwareBytes, then any virus or malware will be stopped (AFAIK) before it is actually downloaded into Sandboxie. If you use only "on-demand" AV or MalwareBytes, then you must scan SB frequently - or immediately after you download a new program that you want to try.]

---------------------------------------------------------

https://www.sandboxie.com/EmailProtection#

For example, suppose you get an email message with the a virus that presents itself as an attachment called Click_Me_For_Best_Joke_Ever.exe. Suppose you don't know this is a virus, and further suppose that your anti-virus has not yet been updated to identify this particular virus. You click the attachment, and it delivers the best joke ever, but it also secretly installs malicious software.

If you run your email program sandboxed, then Click_Me_For_Best_Joke_Ever.exe also runs sandboxed, and any changes it makes to the computer, or software it installs, will be confined to the sandbox. These changes will be discarded in their entirety as soon as you delete the sandbox.

---------------------------------------------------------

https://www.sandboxie.com/DetectingKeyLoggers

[The following quote is important.]

This doesn't mean you won't be infected by key-loggers, but it does mean you can get rid of them:

* You can make sure you stop all of them, by telling Sandboxie to stop all activity in all sandboxes.

* See also the Terminate All Programs command in the File Menu and the Tray Icon Menu.
* Once stopped, you can discard the traces of their program code, by deleting the contents of the sandbox.

* See also Delete Sandbox.

Once discarded, they can no longer record your keyboard activity, and you are safe to browse to trusted sites and enter your passwords.

---------------------------------------------

For secure banking, IMHO, the simplest and safest way is to use the suggestion from @lylejk

lylejk wrote:
Sat May 12, 2018 11:46 pm
That's why I have a SB session dedicated just for banking; don't do anything else withing that session.

If you only have the free SB like me, then do your banking first thing in the morning, as soon as you create SB.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2732
Joined: Mon Nov 07, 2016 3:10 pm

Re: Beware of keyloggers while banking within Sandboxie

Post by Barb@Invincea » Wed May 16, 2018 9:56 am

Hello OldGrantonian,

Here's a thread that might help you harden your Sandboxes in order to do online banking and similar tasks:

viewtopic.php?p=132783#p132783
In addition, you want to take a look at the restriction settings :
https://www.sandboxie.com/RestrictionsSettings#startrun

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 4 guests