Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

If it's not about a problem in the program
Post Reply
jntdi
Posts: 2
Joined: Sun Feb 03, 2019 2:44 am

Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

Post by jntdi » Sun Feb 03, 2019 3:02 am

I'm trying to better understand how to play safe with this software.

If I ran an unfriendly program that injected something into my system, am I technically "safe" when the infected sandbox (or even Sandboxie as a whole) is not running?

For example, say a sandbox instance carries a keylogger running in the background without my knowledge. If I type things outside of the sandbox while the sandbox is running, I understand that keystrokes may still be logged. However, if I terminated the programs running in the sandbox (without deleting contents), and exited out of Sandboxie... could the keylogger still be running in the background?

Do I absolutely have to delete the contents of the sandbox entirely?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2911
Joined: Mon Nov 07, 2016 3:10 pm

Re: Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

Post by Barb@Invincea » Mon Feb 04, 2019 3:39 pm

Hi jntdi,

Please have a look at our keylogger entry (the bottom section covers your concerns):
https://www.sandboxie.com/DetectingKeyLoggers

Let us know if you have any additional questions.

Regards,
Barb.-

jntdi
Posts: 2
Joined: Sun Feb 03, 2019 2:44 am

Re: Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

Post by jntdi » Mon Feb 04, 2019 6:46 pm

Thanks for the reply Barb.

From that page, I see this section is most relevant:
"Note that if you don't like to regularly delete your sandbox, you can set aside one sandbox for trusted browsing, and delete just that sandbox before carrying out the trusted activity. But it is still important to first stop all sandboxed activity in all sandboxes, for maximum protection."

However in my situation, I am thinking of doing trusted browsing outside of Sandboxie entirely, on the bare host.

So I am wondering, does putting the trusted and malicious processes in separate sandboxes provide additional protection? In other words, would malware in a compromised sandbox be able to affect the bare host (while the compromised sandbox is NOT running) more than it would be able to affect a separate sandbox instance?

(Please assume that I do have compromised sandboxes on my system, that my host is clean.)

I hope I've explained my question clearly.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2911
Joined: Mon Nov 07, 2016 3:10 pm

Re: Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

Post by Barb@Invincea » Tue Feb 05, 2019 9:33 am

Hi jntdi,

Sandboxie's purpose is to ensure the sandboxed applications/files do not modify your host.
However, nothing 100% bullet proof, so you may want to read our virus FAQ as well, and proceed at your own risk:

https://www.sandboxie.com/FAQ_Virus

Regards,
Barb.-

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2894
Joined: Wed Apr 22, 2009 9:17 pm

Re: Would keyloggers/other malware have an effect if sandbox shows no running programs (without deleting contents)?

Post by bo.elam » Tue Feb 05, 2019 12:50 pm

jntdi wrote:
Mon Feb 04, 2019 6:46 pm

"Note that if you don't like to regularly delete your sandbox, you can set aside one sandbox for trusted browsing, and delete just that sandbox before carrying out the trusted activity. But it is still important to first stop all sandboxed activity in all sandboxes, for maximum protection."
What that quote is basically telling you is not to do regular and sensitive browsing in the same browsing session. For security reasons, you dont want to mix doing banking or purchases with regular browsing. When you do sensitive browsing, do it it in a fresh browsing session, and after you finish, you close the browser and delete the sandbox. Then you can go back to regular browsing. Also, you want to stop all activities because a malicious program running in one sandbox, might be able to read what you doing in another sandbox.

Bo

Post Reply

Who is online

Users browsing this forum: No registered users and 14 guests