- June 10, 2015
- Posted by: atlantadmin
- Category: Blog
Sandboxing is a term coming from the times when guns were tested by firing shots in a box filled with sand – effectively making the practice safe for the shooter.
In the same way if you protect the browsers of your users and isolate them in a sandbox (treating the browser and the exploits which might attack it as the bullets which could otherwise kill your security), you will achieve significant security benefits – some malware even gives up from running if it detects a sandbox. But… other malware is capable of escaping sandboxes – so keep that in mind and do not depend just on the sandbox.
Out of all the well marketed and advertised solutions, let me introduce a few of the less popular but in my opinion, more effective solutions.
Browser in a box
The enterprise-ready version of this gem by Sirris AG (https://www.sirrix.com/content/pages/home_en.htm) is capable of delivering incredible sandbox isolation for your most sensitive machines, where simple sandboxing in the form of Invincea/Sandboxie and their likes is not enough.
The same company offers full-disk encryption solutions, mobile security solutions – they are not paying me to advertise them, I am genuinely impressed by the quality of their products and would like to pass on the respect through my book.
The difference between the commercial, enterprise version (https://www.sirrix.com/content/pages/BitBox_enterprise_en.htm) and the free version is the capability to properly integrate with your web filter and to fully separate intranet from internet browsing. But even the free version is good for personal use.
Bufferzone Pro and Invincea along with Sandboxie are, in my opinion, other, standard commercial solutions worth evaluating and exploring in comparative tests.
I have done my own tests and could say just this – in your testing always obtain fresh malware samples and run them on a freshly installed and updated hardware box inside the sandbox and outside of it, noting the registry / filesystem changes with Process Monitor and / or regshot or your favorite system monitoring software.
Make sure to do these tests in fully isolated environments, not connected to your enterprise network, have disk images ready to quickly restore the systems to their original pristine state. A good free and effective disk imaging solution is AOMEI Backupper.
Comodo offers an AV + Firewall + a Sandbox (very good one, I might add) for free – but please check their licensing terms and their compatibility with your environment.