Description:
Sandboxie is such a great tool for general everyday use or for testing untrusted programs such as keygens or cracks, even for running your browser, which is probably the most vulnerable program you have running on your computer. It regularly has direct contact to the outside world when visiting websites, it runs executable code in client side scripts such as with JavaScript, making it exploitable by spyware and drive-by downloads. Poor programming or unforseen mistakes can also mean your browser can be exploited in different ways to that of JavaScript, running a browser sandboxed means any modifications made to your system through your broswer are actually made to dummy copies in the Sandbox, making for a neat and tidy recovery. I will post a video on drive-by downloads in action in the near future.
Unfortunately SandBoxie does not work on 64bit Vista or 64bit XP. The reason being because of preventative measures Microsoft introduced in a program called Patchguard. It routinely checksums your kernel to check for modification. It is also apparently not a hard program to get round, SandBoxie is. It's not only SandBoxie, but many other Security applications provided by the likes of Mcafee and Norton rely on Kernel modifications to work. Microsoft in the past have demonstrated how incapable they are at keeping your data safe. This is a clear demonstration of how real security works, Microsoft should take note of Tzuk's work, because they could learn a lot.
In this 3 videos created by
Mrizos from
Remove-Malware.com, we see demos of how to use Sandboxie to observe malware installs which happen through web browsers. There are multilple demos where Mrizos shows us how to detect malicious behavior using Sandboxie and to get rid of it.
You can download Sandboxie from here. Enjoy!
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: