• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

Sandbox Intergration

Norton 2009 seriously needs to install a virtual sandbox, in which it can execute suspicious programs and monitor its actions, and determine if it is malicous or not.

SONAR is too weak. It failed to detect the Comodo HIPS Leak test as malware, not even suspicious. 

Results -- NAV standalone, Threatfire disabled.

COMODO Leaktests v.1.1.0.1
Date 11:05:51 AM - 11/8/2008 OS Windows XP SP3 build 2600 1. Hijacking: ActiveDesktop Vulnerable 2. Hijacking: AppinitDlls Protected 3. Hijacking: ChangeDebuggerPath Protected 4. Hijacking: StartupPrograms Protected 5. Hijacking: SupersedeServiceDll Protected 6. Hijacking: UIHost Protected 7. Hijacking: Userinit Protected 8. Hijacking: WinlogonNotify Protected 9. Impersonation: BITS Protected 10. Impersonation: Coat Vulnerable 11. Impersonation: DDE Vulnerable 12. Impersonation: ExplorerAsParent Vulnerable 13. Impersonation: OLE automation Vulnerable 14. InfoSend: DNS Test Vulnerable 15. InfoSend: ICMP Test Vulnerable 16. Injection: AdvancedProcessTermination Protected 17. Injection: APC dll injection Protected 18. Injection: CreateRemoteThread Protected 19. Injection: DupHandles Protected 20. Injection: KnownDlls Protected 21. Injection: ProcessInject Protected 22. Injection: Services Protected 23. Injection: SetThreadContext Vulnerable 24. Injection: SetWindowsHookEx Vulnerable 25. Injection: SetWinEventHook Vulnerable 26. Invasion: DebugControl Protected 27. Invasion: FileDrop Protected 28. Invasion: PhysicalMemory Protected 29. Invasion: RawDisk Protected 30. Invasion: Runner Protected 31. RootkitInstallation: ChangeDrvPath Protected 32. RootkitInstallation: DriverSupersede Protected 33. RootkitInstallation: LoadAndCallImage Protected 34. RootkitInstallation: MissingDriverLoad Protected Score 240/340(C) COMODO 2008
=\

回复

好评0

Re: Sandbox Intergration

A Sandbox doesn't do that. A HIPS programs does. If you want a Sandbox program then install Sandboxie. Your getting confused with what a Sandbox is and what a HIPS is. Link to the test?

 http://www.sandboxie.com/

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Sandbox Intergration

Also your using a tester designed and made by another security program. Do you think it makes sense? No. Kinda biased if you ask me. But I am sure Comodo itself passes these tests. So what if Symantec makes a security test and Comodo fails.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Sandbox Intergration

Bitdefender installs a virtual sandbox where it monitors the actions of suspicious programs without compromising the physical computer.
=\
好评0

Re: Sandbox Intergration

A sandbox doesn't monitoring anything. A HIPS does .A sandbox makes a virtual environment where nothing gets written to the hard drive.

http://wiki.castlecops.com/HIPS_FAQ

http://www.sandboxie.com/
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Sandbox Intergration

Sandboxing:-

Description A sandbox is a virtual container in which untrusted programs can be safely run. This security technique is used to run dubious and untrusted software safely by restricting the privileges available, hence limiting the damage the untrusted software can do. What is restricted depends on the sandbox policies, but typically, since the aim is to protect the integrity of the system, critical system files/folders and processes cannot be over-written or affected. Sandboxes also block various behaviors such as installing drivers and services to gain system privileges, since these could allow the software to bypass the sandbox restrictions. Depending on the product, the sandboxed process might also have limited read or write access to other files and folders, access which may be configurable by the user. More rarely, various keylogging hooks and network access might also be blocked when running in the sandbox; refer to the product manual for more details.


As you can see, sandboxing is somewhat similar to behavior blocking in that both restrict behavior. Behavior blockers generally monitor the whole system for malicious behavior (though you can give programs privileges), while sandboxes only restrict behavior for a restricted subset of dangerous or untrusted programs.


The line between the two behavior blocking and sandbox is thin. Sandboxing also often requires behavior monitoring and blocking, but in general a pure classic behavior blocker does not allow you to set up file or folder restrictions for processes. A pure sandbox also does not prompt you when a rule is violated but just denies the request.


Another category of such programs (dropmyrights etc.) uses the native Windows XP user system. It allows you to run dubious or easily-exploited software like browsers with lower (user) rights, which automatically limits the damage the software can do as opposed to running with full administrative rights.


The best sandboxes are flexible enough that they can keep track of not only the processes but also files created by sandboxed programs, and ensure that they are also sandboxed.

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Sandbox Intergration

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评0

Re: Sandbox Intergration

Diesel is right. For all I know BD & Kaspersky both use some sort of application control to scan. Sanboxie doesn't do that
"All that we are is the result of what we have thought"
好评0

Re: Sandbox Intergration

Who talks, that SONAR is too weak? You didnt know, what is SONAR two or free weeks ago, because you wrote topic about it there,where you wanted to know what is bloodhound and sonar and now you are talking about, that  ITS TOO WEAK? very funny...one good advice for you...at first think, then write...
好评0

Re: Sandbox Intergration

Who are you talking about?

"All that we are is the result of what we have thought"
好评0

Re: Sandbox Intergration

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评1 Stats

Re: Sandbox Intergration

Aha I see. Than I don't see any connection to what this thread is about.

Please keep on track here guys

"All that we are is the result of what we have thought"
好评0

Re: Sandbox Intergration

Its cause he didnt even know the difference was now he is claiming that SONAR is weak. Hard to say its week when you clearly dont uderstand what it is.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评1 Stats

Re: Sandbox Intergration


Dieselman743 wrote:
Its cause he didnt even know the difference was now he is claiming that SONAR is weak. Hard to say its week when you clearly dont uderstand what it is.

True, but let's get back on track here

"All that we are is the result of what we have thought"
好评0

Re: Sandbox Intergration

HIPS: anylysis

Sandbox: medium for anylysis. 

=\
好评0

Re: Sandbox Intergration

Wrong Tech. I use Sandboxie. It is also spelled Analysis. Sandboxie does not analyze anything. Did you read the explainations in Castlecops?

Benefits of the Isolated Sandbox

  • Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
  • Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM

This thread is closed from further comment. Please visit the forum to start a new thread.