What do you think of 'sandbox' type of software?

Trivial:

1. start up the "Windows keyboard input manager" inside such a supposed sandbox
2. open the Start, Run dialog
3. click the keys on that virtual input. 'c','a','l','c', should give you an obvious result

Now draw your conclusion how much sandbox these things actually are. Or better, what the general reason is why no such sandbox could work.

To the OP - I don't know what GesWall claims to do but, as far as Sandboxie is concerned, your open-ended question is perhaps a bit meaningless in the comp.security.firewalls group, since (as far as I'm aware) Sandboxie makes no claim to be a firewall.

However, my own opinion is that software like Sandboxie can be very useful in protecting a computer from the ravages of malware (or just badly designed software), if it lives up to its claims.

It allows you to try software out in a manner which prevents the softwaare from making any permanent changes to your Hard Drive - ie any data written to the Hard Drive is confined to the "virtual" section of the machine and can be dumped later if need be. In the same way, you can use Sandboxie to browse internet sites without having to put up with the risk of them dumping unwanted cookies or trojans in the "real" section of your computer.

I'm not competent to judge whether the claims made about Sandboxie are fully correct, but it seems to be reasonably well regarded. If you are interested in reading (what appears to me to be) a competent review of Sandboxie and other "virtual machine" type protection software, try the site at:-

John S

Yeah... by fools. Fools usually don't try to audit security software.

Competent? My ass. Such a scenario as I described above isn't even considered there, therefore not tested. But for the very simply reason that there's no security context separation for the UI (and many other IPC mechanisms), the malware isolation claim totally fails, as the malware could simply start itself or any on-the-fly-generated code outside the "sandbox".

snipped

That page is just what I needed. It seems that the freebie Sandboxie had a single vulnerability and that was promptly patched. If it isn't a pain in the butt to use, I'll pop for the paid-for version which handles more than one piece of software open at the same time.

I know sandboxes are not firewalls. I'm just looking to make it a little harder for the malware boys to cause me a problem.

Thanks!

Did you even read the stuff I wrote above? It is one big vulnerability and there's nothing to patch.

Well, if you just wanted someone to support your opinion, you shouldn't even have asked in first place. But since you asked, I'm sorry that I assumed that you wanted to hear some serious critics possibly contradicting your neat assumptions?

Eh... then why are you making your system more complex for no benefit?

well, GeSWall has passed this "Trivial", no virtual keys are succeeded

Then it obviously breaks the systems.

LQTM

You really don't get it, hein?

BTW, I tried to verify these claims. GeSWall (both Free and Pro) totally fails, all the keys are successfully passed to the other application. Doesn't depend what security context the cmd shell is running in, doesn't depend what security context the attacking application runs in, and neither does the explorer Shell as the arounds matter. Highest security settings.

The here often advertized Sandboxie and CoreForce fail as well.

Not that I expected anything else... anyone with some understanding of the internal of the Windows IPC systems knows that the desktop (literally: The \\Desktop context) is the security boundary.

P.S.: (@Notan) Even if it would actually filter, this would create a deadlock condition and break legitimate IPC.