sandboxie vs data stealers

Post Reply
Shuit
Posts: 1
Joined: Thu Feb 01, 2024 10:01 pm

sandboxie vs data stealers

Post by Shuit »

i would like to use wechat on my computer, but have seen several reports that wechat is kinda sketchy. if configured correctly, could sandboxie prevent wechat, or data stealers like which it has been claimed to be, from obtaining information on and about my computer? would it be better to just use a virtual machine like with virtualbox or to just forget about it?

User avatar
bastik-1001
Posts: 405
Joined: Sat Apr 22, 2023 8:30 am
Contact:

Re: sandboxie vs data stealers

Post by bastik-1001 »

By default, a sandbox can read, whatever the user that runs the sandbox has access to, but it's possible to configure a sandbox to be more restrictive. This can be done via resource access settings, like Closed File Path, Closed Key Path and Closed IPC Path.

One feature that got added, still somewhat recently, is the privacy mode, which restricts access to generic windows location, while denying access to user data, unless the user configures it to be open. This feature requires a supporter certificate. Even this feature will allow software to see other software being installed in "Program Files" and "Program Files (x86)". This can be reduced by not allowing some of those to be read via the access rules.

Sandboxie probably won't make it harder for software to obtain information on what kind of device it is running on, e.g. Windows version, amount of RAM, CPU type.

A virtual machine seems like a good idea to me, since that works differently as it provides a whole environment and does not rely on the host, as much. BTW, Sandboxie can be installed inside virtual machines.

I can't comment on the chatting software, which certainly can be restricted by Sandboxie, but depending on your threat model, it might not be enough. The same is most likely true for info/data stealers.

Zigul
Posts: 7
Joined: Thu Sep 14, 2023 9:51 pm

Re: sandboxie vs data stealers

Post by Zigul »

It seems it has not already been asked, so I do it: is it possible to force a folder to a sandbox that cannot be accessed by any online connection? I know a sandbox can be denied access to the web, but is it possible to block folder access from the web? I mean no remote access from network, no upload to sites via browser, and so on; the purpose is to have the host connected, keeping a folder safely and forcefully offline.

User avatar
bastik-1001
Posts: 405
Joined: Sat Apr 22, 2023 8:30 am
Contact:

Re: sandboxie vs data stealers

Post by bastik-1001 »

Right now, I don't see how Sandboxie could do that. The confidential setting (ConfidentialBox=y) would not care about the network level, anything being allowed to access the files in the sandbox could upload its contents.

@David, do you think Sandboxie could provide something like that?

Anything that can read a file, and has network access, should be able to write the contents to a remote location.

Maybe a VM that has no network would be a good solution.

Post Reply