....kernal exploits...? What's that? That might have been it a year or two ago for me when I tried to run something in sandboxie knowing that it could be malicious.... Sandboxie crashed and the program that was running in sandboxed mode escaped sandboxed mode and was running in the real environment, because it didn't close when sandboxie crashed....😕
Since that was a few years ago, and given the fact Sandboxie has had many updates since then, I'm willing to bet they have patched most kernel exploits. But new crap does come out and that's why it's important to stay abreast of any and all Sandboxie updates. Personally, I don't think Sandboxie is perfect software, but it's better than nothing. And now that I use it all the time with my browser, I really don't need to use NoScript since if anything rouge happens it will more than likely stay in the sanboxed environment.
I have tried Shadow Defender and it seems pretty decent. I purposely infected my test VM with loads of malware using Shadow Defender and once I rebooted everything was back to normal like nothing ever changed. This includes ransomware. I tried to run Shadow Defender on my host, but it absolutely mucked up my browser (Pale Moon) so I can't use it. This may be an OS issue and I'm going to tackle that one day here so I can use Shadow Defender. Shadow Defender does come with the caveats that you must create several folder exclusions otherwise nothing will stick, like your downloads folder or pictures/videos folder, My Documents, etc. Even the recycle Bin needs an exclusion. Of course with exclusions you lessen your overall security. So I had Faronics Anti-executable installed. I also tossed loads of malware at that and it past the test.
One has to wonder. I read many years ago about a virtualized rootkit called blue pill. I wonder if something like that can get past virtualization no a days? I know there are VMware vulnerabilities that get patched all the time. And of course Sandboxie gets patched, too.
Edit-
You asked about what a kernel exploit was. It is first necessary to know what a kernel is. Kernel (operating system) - Wikipedia
I once ran a piece of software that apparently prevented kernel-level keyloggers. It was software and an add-on that ran in your browser that scrambled your keyboard input so that keyloggers couldn't read it. Now a days Windows 10 has it's own built-in. LOL
Exploits are still a vulnerability for Sandboxie. Yes, even the updated versions, but less so.
5 Ways Advanced Malware Evades the Sandbox | Secureworks
You can Google Kernel Exploits or Sandbox Exploits for more info.
As the good guys enable protection, the persistent bad guys find a work-around. Cat and Mouse continually.
Nic
That article was posted three years ago. Yes, it's a cat and mouse game. I'm sure Sandboxie by now has patched those exploits. I try and stay abreast of what the hacker crowd is up to through Twitter posts and what have you. It seems like a constant endeavor trying to keep things from being hacked or exploited. Like Spectre & meltdown for example, God only knows what other vulnerabilities there are.
If nothing else, could use it as an adblocker or a general "improve page loading times by reducing unnecessary scripts needed to be loaded at once on the page upon load"
...so then really the only safest bet is to have a separate testbed that's completely isolated from your other devices and networks and do your testings there....nothing can escape if the only entry and exit points are hardware locked....
Is this program called KeyScrambler? Or was it dewsoft antikeylogger? I think it was that, googling it no longer pulls up its page...I guess it was taken down because I no longer have the installer now that I've replaced it with KeyScrambler....silly me, should have kept an archival backup for historical purposes like this.....
Yes...so it would appear so...interesting read too....
I remember those, but I didn't they were that serious, were they? Has there been any actual reporting of malware using such an exploit?
I think it was in fact called KeyScrambler. Been years.
Spectre & Meltdown primarily affect cloud-based computing. For the average SOHO it's pretty much not a problem. I won't even update my BIOS with the patch since I know it will most likely reduce my CPU processing speed, albeit not too much, but the Sim is single threaded and I need all the speed I can muster. In addition to a BIOS update you also have to patch Windows.
God only knows what other CPU/hardware vulnerabilities are out there. Especially with IoT hardware where the manufacture could care less about its security. It was in fact IoT devices that helped to create once of the largest DDoS attacks ever created. I believe it was CloudFlare that mitigated it. Pretty damn impressive. It's why I use CloudFlare. For free you can't beat it. LOL
Here's a website that can be pretty interesting and down right scary at the same time. Shodan
Well if you're running a simulation program, I guess it's fine if it's offline....don't there exist multithreaded simulation programs? You'd think now that there are multicore CPUs about, developers would be on the ball with their programs on multithreading.....
What's IoT? Never heard of them.....
Yeah I read an article sometime back there was a 500GB/s DDoS at one of the stations of some website I forgot....
I thought CloudFlare was paid, or anything decent is paid these days...?
What's this do? Oh ahh, it looks like a port sniffer kind of site.....where it sniffs out open ports and tells you about them, no? So if you can't see your own ports or devices, that means you're safe.
Microsoft that developed FS2004 and FSX which I play has abandoned the game. So we are stuck with what they created years ago and I've read that back then when M$ developed the Sim they thought CPU speed would increase expediently and thus kept the game a single threaded game not ever thinking that CPUs would come out that would have multiple cores. So in order to play FSX or FS2004 you need a CPU that has the highest single thread capability you can afford. To make matters worse it's only 32 bit. So it's often that if you have loads of scenery add-ons you'll run into an out of memory error. So to combat that you need to control what scenery loads per flight since FS will load ALL scenery regardless if you fly to or over it.
Pr3pard on the other hand is based on FSX's code and has been redone for 64 bit capability and somewhat takes advantage of more than one core. Only issue is that it's EULA states that it's for educational/student use only, but many don't listen to that and use P3D as a game. Which in large part it is.
IoT: Internet Of Things. These are devices like computer integrated refrigerators, thermometers, dryers, and probably even a damn toaster. All can be controlled form a phone, tablet or computer. You can buy this hardware at Amazon for example. You can tie it all to an Amazon Echo and say, "turn on the front room lights" and it will do that.
CloudFlare is both free and paid. Depending on your needs, and they offer paid for options like rate limiting which I pay for that helps prevent layer 7 DDoS attacks.
Read all about it: Shodan (website) - Wikipedia
Quote
