Sandboxie and NoScript

Gillor

Anyone got any experience of using Sandboxie AND NoScript?

All my web browsing is Sandboxed with Microsoft Security Essentials, Malwarebytes and SuperAntispy as AV backup but I am concerned that although Sandboxie will trap any malware in the sandbox and stop it infecting my system there appears to be nothing to stop any private information I have in the sandbox during that session from escaping out into the wider world via keyloggers for example.

I have been trying to get my head around NoScript and from what I understand (which is very basic) this would appear to be one solution.

Sandboxie and NoScript - a good combination?

Just one possible problem. How would NoScript build up a list of whitelisted sites if Sandboxie clears everything out of the sandbox at the end of each session?

Thebiker

I am a Malware removal helper on one of the big forums and I always recommend both Sandboxie and Noscript, I also use them myself.

If you picked up a keylogger or any kind of malware that can steal password and other personal information, whilst surfing in a sandbox, then your personal information is not really protected and Noscript will not really help you with this either, although it may help to stop you picking it up in the first place.

All Noscripts does it blocks all script on any given page from being able to load, until you allow them. It is very usefull because you could go to a site that is considered safe, but it may have a malicious script embedded in the page for instance in the form of an ad, if you went to this page with noscript and you had allowed the main site page but not any other scripts on the page, then you would be protected from the malicious ad because it would be able to load, unless you allowed it's script.

As for how noscript would build up it whitelist in the sandbox if you are clearing the sandbox after use, it wouldn't, you would have to keep the sandbox, to keep it's whitelist, otherwise as you say, it would be cleared.

The best way to try and stay safe is to be aware and to use good old common sense. So if ever you suspected you might of picked something up whilst surfing in the sandbox, then delete the sandbox. Staying away from torrents would be another good thing, if you do that sort of stuff. When ever you log into any secure sites like banking, paypal, ebay etc, always have a look at the url before you sign in and make sure it starts with https:// and not http:// if it starts with http:// then the connection is not secure and the page is most likely being spoofed to capture your details.

Also be aware with sandboxie, as with any other program, it would not be impossible for some types of malware to get around it's security and be able to break out of the sandbox, but it is a very good program and will more than likely save you bacon at some point.

closed

you can overdo security.

Noscript will stop most sites working properly, you'll spend all your time allowing/disallowing, and you will probably have no idea whether any of the sites you are allowing are safe. Just clear your sandbox when you close the browser, and let your security software do the rest, the odds of you picking up an undetected keylogger during the same session as a banking session are pretty slim, and most banking sites rotate the password requirement for subsequent sessions.

You will lose any noscript whitelist when you empty the sandbox, you could build up a whitelist outside the sandbox to workaround this.

You could use IE for https (sanboxed if you prefer), and firefox for the rest, in a sandbox or with noscript.

Gillor

Thanks for the quick responses.

The last time I had a malware issue was around nine years ago but it trashed my computer and last year my son had his HSBC account hacked into so I am ultra (over?) cautious where internet security is concerned.

I completely take on board the comments about common sense surfing, to the extent that I never visit any web site without WOT approved certification and I also have Threatfire as a behavourial AV back-up.

Sandboxie to me is simple and effective, although it took me a little time to get my head around the concept. What I don't quite understand though is scripting. What is malicious scripting and what is likely to happen if it loads?

If I have all browsing activity sandboxed why would I need NoScript?

Is NoScript a pain in the a*se with constant pop-ups? How can I distinguish which sites are safe or not?

If NoScript is not the answer to to the protection of private information is there anything at all I can do to stop the possible outward flow of passwords/keystrokes etc. into the outside world from a sandboxed session - in other words is there a any anti-keylogger/privacy type software which would prevent this happening or stop it being downloaded in the first place? Is this something a signature AV or Threatfire would do?

I accept that there is no 100% safe way of using the internet but with a combination of care and selective software at least I can try and minimise the risk.