How much access to information do threats really have?

Hi,

I get that potential software threats that are installed in a sandbox is isolated from making changes to the actual system.

But, doesn´t it still have access to confidential information, such as browser history or documents on the computer?

I ask about that because I know that the sandbox and the software installed in the sandboxes can "copy" files from the actual system as needed.

Would then a trojan be able to get confidential information from my browser or other files and send it elsewhere?

I know it wouldn´t be able to make changes to my system, but wouldn´t it be able to pull information from it? if not, why not?

Thanks for the clarification.

  • Hi Diogo,

    Here's a copy paste from our FAQ regarding how does Sandboxie protect you, which explains how does Sandboxie protect your computer, and it also explains that it does not typically stop sandboxed apps from reading your sensitive data.  
    https://www.sandboxie.com/FrequentlyAskedQuestions#HowItWorks

    How does Sandboxie protect me, technically?

    Sandboxie extends the operating system (OS) with sandboxing capabilities by blending into it. Applications can never access hardware such as disk storage directly, they have to ask the OS to do it for them. Since Sandboxie integrates into the OS, it can do what it does without risk of being circumvented.

    The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports. For some more information on this, see Sandbox Hierarchy.

    Sandboxie also takes measures to prevent programs executing inside the sandbox from hijacking non-sandboxed programs and using them as a vehicle to operate outside the sandbox.

    Sandboxie also prevents programs executing inside the sandbox from loading drivers directly. It also prevents programs from asking a central system component, known as the Service Control Manager, to load drivers on their behalf. In this way, drivers, and more importantly, rootkits, cannot be installed by a sandboxed program.

    It should be noted, however, that Sandboxie does not typically stop sandboxed programs from reading your sensitive data. However, by careful configuration of the ClosedFilePath and ClosedKeyPath settings, you can achieve this goal as well.

     

    For more info, please see below: 

    The virus FAQ section covers more scenarios regarding viruses and using Sandboxie:
    https://www.sandboxie.com/FAQ_Virus

    And, as additional info, I suggest to have a look at the keyloggers entry:
    https://www.sandboxie.com/DetectingKeyLoggers

    You  may also be interested in the privacy entry as well:
    https://www.sandboxie.com/PrivacyConcerns

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • A trojan can copy information but can't cause any harm. Wraithdru created "Block Process Access" dll and offered it to the community under Contributed Utilities. This program blocks the ability for any program within a sandbox to see files in the "host" area. But it's really dated and might not work anymore. If you want to check it out: https://www.sandboxie.com/ContributedUtilities

    If for some reason the link pulls you back here, then use Google, keywords: sandboxie contributed utilities. Some links come back to this forum and others don't.

    EDIT: Forget what I said. The link to download the actual file points back to this forum and it's not available.