Sandbox Technology in AntiVirus
- 1. SANDBO New age Security X Presented By:- Ashish Gautam 6059
- 2. Preface The term security always plays an important role in our lives ,where it is the age of computers so security plays an even bigger role. The latest and most sophisticated technology emerged recently is Sand Box technology.
- 3. About Sand Box In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code,untrusted users and untrusted websites in a virtual Environment . Any action take by suspicious virus present in these will not effect our System.
- 4. Working of SANDBOX Technology Auto Sandbox offers three options for users whenever suspicious application is identified and prompted to run in safe virtualized environment: 1. execute the file within the virtual AutoSandbox, 2. run it outside the sandbox or 3. cancel running the application entirely.
- 5. Working of SANDBOX Technology When user allows to run suspicious program in the Sandbox, the program will run as usual but operations like files opened/created/renamed and read/writes from registry are monitored and virtualized, that means stored only in the sandbox and no permanent changes will be saved to user’s system.
- 6. VIRUS SCANNERS VS SANDBOX Sand Box scans the actions the virus code takes and not the name or characteristics of the virus. Sandbox cannot replace anti-virus scanners as identification, disinfection and removal of viruses can only be done by virus scanners. Both work complementary to each others for providing a fully secured environment .
- 7. FEATURES OF SANDBOX First in the world Norman is the first anti-virus company in the world to present this new technology . User friendly It can detect unknown viruses with a minimal risk of false alarms. Sophisticated technology The method is based on the basic function of a computer virus replication.
- 8. WITHOUT SANDBOX ? If the sandbox agent does not protect your computer, hostile applets could access all the files and resources that are available on your computer. Recently corporate networks and computers connects to the internet have been attacked and have reported damages from illegal access from the outside. Malicious mobile code (java as well as other executables ) is increasingly being used to issue these attacks. Without sophisticated knowledge like sandbox the rate of threats increases enormously.
- 9. LIST OF COMMON ATTACKS Deleting of files Theft of information and data Remote access via the internet Manipulation of your connection Dangerous calls to the system
- 10. ?
- 11. THANK ’U’
Editor's Notes
- #3: Sophisticated:- Able to understand difficult or complicated things.
- #9: Hostile:- Virodhi Applets:- a simple program that can make one thing Malicious:- Natkhat Sophisticated:- Able to understand difficult or complicated things.
- #10: Denial of Services
- #12: Q. What does malicious software do? A. Malicious software is typically designed to infect your computer. This infection is accomplished by the integration with, or the taking over of, various aspects of your Windows operating system. Following this infection, different types of malicious software have different goals. For example, a virus program might spread to more computers, and a spyware program might record your keyboard activity. Q. How does Sandboxie protect against computer viruses? A. Sandboxie considers the program it supervises as potentially harmful, and keeps the programs bound within a sandbox , which is a kind of protective bubble. The program cannot escape the sandbox, and therefore cannot change, harm or infect your computer in any way. When you're done with the program, you delete the sandbox. Q. Does Sandboxie remove viruses? A. Yes, but not in the sense that Sandboxie discards just the viruses, and leaves everything else intact. What Sandboxie does is delete the entire sandbox, which deletes any viruses trapped within the sandbox, as well as any other changes (good or bad) that were attempted by the program running under the supervision of Sandboxie. Q. Is Sandboxie an anti-virus? A. No. While Sandboxie is a countermeasure against malicious software, it works differently from traditional anti-virus software. Unlike an anti-virus, Sandboxie does not attempt to identify or differentiate between "good" and "bad" (or harmful) programs. An anti-virus might not identify a new virus, and might let it slip by and infect your computer. Sandboxie, on the other hand, considers all programs as potentially harmful, and does not let any program modify your computer in any way. Q. Should I use Sandboxie instead of anti-virus software? A. No. Sandboxie can prevent a virus in the sandbox from escaping into your real computer. However, common sense dictates that it is preferable to prevent the virus from running in the first place. Therefore it is a good idea to use anti-virus software to prevent known threats, while relying on Sandboxie to be your first line of defense against threats that are not yet known to the anti-virus. Q. Is Sandboxie 100% fool-proof? A. No, but it tries to be as close as possible to 100%. At the same time, it is important to remember that Sandboxie is never the only software in your computer. Your other software, including your Windows operating system, might have security holes that could be abused by viruses in ways that no security software can prevent. Therefore it is always important to keep up with software updates. As the saying goes: "The only truly secure computer is one buried in concrete, with the power turned off and the network cable cut." Q. Can the anti-virus detect a virus in the sandbox? A. Yes. Files contained in the sandbox are stored in the hard disk, typically in the folder SANDBOX in drive C. Programs under the supervision of Sandboxie can only operate within this folder, but there is nothing special about the folder itself. The anti-virus software may detect viruses as they arrive into this folder, or at any later time. Q. How should I respond to the anti-virus detecting a virus? A. Your anti-virus should tell you where the virus was identified. If the virus was identified within the sandbox (typically, in the SANDBOX folder in drive C), there is little cause for alarm. You can immediately invoke the Delete Sandbox command, or you may direct the anti-virus to delete the virus file, or move it to quarantine. Q. When the anti-virus moves a virus file out of the sandbox and into quarantine, does it bypass Sandboxie? A. No. The anti-virus itself is not operating under the supervision of Sandboxie, even if the virus alert seems to indicate otherwise. Operating outside the sandbox, the anti-virus can reach into the sandbox folder, pull the virus file, and move it into quarantine. The process is similar to SandboxieQuick Recovery, wherein Sandboxie Control reaches inside the sandbox to pull some file out of it. Q. Will viruses remain in the sandbox after I close all programs in the sandbox? A. Yes and no: 1. No, if your sandbox is set to automatically delete; 2. Yes, in the default configuration, but only until you manually delete the contents of the sandbox. It is important to note that a virus file in the sandbox is just that -- a file , not much different from your average text file. Unless you move the file out of the sandbox and invoke it, there is little cause for alarm. Q. Do I have to securely wipe the contents of the sandbox to make sure the virus is gone? A. No. Although you can configure Sandboxie to use a third-party data wiping utility, the key point is to make the virus file itself inaccessible, and this is accomplished even with non-secure deletion. There is, however, an advantage to secure deletion, as discussed in the next answer. Q. Why does my anti-virus detect a virus in the System Volume Information folder? A. The System Restore component in Windows collects various files into the System Volume Information when they are deleted. While the intention is to protect your system, sometimes System Restore ends up making copies of virus files. These virus files are inactive, and even if restored, will be restored into the sandbox, so there is little cause for alarm. Nevertheless, it is a good idea to let your anti-virus get rid of any such virus files. Note that this will not occur if you securely wipe the contents of the sandbox (see previous quesion). Q. My computer is already infected with a virus, will Sandboxie protect against that virus? A. No. Sandboxie can only protect your computer from the programs that run under the supervision of Sandboxie. The virus which has already infected your computer is running unencumbered outside the supervision of Sandboxie. It might also serve as an infection channel and assist other viruses in the sandbox to break out of the sandbox and infect your computer. It is strongly recommended that you dis-infect your computer as soon as possible, then install Sandboxie to protect against future threats. Q. Does Sandboxie protect against the KillDisk virus? A. Yes. The KillDisk virus works by modifying the hard disk partition directly, bypassing any file systems. This kind of access has been blocked since Sandboxie version 2.33 (early 2006). Q. Can I install an anti-virus (or firewalls or other security software) into the sandbox? A. For most security software, the answer is no. This type of software wants to integrate with Windows in order to monitor access to files and network connections. Sandboxie is designed to isolate programs in the sandbox from the rest of the system, which means the security software will be unable to monitor the system correctly. Note that virus scanner software which does not include active ("real time") monitoring should be able to function correctly under Sandboxie.