Protect me from malicious web pages!
April 6, 2011 7:47 PM   Subscribe

[ WindowsSecurityFilter ] Do I need a sandbox for surfing the web?

So, I notice some people are using a sandbox. Does a Windows user need a sandbox for protection while viewing web pages? What do you use or recommend? [I'm careful on the web and my laptop is all antivirused-up. No malicious exploits yet, fingers crossed. Running Firefox 4 on Windows Vista Home Basic, 32 bit.]
posted by exphysicist345 to Computers & Internet (14 answers total) 4 users marked this as a favorite
I don't, personally. I have never run Antivirus, but I do an online scan from time to time - never got any hits other than a few suspicious cookies. But I'm a "safe surfer" (in other words, I don't click any of those links that say stuff like 'You've just won a million dollars' or whatever), and I run Firefox.

HOWEVER, I am very interested in exploring and maybe even helping bring down some of the internet charlatans, which would obviously expose me to a much greater risk of infection if I were to start peeping into those murkier parts of the web. I were to do so, I would setup a sandbox using VMware Player, which is available for free, and a pre-baked Linux distribution to run under VMware. Setup a completely clean VM system, take a "gold copy" snapshot of your clean system, go out onto the net and do what you want to do, then revert back to the snapshot.

In summary, if you're just a "normal" web user, you don't NEED a sandbox, as long as you practice safe surfing. But if you're interested in delving into the seedier side of things, it's probably worth setting up a sandbox.
posted by Diag at 8:10 PM on April 6, 2011

I have always been *very* careful, and I have gotten a virus from just surfing the web. There are some legitimate web pages that can have malware in their advertisements.
posted by brownrd at 8:23 PM on April 6, 2011

I agree that having a separate VM running in order to do sandboxing is probably overkill. On the other hand, Chrome and IE (in Protected Mode) both implement a limited form of sandboxing that add an additional layer of protection against browser exploits. PDF viewing is also a risk area, and Adobe Reader X also has a sandbox based on the Chrome sandbox design. These sandboxes, by the nature of their design and implementation, are imperfect.

Nonetheless, I'd consider Chrome and Reader X sandboxing a significant advantage.
posted by alexallain at 9:13 PM on April 6, 2011

I've had good luck using Sandboxie for this (I see it's mentioned in the link you gave). It's set up with Firefox as the default browser. I replaced the normal shortcuts with ones that launch Firefox inside of the sandbox and it works pretty well. And it's free.

Three things that are annoying, but part of the bargain:
1) Downloads don't go to where I ostensibly save them, but to a sandboxed virtualization of it. It's easy enough to scan them and move them out of the sandbox, but it's an extra step and sometimes I get turned around and have to go hunting for the file.
2) If you download torrents and have them open in your torrent program, that program launches within the sandbox, and the ultimate download stays in the sandbox. I have the sandbox on a drive with limited space and I often want the download to go to a larger or external drive. Again, an extra step.
3) If you sometimes work in the sandbox and sometimes out of the sandbox, and bookmark in both situations, your bookmarks can drift between the two. There's probably a solution, but I haven't really looked for one, honestly.

It's also nice that you can launch any program within the sandbox if you think you're going to be handling something sketchy. I've used that on occasion, probably from a surfeit of caution.
posted by averyoldworld at 10:12 PM on April 6, 2011 [1 favorite]

You don't need a sandbox. Keep your windows updated, use a free firewall like Comodo and Microsoft Security Essentials as your anti virus (or Kaspersky if you've got some money) and you're good to go. Using Firefox as your browser and adding ad-block plus, flashblock and no-script helps a lot too, as does not opening random e-mail attachments from 'people' you don't know and not clicking on flashing "free sex!!!!" banners, not that you'll see any of those if you do the full firefox thing.

Purely in the name of scientific research, I've rummaged through some of the darkest corners of the internet and haven't caught so much as a cold. If you choose an overly complex solution which is constantly obtrusive and annoying to use, the chances are you'll stop using it and expose yourself to risk.
posted by joannemullen at 5:18 AM on April 7, 2011

The best thing you could do for yourself is to not have your main account as a Local Admin or Power User. Instead, create a separate account called "Trusted" or similar, and set that as your Administrator account. One of the nice things about Windows Vista and 7 is that once you run into a point where you'd need elevated privilages, if you're a normal user you'll get a pop-up asking you to log in under you "Trusted" account.

The main thing you'll want to be cautious of, as others have mentioned, is "drive-by" infections that take advantage of your browser or 3rd party plugin's vulnerabilities. Not being an Administrator automatically protects you from 99% of the more serious types of infections (eg. the kind that become rootkits and require more drastic measures to inoculate).

Aside from that, IE8 and Chrome in protected mode are essentially sandboxed. I'd personally prefer IE8 however as it shows up on the US-CERT threat lists much less than other browsers (safari and chrome being the worst...firefox not too far behind).

Once you've closed that administrator gap, your next plan of action is strengthening up your limited rights account to avoid profile based infections. I normally split this into a 4 tier approach:

- Antivirus: Avira is a decent free antivirus solution, with on average better detection rates than other free AV's. Keep in mind however for 0-day threats you're usually relying on 100% heuristic detections, and they still probably only catch 20-30% of potential malware infections at that point. Immunet is a decent supplementary cloud based AV that can run along side your existing solution. There is also Microsoft Security Essentials, AVG, and Avast that could be evaluated.

- Site Advisors: Web of Trust is currently the best possible community-based site advisor going at the moment. For extra protection against SEO exploits (search engine optimization) and unsolicited redirects, you can set WOT to block any site that has not been sufficiently rated. From there it's easy to temporarily disable WOT if you really want to see the site.

- Patch Management: Secunia PSI is one of the best all-in-one free patching solutions going at the moment. This will help ensure that your vulnerable 3rd party apps outside of Windows Updates are kept up to date. To get a head start however, I suggest trying out Ninite to bring atleast your browser plugins to the latest versions easily.

- Network Protection: And finally, Peerblock is an excellent IP Filter solution that will help keep your system and privacy safe. It is self updating to identify known bad sites from I-BlockList and is easy to temporarily disable or add exclusions for sites or apps you really need. (for example, if you want to enable the Steam client and continue blocking other valve ips, you'd just import the i-blocklist for the client and set to "allow")
posted by samsara at 6:42 AM on April 7, 2011 [1 favorite]

Noscript will stop many browser based exploits
posted by T.D. Strange at 9:23 AM on April 7, 2011

Thanks for recommending Sandboxie. I'll try it. (Do you use it for free? The website says 13 euros per year, or 29 euros forever, for home use.)

I'm a big fan of AdBlockPlus, but I like too many sites that rely on javascript to use Noscript, and I use Flash all the time for places like YouTube, so blocking Flash isn't an option.

I log into Vista as Admin. Yes, I understand the risk. I've tried logging in without Admin privileges, but found that life became too difficult with all the restrictions. Not just the constant popups, but some programs silently refused to work. So I log in as Admin now and everything works just like it should.

I'm a big fan of FireFox. Wish it had a "protected mode"! Return to IE? Not gonna happen. Chrome? Might try it.

samsara, thanks for your many suggestions. I'll look into them.
posted by exphysicist345 at 10:24 AM on April 7, 2011

With NoScript, it's really easy to add exceptions, and within a week or so all your regulars will be covered. After an initial training period, it's really helpful, so I wouldn't write it off right away.
posted by bookdragoness at 2:20 PM on April 7, 2011

Not just the constant popups, but some programs silently refused to work.

The removal of easy access to the 'run as' in vista was a major annoyance for running in non-admin mode.

They've fixed this in Windows 7; you can hold down shift and right-click on any shortcut to 'run as administrator' which will prompt you for elevation rights. You can also select a shortcut's properties, and under the compatibility tab you can 'run this program as an administrator', or add additional settings for say, making it think it's running under windows xp, which stick. Win 7 also has a number of other improvements to the UAC elevation system that make it a LOT less annoying than vista with prompts. 7 also has improvements to DEP etc, which is windows' built in sandboxing (it stops programs executing code in parts of memory it shouldn't, thus blocking a lot of exploits that when discovered would otherwise allow full access to the machine) so it should be more secure in general than vista.

That said; vista does allow the setting of compatibility mode (run as admin) and right-click run as admin on some apps, so that does work in some cases. You can also grab shellrunas which brings back the functionality to vista.

Running browsing under a virtual machine is rather overkill, though it is damn handy for testing installs of apps you're not sure of - install, run a few checks on the os state after. Or if it's a one off thing, just snapshot the vm first, then revert back to prior state and it'll reset any changes. I personally use the (paid for) vmware workstation, but virtualbox is great free virtualization software.

So personally, I'd upgrade to win 7, switch to using a non-admin account, and use run-as admin for any sticky apps - it's a lot less annoying in 7 than vista. That, plus browser built in sandboxing, OS sandboxing and keeping your plugins up to date (and trimming down your plugins as much as possible) will keep your attack surface down a lot. Filehippo updater is a very useful way of keeping your apps up to date, either standalone or installed - it prompts you when updates are available. Make sure you stay on top of flash if you're not using flashblock.

Also, get rid of acrobat reader. That is probably the biggest single attack vector going at the moment, especially since people don't keep it up to date. I've switched to evince myself, but sumatrapdf and foxit are both decent also.

Chrome by default runs sandboxing, with each tab run in its own low-priviledge process. This is very similar to IE protected mode. Also, IE more secure than chrome? Hahahah. Sorry. Just because a browser has a higher number of exploits, does not make it less secure.

a) IE is closed source. The only people easily able to scan for faults is MS; others have to report them and hope they get fixed before the blackhats find them. Disclosure is optional.
b) Firefox and Chrome, safari (webkit) are both open source. Many eyes are looking for bugs, and so many trivial exploits are found, publically reported, fixed, and rapidly pushed out in the next update. Those same faults on IE are not found, or are not published - or are classified under a single vague update description.
c) the faults that do get detailed in IE tend to be BIG - i.e. remote root level of access, or 'this website owns your computer now' exploits.

The best argument I find is the pwn2own contest - chrome didn't fall at all in either 2010 or 2011 due to it's built-in sandboxing. IE went down much quicker than firefox.

Of course, chrome is great as long as you don't mind sending your browsing and search info to google. Of course, IE sends it to microsoft, so pick your poison really.
posted by ArkhanJG at 3:01 AM on April 8, 2011 [1 favorite]

The best argument I find is the pwn2own contest

Good to know, I have more respect for the chrome browser now..thanks for the correction.
posted by samsara at 5:20 AM on April 8, 2011

Well I shouldn't say a correction per-se, rather better awareness of the browser. For the most part I have been sketchy about Chrome ever since this particular exploit where simply having it installed made IE and other browsers more vulnerable. Reading about the Pwn2Own contest shows me that Google has stepped up their game in the past few quarters. I'd still be cautious however Ark, as the hacker/malware game is always jumping out ahead and figuring out new was to exploit systems. Your very secure browser today could be the source of a rootkit tomorrow...or at best, a simple fake AV if you're running on and protected by limited rights. Very good info in your post.
posted by samsara at 5:32 AM on April 8, 2011

samsara, I just installed NoScript and am getting notifications on every page I browse. For example, right here on AskMeFi, obviously I want to Allow, but what about Do I want to Forbid or Allow? What do you do? Maybe just Allow all on a trusted site like this? Thanks!
posted by exphysicist345 at 2:42 PM on April 8, 2011

I think you're fine ignoring those, or turning off the notifications for them. Noscript will mainly come in handy when you land on unfamiliar sites. I'd probably check to see if you can tone down the notification level/audio alerts as many sites will work ok without running scripts. Although if you do whitelist to make a site or page work, you can do so temporarily if you're uncertain about the provider. If your good on your other security measures, the risk of whitelisting in noscript is lessened too.

One of the main things noscript will be a godsend on is when you stumble upon a SEO (search engine optimization) exploited site. (eg. you perform a google search and get results that lead to compromised servers). I personally don't use noscript, but have heard good'll still want to harden your system in case something does slip by of course.
posted by samsara at 8:50 PM on April 8, 2011

« Older Ai WeiWei, the dissident and a...   |  What can I attach to my hose t... Newer »
This thread is closed to new comments.