Thanks for doing the testing Ken. I expect the keylogger
will work if it was installed outside of Sandboxie. If it arrived inside of the Sandbox, then I expect it
will not work.
That is the whole point of Sandboxie; malware that comes in via a sandboxed program like Firefox, Thunderbird, Internet Explorer, Microsoft Mail, etc -- is "sandboxed" and will not survive deletion of the sandbox, and will not be allowed to affect the system outside of the sandbox.
VMWare would also be a great way to go.
Any container may have flaws. Sandboxie may not be perfect. VMWare has definitely had exploits that let malware get to the host machine. Other sandboxes/virtual machines also would have issues. However, using them puts one more layer between the user and the bad guys.
Security is never perfect. I see it as how many reasonable layers we can get between us and them.
- Patched OS
- Patched programs
- Hardware firewall
- Software Firewall
- Antivirus
- Antimalware
- More secure browser
- Helpful add-ons like WOT and NoScript
- OpenDNS or other DNS server with appropriate block lists
- But most importantly, educated users that practice safe Web habits. This is the hard part since end-users cannot know everything that we know, so they will make misinformed decisions.
- Don't open unexpected attachments
- Don't click on links in email
- Don't reply to spam or click on any of its links
- Don't buy anything from spam
- When forwarding those cute emails, use the BCC field instead of TO or CC so that your address book is not made public
- Don't click on "YOU MAY BE INFECTED" warnings
How in the world can end users know how to answer firewall popups asking if they want to allow a program access or not? I have seen them block system processes and allow malware. They just do not know. Shoot, sometimes I do not know unless I Google it first.
-- Patrick B.
