Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Matter cannot be created or destroyed, nor can it be returned without a receipt.

computers / alt.windows7.general / More Sandbox False Nonsense

SubjectAuthor
o More Sandbox False NonsenseNomen Nescio

1
More Sandbox False Nonsense

<f7eb5d62c14cb48159de812610888bc4@dizum.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=5308&group=alt.windows7.general#5308

  copy link   Newsgroups: alt.windows7.general
From: nob...@dizum.com (Nomen Nescio)
Subject: More Sandbox False Nonsense
Message-ID: <f7eb5d62c14cb48159de812610888bc4@dizum.com>
Date: Fri, 11 Nov 2022 02:01:58 +0100 (CET)
Newsgroups: alt.windows7.general
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
 by: Nomen Nescio - Fri, 11 Nov 2022 01:01 UTC

You will notice that most of the pages you find disclaiming the safety
of a sandbox/vm program are owned by security outfits who wants you to
believe that a monthly check for them and their "security" software is
the way to go.

https://www.networksolutions.com/blog/protect/cybersecurity/how-sandbox-security-helps-prevent-malware-attacks

"Delay execution. This is a favorite of many malware routines. Because
sandboxes examine what happens in real-time, many of the early
sandboxes wouldn't wait around to see what happened after a few
minutes of loading the malware sample. So the malware authors built-in
automatic delays into their routines, in the hopes that by then the
sandbox would have given them a stamp of approval."

Time Freeze does not give any download - unhidden or hidden, it's
approval. The only way for that to happen is for the user to get
carless-stupid and download the file to another drive other than the
C: and then install it later outside the sandbox.

Again, the average piece of schlock malware is not infected with such
advanced methods of infection. Pro hackers going after companies they
know use a sandbox will. Pros also do their homework on such victims.
They pretty well know the lay of the land.

Also, running the average download through VirusTotal will usually
ensure it's safe. Further methods of safety have been covered in past
postsm, SR, etc., etc.

Infecting on the hardware level is a subject beyond me. And with the
rate of infections allowed by the standard AV, I think it's also
beyond them.

User Interaction: techniques used to detect if there is any user
interaction. Used to circumvent the fact that a sandbox is not a real
machine and used daily.

The above only applies if the user is still in denial about
infections, and lacks discipline to always use the sandbox without
exception when browsing, etc.

Most of the other methods of defeating sandbox type programs are far
beyond reason as to actual infection routines known to inhabit the
average malware download.

Again, you will notice that this page is hosted by a company looking
for dollars. They are not going to get your business if they tell the
truth about how little are your chances of infection running a
sandbox, VM, or an SR such as Time Freeze.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor