Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

2010 Will Be the Year of Sandboxing Apps

timothy posted more than 4 years ago | from the layers-within-layers dept.

Microsoft 203

Trailrunner7 writes "In a guest editorial on Threatpost, Mac hacker and security researcher Dino Dai Zovi writes that 2010 will be the year that software vendors get religion about sandboxing untrusted data in desktop apps. 'Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. The largest Internet security threats now arrive through malicious web pages or e-mail attachments. This is because attackers are opportunistic and these are the weakest links especially because they easily pass through every firewall. Security is not and never was about SYN packets, it is about data: the software attack surface that attacker-controlled data interacts with and what sensitive data the attacker can get a hold of if they can exploit vulnerabilities in that software.'"

cancel ×

203 comments

Sorry! There are no comments related to the filter you selected.

And the year of.. (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#30674394)

.. bloat.

Just look at how slow IE8 is to use.

Re:And the year of.. (1)

Penguinisto (415985) | more than 4 years ago | (#30674448)

...and if you think Exchange 2007 is evil now (what with store.exe arrogantly sucking down 95% of your available RAM, no matter how much RAM you have, whether it needs to or not), I simply cannot wait until someone gets the idea that hey, maybe they should sandbox services too!

/P

Re:And the year of.. (1)

alen (225700) | more than 4 years ago | (#30674566)

and what exactly is the point of having RAM go unused?

Re:And the year of.. (4, Informative)

spun (1352) | more than 4 years ago | (#30674634)

and what exactly is the point of having RAM go unused?

File cache. RAM unused by bloated applications gets used by (most) operating systems to cache files, resulting in quicker disk access.

Re:And the year of.. (2, Interesting)

Anonymous Coward | more than 4 years ago | (#30674756)

Exchange takes the file cache into account when setting its cache size. If you start paging it can reduce its memory usage. The point here is subtle:
Free memory = Bad (wasted resources which can be used to reduce I/O)
Paging = Bad (bad performance)

So Exchange increases its memory usage unless the machine is paging.

Re:And the year of.. (1, Interesting)

BlackSnake112 (912158) | more than 4 years ago | (#30676012)

Great Idea, but it looks like exchange is doing it wrong since the exchange machines I have seen are often using more memory then is installed so they are paging and using all the RAM it can. These are not the massive exchange systems that large companies have. These exchange systems have 5-20 email accounts on them. Not large at all. So why is exchange using between 5GB (on a systems with 4GB installed RAM) and 18GB (on a system with 16GB installed RAM) of RAM? I am not the exchange admin, I pointed it out and the exchange admin said not to worry the system is running fine. I still think something is very wrong.

Re:And the year of.. (1)

thetoadwarrior (1268702) | more than 4 years ago | (#30674692)

What's the point of operating systems that can run more than one program if we're happy to let one program eat up all the memory?

Re:And the year of.. (2, Insightful)

alen (225700) | more than 4 years ago | (#30674748)

unless you're using SBS, most organizations will only run Exchange or SQL or one major app on a server. on our servers we're running the HP software and SQL on our database servers. we even put all the third party database drivers on a separate server so as not to cause any potential issues.

Correction needed ... (3, Insightful)

Viol8 (599362) | more than 4 years ago | (#30675132)

"unless you're using SBS " or run unix/linux " most organizations will only run Exchange or SQL or one major app on a server"

There, fixed it for you. Curiously unix can generally cope with running more than one app/DB without falling over or having one app
screw up the other.

"we even put all the third party database drivers on a separate server so as not to cause any potential issues."

Well that sums up running a Windows server doesn't it.

Re:Correction needed ... (1)

aix tom (902140) | more than 4 years ago | (#30676334)

Yep. The only thing that makes Windows "servers" half-way bearable is to put one server for each single service you need in a virtual machine.

So basically the whole thing IS already sandboxed.

Re:And the year of.. (1)

MistrBlank (1183469) | more than 4 years ago | (#30674780)

Also, lots of memory used =/= efficient programming.

Re:And the year of.. (1)

Eponymous Coward (6097) | more than 4 years ago | (#30675106)

It all depends on what efficiencies you are seeking. Many organization value developer time over cpu/memory usage and so never bother profiling their software (the only way to do it) to look for more efficient machine use. "Worse is better" applies to source code as well.

Re:And the year of.. (0)

Anonymous Coward | more than 4 years ago | (#30676154)

not the only way,
if you choose the right data structure and algorithm from start you will solve a lot of memory/speed problems.

Re:And the year of.. (1)

Eponymous Coward (6097) | more than 4 years ago | (#30675274)

Actually, the more I think about your statement, it's just wrong.

You are assuming lots of memory used implies memory is wasted. I wouldn't assume that. There is usually a time/space trade off in algorithms.

Re:And the year of.. (1)

abigor (540274) | more than 4 years ago | (#30675764)

People who say things like this typically know nothing about programming or how operating systems allocate resources, let alone how to compute efficiency. No offence.

Re:And the year of.. (2, Funny)

SnarfQuest (469614) | more than 4 years ago | (#30674506)

If you want to leave a lot of openings in your sandbox for malicious software to work through, you have to expect things to slow down.

Offtopic Parent (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30674636)

.. bloat.

Just look at how slow IE8 is to use.

What does this offtopic post have to do with sandboxing?

Re:And the year of.. (0)

Anonymous Coward | more than 4 years ago | (#30675394)

And? IE8 is certainly not the standard of good programming, anywhere, even in Microsoft.

Why not Chrome? That sandboxes and is speedy as a photon on steroids.
Even WITH extensions, it is still incredibly fast.
And i have fair amount of extensions, almost as much as i had in Firefox previously, and certainly more than i do now and Firefox is still significantly slower. (I have 4 in the current install vs 17 in Chrome)

Sandboxing isn't slow, it is the devs that coded it horribly who made it slow.

Re:And the year of.. (1)

alexhs (877055) | more than 4 years ago | (#30675950)

And mostly useless bloat at that.

It's only adding one added layer to the dancing bunnies problem.

Virtualization is detectable. Your dancing bunnies malware will complain that it needs better access to the computer in order to run.

You only need memory protection, and an OS with some access control mechanisms.

If the application can't run in those constraints:

  • Educated users will know that something is going wrong;
  • Uneducated users will escalate privileges one by one until the computer is pwned.

Now what I think would be a secure system on paper :
Only signed apps run on native hardware, everything else in one big sandbox (resetted each time, have fun reinstalling unsigned apps every day).

Practically, bugs can allow code injection in signed code, and the signing authority can miss malware, but this at least solves the dancing bunnies problem, because it's the hardware/OS vendor which will refuse you to run the application.

Well, unless if there was a way to work around the signing check. We could call that "jailbreaking" the computer. But that's unthinkable, isn't it ?

A wish, not a prediction (1)

truthsearch (249536) | more than 4 years ago | (#30674432)

This is much more of a wish, not a prediction. Microsoft has only barely just started to offer sandboxing. It's also not common practice by other desktop application developers.

This is the year of wishes being predicitons (1, Offtopic)

spun (1352) | more than 4 years ago | (#30674660)

And I predict this will be the year of 'Spun getting freaky with Kari Byron of MythBusters.'

Re:This is the year of wishes being predicitons (5, Funny)

csartanis (863147) | more than 4 years ago | (#30674690)

I predict this will be the year of Kari Bryon on the desktop!

Re:This is the year of wishes being predicitons (1)

maxume (22995) | more than 4 years ago | (#30674888)

Right after the baby? Or are you going to give it a few months?

Re:This is the year of wishes being predicitons (1)

spun (1352) | more than 4 years ago | (#30675504)

Who said anything about after the baby? When it comes to Kari, I'm just not that picky.

Re:A wish, not a prediction (2, Insightful)

tempest69 (572798) | more than 4 years ago | (#30674936)

Sandboxing is long overdue. It's a primitive step in the right direction, but it's needed to take the whole host of steps that can make a stable system. There is a freakload of work that needs to be done to get past the mess that exists in current operating systems. But instead of making a really innovative system, we keep getting more of the same: incremental improvement to the desktop system.
Sandboxing is a decade late, we should be so much further by now.. dang.

Storm

Re:A wish, not a prediction (0, Troll)

twiddlingbits (707452) | more than 4 years ago | (#30676050)

...the mess that exists in the Windows operating systems.... There, fixed it for you. Unless improperly configured, UNIX/Linux don't have these issues. Windows has them be default with pitifully few workarounds.

Nah, it can still be done (1)

Weaselmancer (533834) | more than 4 years ago | (#30676384)

Even in Windows.

My home system? Windows XP. And I use VMware Player to access the internet. And nothing else. That's the trick. Towards that end here's what I've done:

Step 1. I got a USB 2.0 10 Base T network doohickey. Then I plugged it in to my Windows box. It has never heard of the thing and wanted a driver. Cool! Step one - passed. There is no way my main machine can use this thing to get on the net. FWIW, if it had known how to connect to this thing I would have went and found the INF file that describes it and erase that. For part one the main thing is to have a USB gizmo that can connect you to the internet, and make sure your machine cannot use it. So for all purposes my main machine is not on the net.

Step 2. I load up a VMware Player machine (also XP) and disconnect the virtual network adapter, so there is no network link between it and the host machine. Just in case the VM gets owned. Then I have VMware transfer the USB device to the VM. And I install the USB driver there. And there *only*.

Viola! My main machine is 100% off the net, and not able to be owned. But I can still get on the net. I'm *sandboxed*. Zip up a copy of your VM and restore it every so often and Bob's your uncle. Be sure to save off your bookmarks and email to a shared folder. And if anything icky happens to your network VM, a full restore is just a file copy away.

The only thing this doesn't work well for is online gaming. You won't be able to WoW with this setup. Well, you won't be able to do it very well. I'd imagine the game would suck in a VM. But since I don't play I don't worry about it much.

Office 2010 (1)

PCM2 (4486) | more than 4 years ago | (#30675080)

Microsoft might be doing more than you think. TFA brings up Protected Mode Internet Explorer, but Microsoft is incorporating sandboxing-type ideas [infoworld.com] into Office 2010, too. For example, before it opens files, Word 2010 will validate them against known-good and known-bad schema. The idea is to detect potentially risky files/actions and run them with reduced privilege. So if a given file was created using an old version of Word that includes implicit vulnerabilities, for example, Word 2010 will open it in read-only mode with macros disabled, while giving the user a button to activate the disabled features (with an "it's your funeral" warning message).

This is not exactly "sandboxing," but it serves the same purpose: It helps to keep bad things from happening accidentally or out of user ignorance. In the past, if a user tried to open a file with dangerous macros, the app might throw up a warning message: "OMG if I open this file all hell will break loose!" But the user really wants to see what's in that file, so he just clicks "OK," and the damage is done. With Office 2010, there are more situations where a file will open with a slightly degraded user experience (no macros, etc), which lets users do 90 percent of what they want to do -- read the text, or copy and paste it into a new file -- without putting them at risk.

Windows 7 (3, Funny)

gbjbaanb (229885) | more than 4 years ago | (#30674452)

Great, I just upgraded from XP to Windows 7 and now all my apps have to be run in XP Mode's virtual machines. Thanks Microsoft. :)

Wow.... Welcome to Java applets, 1995... (2, Interesting)

haemish (28576) | more than 4 years ago | (#30674458)

Sandboxes are a tried and true idea, they work well. It's about time

Re:Wow.... Welcome to Java applets, 1995... (1, Funny)

Anonymous Coward | more than 4 years ago | (#30674546)

Sandboxes are a tried and true idea, they work well. It's about time

So, sandboxes will see as much success as Java desktop apps? What?

Re:Wow.... Welcome to Java applets, 1995... (1)

Anonymous Coward | more than 4 years ago | (#30674808)

Java sucks for the desktop because of the long startup times and huge memory usage, but that doesn't mean that all sandboxes have to be that way. For example, you can run a program in a chroot jail in Linux, and its performance won't be much worse than running it normally.

Re:Wow.... Welcome to Java applets, 1995... (0)

Anonymous Coward | more than 4 years ago | (#30675930)

Sandboxes usually get filled with cat scat. We'll have to see what happens with software sandboxes, but definitely the term they were taken from - playground sandboxes - sure don't stay clean.

Already here. It's on my family PC.. (4, Interesting)

Lumpy (12016) | more than 4 years ago | (#30674480)

sandboxie... Great program, will NOT work on a 64 bit OS.

IT has kept my Daughter's PC free of crap because she refuses to not click on everything and not use Internet explorer... so I sandboxed it. Click on everything, it's all sandboxed.

Re:Already here. It's on my family PC.. (5, Funny)

sakdoctor (1087155) | more than 4 years ago | (#30674584)

Whoa! Your daughter is off the rails, and your soft approach to parenting is not helping.
Install linux on her system right now, and don't give her the root password until she's 18!

Re:Already here. It's on my family PC.. (1)

ub3r n3u7r4l1st (1388939) | more than 4 years ago | (#30674678)

LOL you just successfully stopped a future professional gamer by not teaching her how to install GTA 4 in Ubuntu.

Re:Already here. It's on my family PC.. (0)

Anonymous Coward | more than 4 years ago | (#30675018)

Then she has a chance at a life.

Re:Already here. It's on my family PC.. (1)

Lumpy (12016) | more than 4 years ago | (#30674730)

Yup, WAYYYY off the rails... she turns 18 this week. Sadly she is very much like her mother.

Re:Already here. It's on my family PC.. (2, Funny)

Anonymous Coward | more than 4 years ago | (#30674786)

[dont-take-it-personal][joke-to-easy-to-resist]
"Much like her mother"? she has poor taste in men?
[/joke-to-easy-to-resist][/dont-take-it-personal]

Re:Already here. It's on my family PC.. (0)

Anonymous Coward | more than 4 years ago | (#30674996)

[joke-too-easy-to-resist]

"Much like her mother"? she has poor taste in men?

Hey! There's nothing wrong with me!

[/joke-too-easy-to-resist]

Re:Already here. It's on my family PC.. (1)

Archangel Michael (180766) | more than 4 years ago | (#30675134)

So many tasteless jokes in such a short thread. Root, Box, turning 18, like her mother .... I ... must ... resist ...

Re:Already here. It's on my family PC.. (2, Informative)

CannonballHead (842625) | more than 4 years ago | (#30674666)

"Windows 64-bit: Full support for 64-bit is available in recent beta versions of Sandboxie. Click here"

Looks like they are working on that. :)

Re:Already here. It's on my family PC.. (0)

Anonymous Coward | more than 4 years ago | (#30674712)

"Windows 64-bit: Full support for 64-bit is available in recent beta versions of Sandboxie. Click here"

Looks like they are working on that. :)

Cool. When can we get this for Linux? Oh wait... we've already had chroot for years.

Re:Already here. It's on my family PC.. (4, Insightful)

CannonballHead (842625) | more than 4 years ago | (#30674752)

Yes. Linux has many, many things that are pretty cool.

Unfortunately, they haven't had a good all-together tied-in user experience.

Claiming things like "we have chroot" and "we have sudo" and other code/geek-ish type of coolnesses is like claiming that your car has awesome engine with new piston technology, very secure door locks, and can run on almost ANY fuel currently available; unfortunately, the seats are rather uncomfortable and the controls on the dashboard look more like a commercial airliner's cockpit.

Yes, I know it's getting better. That's good. I hope they keep it up and continue to improve issues that apparently many geeks don't care about and many average users do (like flash video [youtube] and audio) and being able to use their iPods and scanners). :)

Sandboxing great for Multiplayer gaming (1)

ub3r n3u7r4l1st (1388939) | more than 4 years ago | (#30674758)

Just the 3D acceleration is a little bit iffy.

But otherwise, one can debug VAC or Warden in a sandbox and find a way to disable these spyware to make the gaming experience more enjoyable.

Re:Already here. It's on my family PC.. (1)

Jason Levine (196982) | more than 4 years ago | (#30675040)

I use that too. Program I'm not sure about? Run it in SandboxIE and delete the Sandbox when I'm done. Website that might impact my security? Run it while my browser is under SandboxIE so I'm safe from viral threats.

Re:Already here. It's on my family PC.. (1)

tunapez (1161697) | more than 4 years ago | (#30675444)

Been using SandboxIE for 3 years now. Highly recommended utility.
Right-click any program and run it sandboxed.

Additionally, useful for testing captured malware. In a VM is recommended, never know if/how/when it may be subverted.

Re:Already here. It's on my family PC.. (0)

Anonymous Coward | more than 4 years ago | (#30675712)

Also, Sandboxie has another interesting use-case that isn't really mentioned.

Sandboxie is GREAT for making pretty much any application portable.
How annoying is it when programs need to be reinstalled because you reinstalled the OS and it no longer has any registry items?
Well, no longer, install inside sandbox, backup before reinstalling, copy sandbox back over, bham.
Of course, applications that depend on USER keys won't work. Only solution there is to write a script to replace the key IDs with the current users ID.

I might write in to the developer to see if he could possibly add a tool in to do this automatically.

Cannon Fodder for your VM (0)

Anonymous Coward | more than 4 years ago | (#30674504)

Fire up your VM-based Windows XP machine and head to http://www.offensivecomputing.net/

Their site contains tons of live malware. I believe it requires free subscription, however.

Beats waiting on lower computer prices... (0, Offtopic)

ibsteve2u (1184603) | more than 4 years ago | (#30674516)

About time...I was getting the impression that the solution was going to be $20 netbooks...use one to browse the web, it gets contaminated, and you throw it away and get a new one. Not very efficient, resource-wise.

tubg1r:l (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30674534)

revel in oUr gay [goat.cx]

Let's just stop using the browser as an OS. (4, Insightful)

Anonymous Coward | more than 4 years ago | (#30674554)

Maybe we should just stop using the goddamn browser as an operating system. It was never meant to be anything more than a way to view mainly static documents, and quickly access other linked documents.

While some interactivity is of course useful and sensible, some fools have gone off the deep end and think we should treat the browser as some sort of an application development platform.

Of course, anyone who has done real application development under a real operating system, even if it is just Windows, knows how poorly the browser is as such a platform. It's clear that everything, from JavaScript to AJAX to Flash, has been tacked on as a shitty afterthought.

The answer isn't sandboxing. The answer is that we need to go back to using the browser as just a browser, and nothing else. And any real applications that demand network connectivity should be written as such, and run outside of the browser.

Re:Let's just stop using the browser as an OS. (0)

Anonymous Coward | more than 4 years ago | (#30674628)

I don't know... I find myself using more and more internet apps and fewer desktop apps. I constantly bounce around between different machines (desktops, laptops, netbook, smartphone, etc) and having access to the same data on any one of those outweighs the "clunkiness".

Re:Let's just stop using the browser as an OS. (2, Insightful)

phantomfive (622387) | more than 4 years ago | (#30674656)

The answer is that we need to go back to using the browser as just a browser, and nothing else.

It's never going to happen. The browser is too useful for too many other things. If somehow we managed to get the browser to return to being just a page viewer, someone (like Microsoft) would create an API for online applications and call it a non-browser. In fact, this was the original idea behind .net, and why it is called .net. Online applications AKA cloud based applications are here to stay.

Re:Let's just stop using the browser as an OS. (2, Insightful)

AvitarX (172628) | more than 4 years ago | (#30674746)

It was never meant to be anything more than a way to view mainly static documents, and quickly access other linked documents.

You are wrong wrong wrong. For many years now the browser has been meant for more than that. It originally may not have been meant for more than that, but to say it never was is stupid. The reason MS panicked about it was there was an express intent of making the browser more than that.

Sorry. The WWW is now a huge API (4, Informative)

Colin Smith (2679) | more than 4 years ago | (#30674840)

Web servers don't serve html documents any more, they serve remote procedure calls from javascript front ends.
 

Re:Let's just stop using the browser as an OS. (1)

MobileTatsu-NJG (946591) | more than 4 years ago | (#30675002)

If you stopped and asked why those 'fools' would want to accomplish a task in a browser, you'd realize why 'writing apps that run outside of the browser' isn't the ideal situation.

Re:Let's just stop using the browser as an OS. (3, Insightful)

Locutus (9039) | more than 4 years ago | (#30675126)

and things like ActiveX don't apply to the "been tacked on as a shitty after thought" comment? From what I've seen, Microsoft is the king of tacking things on as a shitty after thought otherwise they'd not still be known for security and reliability problems. Rebooting a Windows computer is still the number one recommendation for 'fixing' a broken Windows system across many IT orgs and reinstalling Windows is probably still in the top 10 things done to 'fix' the computer.

Besides, it's been Microsoft's attacking of software application vendors on their platform which has lead to so much being attempted in the browser since it isolates them so much from Microsoft. You don't hear so much of what software vendors software broke at every release of a new version of Microsoft Windows. That's because more and more business applications are fed from app servers to browsers and a minimum standard feature set must be met in the browser for it to be useful across the web and therefore IntraNet.

This has little to do with the browser being the problem, it is about the design of the Windows OS not doing it's own memory protection and letting applications run many things as admin when they should be run as the user and they should not be accessing OS or other application space memory. This is another crutch for a bad design but it'll help sell more hardware if that's what you want.

LoB

Re:Let's just stop using the browser as an OS. (0)

Anonymous Coward | more than 4 years ago | (#30675310)

In principle I agree with you, but I'm afraid the horse has already left the barn; good luck at getting it back in.

Horse. Barn. (1)

istartedi (132515) | more than 4 years ago | (#30675324)

That horse bolted the barn a long, loooong time ago.

You still want sandboxing (1)

Sloppy (14984) | more than 4 years ago | (#30675544)

The answer isn't sandboxing.

Yes it is, because even if the browser didn't have everything but the kitchen sink in it, it could still (for example) have a buffer overflow bug in an image decode library. When that bug gets triggered, you want that process to be "nobody."

requires sophistication & motivation; not opti (4, Insightful)

bcrowell (177657) | more than 4 years ago | (#30674594)

All security problems are easy to solve if you have users who are sophisticated about security, and motivated to put up with inconveniences. The real world isn't like that.

A proposal like this inevitably requires that the user understand something about the sandbox, and also requires that the user go through various hassles because of the sandbox. They're going to perceive it as a hassle, because the sandbox is going to prevent them from doing things they would otherwise have done. If they're unsophisticated and unmotivated, they'll just see it as something to work around.

Not only that, but this isn't an optimal solution. A flash game has to be a Turing-complete program. A memo doesn't have to. The simple solution is just to stop embedding Turing-complete programming languages in file formats that don't require them. Adobe actually started by designing postscript as a Turing-complete language. That had some unfortunate consequences, since, e.g., you can't predict whether a program written in a Turing-complete language will halt, so in principle you can't predict whether a document will take forever to come out of the printer. The realized that that was a mistake, and when they designed pdf, they intentionally made it not Turing complete. Now we've come full circle, and they've added a Turing-complete language, javascript, back into pdf. That's just bad design. The solution for users is actually pretty easy: if you're using Adobe Reader, turn off javascript.

Re:requires sophistication & motivation; not o (0)

Anonymous Coward | more than 4 years ago | (#30675100)

You can sandbox without users noticing 95% of the time,
web browsers and anything launched by browsers get access to (browser configs, download folder and read access to relevant configs and executables)
non-network apps (except update apps) do not get web access without a dialog.
etc...

sure if your 100% clueless you'll let word access imhaxoringyourpc.cn, but simple profiles will let people with 1/2 a clue about security safe without ridiculous tricks like running chrome in a VM (which btw is retarded because if your host os, is compromised your screwed anyway)

Re:requires sophistication & motivation; not o (1)

FlyingBishop (1293238) | more than 4 years ago | (#30675188)

Point is you don't gain anything if the users don't understand the sandbox.

Android tells you precisely what every app is allowed to do, most people blithely ignore the part where a variety of apps have access to "Read phone call state and identity."

mrodZ up (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30674642)

to pl6ace a 4aper

Old news? (1)

COMON$ (806135) | more than 4 years ago | (#30674662)

Wasnt sandboxing the cool word about 10 years ago?

Re:Old news? (2, Funny)

MrEricSir (398214) | more than 4 years ago | (#30674828)

Yes, but a big bully came and stomped on all our sand castles. Now that we've grown up a little, it's time to try again.

Re:Old news? (1)

camperdave (969942) | more than 4 years ago | (#30674998)

Yeah, maybe if we built a good enough sandbox, Microsoft wouldn't be able to stomp our sand castles.

Re:Old news? (1)

danlip (737336) | more than 4 years ago | (#30674924)

Wasnt sandboxing the cool word about 10 years ago?

Actually 15 years ago, when Java came out.

Son of portable apps (0)

Anonymous Coward | more than 4 years ago | (#30674698)

Sounds like a good plan for the future. As far as I'm concerned, 2009 was the year for portable apps. All those useful apps we have on our thumbdrives and thinstalled. The registry and local app dirs have been virtualized and redirected to local stores in a subdirectory of the app dir. All the settings remain local to the app dir (just like the old days) and migrate with a simple copy. A full sandbox is an incremental step above this.

I suspect VMware wont be alone for long with their thinstaller. I suspect MS sees the future of app deployment being more like the portable apps we use today.

Untrusted apps - like Windows? (1)

strotz (1181215) | more than 4 years ago | (#30674790)

Not trying to be a total troll but... I kind of like running XP in VMware as a virtual machine (especially when it is busy grinding through critical security updates and reboot cycles - while I am getting work done on the host OS)

The Year of "The Year of..." (0)

Anonymous Coward | more than 4 years ago | (#30674810)

I predict that 2010 will be the year of the year of predictions.

So, everything will run via interpreter then? (1)

mrflash818 (226638) | more than 4 years ago | (#30674820)

Usually when I hear the term used, it refers to implementation of an interpreter of bytecode (java or dot net).

So, then it will just be an intrepeter layer, that removes direct access to hardware APIs?

That would seem to require more clock cycles to run, and some more RAM, and even would mean that the interpreter could be reverse-engineered so it could be ported to other platforms....

Re:So, everything will run via interpreter then? (1)

metamatic (202216) | more than 4 years ago | (#30675204)

Usually when I hear the term used, it refers to implementation of an interpreter of bytecode (java or dot net).

Java hasn't been interpreted since J2SE 1.3 introduced HotSpot [wikipedia.org] in 2000.

There's no reason why sandboxing should imply interpreted code.

Re:So, everything will run via interpreter then? (1)

Rockoon (1252108) | more than 4 years ago | (#30675528)

.NET programs are also not interpreted, and in fact NEVER have been.

Ever heard of an app called "SandBoxie"? (0)

Anonymous Coward | more than 4 years ago | (#30676292)

Per my subject-line above?

http://www.sandboxie.com/ [sandboxie.com]

Now, from what I understand as to EXACTLY what it does & how it works? Well, what it does, is use a FILTERING DRIVER to "intercept" interrupts that send calls to the OS & filesystem to do writes to your local Hard Disk Drives, creating a 'virtual HDD' (really a set of folders, wherever YOU choose to place them also, mind you)

Foor that?? Well - I use a solid-state drive called a GIGABYTE IRAM to do this, less latency this way (because unfortunately, this DOES add somewhat of a speed-hit to things if you use a std. mechanical HDD, even IF it's say, a 10,000rpm 16mb buffered WD Velociraptor)

That's "sandboxing", in a nutshell, WITHOUT the use of a VM...

(Folks MOSTLY tend to use it for internet surfing with a LOT more safety, & today/nowadays what with javascript exploits & such being foisted on us potentially @ least? Makes sense... but, it's NOT just restricted to webbrowsers either, so you all know this "up front", and, it works pretty well!)

APK

P.S.=> I suppose that *NIX folks MIGHT call it analogous to a chroot jail, but... well, there you are: Basically a GUI model of chroot, albeit for Windows rigs! apk

wha? (2, Insightful)

jasno (124830) | more than 4 years ago | (#30674862)

Security is not and never was about SYN packets

Security is about everything, period.

Yea, right. (you hold my breath for me department) (1)

Suki I (1546431) | more than 4 years ago | (#30674934)

'Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time.

Let us all know how that works out for you this time next year, big boy?

Isolate (1)

gmuslera (3436) | more than 4 years ago | (#30674956)

Just yesterday was reading about Isolate (http://code.google.com/p/isolate/ [google.com] ) that looks going to the core of the problem. You can sandbox any app, but not needing to sandbox all the desktop/OS/etc for that. So if your browser or media player, or other programs could have a risk of doing locally something you dont want, you can run it in a way that don't touch or modify anything private. in a very easy way.

Re:Isolate (3, Funny)

Fnord666 (889225) | more than 4 years ago | (#30675862)

From the Isolate web site:

isolate currently suffers from some bad security bugs! These are local root privilege escalation bugs. Thanks to the helpful person who reported them (email Chris if you want credit!). We're working to fix them ASAP, but until then, isolate is unsafe and you should uninstall it. Sorry!

This doesn't really sound like the solution most people looking for.

you mean like an operating system is supposed to? (3, Interesting)

Locutus (9039) | more than 4 years ago | (#30674988)

really? sandboxing desktop apps? Look at what one of the design goals of any real OS is and providing security, memory protection( from other apps and OS space ), indirect access to hardware, and smooth multitasking between apps and OS are right up there near the top. Memory protection is WAY up there near the top unless you're looking at special purpose realtime applications or micro-controller apps. Now what we are seeing on Windows is yet another layer in an attempt to fix a bad design and one which will continue to slow down the system while pushing the hardware. It's great if you are out to sell more expensive hardware and you don't want lower end( cheaper priced ) hardware to run your software. You know, like how Vista ran so good on netbooks and how Windows 7 is better than Vista at that but still worst than Windows XP.

Sandboxing is basically what virtual machines like VMWare, VirtualBox, KVM, VirtualPC all do. Off of Windows, it gives users a way to run Windows without rebooting their main OS. On Windows, it gives businesses a way to keep one crashing Windows server from taking down the other servers and in the desktop it lets users boot Linux without rebooting Windows. But for app protection? That's what the OS is supposed to be doing.

LoB

Re:you mean like an operating system is supposed t (0)

Anonymous Coward | more than 4 years ago | (#30675156)

But for app protection? That's what the OS is supposed to be doing.

Sandboxing and virtual machines are not interchangeable terms. VMs are one way to sandbox applications, but not the only way. For example, SELinux and the iPhone sandbox all applications by default. MacOS X currently sandboxes a subset of executables, mostly services at risk of exploitation (like their zeroconf service). A move towards more sandboxing of desktop apps doesn't necessarily mean more VMs. It may well mean sandboxing being applied by the OS, by default, to desktop apps based upon any number of trust criteria, like whether it is signed or not.

Re:you mean like an operating system is supposed t (5, Insightful)

jpmorgan (517966) | more than 4 years ago | (#30675510)

This isn't a Windows specific problem. The fundamental problem is the user/process model that's been popular since the inception of UNIX (maybe even earlier, I don't know enough about Multics to say): the idea that only users have identities and programs run under the identity (and permissions) of the user who runs it. If I'm running a game, there's no reason why it needs access to my tax spreadsheets, etc...

All software should be running under its own identity and access to user documents should be through standardized user interfaces... i.e., the 'File Open' dialog is actually a part of the OS not the application, and also grants temporary permissions in addition to just selecting a file.

We talk about the principle of 'least privilege' but in practice (with a few notable exceptions) the 'low-privilege' processes have the most important privileges of all: access to all our stuff.

Awesome! (4, Funny)

InlawBiker (1124825) | more than 4 years ago | (#30675024)

I was just handed a memo from a collection of all major software and hardware vendors on Earth, saying that security will be put ahead of profits from now on! It was delivered by a Unicorn, who got here on the gumdrop express via the rainbow highway.

Whatcha gonna do, if the CPUs don't sell anymore.. (1, Interesting)

Hurricane78 (562437) | more than 4 years ago | (#30675092)

...because nearly nobody needs even more power...

Just sandbox everything, and sandbox it again, then interpret, sandbox, and interpret again. Until you can barely get the framerate of a small handheld console from 15 years ago (remember that JavaScript Tetris?)

Just don’t feel the urge to actually write clean code. And cling to C-like languages, ’till the bitter end. Since C in a generic VM is oh-so-much faster, than Java (in its Hotspot VM) or Haskell on the bare metal...

Yay. I wonder how much I will kick the butts of others by writing clean straight-to-the-metal code without having to micromanage (C-style)... ;)

Re:Whatcha gonna do, if the CPUs don't sell anymor (1)

ca111a (1078961) | more than 4 years ago | (#30676038)

obligatory [xkcd.com]

Bill Gates isn't CEO any more (0)

Anonymous Coward | more than 4 years ago | (#30675154)

Slashdot needs to retire the Bill Gates Borg picture.

Umm... actually... (1)

yttrstein (891553) | more than 4 years ago | (#30675212)

Security did used to be very much about SYN packets and not much else. Hi, I used to build ISPs in the early 90s.

Good to see MS catching up with 1995 Java (1)

presidenteloco (659168) | more than 4 years ago | (#30675224)

I can hardly wait for the flurry of sandboxing
patents.

Re:Good to see MS catching up with 1995 Java (0)

Anonymous Coward | more than 4 years ago | (#30675320)

Your post makes no sense. This isn't about Microsoft, it is about how all application vendors will sandbox their applications. Thanks for playing.

Instead of validating inputs (3, Interesting)

vlm (69642) | more than 4 years ago | (#30675314)

Cool, instead of screwing up the simple task of validating inputs, we'll simply screw up the complicated task of sandboxing. Awesomeness!

Re:Instead of validating inputs (3, Insightful)

jpmorgan (517966) | more than 4 years ago | (#30675558)

Sandboxing only needs to be done right once. Validating user input needs to be done right every time. I'm not saying don't validate your user input, but if your first line of defense is a fairly brittle mechanism, having extra protection is a good thing.

Yeah right. (0)

Anonymous Coward | more than 4 years ago | (#30675548)

> 2010 will be the year that software vendors get religion about sandboxing...

A prerequisite is that software vendors will get religion about security. Haha.

Fundamental Problem (2, Interesting)

Ohio Calvinist (895750) | more than 4 years ago | (#30675604)

The fundamental problem is that users want their computer to do things. They want responsive rich media web applications so conventional wisdom to turn off everything but HTML rendering causes their computer to not do stuff it used to be capable of. The second problem is that in order for computers to do things, particularly in networked environments, is that processes could be working with trusted, semi-trusted or untrusted stuff (be-it content, code, whatever, it doesn't matter for the purpose used.) When security tools attempt to figure out what ought to be trusted or not trusted and gets it wrong, you either do something unsafe or you block the user from doing what they want to do (even if you or me would consider what they want to do as foolish or downright dangerous.) When users are expected to indicate what is trusted or not trusted they generally lack the insight to know what to pick, and vendors are at peril of designing annoying software that provides little true security if users always click "yes" causing the unsafe action to happen, or prevents their computer from working as expected, if they always click "no." Sandboxing can be effective to limit access to other application's data, but can greatly limit interoperability and requires the developer make some decisions on behalf of the user, or makes the developer ask the user how isolated the process is from other resources in a way that is meaningful and they they can understand what the consequences in either case will be if they approve (ideally at setup).

2011 (1)

Pebby (1321397) | more than 4 years ago | (#30675644)

Then, clearly, 2011 will be the year of the Sandboxed Linux Desktop.

Re:2011 (1)

thatkid_2002 (1529917) | more than 4 years ago | (#30676126)

Linux has used sand-boxing for years. I don't think your joke is very funny.

How about reducing the surface area? (3, Interesting)

argent (18001) | more than 4 years ago | (#30675666)

Sandboxing means that once the attacker has used an input exploit to own the process, it has to perform a privilege escalation exploit to get out of the sandbox. The problem is that applications running in sanboxes have to be able to write files, read files, load and install plugins, execute helper applications, and generally do just about anything a regulat application has to. So the sandbox can't be very "strong".

Instead of adding a leaky sandbox, how about reducing the surface area exposed to attack in the first place? Simplify the application. Get rid of things like XPI in Firefox and ActiveX in IE. Get rid of the need for third party plugins like Java and Flash (HTML5 goes a long way here). Get rid of the ability for network apps to masquerade as local apps (there's no reason a web page should be allowed to remove the status and address bar, for example). Don't even *offer* to automatically open a file after downloading. Remove that option from the browser completely. Get rid of Acrobat and other plug-in document viewers.

Yes, this might make it less convenient for websites to "wow" the user. So what? I'd rather be safe than "wow"ed.

Been There Done That. (1)

thatkid_2002 (1529917) | more than 4 years ago | (#30675780)

There is plenty of sandboxing technology out there, but few are willing to use it.
I had some discussions on the Haiku OS forums about using some type of application virtualisation or sandboxing as a way to take care of OS level security. Links to these are Here... [haiku-os.org] and Here. [haiku-os.org]
There is many ways to skin a cat, but its almost impossible to find the "best" way when you are trying to balance security and user experience.

yo dawg (1)

edittard (805475) | more than 4 years ago | (#30675836)

I herd u like sandboxing, so I put a sandbox in your sandbox so you can run in a sandbox when you're running in a sandbox.

Frist p5ot (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30675978)

people playing can 1t transforms into
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?