While SBIE uses anonymous user, Chrome uses null SID except for logon SID. If you are still not comfortable with the idea of a browser 'so attached to Google', use other browsers that are less attached to Google or those that are more dedicated to the concept of privacy/anonymity like Tor browser, etc.įleischmannTV actually 100% proved that SBIE does actually mess in Chrome's security via job object and SID, FleischmannTV said that if you run Google Chrome inside Sandboxie, this job object does not exist and now Chromium processes can create child processes unless you apply start/run restrictions and once you have applied these restrictions you get the same as you would have gotten before without Sandboxie-I saw this on Sandboxie forums (credits to Yuki, since he gave me this link): You can always tweak Chrome/Chromium for privacy. Secure here does not mean private/anonymous. Just use it for programs that do not come with it's own sandbox.Ĭhrome/Chromium is much more secure than the competition thanks to it's security model. In fact, more programs should be designed as such. Mozilla wants to adopt the sandboxing model used in Chromium because it is a sound and valid model.
The sandbox restriction provided by Sandboxie applies only to firefox.exe with no separation/isolation between tabs. Using Sandboxie with Firefox currently is fine. It is your choice but please don't claim it makes Chrome any more secure than it is. The only time it may be able to help is if the attacker doesn't bother (thanks to security by minority advantage).
THE MOST SECURE WEB BROWSER 2015 CODE
What if a browser-specific exploit manages to escape Chrome's sandbox?īy design, Sandboxie presents little to no hurdle for such an attacker (may even weaken the browser) seeing:ī) it adds additional code to the browser Usage tracks and privacy concerns can be dealt with built-in options and Incognito Mode,etc. Sandboxing a browser like Chrome with Sandboxie means you are just overlapping and introducing additional code - possibly increasing the attack surface. In fact, Chrome's sandbox has an upper hand in that it provides isolation in between tab processes. Why it's pointless to sandbox a browser like Chromeīoth sandboxes are similar under the hood (the processes have similar sandbox restrictions). Chromium's broker run with less privileges than Sandboxie's. Chromium's broker has less to do when compared to Sandboxie where it has to supervise/allow more interaction between sandboxed programs. Since sandboxed processes are restricted, the 'broker' does the policy-allowed actions on behalf of the sandboxed processes.
THE MOST SECURE WEB BROWSER 2015 DRIVER
Where the difference lies is mainly in design and scope of protection.Ī) Browser sandbox is purely user-mode (concept of least privilege extends to the code that controls the sandbox) whereas Sandboxie utilizes a driver for it's broker to control/supervise sandboxed processes.ī) Browser sandbox is meant only browser's own target processes whereas Sandboxie is meant to sandbox programs other than itself. Use Process Explorer and check for yourself if you don't believe it.
0 kommentar(er)
