Freebie Sandboxes

https://sandboxie.en.softonic.com/

http://www.toolwiz.com/lead/toolwiz_time_freeze/

https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/

Update your software and OS regularly instead, practice skeptical computing.

Former Firefox developer Robert O'Callahan, now a free agent and safe
from the PR tentacles of his corporate overlord, says that antivirus
software is terrible, AV vendors are terrible, and that you should
uninstall your antivirus software immediately�unless you use Microsoft's
Windows Defender, which is apparently okay.

A couple of months back, Justin Schuh, Google Chrome's security chief,
and indeed one of the world's top infosec bods, said that antivirus
software is "my single biggest impediment to shipping a secure browser."
Further down the thread he explains that meddling AV software delayed
Win32 Flash sandboxing "for over a year" and that further sandboxing
efforts are still on hold due to AV. The man-in-the-middle nature of
antivirus also causes a stream of TLS (transport layer security) errors,
says Schuh, which in turn breaks some elements of HTTPS/HSTS.

These are just two recent instances of browser makers being increasingly
upset with antivirus software. Back in 2012, Nicholas Nethercote,
another Mozillian working on Firefox's MemShrink project said that
"McAfee is killing us." In that case, Nethercote was trying to reduce
the memory footprint of Firefox, and found that gnarly browser add-ons
like McAfee were consuming a huge amount of memory, amongst other
things. If you venture off-piste into the browser mailing lists, anti-
antivirus sentiment has bubbled away just below the surface for a very
long time.

The problem, from the perspective of the browser makers, is that
antivirus software is incredibly invasive. Antivirus, in an attempt to
catch viruses before they can infect your system, forcibly hooks itself
into other pieces of software on your computer, such as your browser,
word processor, or even the OS kernel. O'Callahan gives one particularly
egregious example: "Back when we first made sure ASLR was working for
Firefox on Windows, many AV vendors broke it by injecting their own
ASLR-disabled DLLs into our processes." ASLR, or address-space layout
randomisation, is one of the better protections against buffer overflow
exploits.

Furthermore, because of the aforementioned knotweed-style rhizomes of
antivirus programs, the AV software itself presents a very large attack
surface. As in, without AV installed, a hacker might have to find a
vulnerability in the browser or operating system�but if there's AV
present, the hacker can also look for a vulnerability there. This
wouldn't necessarily be a problem if AV makers made secure software, but
for the most part they don't (except for Windows Defender, because
Microsoft is "generally competent," according to O'Callahan).

Back in June last year, Google's Project Zero found 25 high-severity
bugs in Symantec/Norton security products. "These vulnerabilities are as
bad as it gets," said Tavis Ormandy, a Project Zero researcher. "They
don�t require any user interaction, they affect the default
configuration, and the software runs at the highest privilege levels
possible. In certain cases on Windows, vulnerable code is even loaded
into the kernel, resulting in remote kernel memory corruption." Over the
past five years, Ormandy has found similar vulnerabilities in security
software from Kaspersky, McAfee, Eset, Comodo, Trend Micro, and others.

All this isn't to say that you (or your parents) shouldn't use antivirus
software, but you should certainly be aware that using antivirus
software doesn't necessarily make your computer any more secure. In some
cases, AV might make your computer less secure, and cause a deleterious
effect on system performance�and, if you believe the browser makers, the
continuing popularity of AV software might have a gnarly knock-on effect
on other developers, too.

The nail in the coffin, according to O'Callahan, is that software
vendors rarely speak out about antivirus issues "because they need
cooperation from the AV vendors." He then links to a mailing list thread
in 2012, where he suggests keeping a list of the AV software that
interferes with Firefox. Later in the thread, Mozilla PR swoops in and
tells him to knock it off.

Antivirus software is so ingrained with Windows users, and synonymous
with the concept of "good security," that software makers have their
hands tied. "When your product crashes on startup due to AV
interference, users blame your product, not AV," O'Callahan says. "Worse
still, if they make your product incredibly slow and bloated, users just
think that's how your product is ... You can't tell users to turn off AV
software because if anything bad were to happen that the AV software
might have prevented, you'll catch the blame."

As always, irrespective of whether you decide to use AV, regularly
updating your OS and software is one of the best ways to keep your
computer safe. This also means that you should stop using Windows 7 or 8
and update to Windows 10.

When it comes to keeping your personal data safe, the problem is a
little more complex: all of the sandboxing and antimalware software in
the world won't save you from a well-executed phishing attack, or if a
database that contains your details is breached. For that, you should
use unique passwords, a physical security key where possible, and
generally be very wary of offering up any kind of personally
identifiable data.

On Fri, 6 Aug 2021 at 03:40:01, "Anonymous Remailer (austria)"
<mixmaster@remailer.privacy.at> wrote (my responses usually follow
points raised):
[]
>https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
.................................................^^^^
[]
He's at it again.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Bother,"saidPoohwhenhisspacebarrefusedtowork.

"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote

| On Fri, 6 Aug 2021 at 03:40:01, "Anonymous Remailer (austria)"
| <mixmaster@remailer.privacy.at> wrote

| He's at it again.

Interesting. The last one was carl@MIT. This one was
already in my block list. I don't know how long it's been
there, or why. I only see your post. Maybe it's an army
of Chinese spammers trying to get us to install their
malware.

Mayayana,

> Interesting. The last one was carl@MIT.

The two he send after that came from (two different) "remailer" newsservers.
Its rather possible that Eternal September blocks those - and for good
reason.

Regards,
Rudy Wieser

R.Wieser wrote:
> Mayayana,
>
>> Interesting. The last one was carl@MIT.
>
> The two he send after that came from (two different) "remailer" newsservers.
> Its rather possible that Eternal September blocks those - and for good
> reason.
>
> Regards,
> Rudy Wieser
>
>

Sandboxie. Process isolation with kernel hooks.
May 23rd, 2011

https://web.archive.org/web/20130429072246/http://vallejo.cc/48

"Sandboxie is a sandbox that performs a process isolation. Its main features:
- Access control to kernel resources by direct hooks on kernel objects.
- Some ssdt and shadow ssdt hooks to control window messages.
- Some kernel registered callbacks to be notified of process creating, images loaded, …

In this article I will speak about sandoxie design and I will perform
a analysis from a security point of view."

...

"KeBugCheck is called from SbieDrv so it is only a non dangerous DoS
(we can cause it from a sandboxed process), but we can see that a
simple fuzzing causes a crash, and this fact makes me suspicious
of Sandboxie robusticity."

Summary: No security method or scheme is perfect.

Don't be too enamored of perfection, and you
won't be disappointed when you're tipped over.

If a nation state wants you to be tipped over,
you're tipped over.

If a nation state wants to scan your device, they'll
get Apple to do it :-)

Paul

J. P. Gilliver (John) wrote:
> On Fri, 6 Aug 2021 at 03:40:01, "Anonymous Remailer (austria)"
> <mixmaster@remailer.privacy.at> wrote (my responses usually follow
> points raised):
> []
>> https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
> ................................................^^^^
> []
> He's at it again.

+1