I’ve been very interested in your articles on what a website can
learn about you when browsing, cookies, and passwords etc. I wonder if
you would like to comment on the pros and cons of using a sandbox (I
use Sandboxie). Does using one overcome some of the issues you have
discussed?
I’m going to add virtual machines to the mix that this question
opens up, since the answer is (roughly) the same.
And the answer is that age old trio: yes, maybe and no.
The problem is that while sandboxes and VM’s can help, they can help
only in some ways, and that help comes at a cost.
Become a Patron of Ask Leo! and go ad-free!
First, let’s define what we’re talking about.
A “sandbox” is software that allows you to run an application in
such a way that it prevents the application from writing outside of the sandbox.
Normally, when you run a program like your browser, it makes changes
to your system; registry settings, internet caches, browsing history
and the like are all written to disk. On top of that, downloads
including things like potentially unwanted spyware also arrive via the
browser and install themselves onto your hard disk so that the next
time you run the browser – or the next time you even just boot your
system, that spyware is still there, doing its spyware thing.
When run in a sandbox, all those changes still appear to happen,
except that they’re never actually permanently placed on disk. When you
exit the browser and its containing sandbox, all those changes
disappear. History, cache, settings … and spyware.
‘entire PC in a window’.”
All sounds great, right? Except … what if you want your history,
but not the spyware? What if you actually do want to make a change that
persists from one run of the sandboxed browser to the next? That
requires that the browser in some way be allowed to write outside of
the sandbox.
Either it can’t, or a hole needs to be poked into the sandbox to
allow it. Unfortunately if a hole needs to be poked for one thing, it’s
possible that other things can leak through as well.
Virtual machines suffer similar limitations.
Virtual machines are, in essence, a virtual “entire PC in a window”.
When you start a virtual PC, for example, the first thing you see is a
window open up in Windows that contains a virtual BIOS screen as it
starts up and tries to boot. I use a virtual machine to run Ubuntu
Linux in a window on my Windows XP laptop:
The benefit of a virtual machine is that it can’t directly modify
the “real” Windows running on your machine. The virtual machine is
assigned its own hard disk space, and that’s what it treats as its virtual “entire hard
disk”. Any modifications you make within the machine – its settings for
example – are stored on that virtual hard disk.
You can run a browser in a copy of an operating system running in
a virtual machine and any settings it changes, any history
it creates, and any spyware that it downloads affect only the virtual
machine. If you keep a snapshot of an original virtual machine hard
disk image then any time you find you want to discard all the settings,
history and perhaps malware, all you need do is erase the current image
and copy over the original to start again, clean.
But once again the limitations set in. While the setting changes you
make are kept from run to run, if you do decide to start over that does
mean that they’re all lost. And if you want those changes to take
effect in your “real” Windows installation, you’re still faced with
running the browser in the real Windows, not the VM.
But if you can train yourself to do casual, or risky browsing only
in the VM, then it’s a great solution to prevent malware from reaching
your machine. In fact, I’d encourage you to install not Windows, but
Linux in a virtual machine. Besides being free, it’s immune to most
Windows-based malware attacks.
But we didn’t come here to talk about malware, really. The original
question asked about the greater privacy issues that were raised in prior articles on
what web sites can tell about you.
In short:
-
No mater what technique you use, VM or sandbox, your IP address
remains unchanged. Websites will see your IP, as well as the date/time
of your visit, and the type of browser you happened to use. -
Using most sandboxes will effectively erase cookies each time you
exit the browser, blocking any cookie tracking between session. Using a
virtual machine, cookies are retained as long as you use the same VM,
but as soon as you reset your VM to a clean state they’re all also
effectively erased. In either case, using a sandbox or VM for this
purpose is overkill, since you can achieve the same results by …
deleting all cookies every time you exit your browser. (In fact, I think
some browsers even have an option or an extension to do exactly that
automatically.) -
And of course, sites can and will have access to any information you
actually tell them, regardless of how the browser is, or is not,
isolated in a sandbox or VM.
Ultimately, the value of sandboxing or using a VM is not really
privacy at all, but rather safety. Using these technologies can help
isolate you from malware that you might accidentally download in your
browser.
But, again, at a cost of some convenience and complexity.
Nice write-up. I would however argue that by using a VM it can help you from a privacy and security standpoint just being that if you keep your VM in “Disk Undo Mode”. Like you said, each time you reset the box and the disk goes back to vanilla all the cookie tracking and other malware that is tracking you is gone. From a privacy standpoint, that is good. And from a security standpoint if the VM is not a member of your local domain or network (that is as long as your other machines have their firewall turned on to protect from the VM) your covered from a VM as well.
All in all, I think it’s a good idea but I do agree. your not covering ALL your tracks because they still have your IP address and all the information from that SESSION as well.
It was informative. I would like you to address the question of whether or not it can help you
maintain privacy when the host machine is compromised. A keylogger for example, is the keyboard still being logged in the host machine when you type in the VM – or a trojan (that isn’t in antivirus databases yet) will the screenshots be taken in the VM? Can you disable host connectivity without impairing the VM? It’s an odd question, but very relevant to those who are being stalked by the skilled – compromise is relatively constant and one needs to engineer solutions to maintain privacy…
Zero Day? No I think this is a method been around for a while. I am relatively ignorant of it, but have been trying to use virtual machines and ’embedded linux’ like andlinux – to deal with it.
Windows is not really secure at a machine language level.
There are all kinds of system processes acting in the background, there is something called lsass which can use an active debugger that modifies code in running applications.
Run the latest zone alarm and watch for ‘code injections’
When a program crashes you can sometimes execute code in memory like a .jmp instruction. I keep having this error in almost every firewall I use, (every version too)
I think it is a division by zero type of error forced on the app.
EXCEPTION : Unknown at (0x00000000) Address 0x00000000
Who knows what’s being run at that point.
Another benefit of VMs is that they can be changed more easily than an installed machine.
Browsers have to expose a great deal of information about your system configuration. Enough detail that your system can be uniquely identified. The technique itself is called fingerprinting. So if you are concerned enough to be worried about being identified, you can modify the VM configuration to generate a new “signature”.
IP’s can be hidden behind services like TOR.
I’d like to instal Linux on a new higher speed/capacity machine with a VM running my old XP image as if I still had the old machine. This would allow me to run my old programs & drivers uninterrupted perpetually. Am I right? I would use either Matrium Reflect or Easius for the image. I couldn’t find anything addressing this approach.