SAND BOX

INTRODUCTION

The term security always plays an important role in our lives whether it is financial security or political security. In the field of computer science, security plays an even bigger role in this Internet age. Technologies like virus scanners, firewalls etc, have been existence. The latest and most sophisticated technology emerged in recent months is Sandbox technology. Sand box protection Sand box is the security technology that process workstations and networks against attacks from any type of active contents (activex, java, vbs and other executable code or .exe emails or by any others means. files) received from the Internet,

First in the world Norman is the first anti-virus company in the world to present this new technology. The terms deepscan and scanbox technology are used to describe the method. Sandbox describes the technical solution; the program establishes a simulated computer in an enclosed area, allowing the virus to replicate on the simulated machine under careful monitoring. When the virus has been activated, the sandbox is examined and the vaccine is produced immediately. This sand box technology should not be confused with traditional heuristics. Norman is now patenting this technology.
Department of CSE,MITS,Madanapalli 1

SAND BOX

FEATURES OF SAND BOX

User friendly Scanning engines from the various AV vendors employ different techniques to discover new virus variants or completely unknown viruses (i.e. unknown to the scanning engine). The search for an unknown virus has traditionally been prone to false alarms. A prototype of Norman virus control incorporating the new technology can detect unknown viruses with a minimal risk of false alarms. The elimination of false alarms is vital for the user of the anti-virus program. A sophisticated technology The technology is sophisticated, but Norman has the necessary experience and resources to incorporate the sand box method. It doesnt matter if the virus tries to camouflage itself through encryption or by using polymorphic, metamorphic or other hiding techniques. Norman virus control detects it anyway. The method is based on the basic function of a computer virus replication.

Department of CSE,MITS,Madanapalli

SAND BOX

SANDBOX FOR WINDOWS Sand boxing technology is the first commercially available security solution to protect workstations and networks against attacks from any kind of active content (activex, java and other executable code) received from the internet and to manage behavior of already installed applications residing on the pc. Wrap around the application With sandboxing technology you can create a closed environment (sand box) around any application (known or unknown) and restrict its access to your computers resources. Within this closed environment any code can run and access calls of the application to system resources. Drivers, the registry database (all configurations), and the file system are shielded and constantly monitored to protect the privacy and integrity of your system. Proactive security measures Sandboxing checks for applications activities and does not base its security mechanism on a comparison with a database of hostile applet references. It checks all actions and access to resources, but only suspicious or unwanted actions are blocked. Hence, it is the first commercially available behavior checker, which not only protects against intended hostile attacks, but also against unintentionally buggy applications. You can view which components are installed and running on your computer, where they came from, monitor what an application does, and which resources it accesses.
Department of CSE,MITS,Madanapalli 3

SAND BOX

VIRUS SCANNERS VS SANDBOX

Sandbox software works better than anti virus software because it scans for the actions the virus code takes and not the name or characteristics of the virus. With some advanced sandbox application, we can even find out the site from which the virus was downloaded, and how its interfered with your computer. Though it may be fully capable of protecting your computer, sandbox software cannot tell you which type of virus you have in your computer nor it cannot remove a virus that may have sneaked in. It can only tell you that you have some suspected malicious piece of code that can do unwanted things in your computer, and protect you from it only if you have properly set the policies. On the other hand virus scanners can only inform you and remove the type of virus you have. Sandbox technology cannot replace the traditional anti-virus scanners as identification, disinfection and removal of viruses can only be done by virus scanners. Sandbox and anti virus work complementary to each other for providing a fully secured environment. When a virus scans that the sandbox application support is installed, a known virus can be scanned and an unknown virus can be detected and installed. So the best approach is to combine sandbox technology with ant virus technology for securing your computer.

Department of CSE,MITS,Madanapalli

SAND BOX

RESOURCE PROTECTION
Sandbox resources protection The sandbox agent protects the following computer resource against unwanted and suspicious accesses and changes.

The registry The windows operating system saves the system and application configurations within the registry database. If a hostile applet changes settings within the registry database, it might leave application or your entire system unusable. By changing the registry database, a hostile applet can also gain unwanted access to resources on your computer. Access to services Sand box agent monitors all access to system services issued from restricted applications. By changing the setting of particular services (stopping or accessing certain services), a hostile applet can make computer unusable or gain unwanted access to resources and data. Dangerous calls to the system Certain functional interfaces of the system are intended for windows internal use, or special applications use only. There is no reason for these to be in normal circumstances. Also, dangerous device-level

Department of CSE,MITS,Madanapalli

SAND BOX

access is protected. Sandbox agent restricts the availability of these system entry points for restricted applications. Access to the file system By accessing the file system, an applet gains access to all your data and files. Sandbox agent can restrict access to the file system depending on its configuration. In a typical scenario, you might want to set up a dictionary for saving information received from the Internet while blocking the browser access to all other file areas. Access and monitoring of IP ports and IP addresses Sandbox agent can monitor access to IP ports by restricted applications. By using certain IP ports an applet can e-mail information to the Internet or connect using any other protocol. Spawning of processes control Sandbox agent can prevent a restricted application from running other application or inheriting another applications access to a secured environment. This can prevent misuse of trusted application by hostile code.

Department of CSE,MITS,Madanapalli

SAND BOX

SANDBOX CONTENT FILTERING

With the sandbox agent, you can manage and protect your computers from all installed activex and java applets. The sandbox agent will safe guard your computer when a new applet comes on board and becomes active. In the case of activex, you can find out who created the applet, if the applets properties are correctly filled out, from where the site originated the download from, and how it interfaces with your system. Also, any installed activex applet can also be deleted. Scanning for viruses With a downloaded and supported sandbox agent, all CAB

files received through your web browser will be opened and scanned for viruses before they are installed on the computer. To makes an API or command line call to the virus engine running on the machine a number of the most common virus scanners are supported .In addition, user defined custom virus scanners can be used with command line parameters. Even if your virus scanner does not offer command line support it will work with sandbox. Cache management Cache manager is completely integrated into the sandbox agent environment. Cache manager allows the automatic removal of session information in the browser cache.

Department of CSE,MITS,Madanapalli

SAND BOX

Cookie management Cookie management is included to allow the blocking removal and management of all cookies for all users/profiles on a computer and to restrict cookie placement by web site/URL.

www and e-mail content filtering To increase security, web pages with unwanted information (e.g. active content) or outgoing e-mails containing confidential information can be blocked.

Department of CSE,MITS,Madanapalli

SAND BOX

WHAT HAPPENS WITHOUT A SAND BOX ?

If the sandbox agent does not protect your computer, hostile applets could access all the files and resources that are available on your computer would be left wide open to anyone on the internet with destructive or criminal intention. Recent studies and surveys have showed that most corporate networks and computers connected to the internet have been attacked and have reported damages from illegal access from the outside by either internet or the use of e-mail attachments. Malicious mobile code (activex, java, vbscript as well as other executables) is increasingly being used to issue these attacks. Today, unfortunately a number of hackers tools and instructions on the Internet now exist showing how to create a hostile application without sophisticated knowledge. This increases the threat enormously. List of common attacks: Deleting of files An applet deletes system or user files in the background while running on your computer. This attack can make your computer/operating system unusable and leads to loss of data and information. Denial of services

Department of CSE,MITS,Madanapalli

SAND BOX

By changing the configuration of your operating system or application, your system /service or parts of it can become unusable. Theft of information and data An applet can access data and files on your computer/network, copy and send them to any computer (e.g. to your competitors) on the Internet via e-mail or by using unrestricted IP ports. Remote access via the internet An applet can generate a proxy on your computer enabling computers on the Internet to remotely access all the resources on your computer or on your LAN. Installation of unwanted/hostile application An applet could change your system configuration in order for a hostile application to be started automatically the next time you start your computer. This application could then undertake all its malicious tasks in the background or block access to particular or any resources on your computer. Manipulation of your connection An applet could filter, manipulate or falsify information or received from another source.

Department of CSE,MITS,Madanapalli

10

SAND BOX

Impersonation An applet could impersonate your user ID on the Internet or your local area network and initiate malicious, destructive or unwanted actions. It could therefore, abuse personal or sensitive information collected from your computer (e.g. credit card information).

Department of CSE,MITS,Madanapalli

11

SAND BOX

ANTI VANDAL SANDBOX Modern vandals arrive in many forms on web pages, in email messages and attachments, news groups and other sources, and typically rely on active content such as activex, java applets, and scripts to deliver their payload. Esafes sandbox II is a proactive module, constantly monitoring both your computer and the Internet for hostile activity, ready to intervene the moments a potential threat is identified. The sandbox does not rely on traditional signature tables for identification and removal. In the addition to virus signature provided by the anti-virus engine, the sandbox provides an extra layer of protection against both known and unknown vandals by restricting access to designate the system resources. The moment any form of malicious mobile code attempts hostile activity, Esafe traps and quarantines the vandal within the sandbox, alerting you to the vandals activity and allowing you to take appropriate action without risk of damage of mission critical information. Esafes sandbox II monitors every active process and application, using a predefined access control list to determine whether the application in the question is permitted to use or access particular system resources. When sandbox identifies potentially hostile activity, it verifies the use of system resources against a predefined list of allowed activities. If the application is not permitted to engage in a particular activity, Esafe will quarantine the vandal and notify the user of the applications action,

Department of CSE,MITS,Madanapalli

12

SAND BOX

allowing the user to take action before the vandal can damage vital system resources. Patenting deep scan and sandbox technology Norman introduces a new technique for eliminating new computer viruses. The data security company Norman ASA is the first company in the world to present sandboxing, a method to detect unknown viruses in real time. The risk of false alarms is practically eliminated. This innovative technique was presented at the renowned Virus Bulletin Conference 2001 in Prague. Unknown viruses have always been a challenge for anti virus companies, and the recent events with more complex and faster spreading viruses like Nimda, have made this new technology even more relevant. Imagine that you open an email attachment with a new and dangerous computer virus. The virus immediately starts cutting and pasting in selected system files, while other files are just deleted. Very soon your computer is wrecked. In addition, the virus is using the network to infect other computers. Thats what the virus believes. The truth is that you can carry in with your work as usual, just like all the others in the network, and no real damage is done. This is what the new technology provides, says Kurt Natvig, responsible for the sandbox technology development at Norman ASA.

Department of CSE,MITS,Madanapalli

13

SAND BOX

CONCLUSION
A beginning has been made. Lets hope that one-day we will be able to use the Internet without fear of any security risks. As we are hoping that the sandbox technology is new age for the security purpose in networking as it over coming all the security damages and being at the keen position at the beginning itself.

Department of CSE,MITS,Madanapalli

14

SAND BOX

BIBLIOGRAPHY: References:

http://www.google.com www.chromium.org/developers/design-documents/sandbox

Wikipedia.org/wiki/sandbox Docs.racket-lang.org/reference/sandbox

Department of CSE,MITS,Madanapalli

15