Pages Menu
Categories Menu

Posted by on Aug 20, 2012 in Uncategorized |

What is sandboxing?

What is sandboxing?

Within the field of security software, one of the concepts that are usually speak more vulnerabilities, ie flaws that, under certain circumstances, may be used by third parties and run malicious code (malware) in the a user’s computer. In addition to keeping updated our applications and implement the various security patches as they are published, some time we have been hearing about Sandboxing , a security mechanism that is used in applications like Adobe Reader X or Google Chrome.

What is Sandboxing? This “sandbox” (literal translation into Castilian) is a process isolation, ie, a mechanism that implement multiple applications to run applications and programs with security and “isolate” the rest of the system within a kind of virtual container from which control various application requesting such resources (memory, disk space, privileges, etc). This tight control that is subjected to the process used to discern whether the code is malicious or not run as a general rule will restrict access to any input device or host system inspection.

Thanks to sandboxing, like Google Chrome, the Google browser is able to “isolate” navigation tabs together and also prevent a web page containing malicious attempt to install any software on your system, monitor what are doing or access information stored on a hard drive (and between isolated applications, Flash is one of them ). In fact, this mechanism is also included in Adobe Reader X because one of the great “strainers” Adobe was the ability to hide code in PDF files and execute it by opening a “malicious document” because the application did not prevent or controlled requests that go beyond displaying the contents of the file (and there were cases of changes in the Windows registry or installing software on the system).

In addition to protecting users, this technique is also used by security teams, for example, to study malware in a controlled environment and see how it impacts on a system to proceed with its characterization, we can use applications to “isolate” and test other safely (important if we suspect them but, when in doubt, it is best not to install but using Sandboxie or Glipse we can improve the safety of our tests). On a larger scale, the virtualization of an operating system inside another is also a practical way of sandboxing.

Picture: DiegoLand

Tags: , ,