Question about MBAE before purchasing

[Andrew6974]

Now that MBAE is out of beta I was wondering if you will be able to find a way to make it compatible with Sandboxie. I know you have been asked about it before and there have been several threads on the Sandboxie forums as well, so both Malwarebytes and Invincia are both aware of the compatibility issue and that there are people who would like to see it resolved.

So are you and Invincia going to actively work together to resolve the problem ?

Secondly, regardless of whether / when the issue gets resolved I am currently weighing up the pros and cons of purchasing MBAE at the present time.

I am aware that MBAE won't protect Firefox when it is running in a sandbox, but theoretically if I were unfortunate enough to happen upon a webpage containing a zero-day exploit and it magaged to...

A/ execute in the browser despite having scripts disabled using NoScript.
B/ evade protections offered by Norton 360 and Malwarebytes Premium.
C/ break out of the sandbox.

...would MBAE still detect and stop the exploit in it's tracks once it breached the sandbox ?

If that's the case then having Ant-Exploit would still be a valuable layer of defence.

[pbust]

In your example above MBAE would not be useful as it would not able to see the exploit running in the browser as it would be running inside Sandboxie. It's either or, not both.

[Wilpower]

Yes just to pop in and say I also use sbie and have MBAE premium installed for those sessions with Browsers and circumstances I choose not to run 'sandboxed'

Just saying I use both.

[Andrew6974]

Thanks for the response but could you please clarify a little more for me...

Forgive me if I don't quite understand but I thought MBAE could protect the entire OS from exploits, so although MBAE cannot provide application level protection for Firefox when using Sandboxie won't it still provide broader layer 1 and layer 2 anti-exploit protection for the system as a whole ?

So I guess what I'm still trying to understand is if in theory a website based exploit managed to circumvent Sandboxie protections and break out into the wider system would MBAE then be able to detect the exploit attempt in progress and take it from there ?

Also, going back to my original enquiry you indicated about six months ago that once MBAE was out of beta you would start looking into the Sandboxie issue. I know it's probably still quite far down on the priority list right now but do you still plan to work this out at some point ?

MBAE and Sandboxie are both excellent products in my opinion each providing a unique and valuable security approach.
Getting them working side-by-side as part of a multi-layered security strategy would be fantastic.

I hope you and Invincia will talk to each other and try to come up with a solution in the months ahead.

 

[pbust]

MBAE shields specific applications. This defaults to the applications that are listed in MBAE's Shields tab. By default these are browsers (IE, Firefox, Chrome, Opera), Java, MS Office, PDF Readers and some media players. You can also add protection in the form of custom shields in the Premium version.

 

Having said the above it should be clear now that MBAE does provide application level protection, not system-wide protection for the entire OS. The reason is that we need to be able to "see" the exploit attempt in action before we can know it is an exploit and be able to stop it. If we can't see the exploit attempt in action because it is running in a sandbox, there is nothing for MBAE to do. Once an exploit runs and breaks out of Sandboxie, the only thing left is the malicious payload which can be an EXE running in the system, a reverse shell to the attacker or some other type of action. In this case a better solution would be an anti-malware such as MBAM to detect and block the malicious EXE from running.

[Andrew6974]

Thank you very much for the clarification pbust.

 

I already have N360, MBAM Premium and Sandboxie PRO as well as NoScript and AdBlock Plus in Firefox.

 

If it has to be a choice between MBAE and Sandboxie right now I think I will stick with what I know.

I'm very reluctant to give up Sandboxie.

 

Would love to purchase MBAE at some point as well, so I hope you can fix the compatibility issue at some point.

 

Keep up the great work !