1

00:00:00,690  -->  00:00:03,126
Let’s go through some
sandbox applications

2

00:00:03,151  -->  00:00:05,613
you could use to protect
your applications

3

00:00:05,638  -->  00:00:09,431
that interact with untrusted
sources, such as the internet.

4

00:00:09,595  -->  00:00:11,969
Particularly, you want
to sandbox your browser

5

00:00:12,056  -->  00:00:14,112
and email client as a minimum.

6

00:00:14,294  -->  00:00:16,336
So Windows sandboxes first.

7

00:00:17,317  -->  00:00:20,865
Have a look at this video on Bufferzone.
It’s a commercial sandbox,

8

00:00:20,963  -->  00:00:23,645
but the video will
give you a good idea

9

00:00:23,670  -->  00:00:26,614
of the sort of functionality
that sandboxes offer.

10

00:00:27,215  -->  00:00:28,636
Welcome to Bufferzone.

11

00:00:29,071  -->  00:00:33,198
In this demo, we’ll show you how
Bufferzone virtual container technology

12

00:00:33,476  -->  00:00:35,571
blocks ransomware
and other exploits,

13

00:00:35,944  -->  00:00:38,066
prevents them from
accessing your files,

14

00:00:38,474  -->  00:00:41,770
and keeps them from infecting
other users in your organization.

15

00:00:43,170  -->  00:00:46,198
We received this ransomware
inside an email attachment.

16

00:00:46,959  -->  00:00:49,421
It’s embedded in a word
file that looks harmless.

17

00:00:58,437  -->  00:00:59,646
When you open the file,

18

00:00:59,937  -->  00:01:02,720
the malware silently downloads
onto the computer.

19

00:01:03,389  -->  00:01:06,696
By the time you realize that the file
isn’t legitimate and close it,

20

00:01:07,013  -->  00:01:08,077
it’s too late.

21

00:01:08,984  -->  00:01:11,199
At this point, the malware
keeps quiet,

22

00:01:11,543  -->  00:01:14,559
so a lot of users would decide
that the file was just spam,

23

00:01:15,041  -->  00:01:17,952
but in fact, the ransomware is busy
working in the background

24

00:01:18,223  -->  00:01:19,668
locking our files.

25

00:01:20,246  -->  00:01:21,254
10 minutes later,

26

00:01:21,596  -->  00:01:23,904
the ransom note arrives
threatening to destroy

27

00:01:23,929  -->  00:01:26,938
the encryption keys if we don’t
follow their instructions.

28

00:01:27,421  -->  00:01:29,306
When we click on show files,

29

00:01:29,698  -->  00:01:33,690
we see a list of all the files on the disk
that were supposedly encrypted.

30

00:01:35,675  -->  00:01:39,298
No worries. We are protecting email
attachments with Bufferzone.

31

00:01:39,595  -->  00:01:43,674
The infected word file was opened
in an invisible virtual container.

32

00:01:44,397  -->  00:01:46,545
When Word is running
inside the container,

33

00:01:46,714  -->  00:01:49,215
it is actually segregated
from the file system,

34

00:01:49,397  -->  00:01:51,620
the registry, and the
computer’s memory.

35

00:01:52,619  -->  00:01:54,985
When the ransomware tried
to access our files,

36

00:01:55,206  -->  00:01:57,026
they were copied
into the container.

37

00:01:57,437  -->  00:01:59,725
The ransomware has
encrypted the copy,

38

00:02:00,317  -->  00:02:02,308
but our original files are safe.

39

00:02:03,810  -->  00:02:06,390
If the exploit tried to write
to the registry or memory,

40

00:02:06,579  -->  00:02:09,536
it would also be fooled into
accessing the virtual copy.

41

00:02:10,579  -->  00:02:13,510
The Bufferzone container is also
segregated from the network,

42

00:02:13,825  -->  00:02:17,013
so the ransomware cannot get
out to infect other computers.

43

00:02:19,063  -->  00:02:20,577
To eliminate the ransomware,

44

00:02:20,705  -->  00:02:22,895
we simply empty the Bufferzone
container.

45

00:02:25,381  -->  00:02:27,579
You see that the encrypted
files are gone,

46

00:02:27,635  -->  00:02:29,376
but the original files remain.

47

00:02:30,507  -->  00:02:33,278
Bufferzone’s patented
containment technology

48

00:02:33,547  -->  00:02:36,923
provides protection from phishing
scams, drive-by downloads,

49

00:02:37,087  -->  00:02:41,468
malvertising, zero-day exploits, and many
other types of advanced malware.

50

00:02:41,873  -->  00:02:45,328
It enables you to browse the internet,
open email attachments,

51

00:02:45,516  -->  00:02:48,102
and open files from removable
media safely.

52

00:02:48,511  -->  00:02:50,874
Try Bufferzone today.
Learn more –

53

00:02:51,508  -->  00:02:54,157
So there you are. This product
looks good,

54

00:02:54,437  -->  00:02:56,588
but I haven’t comprehensively
tested it.

55

00:02:56,702  -->  00:02:59,449
It looks like they’re aiming at
the business market though

56

00:02:59,474  -->  00:03:01,190
and not for personal use,

57

00:03:01,326  -->  00:03:04,540
but it looks like a very good
product for Windows only.

58

00:03:05,516  -->  00:03:08,909
Another sandbox type of technology
is Shadow Defender.

59

00:03:09,056  -->  00:03:13,319
Shadow Defender can run your
system in a virtual environment

60

00:03:13,344  -->  00:03:15,520
which they call the shadow mode.

61

00:03:15,595  -->  00:03:20,263
Shadow mode redirects each system
change to a virtual environment

62

00:03:20,288  -->  00:03:22,581
with no changes to
the real environment.

63

00:03:22,802  -->  00:03:25,982
Not tested this one.
This is Windows only.

64

00:03:27,087  -->  00:03:31,751
Another sandbox-like tool that works
slightly different is Deep Freeze.

65

00:03:31,794  -->  00:03:34,080
And Deep Freeze is
a kernel level driver

66

00:03:34,105  -->  00:03:36,752
that protects the hard drive
integrity

67

00:03:36,823  -->  00:03:41,310
by redirecting information being
written to the hard drive partition,

68

00:03:41,373  -->  00:03:43,146
leaving the original
data intact.

69

00:03:43,690  -->  00:03:47,070
This redirected information
is no longer referenced

70

00:03:47,167  -->  00:03:49,525
once the computer is restarted,

71

00:03:49,770  -->  00:03:54,774
thus restoring the system to its original
state at the disc sector level.

72

00:03:54,933  -->  00:03:56,416
So essentially what
this is doing

73

00:03:56,441  -->  00:03:59,402
is making sure that every
time your system reboots,

74

00:03:59,458  -->  00:04:02,156
it restores to exactly
the same state.

75

00:04:02,302  -->  00:04:06,159
This works on Windows, Mac,
and Linux versions are available.

76

00:04:06,794  -->  00:04:09,045
But know, with this
type of sandboxing,

77

00:04:09,143  -->  00:04:12,111
there’s no protection
until you reboot.

78

00:04:12,183  -->  00:04:17,102
So an attacker, for example, could
read your files with malware

79

00:04:17,190  -->  00:04:19,272
until you actually
do the reboot,

80

00:04:19,327  -->  00:04:23,359
and then when you do the reboot,
the malware will no longer exist.

81

00:04:24,167  -->  00:04:28,127
There is also the Deep Freeze
cloud browser and desktop.

82

00:04:29,190  -->  00:04:32,293
Another kind of sandbox
is Returnil.

83

00:04:32,421  -->  00:04:35,867
This creates a cloned version
of your system partition

84

00:04:35,892  -->  00:04:38,314
to boot from and
then work within.

85

00:04:38,465  -->  00:04:40,968
If anything does go wrong
during your session,

86

00:04:41,056  -->  00:04:44,368
you reboot the system and
the operating system environment

87

00:04:44,393  -->  00:04:46,395
is returned back to where it was

88

00:04:46,420  -->  00:04:49,435
before you turned
Returnil protection on.

89

00:04:49,595  -->  00:04:53,155
But note that there is no protection
until you do that reboot,

90

00:04:53,180  -->  00:04:56,517
so an attacker could be reading
your files with malware

91

00:04:56,542  -->  00:04:59,654
or keylogging until you
actually do that reboot.

92

00:04:59,765  -->  00:05:02,762
But once you do the reboot, your
system is returned to normal

93

00:05:02,864  -->  00:05:05,604
and any malware or hacker
will be removed.

94

00:05:06,373  -->  00:05:07,956
And this is what it looks like.

95

00:05:08,286  -->  00:05:10,548
It isn’t just a sandbox
or virtual environment;

96

00:05:10,573  -->  00:05:13,509
it also has additional features
including files protection

97

00:05:13,534  -->  00:05:16,157
and an anti-executable function.

98

00:05:16,188  -->  00:05:18,514
It’s free for private use only.

99

00:05:20,651  -->  00:05:22,488
The free Comodo firewall

100

00:05:22,513  -->  00:05:26,219
comes with a built-in sandbox
and virtual desktop.

101

00:05:26,347  -->  00:05:28,525
The Comodo firewall
is a good tool,

102

00:05:28,615  -->  00:05:31,337
but Comodo lately has
made some mistakes

103

00:05:31,401  -->  00:05:33,237
with some of their
security products,

104

00:05:33,262  -->  00:05:34,800
so I don’t have a great
deal of faith

105

00:05:34,825  -->  00:05:37,190
in this sandbox and
virtual desktop.

106

00:05:38,270  -->  00:05:43,992
Some antivirus offer sandboxing
functionality like Avast antivirus,

107

00:05:44,071  -->  00:05:48,565
although I don’t recommend this as
Avast are known to sell your data.

108

00:05:49,627  -->  00:05:51,524
Bitdefender also has Safepay

109

00:05:51,611  -->  00:05:56,175
which is a limited functionality
browser providing sandboxing.