Protect Yourself From Spear Phishing With Sandboxie

Mere hours after writing here around the Epsilon data breach, how IT may lead to spear phishing and wherefore spear phishing is more dangerous than normal phishing, comes the story that the Epsilon breach itself may well have been the result of . . . spear phishing.

According to iTnews:

A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was separate of a serial publication of socially-engineered attacks first reported past an Epsilon technology partner around quatern months past … Epsilon has been mindful of the vulnerability fundament this attack for some months.

Epsilon, while unknown to many until nowadays, is a potential gold mine for stale guys. Non single brawl they have millions of email addresses, just they also store additional data about the people using those e-mail addresses.

An expert quoted by Computerworld referred to the additional information as "activity". In other words, Epsilon knows about stuff you practice. The better to generate selling emails. I'm in their database, very likely you are too.

How disappointing then that someone at Epsilon, equal employees at RSA and Condé Nast, seems to stimulate fallen for a spear phishing scam.

According to Return Path spear phishing emails were conveyed to employees at many netmail service providers last yr. In a warning just about these attacks, Neil Schwartzman wrote that the emails targeted their marks away name and appeared to follow from friends OR co-workers. Equivalence for the course.

That's the news, right away let's pack a step back.

Spear phishing targeted at consumers is one thing. Habitation users testament always make mistakes, get tricked and/or personify UN-informed. But they can only pain themselves.

Shaft phishing targeted at large companies is quite another matter. Employees of companies with sensitive data (pretty much every company) need to be protected from themselves in order to protect the data held by the party, if non its very ability to stay in line of work. I can't imagine any company continuing to do business with Epsilon.

The conclusion that I draw from the recent in high spirits visibility success of spear phishing attacks is employees should not be allowed to read email on a Windows calculator.

The Windows operating system is shark infested waters. Information technology departments may think they'ray great swimmers, but swim with sharks long enough and something intense will pass.

You could make a case that employees likewise shouldn't be allowed to accession websites from a Windows machine. Galore people, myself included, let suggested only doing online banking on a computer operative Linux.

Windows experts speak of Defense deep. I get word this to mean the Windows ecosystem has A many holes as Swiss cheese.

This is non meant to denigrate Windows OR Microsoft. Sure they are a victim of their own success – the large installed root word attracts bad guys because that's where the users are. And in the case of RSA, the exploited bug was in Adobe's Flash.

But, if most malware runs on Windows, you are safer not using Windows. And, absent a orthodox system of rules-wide patching computer architecture, Windows users are all but guaranteed to be using software with known bugs.

Yet, replacing Windows in large companies is not pragmatic. Only there are ways to give it the type of sandboxing protection the iPad already has.

My recommendation is Sandboxie, which I have been using for a long time.

Sandboxie can run any Windows application in a virtual sandpile. This walls off the application from the rest of the system. Malicious software (malware) that tries to set u itself, is forced to inhabit in the virtual sandbox rather than the real system.

If you pass around an email client such As Outlook or Thunderbird in a sandpile, then a hole inevitably to be punched into the sandbox that allows the folder where emails are stored to be persistent. But, that should be the only leaflet that the email computer program is allowed to actually update. Any unusual files/folders that are updated by the email program go only in the sandbox, non the real system.

It's a simple thing to clear out the sandbox, in point of fact it can be done automatically when the sandboxed application shuts down. I suchlike to set up a sandbox that forever clears out everything when the application it's running closes.

If the email course of study someone-updates, as does Thunderbird, then simply run it outside the sandbox to install the patches.

There are seeable indicators that an application is running inside a sandpile. You derriere configure both the title banish and/surgery a crimson moulding about the application.

If an email message contains a link to a malicious website, Sandboxie protects the computer. When the netmail program starts a vane web browser, the browser runs inside the sandbox. Not good if you want to save a bookmark, simply great for defending from malware.

You ass delimit many sandboxes, all configured differently. There are a large number of per-sandpile configuration options.

For example, if you log on to Windows every bit an administrator, there is a per-sandbox option to run programs in the sandbox as a limited/restricted exploiter, offering another stratum of protection.

You can delimitate a sandpile for your email program that allows it to update the folder where messages are blessed, while former sandboxes, used for other applications, are prevented from updating the Saame brochure.

Sandboxes are designed to prevent changes to the underlying system, just not to go far invisible. Programs running in a sandbox can see and read all the files on the computer. Hence malware can run in the sandbox, see sensitive files and send them slay to the bad guys before it gets removed when the sandpile is emptied out.

To protect against this, Sandboxie allows you to define files and folders that will be hidden from applications running in a sandbox.

There are both free and compensable versions of Sandboxie. The free variation requires you to right click the icon for an covering and prefer to run off it in a sandbox (shown below). The paid version can be configured to always run an application in a sandbox.

Someone using the free version who opts to sandpile an application is presented with a list of for sale sandboxes. In the screen shot below, there is only one, the ThrowMeAway sandbox. Arsenic noted earlier, this sandbox, which I named and configured, discards all organisation changes when the application running inside it terminates. Great for examination new package.

Sandboxie is a mature product, I've written about IT before, and I advocate it.

For more on Sandboxie see episode 172 of Steve Mel Columcille Gerard Gibson's Security Now podcast, and the followup installment on Sandboxie limitations.

A recent article at Maximum PC recommended a similar program titled BufferZone Pro. I have no experience with it and saved the vendor's explanation of the product confusing. BufferZone Pro is free for non-commercial use and uses the term "virtual zone" preferably than sandbox.

Windows systems force out as wel constitute protected by running Internet facing applications in a essential machine, only this is a heroic step up in complexity compared to Sandboxie which offers its protection with relatively little disruption to the end user.

Perhaps someday, companies volition run Linux connected the mere metal and sandpile Windows applications in virtual machines. I'm not holding my hint.

Arsenic I write this, the well-lined featured, commercial edition of Sandboxie costs $43.50 for home users. For this Mary Leontyne Pric, you get the right to install it on all the computers you own. And you only need to buy information technology once, you will not have to buy up it again close twelvemonth OR when a new interlingual rendition is released. Commercial licensing is diametric.

That said, the free version has very few limitations and is an excellent place to start.

For the record, I have no more kinship with the vendor, other than being a client.