I just read about Windows IL and following is what I've understood about it. Please correct me if I am wrong.
Windows IL mechanism helps to protect processes and files/folders from malwares by restricting access (read,write or execute) by running the vulnerable process (for eg. browser) with Low IL so that it cannot access (read, write or execute) those processes or files/folders running with medium IL or higher.
If my above understanding is correct then let's take a real world scenario of IL and try to fit in the role of Sandboxie in the same.
Assuming that I am running Firefox (5 tabs open) with Low IL and a malware hits it.
- The malware can access data on other tabs.
- The malware cannot access Office applications, Adobe Reader, Chrome, files/folders on my D: since they all have Medium IL
According to the above scenario, if I visit a genuine site for work which is clean and I need to read a pdf/word/excel file then how can I read it ? Is downloading it and then opening it separately the only option ? Or lets suppose I open gmail.com using Firefox (Low IL) and I need to attach some pdf/word/excel files (Medium IL). How can I do it ? In the latter scenario,
one thing I can do is give those pdf/word/excel files Low IL as well but then it will defeat the very purpose of Integrity Levels.
After reading about ILs I was wondering if Sandboxie was doing anything different ?? You can give the same kind of restrictions that ILs give in SB. In fact, SB does it all in virtual environment unlike ILs. Additionally, ILs is an inbuilt Windows feature so I guess the bad guys would be more interested in bypassing it than SB. Agreed more security softwares increases the attack surface but SB has been pretty solid over the years with its developer quickly closing any holes.
So is it necessary to configure ILs if you have a well configured SB ?
This is the place to bitch, bash, and get help with all things Windows.
1 post • Page 1 of 1