AIS5's Sandbox and Google Chrome updates

Avast Free Antivirus / Premium Security
1

Just installed AIS 5 yesterday and immediately chose to always sandbox Chrome. There are no problems so far, but I wonder what will happen when Chrome decides to update itself while sandboxed?

Are there any known problems with Chrome?

Thanks!

2

Generally, programs need to run outside of the sandbox to update themselves.

3
  • Chrome has native sandboxing abilities, it’s completely useless to sandbox it with AIS.
4

I didn’t try that, but I would suggest you to update Chrome out of sandbox.

+ Chrome has native sandboxing abilities, it's completely useless to sandbox it with AIS.

@Logos, those are totally two different things called similar: Chrome sandbox is nothing more than a way of separating every component of the browser into the own process. It has a lot of mechanism to prevent inter-process communication, each process is isolated from others. It uses only Windows API to set up permissions/rights to other objects. On the contrary, avast sandbox virtualizes everything what that program writes, modifies, moves, etc. It works in kernel-mode (very low in system) so an unwanted malware executed from Chrome will be caught (= any registry/filesystem/hdd writes, hooks, process/thread injections, etc).

5

@pk: I know that to achieve sandboxing Chrome uses Windows API, but still, according to these pages, it seems a bit more efficient than you say. And yes, I know as well that it’s not done the same way at all ;D I haven’t tested any of them with malware, so I can’t tell which method would be more successful. This said, I know and read that Chrome has been tested as particularly resistant.

http://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ
http://www.chromium.org/developers/design-documents/sandbox

6

Thanks for the info so far. AFAIK, Chrome is very secure because of the sandboxing technology (which I believe comes from the GreenBorder technology) but I still don’t think it is at the level of say Firefox behind Sandboxie. Since I am not the only one who uses my machines, unfortunately my wife and young daughter use them, I want to be sure that in my absence nothing horrific happens.

I bought the AIS suite hoping, in part, to get away from Sandboxie which is too much for my modest needs, and drives my daughter and wife crazy. It seems that the sandbox in AIS is very unobtrusive and my girls don’t even know its on.

Let me know if there is more on the Chrome updates while sandboxed.

Thanks again