avast sandbox allows reading/writing other processes memory

To make gameplay more interesting, I’m using Gamecheater (http://gamecheater.cjb.net/). It’s basically tool that can find and edit specific memory location in different process. AutoSandbox correctly determined, that Gamecheater is be dangerous application and sandboxed it. I was really surprised that Gamecheater was able to function correctly even when sandboxed.

Changing memory content of other processes is rather dangerous and sandbox should definitely prevent it. Experienced malvare programmer can exploit it to do a lot of nasty stuff, probably also escape from sanbox and infect operating system which means that avast sandbox is pretty much useless right now.

I’m using Win7x64SP1/avast 6.0.1000.

This typically happens when only part of the system is sandboxed. I.e. typically there’s another part (another process or driver) that communicates with the sandboxed process in some way, and the whole system can then function is if it were not sandboxed.

Otherwise, sandboxed processes cannot modify other processes’ memory, of course…

Thanks
Vlk

Gamecheater doesn’t use another process/driver. I’ve setup new Win7x64 installation with all updates in Vmware, then I’ve installed and updated Avast(6.0.1000) and rebooted to enable sandboxing. Then I’ve launched Gamecheater in sandbox and verified that it’s able to find specific location in another process and change its value. Clearly, Gamecheater is able to bypass Avast sandbox protection. Hopefully you are going to fix this soon.