How to contain meta data, and polymorphic malware
Posted: 2017-09-02, 04:41
I discovered with my use of a program on my computer called spy the spy that websites were adding meta data in the Pale Moon profile folder under storage. So I wanted to contain this. I can't simply block it as I have read here that it will break websites. So I thought of a few solutions. My first inclination was to symlink the storage folder to a small RAM drive using the program ImDisk and the program Link Shell Extension which gives you an easy context menu to right click a file or folder and create the symlink. You can read about symlinks here: https://www.howtogeek.com/howto/16226/c ... -or-linux/
Well, this setup worked up to a point. The meta data was being stored in the Temp file of the small 5MB RAM drive, but every time I turned off the computer the symlink wouldn't stick, but the RAM drive was in fact cleared out on system reboot. So I took care of one thing, but the other wasn't working. My next idea was to use the program (fantastic by the way) called AutoHotKey to create a script that would start on computer boot that would automatically create the symlink. But try as I might, I couldn't get the two auto script recording programs to work right to create my symlink. So it was back to the drawing board on how to contain this meta data.
The solution? The all mighty and brilliant Sandboxie application. Sandboxie will allow you to contain programs in a so-called "sandbox." Wheres all the data is contained in this virtual machine- like program and nothing touches your computer. I've been using it for the better part of 6 years now. It's a really great way to keep polymorphic malware off of your computer like ransomware since your standard definition-based anti-virus doesn't catch a lot of polymorphic malware like, Avast, Bitdefender, Malwarebytes, you name it. ALL are definition-based and depend on definitions to work and catch malware. With polymorphic malware there won't be a definition and will slip right on by.
So with Sandboxie you can effectively keep everything including meta data contained in the sandbox and it won't even touch your computer. Now to do this you will want Sandboxie access to your bookmarks of course otherwise they won't stick on browser exit. If you intend on updating Pale Moon, don't use Sandboxie for the update otherwise it won't stick as well. To get this setup follow my instructions to a T. And after you are done, not only will you have a more secure way to browse the Internet, but you will contain meta data as well. I should note that Sandboxie is indeed free. But with the free version, after 30 days you will get a pop up when you launch Pale Moon that lasts for 5 seconds reminding you that you are using the free version and to get rid of the pop up to buy Sandboxie. The pop up goes away after 5 seconds after you click the button and then Pale Moon will launch in the Sandbox. Just a small price to pay for free, but well worth it for what Sandboxie offers in terms of protection both in security and privacy.
Double click the Sandboxie icon. Select Sandbox | Default Box | Sandbox settings.
Go to Applications |web browser | Firefox
Allow access to your Pale moon bookmarks and history. Nothing else unless you store passwords.
Now do the following to allow access to your extension folders and Grease monkey scripts if you have them.
Right-Click on your Sandbox |Sandbox Settings | Resource Access | File Access | Direct Access
Click Add Program to choose the program that should have access to those locations (in this case, Pale Moon).
Hit Add and select the folders you want that program to be able to access.
Hit Apply and Ok your way out.
Configure | Reload Configuration.
You have to show hidden files and folders in your Windows control panel under folder options to navigate to the folders in Sandboxie that need access.
Allow access to the following folders in your PM profile folder:
extension-data\
extensions\
and if you have Grease Monkey, the gm_scripts\ folder.
That's it! Now Sandboxie will allow permanent access to those folders and your bookmarks/history and delete everything else on browser exit.
Note: When you download a file you have to click recover. Also note that you may have to setup your downloads location in Sandboxie. So if it's isn't the default My Documents/Downloads, but rather D:\\Downloads or something, you will want to set that path under Recovery | Quick Recovery. Note that if you haven't downloaded anything and didn't expect the recovery box to pop up. Don't recover (or download) what ever it is that wants to be on your computer. You can also right click the Sandboxie icon in the task bar and delete all contents in the sandbox. Due make sure the red X shows up over the Sandboxie icon in the task bar when you close Pale Moon. That tells you everything has been deleted. Also note the icon will show particles of "sand" in it meaning that there is content currently in the sandbox. The Sandboxie program and their most helpful forum is located here: https://www.sandboxie.com/
If you have any questions ask. I'll be happy to help.
EDIT- One more thing. I wouldn't launch Pale Moon in Sandboxie if you intend to download a torrent. Doing so will keep the torrent in Sandboxie until it fully completes. If it's small then you don't have to worry. But if it's several gigabytes big like CentOS, you may want to stop and start the torrent at a latter time and you won't want that data siting in the Sandbox.
Well, this setup worked up to a point. The meta data was being stored in the Temp file of the small 5MB RAM drive, but every time I turned off the computer the symlink wouldn't stick, but the RAM drive was in fact cleared out on system reboot. So I took care of one thing, but the other wasn't working. My next idea was to use the program (fantastic by the way) called AutoHotKey to create a script that would start on computer boot that would automatically create the symlink. But try as I might, I couldn't get the two auto script recording programs to work right to create my symlink. So it was back to the drawing board on how to contain this meta data.
The solution? The all mighty and brilliant Sandboxie application. Sandboxie will allow you to contain programs in a so-called "sandbox." Wheres all the data is contained in this virtual machine- like program and nothing touches your computer. I've been using it for the better part of 6 years now. It's a really great way to keep polymorphic malware off of your computer like ransomware since your standard definition-based anti-virus doesn't catch a lot of polymorphic malware like, Avast, Bitdefender, Malwarebytes, you name it. ALL are definition-based and depend on definitions to work and catch malware. With polymorphic malware there won't be a definition and will slip right on by.
So with Sandboxie you can effectively keep everything including meta data contained in the sandbox and it won't even touch your computer. Now to do this you will want Sandboxie access to your bookmarks of course otherwise they won't stick on browser exit. If you intend on updating Pale Moon, don't use Sandboxie for the update otherwise it won't stick as well. To get this setup follow my instructions to a T. And after you are done, not only will you have a more secure way to browse the Internet, but you will contain meta data as well. I should note that Sandboxie is indeed free. But with the free version, after 30 days you will get a pop up when you launch Pale Moon that lasts for 5 seconds reminding you that you are using the free version and to get rid of the pop up to buy Sandboxie. The pop up goes away after 5 seconds after you click the button and then Pale Moon will launch in the Sandbox. Just a small price to pay for free, but well worth it for what Sandboxie offers in terms of protection both in security and privacy.
Double click the Sandboxie icon. Select Sandbox | Default Box | Sandbox settings.
Go to Applications |web browser | Firefox
Allow access to your Pale moon bookmarks and history. Nothing else unless you store passwords.
Now do the following to allow access to your extension folders and Grease monkey scripts if you have them.
Right-Click on your Sandbox |Sandbox Settings | Resource Access | File Access | Direct Access
Click Add Program to choose the program that should have access to those locations (in this case, Pale Moon).
Hit Add and select the folders you want that program to be able to access.
Hit Apply and Ok your way out.
Configure | Reload Configuration.
You have to show hidden files and folders in your Windows control panel under folder options to navigate to the folders in Sandboxie that need access.
Allow access to the following folders in your PM profile folder:
extension-data\
extensions\
and if you have Grease Monkey, the gm_scripts\ folder.
That's it! Now Sandboxie will allow permanent access to those folders and your bookmarks/history and delete everything else on browser exit.
Note: When you download a file you have to click recover. Also note that you may have to setup your downloads location in Sandboxie. So if it's isn't the default My Documents/Downloads, but rather D:\\Downloads or something, you will want to set that path under Recovery | Quick Recovery. Note that if you haven't downloaded anything and didn't expect the recovery box to pop up. Don't recover (or download) what ever it is that wants to be on your computer. You can also right click the Sandboxie icon in the task bar and delete all contents in the sandbox. Due make sure the red X shows up over the Sandboxie icon in the task bar when you close Pale Moon. That tells you everything has been deleted. Also note the icon will show particles of "sand" in it meaning that there is content currently in the sandbox. The Sandboxie program and their most helpful forum is located here: https://www.sandboxie.com/
If you have any questions ask. I'll be happy to help.
EDIT- One more thing. I wouldn't launch Pale Moon in Sandboxie if you intend to download a torrent. Doing so will keep the torrent in Sandboxie until it fully completes. If it's small then you don't have to worry. But if it's several gigabytes big like CentOS, you may want to stop and start the torrent at a latter time and you won't want that data siting in the Sandbox.