Sandbox bank account tracking cookie?

zombi3

Posts: 9   +1
I'm a little confused by this. Isn't the whole point of using a sandboxed browser is that nothing leaves it. SAS picked this up:

accounts.key.com [ C:\AVAST! SANDBOX\S-1-5-21-3583729876-1247344376-3946384776-1000\SFZONE\C\USERS\NIGHTMARE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JG77RLU5 ]


I assumed that with a sandbox, stuff like this (especially a key bank flash cookie) would simply not exist.
Also, there is no C:\Avast!. I installed Avast to a custom folder and Avast doesn't use the word "Sandbox" to describe it's program in any files, always "SafeZone".

Don't get me wrong, pc's fine. I'm just wondering if this is typical or if Avast just makes a crappy sandbox.
 
Last edited:
Try using Google Chrome or FireFox with Disconnect + Adblock. That should eliminate the majority, if not all tracking stuff.
 
I use DoNotTrack and Adblocker with my regular browsers. What I'm wondering is if it's normal for something like this to be stored on the pc (albeit hard-to-find) when the page was opened in a sandboxed browser. Am I misunderstanding how these programs work, or is Avast SafeZone simply not as good as another program might be?
 
Hmm; my impression is Sandbox allows all normal functions (including cookies & history) but arranges memory such that things like buffer or stack overflow do not cause an exception and thus leak memory OR cause privilege elevation.
 
At least it was buried pretty deep. Turns out there is "C:\Avast! Sandbox" folder, it's just not visible, even with "show hidden" enabled. It can only be seen in safe mode.

I guess I've been thinking of sandboxed programs the wrong way. I heard they were good for running "iffy" programs and that if they should contain any kind of malware or virus the sandbox would keep the infection contained. I just assumed that meant nothing activated inside the sandbox was stored in any way. Don't know why it never occurred to me that a sandbox could have it's own contained storage. S.M.R.T. !

Kinda surprised SAS detected this though, especially scanning in normal mode. I'm sure most others would miss it.
 
I heard they were good for running "iffy" programs and that if they should contain any kind of malware or virus the sandbox would keep the infection contained.
this is all true
I just assumed that meant nothing activated inside the sandbox was stored in any way.
not true. Private Browsing is much closer to this
Don't know why it never occurred to me that a sandbox could have it's own contained storage. S.M.R.T.!
 
Back