Hash: SHA1
@ Tom
"Thank you for not only taking the time to reply, but for also taking the time to do the research and to cite original sources for those who wish to see for themselves. You and I have discussed in another context that corporations are inherently self-serving (it's their duty to the stockholders), so I'd rather look to independent researchers than to corporate press releases -- regarding *anything*. "
Thanks and I agree. Got to be careful when looking for the "independents," though, as many have personal or paid biases. This problem is the worst with politicians and drug studies. Fortunately, the IT security research community is diverse & competitive enough to prevent or squelch most bogus claims.
"I came away from our private conversation thinking that you thought Chrome sandbox to be excellent, possibly/probably better than Sandboxie. Do I retract any portion of the above apology?
"http://hak5.org/episodes/episode-703
Skip to 10min mark where they do free Comodo vs Sandboxie. Sandboxie gets owned repeatedly with its recovery feature (and maybe something else). Comodo stops stuff even if the user is a self-defeating noob. A test of "host intrusion prevention systems (HIPS)", as we used to call them, in the past showed DefenseWall & Sandboxie to be better than the others, but both of them let certain stuff slip through. Comodo Defense+ is newer, yet getting better over time. Maybe SB is better now or maybe new features = new problems.
The real issue I have with Sandboxie is that they have tons of awards and security labels, but little independent serious review. The program is a black box: nobody knows in detail how its supervisor mechanisms work or can easily do a code review. Chrome uses OP-style sandboxing at the browser level, is bug-hunted relentlessly, and was analyzed w/ source by several experts on bug-hunting and sandboxing. It's received *much* more scrutiny than Sandboxie. That matters in the security community when one is making assurance arguments.
I think part of SB's protection level is it's sandbox design, but a major part is malware authors aren't directly targeting it. The fact that most scrutiny in Chrome has found issues makes me almost certain that similar scrutiny in SB would show similar results. The SB team would have to be savant programmers, have Windows source code or apply EAL5-7 security engineering techniques to do better than the Chrome implementation. To be clear, I'm not cutting SB developers down: I'm just saying the Chrome team tried really hard for a long time only to produce a sandbox with vulnerabilities & SB people likely did too.
I don't use Chromium for privacy concerns & lack of NS-like features. The sandboxing feature never really concerned me. Most bugs for Chrome are found by white hats & never get exploited. The largest source of bugs in browsers are renderers and plugins. Rendering is sandboxed. Untrusted plugins are sandboxed. Trusted plugins can be further restricted by the OS thanks to process isolation. So, the sandbox definitely has bugs and bypass issues in it somewhere, but it will do fine against wild malware. Ironically, one of the best claims comes from your link on Chrome vulnerabilities:
"No security vulnerabilities in Chrome have been successfully exploited in three years of Pwn2Own."
On the flip side, I think the Mac was exploited first in many of those competitions. Gotta love security theater.
"paying a record $3,133"
I think that was an intentional joke. In hackerspeak, elite = "leet" = l337 or sometimes 31337. It's just a guess, but I think it's a pun on leetspeak. When considering compensation for app bug hunting, you have to also factor in pride and the feeling of being elite/special/whatever. Mozilla & IE have had many, many issues. Chrome is the one that's last man standing at most hackathons. Hence, they aren't just getting money: they get the pride of defeating "the most secure browser."
"Overall, which do you think more effective, ceterus parabus: Chrome sandboxing or Sandboxie? Or is there another third-party sandboxing solution (for those who don't want to go to the expense or effort of full-on VM) that you think is more secure than all others? "
It's hard to say. Like I said, without adequate analysis of Sandboxie, all we can say is it stops all the most common malware variants & catches most others. Chrome's got good malware prevention & isolation. NS is the only reason I would recommend Sandboxie & FF. However, the Comodo thing might be better for lay users who are easily tricked (the majority lol?).
My top recommendation for usable, affordable, secure browsing: a dedicated (cheap) PC with a hardened Linux (or OpenBSD) that runs from read-only boot + a KVM switch. It would have FF/NS on it, of course. The user would just turn it on, wait a while & then could switch between PC screens with the press of a button. A safe file transfer option could be made available with easy GUI for sharing files either way.
Next best thing is a hardened Mac due to great usability + obscurity. Next, a browser VM in a reputable product, like VMWare or VirtualBox. Far less usable, but safer, is restarting the computer with a LiveCD or LiveUSB stick. Both would run a hardened Linux & are easy for lay people. I recommend this for online banking. If not Linux (many possible reasons), then a hardened copy of Win7 is ideal. One guy on SB forums runs FF/NS on SB in a VM for messing with really dangerous stuff. So, those are some cheap options to start with. (Did I just say "cheap" and "Mac" in same paragraph? My bad.)
If you can afford or acquire it, an isolated browsing solution powered by INTEGRITY, LynxSecure or VxWorks MILS is "probably" good. (Dell Secure Consolidated Solution is an example.) Another option is General Dynamics High Assurance Platform. I laugh at the "high assurance" part, especially considering Bell's paper, but the system is accredited for Top Secret. This means it was at least tested & analyzed. It's also very usable. Another one that depends on a small TCB is the Turaya Desktop offering. It leverages TPM, isolated trusted processes, a microkernel & paravirtualized desktops to protect the system. INTEGRITY Workstation was an earlier product that did the same & might still be available.
So, you have plenty of options. From there, you must choose the best one to suite your needs.
"btw, although the digital sig ID's you as the originator of this post, you do know that I can copy it, minus the header and footer, and post it as my own, anywhere on the planet?
... kidding. 
"You had to be. All I'd have to do is say, "Encrypt this with the private key you signed it with. I've encrypted two more things that can be verified by decrypting with my public key." And you couldn't or wouldn't... and everyone would know who *really* wrote the post. Just as digital signatures are supposed to work.
Side note: If it seems I'm bashing the hell out of SB, it's not intentional. In trying to be balanced, I'm giving SB the intense scrutiny I already gave to the Chrome platform.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJOzvQsAAoJEFvQ0aBVJJxWeN8IAI2Ergc/2Rnj5AaO9Gn5bv/U
ARiGq2DQ9guEYSYraQOLWL5eaZ6JHBzYNYzYpBONcUAq0DA5Elw9l5PErpJgQd6y
O4MegspAG6LyD0XrpzID8XFGqJQ1dBgJytJ+bON0mrS6vPdCLz3FgOf9SjdJCsAh
dS5gZbycxLavVYGHI4fKkrbDJ8Yi5dGYsVwEyELvNJxpFA1hiUYyf1iWxA00oiGZ
6sICz5DMSLuixULDJCfXRYUdk89Jr+J+C9NMv7Bpho0GuMniB/d4HvI4dPP4qmZv
lFrSsN0XYfz4H8OyNWI1EYAStsKo9IUiar1VbeeA1BfiTETAEzeva93xGtjnsjU=
=KwmQ
-----END PGP SIGNATURE-----
AHUs need the simplest, most intuitive, yet safest, combo possible, and are going to buy a computer preloaded with Windows or Mac. Just getting them off of IE can be a major effort. Search my posts for the complaints where "I love Fx/NS, but my spouse/parent/child/whatever won't touch it" -- one recently: "Can't get my wife off of AOL." 
