MacOS – Sandbox browser for safely viewing malicious websites

macosSecuritysoftware-recommendationweb-browser

I'm looking for a quick and safe way to browse potentially malicious / infected websites. So far all of the products I've found are PC only. I can run a Virtual PC environment but it's a pain and I'm looking for something simpler.

I'm on Yosemite.

Best Answer

I recommend a VM with the OS and the browsers of your choice. Using the snapshot/clone features you may always revert to the original vanilla state.

Three of the advantages:

Use an arbitrary OS/browser combination (a lot of malicious websites often attack special combinations e.g. Windows XP/7/IE or OS/Flash)
You may detect any impact on the file system safely by comparing the mounted vanilla and infected volume (in read only mode).
You may run fseventer or dtrace (Mac OS X) or other tools (Win/Linux) without interference of your real OS.

Another possibility is outlined here in an article from 2010. Don't know if it still works:

OS X has a built-in sandbox feature for applications, which can restrict their access to certain parts of the system. There isn't a lot of documentation available on the sandboxing system, but I've successfully been able to sandbox Firefox. It has some limitations, but my plug-ins and add-ons work though yours may not.

If you have issues, you'll have to search for the directories where your plug-ins are housed, and give read or read/write access permissions in the firefox-sandbox file. There is only write permission to the ~/Downloads directory, so if you want to save files in a different location, you will have to change the firefox-sandbox file or move them after the download has finished. First, create the following file and save it somewhere as firefox-sandbox:

;; http://codereview.chromium.org/379019/diff/1/2
(version 1) 
(deny default)

(allow file-write* file-read-data file-read-metadata
  (regex "^/Users/user_name/Downloads")
  (regex "^/Users/user_name/Library/Application Support/Mozilla")
  (regex "^/Users/user_name/Library/Application Support/Firefox")
  (regex "^/Users/user_name/Library/Preferences")
  (regex "^/Users/user_name/Library/PreferencePanes")
  (regex "^/Users/user_name/Library/Caches/Firefox")
  (regex "^/Users/user_name/Library/Caches/TemporaryItems")
  (regex "^/Applications/Firefox.app")
  (regex "^(/private)?/tmp/"))

(allow file-read-data file-read-metadata
  (regex "^/dev/autofs.*")
  (regex "^/Library/Preferences")
  (regex "^/Library/Internet Plug-Ins")
  (regex "^/Library/PreferencePanes")
  (regex "^/usr/share/icu")
  (regex "^/usr/share/locale")
  (regex "^/System/Library")
  (regex "^/Applications/Firefox.app")
  (regex "^/usr/lib")
  (regex "^/var")
  (regex #"Frameworks/SDL.framework")
; Our Module Directory Services cache
  (regex "^/private/var/tmp/mds/")
  (regex "^/private/var/tmp/mds/[0-9]+(/|$)")
  (regex "^/Users/user_name"))

(allow mach* sysctl-read)

(import "/usr/share/sandbox/bsd.sb")
(deny file-write-data
   (regex #"^(/private)?/etc/localtime$"
     #"^/usr/share/nls/"
     #"^/usr/share/zoneinfo/"))

(allow process-exec 
  (regex "^/Applications/Firefox.app"))

(allow network*)

Replace the /Applications/Firefox.app.... parts with the path to Firefox on your system. Also replace user_name with your username. Next, open up a Terminal and execute this command:

sandbox-exec -f firefox-sandbox /Applications/Firefox.app/Contents/MacOS/firefox-bin

Make sure the firefox-sandbox file is in the directory where you run the above command, and Firefox should launch in a protected sandbox.

Best Answer

Related Solutions

MacOS – Do you know a simple sound booster app for Mac

Boom

MacOS – How should I set up the coding environment for PHP, theSQL, and JavaScript development

Related Question