Zoom has a version that runs in the browser, but in my experience, it runs much worse than the native application. Best app 2014 macbook pro. As running the native application is a security and privacy risk, let's see how we can use Linux sandbox techniques to restrict what the Zoom client can access.
With Corona, video conferences are on the rise, and organizations tend to use Zoom. The problem is that Zoom shows more and more security holes, bad practices, and privacy-related problems.
1) Use flatpak.
Flatpak uses a sandbox called bubblewrap that isolates it from most of your personal data. You can find Zoom on Flathub.
If you do not have flatpak, you could try to use the bubblewrap sandbox without flatpak or try using firejail, but for most people it is much easier to just use flatpak.
2) Use Flatseal to revoke access to data that Zoom does not need to be able to access before running Zoom the first time. You can remove access to all host files (filesystems=host and filesystems=home disabled) without any problems.
Sandboxie can be run from the context menu. Right-clicking on the software allows you to select the Run Sandboxed command. You can also open a program in the sandbox by using the Send to command.
This already solves many security and privacy issues of Zoom.
The problem that still remains is that Zoom generates personalized identifiers by using your network card's unique hardware address.
3) Restricting Access to your network devices: Now Zoom is isolated from your private files, but when you already used Zoom and have a look at $HOME/.var/.var/app/us.zoom.Zoom/config/zoomus.conf you will notice that Zoom uses your MAC-Address as identifier in the line deviceID=XX:XX:XX:XX:XX:XX.
There is a way to protect against this when you really want Zoom not to know such unique identifiers by using network namespaces.
Our setup is based on this introduction to Linux network namespaces. We will need some additional routing for network access and a tool to allow normal users to run applications in a network namespace for running Zoom inside a private network namespace.
Setting up a network namespace for Zoom:
You can now verify that you only see the virtual interface by running ip netns zoom exec ip link show. This runs the command ip link show inside the namespace 'zoom' and you should see a loopback interface 'lo' and the virtual interface 'veth1' inside the new namespace.
When running ip link show alone, you should see your usual host network interfaces and 'veth0', but no device 'veth1'.
Next, we need to assign IPs and set up a default route inside the network namespace so that Zoom can reach its servers. We will use the net 10.0.0.0/24 for the interfaces. When you already use this net, you need to choose another IP range.
Now we can communicate with the host outside of the zoom namespace and need to add routing into the internet. We use iptables with a NAT setup for this:
To be able to use the namespace without root privileges you need to install netns-exec. This tool allows every user on the computer to run programs in another network namespace, so do not install it if this is a problem for you.
Now run netns-exec zoom IP link as a normal user to verify that you can execute programs in the network namespace and that you can only see the virtual network device.
When everything works, you can start using Zoom by running
Afterward, you can verify that zoomus.conf contains the virtual MAC address from the veth network interface instead of the unique MAC address of your network card.
Feedback If anything does not work for you, please leave a comment so that I can improve this article.
If your geek quotient is anywhere on the higher side, it’s safe to assume that you install (and uninstall) quite a few programs. You also must have configured your computer to run like a silky smooth machine. These two states are often at conflict with each other when you install software that wreaks havoc on the PC. Installing new and untested programs in an isolated virtual environment gives you the best of both worlds.
https://ftabju.weebly.com/blog/find-mac-app-installed. Sandboxie is a light and compact free software that blocks error prone programs and web based malware from affecting your PC. The security software creates a virtual sandbox and allows you to install new software, your browser and other browser based apps in a secure environment, shielded from the deeper layers of the OS. Sandboxie helps you test out new unproven applications and decide to keep ‘em or trash ‘em.
Install and Run Sandboxie
Sandboxie is a 2 MB download. It runs on all 32-bit versions of Windows. On first install, Sandboxie may display a software compatibility box which on confirmation enables it to make some configuration changes to its own settings and the sandbox it creates.
Sandboxie can be run from the context menu. Right-clicking on the software allows you to select the Run Sandboxed command. You can also open a program in the sandbox by using the Send to command from the context menu. You can also use the default Sandboxed Web Browser which is a sandboxed clone of your default browser to browse the web in protected mode.
Also if you open Sandbox Control, you can open any program from the following menu command:
The Safety of a Virtual Environment
Let’s test out Sandboxie by opening Firefox and downloading a software. All ‘sandboxed’ instances of a program are identified by a ‘#’ symbol on the title bar. The sandboxed program (in this case, the Firefox browser) is also highlighted by a yellow border. Any apps (e.g. Firefox add-ons) you install within this sandboxed instance of the browser will also be contained within the sandbox. In case of Firefox, the restarted browser after the installation of an add-on also opens within the sandbox.
Sandboxie Control shows the running status of programs that are running in the vault in the current sandbox. You can create more than one sandbox.
Any file downloaded while browsing is also saved within the sandbox. Sandboxie gives you an option to recover the file and move it to the unboxed part of Windows in case you decide to keep it.
Closing Sandboxie Control terminates all programs and restores the order of Windows that existed before you sandboxed the program. https://ftabju.weebly.com/bpm-app-for-mac.html. Best calendar app that works with mac. You can also delete all contents from the Sandbox after you are done with it.
It is a good precaution to use Sandboxie with your download programs and your email client in case you are downloading something you are not too sure of. Sandboxie can also be used to run multiple instances of the same program. For instance, you can run your browser in the normal mode and also in the sandboxed mode.
Sandboxie comes with a full-fledged tutorial which walks you through the steps of setting it up and using it to keep your PC in the pink of health. Run it and give us your take on the utility of a sandboxing application.
The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.Also See#privacy #programs Did You Know
Your browser keeps a track of your system's OS, IP address, browser, and also browser plugins and add-ons.
More in WindowsMac Run App Without Sandbox3 Best Fixes for Windows 10 Autocorrect Not WorkingComments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |