
F-Secure has open-sourced its Sandboxed Execution Environment - tilt
https://github.com/F-Secure/see
======
orf
Woah, I was not expecting that. Not only is it in Python but it's nice Python,
not the bastardized "I can write C, let's try Python" style you often see from
big companies.

~~~
paxcoder
As a C programmer who "tried" Python, I feel offended. I wrote substantial OO
code using list comperhensions and other things pythonic. I am also a
functional programming affectionado, though a realist, not a fan. Don't label
people. Speak against companies mismanaging people by driving them to write
low quality code. Be open and promote useful programming concepts and tools.

P.S. Long live static typing. Down with EcmaScript.

~~~
baq
when you write C, you should be writing elegant C. when you write Python, you
should be writing elegant Python. trying to code Python in C is about as ugly
as trying to code C in Python and both should be discouraged equally.

the thing i don't understand is what you took offense at.

~~~
paxcoder
Swap the languages around and see if the statement doesn't sound a bit elitist
to you. I feel like the parent could have chosen more neutral words if they
wanted to. Their particular experience with irreverent/careless programmers
just rubbed against my experience with technology fans I guess (the word fans
used in the same sense as in my previous comment).

~~~
scott_karana
Swapping the languages fits exactly consistently with what GP said.

Trying to use first-class functions and OO paradigms in C is going to bite you
in the ass, hard.

Just as iterative pointer manipulations in Python aren't preferable.

Both languages have different "styles" that suit their purposes excellently,
but mixing them improperly in _either direction_ will be painful.

------
gruez
Slightly off topic, but how well do sandbox execution environments handle
malware that only execute if a VM is not detected? AFAIK most virtualization
environments are easily detectable by the guest.

~~~
peterwwillis
The sandbox just provides environment separation to run automated tests
independently. How you define the environment, and how malware may react to
it, is up to the user. (However, the 'hooks' could in theory be written to
circumvent or detect malware looking for signs of a guest VM)

------
eugenekolo2
What are the advantages of using this over Cuckoo Sandbox, or Anubis?

~~~
vill1
Maybe the biggest advantage is the plugin system and how those can be hooked
to the execution. Developer focuses on writing a LEGO brick that can be used
as a part of execution. Also different plugins do not need to care about
existence of other plugins, but on the other hand those plugins can be chained
by firing and listening to events.

~~~
eugenekolo2
Cuckoo supports plugins too, I wrote up a summary of them here:
[https://www.eugenekolo.com/blog/cuckoo-sandbox-
notes/#div_cu...](https://www.eugenekolo.com/blog/cuckoo-sandbox-
notes/#div_custom). Can also edit the Analyzer/monitor part to add in new
function hooks.

------
noxdafox
The tool is shown in the video at the following link.

[https://www.youtube.com/watch?v=k185OMivqbQ&list=PLJ6grbbdTP...](https://www.youtube.com/watch?v=k185OMivqbQ&list=PLJ6grbbdTPW8gX-
Nl_B_ijDvwu9WoO_rG&index=103)

------
blahsphemer
why would they open source this?

~~~
vill1
Why not, this is just a general purpose framework for driving virtual machine
execution? Hopefully someone will find this useful and write plugins and share
those for the community as well.

