I wanted to give a try of todays Giveaway of the Day MovieShop Browser (http://www.giveawayoftheday.com/movieshop-browser/), but without been sure if I would like it or not I downloaded the trial version and run the installation in sandboxie.

Everything went fine but the problem is that the default font of my windows was changed to that of the program. :o :ouch: :blink:

Not a really problem but... lol ; I have seen sandboxie get bypassed by malware but never from a legitimate application. :P

ps. It was a nice reminder, not to be overconfident with the security applications.*puppy*

Panagiotis

Have you reported this or any of your other findings here?
http://sandboxie.com/phpbb/
And what was thier response?

{QUOTE-> Have you reported this or any of your other findings here?
http://sandboxie.com/phpbb/
And what was thier response? <-QUOTE}
Not yet. It happened an hour ago.
I'll report it later today if I find the time. If not tomorrow.

For the moment I'm playing with the various settings of xp fonts. ;D

Now I got more confused.

I installed the giveaway version (not sandboxed) and by magic my font settings were restored. :wacko:

I'd be curious to know what malware bypassed sandboxie, and if it still does with the latest versions.

PS. Downloaded Movieshop Browser and will test laster

Well I downloaded the trial version. The only sandbox I can try it in is my default box which would block all internet access.

First attempt failed as I had the drop rights feature turned on. Turned it off and it installed. I didn't see any issue with fonts on my computer, but what did bother me is it did install in the real program area. Even after deleting the sandbox contents it was still there.

I rolled back since I was using ShadowDefender, and took another shot, this time blocking access to the c:\program area. The install never got off the ground.

I am going to post about this now in the sandboxie forum.

Pete

Posted in the sandboxie forum under problems with 3.0 or later. Title of thread is A leak or me

Pete

{QUOTE-> Posted in the sandboxie forum under problems with 3.0 or later. Title of thread is A leak or me

Pete <-QUOTE}

Well it was me. No leak in Sandboxie, the leak was me.

What happened:-[ was when I went to check the unsandboxed area I saw MoveMaker(which is MS) and made a giant, but incorrect mental link. Movieshop installs as c:\program\framering\movieshop, and it wasn't there.

So Sandboxie didn't leak, and I didn't see the font issue. Several users on the sandboxie forum tested with the same result.

Pete

Thanks peter that is good news indeed.Now I wonder what happen in pandlouk case if it got outside the box.

maybe a bug if he used a different sbie skin?

{QUOTE-> I'd be curious to know what malware bypassed sandboxie, and if it still does with the latest versions.

PS. Downloaded Movieshop Browser and will test laster <-QUOTE}
It was a file infector that I had tested about 2 years ago.
Version 2.86 was imune to that one. After that I never retested it.

I suspect that the font problem is caused by a conflict between sandboxie and outpost.( I have to do some tests to find out).

Here are two screenshots of my firefox before and after installing sandboxed the mentioned app (I tested it 4 times, always with the same results).

Despite all my efforts I've yet to find anything that bypasses SandboxIE of late.Not saying there isn't anything but if there is it's a rare breed.The thing is too well coded,it's not playing fair with the malware writers.:P

Thanks for your effort Pete, posting on the sandboxie forum. Another case closed. :D

Oh wait a minute, I had this boldness on fonts pandlouk is talking about, but I din't notice untill I saw the screen shots.

The fonts didn't change in size or type, they just became bolder in some parts, like filehippo.com, but I thought it was my eyes :P

After a reboot, everything was normal again!

I must say I did't notice this boldness anywhere in Windows files or folders, just in my browser and I had deleted the sandbox before I open a new sandboxed browser.

Will report it on SandboxIE forum too :)

Ok. After some more tests I can conferm that it slipped snadboxies registry protection. I do not know if it is a bug or if ir is by design.

Here are the registry directories that definitly got modified.

"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache"
"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache"

(If you do not have a multilanguage pack installed, probably you will not have the muicache directories.)

Pete or anyone registered at the sandboxie forum could you report it there, since you already opend a thread?

thanks,
Panagiotis

hi pan. just as mitch explain in SBIE thread on SB forum,its just a default behavior from windows itself so no worries,no breaches.

thanks Mitch and Wraithdu.