What will dropping rights for sandboxed applications do? Will the programs run in a "LUA-like" environment? If it does, than that should mean that I will not be able to save files to "C:\Program Files\", right? But, I can. Can anyone tell me how?

A short explanation about DR in SBIE
http://www.sandboxie.com/index.php?RestrictionsSettings#drop

{QUOTE-> What will dropping rights for sandboxed applications do? Will the programs run in a "LUA-like" environment? If it does, than that should mean that I will not be able to save files to "C:\Program Files\", right? But, I can. Can anyone tell me how? <-QUOTE}you can save files but when you run them it is like if you are in safe mode,any executable files will not run properlly;)

I question Sandboxie's Drop Rights ability.

anyone remember HTAAA HTAAAB HTAAAC STOP tests?
http://www.wilderssecurity.com/showthread.php?t=239942

{QUOTE-> Tzuk is implementing a protection against those theoretical risks in future releases. However once again, no permanent damage can be inflicted by malware using those techniques in the STOP tests, and thus there is no genuine malware out there (as far as I know) that can currently bypass Sandboxie and cause malicious permanent damage.

And once again, if there's that much paranoia, a classical HIPS will save you anyway haha.

The advantage of Sandboxie is that it allows you to surf anywhere you like and know that even if you're attacked by malware, not a single trace of it will be left after you empty the sandbox (so simple, just empty the sandbox with a click!). Not a single trace! That's what appeals to me and is why I use it over other software as my first line of defense (arguably Comodo's Defense+ could be deemed my first line of defense of course). Furthermore, everything is contained within this sandbox. As far as I know, there is no malicious malware (test or genuine) out there that can bypass Sandboxie and do malicious permanent damage. There are several here on Wilders that can testify to this.

In some ways, I actually hope more people try to break past Sandboxie, so that Tzuk can keep making it stronger and stronger as required. <-QUOTE}

I do agree that no "Permanent" damage is done, I am not denying that.

I was just questioning The "Drop My Rights" ability? Because isn't Drop My Rights supposed to be used for to run Unknown or Untrustworthy Programs??
If it can't properly control the behavior of programs such as in the tests we talked about in the some test thread, then what good is it even having the Drop My Rights Feature?

And also this is the Main reason why I switched from sandboxie to Defense wall,

because Defense Wall seems to have a much better ability in controlling the behavior of Untrusted programs than what Drop My Rights in Sandboxie has.

If you think about it Logically Defense Wall has to be able to control the behavior of Untrusted programs it is an absolute must, because it doesn't have a anti executable feature to prevent malware from running where as Sandboxie does. It does how ever have a "Stop attack" Feature which can terminate any running malware being a nuisance

{QUOTE-> I question Sandboxie's Drop Rights ability.

anyone remember HTAAA HTAAAB HTAAAC STOP tests?
http://www.wilderssecurity.com/showthread.php?t=239942 <-QUOTE}
I question it also, I think its' useless and poorly programed. I like Sandboxie overall and use the run access settings to handle any unknown or unwanted exe files. I did ask about it at their forum but just got brushed off as if I was asking about something the dev didn't want to talk about (or knew little about) - but it was no biggie. Would an LUA/SRP have handled those "Stop Tests"? I am not too good on LUA. I know it limits what can be installed, and where, but those exe files didn't need any install - they were standalone, if I remember correctly. But like I said, I am not too up on LUA.

I stated that "I question it also, I think its' useless and poorly programed" in direct response to Arran also questioning the Drop Rights feature of Sandboxie. So it should be fairly obvious that since I went on to say that I did use the program and said good things about it, that I meant that my opinion was that the Drop Rights feature was useless and poorly programed. If you want to infer that I said the entire program was useless and poorly programed, there is nothing I can do about that.

{QUOTE-> I question it also, I think its' useless and poorly programed. I like Sandboxie overall and use the run access settings to handle any unknown or unwanted exe files. I did ask about it at their forum but just got brushed off as if I was asking about something the dev didn't want to talk about (or knew little about) - but it was no biggie. Would an LUA/SRP have handled those "Stop Tests"? I am not too good on LUA. I know it limits what can be installed, and where, but those exe files didn't need any install - they were standalone, if I remember correctly. But like I said, I am not too up on LUA. <-QUOTE}

Good question, I don't believe any one tested them with LUA/SPR It will be interesting to find out, I'm not too up on LUA either.

{QUOTE-> Wow I'm not quite understanding what you're saying there. You think Sandboxie is "useless and poorly programmed", but you "like Sandboxie overall...". Can you please explain that? Thanks.
<-QUOTE}

He is not saying that all of Sandboxie as a whole is useless and poorly programmed, just the "drop my rights feature"

{QUOTE->
As I said, I'm yet to see any malware bypass Sandboxie and cause permanent damage. Many people have tested it too and have tried to bypass it, but there is no way currently. How is that useless? <-QUOTE}

we are not denying that there is no known malware which can cause permanent damage, we are just questioning the Drop My Rights Abilities

See here;
http://www.sandboxie.com/index.php?VersionChanges#v_3_34
Sandboxie version 3.34 released Jan 5, 2009

Then on Jan 8, 2009 (a mere 3 days later)

http://sandboxie.com/phpbb/viewtopic.php?p=30929#30929

Tzuk; {QUOTE-> I'm sorry, but I don't care to discuss this topic any longer. It's just not very interesting. A couple of group memberships are discarded. I just don't see what's so interesting about it. <-QUOTE}

So forgive me if I have little faith in the Drop Rights feature of Sandboxie.....

Well (opinion) its useless from the standpoint of that you are already in a sandbox - nothing can install into Program Files or Windows (the real ones I mean) or drivers or services etc etc. If you want LUA in addition to sandboxie, it is right there in Windows for you to set up ..... if the word 'useless' is too much - how about 'Less than usefull'? lol ;) On top of that is the run access settings ........

{QUOTE->
I was just questioning The "Drop My Rights" ability? Because isn't Drop My Rights supposed to be used for to run Unknown or Untrustworthy Programs??
If it can't properly control the behavior of programs such as in the tests we talked about in the some test thread, then what good is it even having the Drop My Rights Feature? <-QUOTE}

The whole Drop My Rights concept is useless if what is being run doesn't require administrative privileges to run in the first place. Isn't magic.

Pete

Ah, I knew I could find the comment that bothered me;

http://sandboxie.com/phpbb/viewtopic.php?p=30903#30903

tzuk - {QUOTE-> You don't need Administrator group membership to create files in C:\Sandbox, or by extension, in C:\Sandbox\user\DefaultBox\drive\c\Windows. Which is why you can still create files there even when Drop Rights is in effect. <-QUOTE}
So ... things can be created in the 'Sandboxed\Windows' directory - so my question remains, wth? And my opinion stands, ... useless.

Now, here is where my issue is; Let's say that you are not using Sandboxie. You have LUA in effect. You come across a drive-by keylogger that absolutely needs to install itself in the Windows folder. In this case, it can not install.

Same situation, using Sandboxie; The keylogger is in Sandbox\Windows but thinks it is in Windows. Windows thinks you are installing the keylogger into C:\Sandbox.. and allows it. Both Windows and Sandboxie are helping to allow the keylogger now. You would have to take it upon yourself to include the Sandbox folder in a SRP. So let's say that you do that, what at this point do you need the Sandboxie DropRights to do?

Let's say that you are running as Admin, and using the Sandboxie Drop Rights .... well, by the devs' own words... the install will be allowed, in the Sandbox\Windows folder.

{QUOTE-> Ah, I knew I could find the comment that bothered me;

http://sandboxie.com/phpbb/viewtopic.php?p=30903#30903

tzuk -
So ... things can be created in the 'Sandboxed\Windows' directory - so my question remains, wth? And my opinion stands, ... useless.

Now, here is where my issue is; Let's say that you are not using Sandboxie. You have LUA in effect. You come across a drive-by keylogger that absolutely needs to install itself in the Windows folder. In this case, it can not install.

Same situation, using Sandboxie; The keylogger is in Sandbox\Windows but thinks it is in Windows. Windows thinks you are installing the keylogger into C:\Sandbox.. and allows it. Both Windows and Sandboxie are helping to allow the keylogger now. You would have to take it upon yourself to include the Sandbox folder in a SRP. So let's say that you do that, what at this point do you need the Sandboxie DropRights to do?

Let's say that you are running as Admin, and using the Sandboxie Drop Rights .... well, by the devs' own words... the install will be allowed, in the Sandbox\Windows folder. <-QUOTE}

Useless is the wrong word. Not necessary is more accurate. First have you tried installing a keylogger in the sandbox. If it has to install a driver or start a service, the install will probably fail. I've tried installing security software that needs to do these things and the install fails.

Secondly so a keylogger is installed in the sandbox. Before doing any secure browsing, just empty the sandbox. End of story.

Pete

{QUOTE-> Useless is the wrong word. Not necessary is more accurate. First have you tried installing a keylogger in the sandbox. If it has to install a driver or start a service, the install will probably fail. I've tried installing security software that needs to do these things and the install fails.

Secondly so a keylogger is installed in the sandbox. Before doing any secure browsing, just empty the sandbox. End of story.

Pete <-QUOTE} All true, and makes the sandboxie drop rights ... 'not necessary'. Use the Sandboxie run access settings instead.

{QUOTE-> All true, and makes the sandboxie drop rights ... 'not necessary'. Use the Sandboxie run access settings instead. <-QUOTE}
If you understand what security descriptor and tokens are, do you still say 'not necessary'? For layman, using SB, it is already a good product without this feature.

If you are logged in LUA, you need not worry anyway. If you are logged in Admin, use SRP to restrict browser to Basic User level, and then don't worry. Just enjoy the fact that what normally would be restricted with browser is now blissfully available inside the sandboxe due to where it's file path is. Nothing better than the browser being restricted yet the user not feeling the restriction.

Sul.

In my opinion the Drop-My-Rights thingie wasn't really needed, tzuk just wanted to add yet another layer to his protection. Sandboxie was already close to perfect, at least in my opinion, without DMR, but adding other layers, no matter how "soft", cannot hurt things. Dropping ones rights is not the purpose of Sandboxie, just a "fancy" feature. There are other ways of dropping the rights, tzuk just made it easier for those who are using his program. 8)

Acadia

I am only trying to STAY ON TOPIC, and maybe someone then can answer the OPs' first question? {QUOTE-> What will dropping rights for sandboxed applications do? <-QUOTE} Of course, the fact is that we are talking about something that is running in the sandbox. So, over and above running in the sandbox - what does it add? Already, drivers and services are not allowed. An LUA with or without SRP is not even in this equation. Keyloggers that can not install because they need a driver are not in this equation. Emptying the sandbox periodically is not in the equation. Whether or not Sandboxie is a good or poor program is not in this equation. Any other workarounds that anyone thinks of is also not in this equation.

Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish?

{QUOTE-> Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish? <-QUOTE} I gotta get to work guys, good luck. BTW, the answer is psst... nothing. ;)

I don't really know what it does but there have been cases where I tried to install things in sandboxie with it enabled and the install said I needed admin rights to install it, and after disabling it I could install the program.

So it does restrict some things, I'm just not sure what.

{QUOTE->
Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish? <-QUOTE}

I would like to know this answer too.

{QUOTE-> Each process has a security token, which names the user account associated with the process, and a list of user groups the process belongs to. The entire extent of the Drop Rights feature is to see if the security token of a sandboxed process contains references to the Administrators and Power Users groups. And in case it does, discard those references.

You don't need Administrator group membership to create files in C:\Sandbox, or by extension, in C:\Sandbox\user\DefaultBox\drive\c\Windows. Which is why you can still create files there even when Drop Rights is in effect. <-QUOTE}

A process started into a sandbox, whether you shortcut it, drag and drop or force it, will be stripped of any references of Admin or PowerUser, which will make it essentially a process with only user rights.

Since the default security template in XP's case has now knowledge of a sandbox directory, it is not included in any restrictions. You can write/delete even as a User. So SB's DropRights has no bearing on what is happening that way.

It would seem correct that the DropRights option would refer to the 'virtual file system' within the sandbox directory, but this is not the case. DropRights is seemingly actually dropping rights of the process, for use in the real file system, not necassarily the virtual one. From what I read anyway that is what it says. Think of it as, if it were to escape, any rights it would have had in the real OS were stripped by SB and it is rendered 'infertile'. This applies to an actual exploit where a process escapes SB and is out for real, or when you have by design created a hole in SB to fulfill recovery or downloading or other need.

Sul.

Thanks Sully, I appreciate it as you obviously know and understand all of this. Correct me if wrong;
{QUOTE-> Since the default security template in XP's case has now knowledge of a sandbox directory, it is not included in any restrictions. You can write/delete even as a User. So SB's DropRights has no bearing on what is happening that way.
It would seem correct that the DropRights option would refer to the 'virtual file system' within the sandbox directory, but this is not the case. <-QUOTE}
I assume you mean "no knowledge"? And the Drop Rights feature has no bearing (or less than full bearing) on activities within the sandbox?
{QUOTE-> DropRights is seemingly actually dropping rights of the process, for use in the real file system, not necassarily the virtual one. From what I read anyway that is what it says. Think of it as, if it were to escape, any rights it would have had in the real OS were stripped by SB and it is rendered 'infertile'. This applies to an actual exploit where a process escapes SB and is out for real, or when you have by design created a hole in SB to fulfill recovery or downloading or other need. <-QUOTE} That is a keen observation and may in fact be a benefit of the feature, however I do not think most users realize how limited the benefits of the feature are.

My statement is that if a user is interested enough to check that checkbox, they would have a concern of doing things right. And it is easy enough (and free) to do it right with other methods.

{QUOTE-> I assume you mean "no knowledge"? And the Drop Rights feature has no bearing (or less than full bearing) on activities within the sandbox?
That is a keen observation and may in fact be a benefit of the feature, however I do not think most users realize how limited the benefits of the feature are. <-QUOTE}
Yes, correct 'no knowledge'.

{QUOTE-> My statement is that if a user is interested enough to check that checkbox, they would have a concern of doing things right. And it is easy enough (and free) to do it right with other methods. <-QUOTE}

Tzuk himself stated, it was an option he COULD add, so he DID. I don't think it is a matter of SB trying to do something that other methods might do 'more better'. I think it is just a way to remove those rights from a process, leaving it restricted. This restriction it seems, applies to real process. As I said, if this process escapes SB, it is protected. You don't even have to use an 'alternate method', only SB. And it applies to everything.

Now think about this for a minute, try to see the longer scope. You might use SRP or DMR or whatever to restrict Firefox to a basic user mode. OK, your thinking is why use SB to handle dropped rights when it does not technically work in the SB like it would in the real OS. But, thinking out further. If you use the DR option in SB, then anything started in SB will be a User. Now imagine if that process were to be allowed to interface to the control panel, or a download folder, or someplace in program files or windows. A hole created not by malware or exploit, but by the user who has a custom config to make all his stuff work in SB. With the DR option on, it does not affect what you do in the c:\Sandbox\xyz\xyz folders, but in the real OS. So yes, it does not appear to do much within the Sandbox, but with it, everything is automatically stripped and the restrictions would be felt OUTSIDE the sandbox. Imagine that again, you do nothing except check one box, and ANYTHING started that could ever go OUTSIDE the sandbox would be RESTRICTED.

I know there are other methods of dropping rights, but I do believe this option in SB, while not probably ever being used by most peeps, still offers a pretty good level of 'what if' protection. To me it is actually a big thing. But then I do look at things as different as I can when I can ;)

Sandboxie -- you can run as LUA, you can demote a process that runs in SB, you can use SB option DropRights. All of these, create a reduced privelage. The beauty, the brilliance, the essence, erm you get it, that GREAT THING about Sandboxie, is that once you start a process in Sandbox, you dont' even notice the restrictions ! So peeps in this thread, they are confused. Dont' be. Restrictions don't apply to virtual (or should be psuedo virtual) file systems. You can pretty much, do as if you were an admin, when you or the process started are not admin but user. YET -- if you should ever escape the sandbox, you come crashing back to reality, that WHOA, I am just a user. I love this program more every time I play with it.

Sul.

EDIT: Um, after posting on this topic before and reading lots of threads and playing with SB in different situations, this is what I THINK is happening. I have only time allotted to SB in small amounts so there may be someone in the KNOW who can verify this.