Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Try saving a picture or a video. When you navigate to the blocked folder, you should see a message like the one in the picture posted by Syrinx. This is if you set up your browser to ask you where to save.

    By removing the folder from the list of folders, If you download a file there, when you try to recover via UI, you wont see nothing to recover.

    Bo
     
    Last edited: Apr 15, 2015
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You can test blocking folders in Sandboxie works by trying to upload a file somewhere like Virus total. If you try to do that from a blocked folder or partition, you should get a message of no access. Same if you try to upload a picture to TinyPic from a blocked folder.

    Bo
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    The upload to virustotal is blocked so I hope it works as good the other way (from the sandbox to the 2nd hdd).

    Thanks
     
  4. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    I discovered Invincea FreeSpace (which they insist is not "based on" sandboxie) preinstalled on a Dell Optiplex I recently purchased.
    Well, technically, the app is re-branded as "Dell Protected Workspace" but anyhow...

    I really liked their (albeit dumbed-down) sandboxing approach. What I did not like (could not abide, so I uninstalled the app):

    -- forensic data captured during each "event" is, unconditionally (no ability to opt-out, AFAICT) exfiltrated and transmitted to Invincea server.

    -- that (wonderfully detailed) forensic data is not accessible to me, the admin user of this freestanding, non-corporate, client PC

    Three years ago, while soliciting investors, Invincea claimed/represented that a non-corporate version of freeSpace was planned.
    Hush, hush... I've not read anything indicating that such is no longer on their roadmap. What I have read (and viewed, in their marketing videos) is hella lot of chest-pounding, claiming that their app has been deployed to over 1.2 million client PCs. Haha, thanks to their "partnership" with Dell, eh? To the contrary, in-the-trenches forum posts by IT admins indicate that they re-image newly received workstations, removing that DPW shite "with prejudice"... and I seriously doubt that many (any?) Dell PC owners opt to purchase an annual DPW subscription subsequent to the "one year free" provided by the preinstalled app.

    Sandboxie remains among my most-loved apps... but I've never been motivated to upgrade beyond v3.66 (or so).
    For me, the principal perceived benefit is keeping clutter out of my registry while I continually test-drive various applications.
    I haven't read this entire discussion thread, but I did notice a few disparaging (FUD?) posts which expressed distrust toward SBIE versions released since the Invincea acquisition.
    Has anyone ever observed/documented anything to support that (skeptical/distrusting) position?
    The current version of sandboxie doesn't "call the mothership", right?
    (Asking because after unticking "check for updates", I would expect, er demand, that it never call Invincea.)
    The current version doesn't force user to accept a predefined list of "autowhitelisted" applications, right?
    (Asking because my name is NOT BenDover... and I don't have any "TrustedPartners", thankyouverymuch.)

    Same as I don't want Mozilla "Crash Reporter" telling mommy an event occurred while I was browsing a pr0n site, I don't want Invincea to be privy to the URL I was visiting when an "event" occurred... but the analysis they're doing, behind-the-scenes, in the cloud, is so damned sophisticated and impressive (to me) that I might still advocate use of a "for-consumers version" of freeSpace if such becomes available.
     
  5. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    Ah, so it looks like having the recovery set up was the culprit but now at least I understand what you meant. I expect it is normal as the rules are to block access to 'programs running in a sandbox' rather than the sandboxie software itself which controls that recovery dialog.The file is actually being handled by sandboxie for the recovery process there, not the application in it. The file was downloaded to a default user area, C:\Users\xxxxxxx\Downloads\ though it only existed in the sandbox at that time.

    To test your setup you could try launching notepad in a sandbox you have set up, write some stuff like "This is a write test" then try to save it to the places you have set rules to block access to. You should get access denied errors. For read test you could try dropping a separate txt file to those areas eg "This is a read test" and see if you can open it with the sandboxed notepad. These are only basic tests but you get the idea.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Inka

    I've seen no problems at all with SBIE since invincea took over. Actually it's just gotten better.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Inka, for me personally, Sandboxie is as solid now as when Tzuk:cool: was around. The transition has worked out smoothly.

    Regarding phoning home, this is what Curt said about it a few months ago.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=19908&p=104877#p104877

    Last. There is no predefined list of "autowhitelisted" applications. You, the user, can allow to run and connect to the internet only the programs that you want to. I really cant tell much difference between SBIE 4.17.2 and the old version that you are using. :)

    Bo
     
  8. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    I can verify on testing that you should get access is denied popup message with your example.
    If you save the test file to a place that you have not given block access to then the file will be saved, but
    should remain inside the sandbox and not on the real system.
    You can open the saved file, but it should open sandboxed. Delete the sandbox and the test file
    should be gone.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think you can see Sandboxie as the non-corporate version, the only thing it lacks is a behavior blocker, like the one in FreeSpace.

    I also use it mostly to test drive tools, but you may want to consider to sandbox your browsers, to stop exploits from taking over the system. But to answer your questions, it does not seem to phone home, and there is also no predefined white-list. It's still a trustworthy app.
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I finally got around to grabbing it. Now running fine (and with no installation issues) on two W7x64 machines.

    Thanks Bo.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Credit where credit is due. I think you are right, Peter.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Anyone know how to get WOT to work v4.17.2 ~ FF 37.0.1
    Search results = no WOT rating Icon
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Are you talking about the icon that is shown in the search engine, when you search something, or the icon listed on the toolbar?

    I'm assuming you're talking about in the search engine when searching something?

    If so, are you using Yahoo! by any chance for search?
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Heck, you must be clairvoyant. Yahoo search results...yep.
    I run Norton. SBIE breaks Norton Toolbar and SafeWeb search rating Icons. So, I need WOT
     
    Last edited: Apr 16, 2015
  15. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Hahaha, the reason why I came to that conclusion, because I tested all major search engines (Which worked) and Yahoo! was the only one that didn't on my end.

    I'm wondering if the latest WOT plugin is incompatible with Yahoo! search, I'm thinking it's a possibility.

    I think it's something that Yahoo! or WOT needs to sort out with one another.

    But, you could use Bing for now, since Yahoo! uses their engine.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, and something went aery with Webutation....37 broke it
     
  17. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    That's the only downside to Firefox, plugins/extensions tend to become incompatible as Firefox releases new versions.
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    I understand what you're saying about the Sandboxie dialog initiating the recovery. I just don't remember it always working that way. If I can manually recover a file to my external hdd through that dialog so can malware. When I surf risky sites I virtualize my C: drive with Shadow Defender and I solely rely on Sbie to keep anything from reading or writing to my ext. HDD. It's my only layer to protect the hdd.

    I may have to install an older version of Sbie to see if it behaved the same way. My memory isn't the greatest so I could be wrong.

    I setup my default box with no app restrictions and restrictions to block my external hdd partitions and this works as expected. In either the read or write situation it gives me an access denied dialog when I choose a blocked partition.
     
  19. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I've never made use of the recovery options tbh so I have never been familiar with them so don't know if they changed it somewhere along the way or not. =(
     
  20. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    Thanks for easing my worries.

    I have not read that Sandboxie now provides forensic details. Last I read, users were resigned to using 3rd party "Buster Sandbox analyzer".
    (edit: reading, reading, trying to get up to speed. I now understand that many users would regard an expanded forensics feature as "bloat".)

    The behavior blocker in freeSpace, it only covers a select few (they claim 100 or so) programs. MSIE, Office apps, AcrobatReader.
    I'm not even confident that it supports the current firefox version. Even if it does, it probably only monitors plugin behavior(s) and "tainted" files (exe's, dll's etc. which have downloaded via browser).

    The server-side forensics viewer (and its plugins), as depicted in Invincea's youtube-hosted videos, its among the best I've ever seen.
    That's the "feature" I'm excited about, er, excited about the prospect of it being provided to an admin user right on the client PC.
    (Currently, license cost of the freeSpace "server" component is cost-prohibitive.)

    ======

    While I'm here, I might as well ask:
    What other 3rd party apps are useful to monitor sandbox changes?
    (edit: I found that the Buster Analyzer author provides a list of alternative tools. http://bsa.isoftware.nl/frame3.htm )
     
    Last edited: Apr 18, 2015
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Correct, I was talking about detection of exploit attacks inside the sandbox. But I don't expect to see the forensics part in SBIE anytime soon, must home users don't need this. It's not exactly the same but you could use a HIPS like SpyShelter to monitor sandboxed apps, but of course it does rely on your own expertise.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Beta 4.17.3 got released a little while ago.:)

    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=50&t=20793#p107685

    Bo
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    So what is #3 telling W7 users? If W7 users install 4.17.3, is there something extra they should be doing, or not doing?
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Page, I dont think we need to do anything in W7....or XP. If we have to add the setting "AllowPrintToFile=y" we would get a SBIE message 1319 when we attempt to print something. After you install 4.17.3, try printing a PDF from your Desktop or something in the browser, if you are able to print, you wont get the SBIE message 1319 and you wont have to do nothing regarding this change.:cool:

    I believe, this change is an improvement for users in W8 and W8.1 that have problems printing when running sandboxed.

    Bo
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Page, I forgot to mention. I don't print in W7, I do all my printing in XP. I haven't had to change anything in XP for me to print. Smooth.

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.