Sandboxie - Drop My Rights

[metalforlife]

What will dropping rights for sandboxed applications do? Will the programs run in a "LUA-like" environment? If it does, than that should mean that I will not be able to save files to "C:\Program Files\", right? But, I can. Can anyone tell me how?

[cruchot]

A short explanation about DR in SBIE
http://www.sandboxie.com/index.php?R...sSettings#drop

[jmonge]

Quote:

Originally Posted by metalforlife

What will dropping rights for sandboxed applications do? Will the programs run in a "LUA-like" environment? If it does, than that should mean that I will not be able to save files to "C:\Program Files\", right? But, I can. Can anyone tell me how?

you can save files but when you run them it is like if you are in safe mode,any executable files will not run properlly

[arran]

I question Sandboxie's Drop Rights ability.

anyone remember HTAAA HTAAAB HTAAAC STOP tests?
http://www.wilderssecurity.com/showthread.php?t=239942

[arran]

Quote:

Originally Posted by ssj100

Tzuk is implementing a protection against those theoretical risks in future releases. However once again, no permanent damage can be inflicted by malware using those techniques in the STOP tests, and thus there is no genuine malware out there (as far as I know) that can currently bypass Sandboxie and cause malicious permanent damage.

And once again, if there's that much paranoia, a classical HIPS will save you anyway haha.

The advantage of Sandboxie is that it allows you to surf anywhere you like and know that even if you're attacked by malware, not a single trace of it will be left after you empty the sandbox (so simple, just empty the sandbox with a click!). Not a single trace! That's what appeals to me and is why I use it over other software as my first line of defense (arguably Comodo's Defense+ could be deemed my first line of defense of course). Furthermore, everything is contained within this sandbox. As far as I know, there is no malicious malware (test or genuine) out there that can bypass Sandboxie and do malicious permanent damage. There are several here on Wilders that can testify to this.

In some ways, I actually hope more people try to break past Sandboxie, so that Tzuk can keep making it stronger and stronger as required.

I do agree that no "Permanent" damage is done, I am not denying that.

I was just questioning The "Drop My Rights" ability? Because isn't Drop My Rights supposed to be used for to run Unknown or Untrustworthy Programs??
If it can't properly control the behavior of programs such as in the tests we talked about in the some test thread, then what good is it even having the Drop My Rights Feature?

[arran]

And also this is the Main reason why I switched from sandboxie to Defense wall,

because Defense Wall seems to have a much better ability in controlling the behavior of Untrusted programs than what Drop My Rights in Sandboxie has.

If you think about it Logically Defense Wall has to be able to control the behavior of Untrusted programs it is an absolute must, because it doesn't have a anti executable feature to prevent malware from running where as Sandboxie does. It does how ever have a "Stop attack" Feature which can terminate any running malware being a nuisance

[HungJuri]

Quote:

Originally Posted by arran

I question Sandboxie's Drop Rights ability.

anyone remember HTAAA HTAAAB HTAAAC STOP tests?
http://www.wilderssecurity.com/showthread.php?t=239942

I question it also, I think its' useless and poorly programed. I like Sandboxie overall and use the run access settings to handle any unknown or unwanted exe files. I did ask about it at their forum but just got brushed off as if I was asking about something the dev didn't want to talk about (or knew little about) - but it was no biggie. Would an LUA/SRP have handled those "Stop Tests"? I am not too good on LUA. I know it limits what can be installed, and where, but those exe files didn't need any install - they were standalone, if I remember correctly. But like I said, I am not too up on LUA.

[HungJuri]

I stated that "I question it also, I think its' useless and poorly programed" in direct response to Arran also questioning the Drop Rights feature of Sandboxie. So it should be fairly obvious that since I went on to say that I did use the program and said good things about it, that I meant that my opinion was that the Drop Rights feature was useless and poorly programed. If you want to infer that I said the entire program was useless and poorly programed, there is nothing I can do about that.

[arran]

Quote:

Originally Posted by HungJuri

I question it also, I think its' useless and poorly programed. I like Sandboxie overall and use the run access settings to handle any unknown or unwanted exe files. I did ask about it at their forum but just got brushed off as if I was asking about something the dev didn't want to talk about (or knew little about) - but it was no biggie. Would an LUA/SRP have handled those "Stop Tests"? I am not too good on LUA. I know it limits what can be installed, and where, but those exe files didn't need any install - they were standalone, if I remember correctly. But like I said, I am not too up on LUA.

Good question, I don't believe any one tested them with LUA/SPR It will be interesting to find out, I'm not too up on LUA either.

Quote:

Originally Posted by ssj100

Wow I'm not quite understanding what you're saying there. You think Sandboxie is "useless and poorly programmed", but you "like Sandboxie overall...". Can you please explain that? Thanks.

He is not saying that all of Sandboxie as a whole is useless and poorly programmed, just the "drop my rights feature"

Quote:

Originally Posted by ssj100

As I said, I'm yet to see any malware bypass Sandboxie and cause permanent damage. Many people have tested it too and have tried to bypass it, but there is no way currently. How is that useless?

we are not denying that there is no known malware which can cause permanent damage, we are just questioning the Drop My Rights Abilities

[HungJuri]

See here;
http://www.sandboxie.com/index.php?V...Changes#v_3_34
Sandboxie version 3.34 released Jan 5, 2009

Then on Jan 8, 2009 (a mere 3 days later)

http://sandboxie.com/phpbb/viewtopic.php?p=30929#30929

Tzuk;

Quote:

I'm sorry, but I don't care to discuss this topic any longer. It's just not very interesting. A couple of group memberships are discarded. I just don't see what's so interesting about it.

So forgive me if I have little faith in the Drop Rights feature of Sandboxie.....

[HungJuri]

Well (opinion) its useless from the standpoint of that you are already in a sandbox - nothing can install into Program Files or Windows (the real ones I mean) or drivers or services etc etc. If you want LUA in addition to sandboxie, it is right there in Windows for you to set up ..... if the word 'useless' is too much - how about 'Less than usefull'? lol On top of that is the run access settings ........

[Peter2150]

Quote:

Originally Posted by arran

I was just questioning The "Drop My Rights" ability? Because isn't Drop My Rights supposed to be used for to run Unknown or Untrustworthy Programs??
If it can't properly control the behavior of programs such as in the tests we talked about in the some test thread, then what good is it even having the Drop My Rights Feature?

The whole Drop My Rights concept is useless if what is being run doesn't require administrative privileges to run in the first place. Isn't magic.

Pete

[HungJuri]

Ah, I knew I could find the comment that bothered me;

http://sandboxie.com/phpbb/viewtopic.php?p=30903#30903

tzuk -

Quote:

You don't need Administrator group membership to create files in C:\Sandbox, or by extension, in C:\Sandbox\user\DefaultBox\drive\c\Windows. Which is why you can still create files there even when Drop Rights is in effect.

So ... things can be created in the 'Sandboxed\Windows' directory - so my question remains, wth? And my opinion stands, ... useless.

Now, here is where my issue is; Let's say that you are not using Sandboxie. You have LUA in effect. You come across a drive-by keylogger that absolutely needs to install itself in the Windows folder. In this case, it can not install.

Same situation, using Sandboxie; The keylogger is in Sandbox\Windows but thinks it is in Windows. Windows thinks you are installing the keylogger into C:\Sandbox.. and allows it. Both Windows and Sandboxie are helping to allow the keylogger now. You would have to take it upon yourself to include the Sandbox folder in a SRP. So let's say that you do that, what at this point do you need the Sandboxie DropRights to do?

Let's say that you are running as Admin, and using the Sandboxie Drop Rights .... well, by the devs' own words... the install will be allowed, in the Sandbox\Windows folder.

[Peter2150]

Quote:

Originally Posted by HungJuri

Ah, I knew I could find the comment that bothered me;

http://sandboxie.com/phpbb/viewtopic.php?p=30903#30903

tzuk -
So ... things can be created in the 'Sandboxed\Windows' directory - so my question remains, wth? And my opinion stands, ... useless.

Now, here is where my issue is; Let's say that you are not using Sandboxie. You have LUA in effect. You come across a drive-by keylogger that absolutely needs to install itself in the Windows folder. In this case, it can not install.

Same situation, using Sandboxie; The keylogger is in Sandbox\Windows but thinks it is in Windows. Windows thinks you are installing the keylogger into C:\Sandbox.. and allows it. Both Windows and Sandboxie are helping to allow the keylogger now. You would have to take it upon yourself to include the Sandbox folder in a SRP. So let's say that you do that, what at this point do you need the Sandboxie DropRights to do?

Let's say that you are running as Admin, and using the Sandboxie Drop Rights .... well, by the devs' own words... the install will be allowed, in the Sandbox\Windows folder.

Useless is the wrong word. Not necessary is more accurate. First have you tried installing a keylogger in the sandbox. If it has to install a driver or start a service, the install will probably fail. I've tried installing security software that needs to do these things and the install fails.

Secondly so a keylogger is installed in the sandbox. Before doing any secure browsing, just empty the sandbox. End of story.

Pete

[HungJuri]

Quote:

Originally Posted by Peter2150

Useless is the wrong word. Not necessary is more accurate. First have you tried installing a keylogger in the sandbox. If it has to install a driver or start a service, the install will probably fail. I've tried installing security software that needs to do these things and the install fails.

Secondly so a keylogger is installed in the sandbox. Before doing any secure browsing, just empty the sandbox. End of story.

Pete

All true, and makes the sandboxie drop rights ... 'not necessary'. Use the Sandboxie run access settings instead.

[Sully]

Quote:

Originally Posted by HungJuri

All true, and makes the sandboxie drop rights ... 'not necessary'. Use the Sandboxie run access settings instead.

If you understand what security descriptor and tokens are, do you still say 'not necessary'? For layman, using SB, it is already a good product without this feature.

If you are logged in LUA, you need not worry anyway. If you are logged in Admin, use SRP to restrict browser to Basic User level, and then don't worry. Just enjoy the fact that what normally would be restricted with browser is now blissfully available inside the sandboxe due to where it's file path is. Nothing better than the browser being restricted yet the user not feeling the restriction.

Sul.

[Acadia]

In my opinion the Drop-My-Rights thingie wasn't really needed, tzuk just wanted to add yet another layer to his protection. Sandboxie was already close to perfect, at least in my opinion, without DMR, but adding other layers, no matter how "soft", cannot hurt things. Dropping ones rights is not the purpose of Sandboxie, just a "fancy" feature. There are other ways of dropping the rights, tzuk just made it easier for those who are using his program.

Acadia

[HungJuri]

I am only trying to STAY ON TOPIC, and maybe someone then can answer the OPs' first question?

Quote:

Originally Posted by metalforlife

What will dropping rights for sandboxed applications do?

Of course, the fact is that we are talking about something that is running in the sandbox. So, over and above running in the sandbox - what does it add? Already, drivers and services are not allowed. An LUA with or without SRP is not even in this equation. Keyloggers that can not install because they need a driver are not in this equation. Emptying the sandbox periodically is not in the equation. Whether or not Sandboxie is a good or poor program is not in this equation. Any other workarounds that anyone thinks of is also not in this equation.

Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish?

[HungJuri]

Quote:

Originally Posted by HungJuri

Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish?

I gotta get to work guys, good luck. BTW, the answer is psst... nothing.