SafeSpace 1.2.145.0 released

From the Artificial Dynamics web site:

New Features
* Integrated the object exclusion editor into the console. Customization of the exclusion list now applies dynamically.

Bug Fixes
* Optimized the GetAsyncKeyState key logger protection
* Refined the purge process to resolve file permission issues
* Added protection against false shutdown exploits
* Fixed a bug which caused Internet Explorer search settings to revert to default
* Application windows are now properly bordered in full screen mode
* Added protection against key loggers using the BlockInput method

 

good news. See the IE issue was resolved. SafeSpace really is a good product and not as intrusive as some others. Hmmmmmm.

 

Agreed. The UI memory usage and .NET dependency really need to be fixed, though. Keylogger protection is nice, but not a necessary feature at all.

I really like how SafeSpace allows programs to be launched with limited rights. But the afore-mentioned problems, combined with a completely invisible virtualized file/registry system and difficulties in centrally managing what programs start isolated, means I'm sticking with Sandboxie and GeSWall for the moment.

 

Regarding centrally managing which programs start isolated, there's an applications page in the GUI where you can do that. Does this not meet the need? Regarding Keylogger protection, why do you feel it's unnecessary?

 

I wonder if there is any POC keylogger for it.
Anyone? Thanks

 

does safespace is better than sandboxie?

 

IMO, no.
let me add it is a good product but I think Sandboxie is more user friendly.

 

sandboxie cost the safespace is for free.

 

malware is free to.

 

Has anyone used this on Vista, last time I used it, I would get lots of "program not responding" but maybe its more stable now.

dja2k

 

it works fine with vista. If you use vistas email and you have saved your contacts, you will need to go to the c:/users/contact folder and add it to trusted in order for your contacts to show up in your email program.

That is if you include Vistas email into SafeSpace.

 

I dont know. If I were not using my sig and wanted one program to cover all, I think it may be a good choice. My Sandboxie loyality was coming through.

 

I use Sandboxie as well, but I just had a client who wanted SafeSpace and he had Vista, but I had trouble with it running fine, maybe it was just his PC.

dja2k

 

Seems My Computer has a slight delay when Safespace is on. Takes a few seconds to get access to the C: Drive folders. Do I have to manually purge SS after using Opera?

 

No. Right-click on any program and choose Enable SafeSpace protection. That program will not appear in the Applications page of the SafeSpace UI.

Because instead of hoping your sandbox will catch each and every last one of the very numerous and complex keylogging techniques out there, it's much more realistic and safer to simply empty your sandbox before entering any personal details. No anti-keylogger techniques can ever be better than the approach of ensuring that no keyloggers are present; simple.

 

Thank you for your comments all.

Solcroft. The option to 'Enable SafeSpace Protection' on a file is for controlling files and content which have been downloaded from the internet, for example, a .doc, .xls, .ppt, etc. Files which from dubious or untrusted sources.

By tagging them in this way, you are ensuring that when they are accessed, they always run in SafeSpace, and thus containing any potential exploit embedded within.

This also means that you do not have to continually add / remove the reading application (Word, Excel, Adobe Reader, etc) into the sandbox, or have to store the document in a virtual file system (where it will be removed on purge), or store it 'untrusted' on the real file system.

In version 1.7 we added an additional option to 'Run in SafeSpace' where you can choose an application or file to run protected without having to tag it.

I think what you are asking for is an Explorer extension which will allow you to add/remove configuration elements on the fly, without having to use the console itself. This is a good suggestion, and one that has been requested before, so expect to see something in a future release.


Regarding keyloggers:

Purging your sandbox environment is no guarantee that while during your subsequent browsing - even if it is directly to your bank or online store - that you will not be exploited. Just ask those who logged onto the Bank of India on 30th August last year.

What you said is absolutely true - no keyloggers present is ideal. But the keylogger protection in SafeSpace caters for the 'what if' scenario, and I feel safer knowing that *if* the unexpected happened, I would still be safe.

Keylogger protection or no keylogger protection. I choose the former.

Best regards,

Kris.

Artificial Dynamics.

 

Not really; what I'm after is a central location, be it from the UI or otherwise, that I can check and manage what programs will or will not start isolated. The Applications page in the UI currently does not do this; it will only list some of those programs, not all. Therefore, controlling automatic program isolation is a hassle.

Conceded. Still, the keylogger process would be very much visible in the sandbox.

That may very well be so, but since I cannot rely on that protection anyway, its presence or lack thereof is of no consequence to me personally.

 

I don't really understand what it is you are after.

Attached is a view of the Applications page. It tells you all of the applications that will always run in SafeSpace.

Anthing else is entirely dependant on whether they come from these applications - IE, child processes, documents, etc. You can't list these items as they are unknown.

Let me know if I misunderstood your point.

Best regards,

Kris.

 

Ex. 1: Isolated IE is used to download program A. Program A will automatically start isolated but not show up in the list.

Ex. 2: Program B initially exists on desktop. User right-clicks on it and selects Enable SafeSpace protection. Program B will not show up in the list.

They become known as soon as they're created, don't they?

 

So if you are referring to what is currently running inside SafeSpace, the Home screen will tell you this:

 

No.

Kris, I am not really sure how to make this any more clearer than I already have (English isn't my native language), but I'll give it one last shot:

I want SafeSpace to be able to list any and all files that will automatically launch isolated in it, when I run said file. Said file doesn't necessarily have to be currently running; it will just launch in SafeSpace when I run it, full stop. That's what I want SafeSpace to list, each and every last one of them.

And if that still isn't clear enough I'm afraid I will have to give up for now to spend some to consider how to best convey that idea.

 

Understood.

You would like a list of everything which as been tagged as untrusted. This has been requested, and is on our roadmap. Good suggestion, and I'm glad we got there in the end

Best regards,

Kris.

 

Yes, this feature is a must for any Sandbox.

BTW, Kris what about my Q in post no. 5.

Thanks

 

Ah, apologies for missing your question.

We don't have our own POC keylogger available. We used several 3rd party products to identify the numerous keylogging methods that we block. There are plenty of resources within this forum for keylogger tests. Just give them a try To confirm the protection you are getting, the anti-keylogger feature can be switched on and off dynamically from the SafeSpace Home page.

A good starting point for a test application is AKLT over at firewallleaktester.com. This utility demonstrates 7 keystroke and 2 screen scrape methods.

Best regards,

Kris.