Sandboxie 3.40 Released.

The Sandboxie fans here in the Wilders forum have seldom been willing to acknowledge holes/weaknesses. You'll probably need to visit the official support forum to read firsthand & judge the status quo. FWIW, I'm a registered SBIE user, but I'm not a fanboi.

http://www.sandboxie.com/phpbb/viewtopic.php?t=4885&postdays=0&postorder=asc&start=60

http://sandboxie.com/phpbb/viewtopic.php?t=6312

 

I don't see much Sandboxie fanboy hyperbole in this forum. Many claims of Sandboxie bypasses have been proven false...because, well, the user did not understand Sandboxie. Is it a Sandboxie flaw that I cannot run explorer.exe or Microsoft Office sandboxed? Or purposefully copy files from the sandbox to the host and not have the host notice? The true bypasses have been discussed rationally and reproduced. Since Sandboxie does application isolation, there will continue to be bugs and conflicts with new or evolving applications and malware.

 

Thanks nick & ssj100. As a long-time reader of the Wilder's forums, I respect that you're straight shooters. Agreed, in nearly every reported instance a perceived bypass is just user confusion. I wouldn't fault "bugs"; I appreciate that the app represents a growing/evolving project.

Those links I pasted point to weaknesses (re OP's question) and they underscore the dev's attitude in dismissing customer wished-for hardening features. His notion of "good enough" and his apparent position "that's outside the scope of a sandboxing app" (or, "it isn't worth the bother") don't sit well with me.

It's "just" a sandboxing app? It's an end-of-life product (no 64-bit evolution planned)? Regardless, I believe its lack of self-protection from termination is a considerable weakness, as is its lack of security by obfuscation (non-predictable ini filename/location & randomization of the launched service process name).

 

~ Snipped as per TOS ~ there have been numerous threads and discussions in the passed on these forums about certain Pocs bypassing sandboxie.

If no known malware can escape out of the sandbox what possible chance does malware have of terminating sandboxie?

But I suppose malware may be able to terminate sandboxie if it was running outside of the sandbox, but thats why we also have things like malware defender for system wide protection.

Sandboxies job is to only control the malware inside the sandbox not control the behavior of things running outside of the sandbox.

 

Very true. And I, for one, am thankful for his efforts!