Sandboxie Acquired by Invincea

That said, I still think Sandboxie is the most robust security solution for home users available today.

 

More fixes for Chrome. Beta 5.11.11 has been released.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=57&t=22660#p119291

Bo

 

I had asked him to do a check on sandboxie earlier this year. I'll remind him. Google pays him to research security programs so that's what he does most of the time afaik for work.

 

5.11.11 feels okay.....

 

How are they fixing Chrome 52 when the stable channel is on 51?

 

Support for Chrome 52 has already started, since 5.11.9.
http://beta.sandboxie.com/beta511.html

Bo

 

How long until the next stable release?

 

That's what I'm saying, Bo. SBIE betas are being released based on Chrome betas? I see potential for compound errors. I wonder how long SBIE has been changing their program to work with non-stable programs?

 

Not just Enterprise, as an SME, we're not touching the Office 2013+ but sticking with Office 2010 because it's Sandboxie-able.

As time goes on, as applications like Chrome and Edge (finally) get round to implementing decent application sandboxes in their own right, and as operating systems improve the value and programmability of containerisation, then the need for Sandboxie support for them decreases. Sandboxie is fantastic for legacy (read careless) applications which do not do this (which is pretty much everything).

Having said that, Sandboxie offers far more control for things like wiping and resource access which is in my view essential for sandboxes - built-in application level sandboxes are poor at offering that level of convenient configurability - not aware of any level of user configuration for Chrome or Edge sandboxes.

 

Very interesting, I thought Bromium was supposed to be unhackable.

Yes, I suppose so.

 

As Fleischman TV mentions, to escape a hardware enforced VMS is a lot harder to accomplish than the user land hooks SBIE applies on top on the Windows mechanisms it uses. So what biggie are you refering to?

 

A program which processes rich content can executes scripts (VB-, Power- , Python- and Javascript, XML and XUL, et cetera) being part of the content or may have tiny bits of code in the meta data of a file (remember the PNG exploit), so you don't need to download and execute a program to run external code on your PC, every web page you visit contains dynamic content (with embedded code) to provide the rich internet experience. Even when you run your browser, PDF reader, office aps in a SBIE-sandbox, you could run external code on your PC because it was included in the content or was hidden in the meta data (properties) of that rich content.

So again what biggie feature of Sandboxie are you talking about?

 

Many people think that the execution of code requires the download and execution of a separate .exe file. Tavis executes his own code and escapes restricted environments long before he spawns any additional binaries.

 

When you run an application under Sandboxie, all runs sandboxed. If what you said was true, Sandboxie would be like most security program that have users getting infected once in a while and we would see proven reports of escapes all the time. I have been using Sandboxie for a little over 7 years, to this day, I am still waiting to experience an escape like what you describe or see anything get out of the sandbox that shouldnt.

Bo

 

Exactly, both comments. I do support this kind of pen-test to put programs at highest tension and breakpoint. This way final users will get better/improved products.

 

The question comes down to what was Tavis able to do with the bypass he accomplished.

 

Looks like Travis going after Bromium's web site now from a posting on his Twitter feed. BTW - I have Dev Tools corralled with my Eset HIPS IE rule.

Debugging trick for @bromium IE guests: F12 (Dev Tools)->Debugger->Right Click Filename->Choose Source Map->Type "cmd.exe" in address bar.​

 

I know you believe that SBIE applies some magic, while in reality it relies heavily on Windows features (low integrity level process and guest user ACL) combined with some user land hooks to stop and to allow stuff.

So ironically you are telling me that with some windows internal mechanisms applied you could be safe and I agree with you fully. Since Vista (so also for over 7 years), I am still waiting for a nasty zero day in the wild to bypass my Windows mechanism only security setup.

 

Peter,

When something is rare it does not mean it does not exist. How many of us have ever witnessed a Higgs partical or a black hole and yet using your logic both would not exist because you have not experienced it.

In this thread I tried to put in perspecvtive the critism of Cruel Sister that testing orrganizations do not test with real zero day malware by arguing that it is very difficult to obtain these samples (on which she agreed). Average Joe is more likely to trash his car than to trash his PC with such a complex nasty.

About you PM question. You are asking in the wrong forum. We are not allowed to post malware links. maybe it is better to contact Tavis Ormandy.

 

True, but I am opting out of discussing with SBIE-fanboys who think that when someone is capable of passing hardware based vms then that person is not capable of breaking a LOW IL + Guest User ACL sandbox with some user land hooks to block and allow stuf.

Unbarreable truth for SBIE fanboys
The SBIE sandbox applies LOW IL and Guest user ACL. This breaks most functionality when putting this in a regid security container. So to make the SBIE sandbox generic applicable, they added a control mechanism. Those SBIE hooks not only block things they also allow things (offering pass gates to the LOW-IL and Guest User ACL security restrictions). When you want to make an application sandbox generic applicable you have to create pass gates as Tzuk himself explains in an interview

I am not a SBIE-basher
In regard to generic applicable sandboxes, to date Sandboxie beats the competition in security and ease of use (BufferZone, reHIPS, Cybergenic Shade, Comodo etc). So everyone using software which does not have a sandbox(e.g. Firefox), Sandboxie is by far the best option to protect such software.

 

Taviso posts his cracks in detail on Google Project Zero's website. Sometimes though he just publicly posts the cracks on Twitter and contacts the company about it. If you have a twitter account he's worth following.

He showed some very serious issues with Comodo and especially their Dragon web browser - I posted that here:

https://www.wilderssecurity.com/thre...pletely-disables-all-browser-security.383560/

Not a single response and I know there are a lot of Comodo/Dragon users that post here. You can lead a horse to water but you can't make them drink.

 

I don't use a Chromium based browser, but if I did it would be Google Chrome. At least I would always have access to the latest available patches.