Sandboxie technical tests and other technical topics discussion thread

I actually came back to previous configuration. Not sandboxed Thunderbird but if attachment smell bad I open it inside sandbox using context menu

 

Hi meatouph, to me, all attachments smell bad. I don't trust any.

Bo

 

Yes, I guess I now will have to take a look at Libre. I was turned off by the big size, but I ain't feel like paying for MS Office 2013, so I've got no choice.

 

I only ever used Word so I've been a happy user of Kingsoft Office which I happened to try after finding it on a giveaway site and it has played perfectly fine w sandboxie and has a reasonable size to boot. If you rely on other Office programs, it may not work as well, idk...

 

Did anyone try to reproduce forced folder bug? http://forums.sandboxie.com/phpBB3/viewtopic.php?p=105389#p105389

 

Zero days which attack preview viewers. There have been such in the past, and doubtless will be again. And probably stuff which can attack Outlook plugins.

I also sandbox anything which accesses the internet - including email clients - from being able to see my real data file stores (using Restrictions on the File access). I do not want ANY internet facing program to be able to see my data uncontrolled, in bulk, which is what the default situation is with most browsers and email clients.

 

I agree. In addition, don't forget that every piece of software in the computer is potentially an attack surface which could be exploited just like deBoetie said: "stuff which can attack Outlook plugins".
I believe we are going to witness in the near future very sophisticated attacks beyond imagination so sandboxing with Sandboxie of course the most you can, I think is a good idea.
As a side note a system-wide protection based on light virtualization is advisable: Shadow Defender.

 

I have firefox sandbox and nothing but FF can run here. Similar situation for other sandboxed programs - 1 sandbox 1 *.exe. In Thunderbord case:
* it's too much hassle to go to links using copy-paste method
* browser mess - if I allow firefox to open in TB sandbox then new window will pop-up every time I click on any link in TB (window separate from firefox in FF sandbox)
* I do not want to use any unofficial sandboxie reflectors and stuff like this
* I don't have any plugins in TB
Conclusion: running TB out of sandbox is just more comfortable for me

 

To me, the way this works is how it should work. What is in one sandbox, stays in that sandbox. Makes sense to me that that is how it works out. I agree about not using addons for SBIE. But that utility was created to do exactly what you want. But I dont know if it works with newer SBIE versions.

Bo

 

Yes. Sometimes "You can't have your cake and eat it (too)"

 

I found this stuff, perhaps a bit too technical, but it describes how tools like SBIE work. It's really mind boggling to read just how complex this stuff really is.

http://www.kerneldrivers.com/kernel-blog/

 

BTW, I've done a System Refresh on my Win 8 system, and to my surprise it didn't remove most of my sandboxes, it did however remove almost all .exe file inside the sandbox folders. So after reinstalling SBIE, I only needed to add the same sandboxes (with the same name) via Sandboxie's Control, and I updated the configuration file, so I didn't need to configure everything all over again, pretty sweet. Does anyone know where I can find the icon that SBIE uses for all sandbox folders?

 

Favicon: http://www.sandboxie.com/favicon.ico
Alternatively you can make use of Resource Hacker to extract various types of icons.

 

Thanks for the icon, and I totally forgot about Resource Hacker, I did use it back in the day.

To clarify, some of my old sandbox folders had lost this icon, so that's why I needed it.

 

I made a copy of "C:\Program Files\Sandboxie\SbieCtrl.exe" to Desktop and pointed Resource Hacker to it and you have plenty of icons there.

 

Yes of course, totally forgot about this.

 

How to disable a global template for a specific sandbox?

I want to disable a global template for a specific sandbox. This template is in Sandboxie.ini under Global Settings.

 

Google discloses (Chrome) sandbox vulnerability

Related non-Sandboxie thread: Microsoft won't fix console driver job object process limit bypass (used in some sandboxes).

 

Two bugs I reported recently:
1) Outside sandboxie folder behave like forced folder when it should not. http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21319
2) Firefox refresh resets certificate storage out of sandbox http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21318

I wonder if they reply or leave those threads to oblivion. Especially can't wait for Craig@Invincea reply - the new Sandboxie support engineer http://forums.sandboxie.com/phpBB3/viewtopic.php?f=5&t=21321

 

There's an opened thread at Sandboxie forums due to the last bypass encountered. What caught my attention was a post from BUCKAROO and quote:

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=21562#p111937

Could anyone explain to me why these internal changes? Because I've seen performance in v4.x > has decreased a lot compared to v3.76.

 

On 1. Thats the way that has always worked as far as I can remember. Personally, I think it is good that it works that way. I prefer it works that way, but thats me. On 2. Test not allowing direct access to anything in Applications>Web browser>Firefox, other than bookmarks. I think doing that will take care of number 2 for you.

Bo

 

Maybe things were closer to perfection in V3. But to get Sandboxie to work in W8 and future versions of Windows, changes had to be done. So, balancing the positives and negatives, I think in the end, as users, we are bettter off with version 4. Otherwise, we could not use SBIE after W7. Thats my take on this.

I lost a little bit of usability in one program and one program only for using Version 4 and now 5, instead of how things worked in Version 3. I still can use that program in a sandbox and all is well but to get my dedicated sandbox to open and close fast, I disable Drop rights for that specific sandbox. Other than that, I cant tell any difference for any other program in either computer, XP or W7, of how things were before and how they are now.

Bo

 

Exactly, things were closer to perfection in many ways. I don't think and don't feel all users are happy/better off with v.4.x/5.x, at least not me.
Is there only one way to make SBIE to work with post Win7 operative systems?
Is there only one software engineering conceivable to produce Sandboxie?
I don't think so.
Moreover, why there is not any Sandboxie's competitors in the market? We need more people willing to write wonderful and efficient in many ways sandboxing programs.
I've tried by all means to see positive sides of this wonderful program to make me "believe" and "feel" happy and secure, but not anymore, I can't.

 

Mr X, perhaps, just for a while, go back to W8.1. Windows 10 is a baby and Sandboxie as most third party software is not totally ready for it. And even better, go to W7. All software that I run under SBIE, runs well. I don't install or run games or complicated and huge programs but basically, all I want to do using Sandboxie, I can.

About the engineering. For that, for someone to come up with something exactly like Sandboxie. You need a Tzuk clone, brother. No one is going to think and develop something exactly like SBIE. There are many great developers that are capable to do it but the way Sandboxie handle files and programs and what it does and what it doesn't do with them, it would require someone to think exactly as Tzuk.

If you cant, you cant. Dont force yourself to like something you cant like it anymore. Take a Sandboxie break. I tell you a secret. I once did. It lasted about 48 hours. But I took off SBIE for a couple of days. My reason for doing it was because I was bored. Nothing breaking the sandbox can be boring. No excitement. Thankfully, a couple of days after uninstalling SBIE, my good senses came back.

Saludos, hermanito

Bo

 

LOL, seems that by running SBIE, you can block certain exploits, because they simply will refuse to run:

"When the user arrived on the landing page, the exploit kit checked the user’s computer for driver files associated with particular security software, controlled application environments (such as Sandboxie), and traffic-capturing tools. To avoid detection, the EK didn’t drop exploits if any of these products were present".

http://www.symantec.com/connect/blo...-adds-internet-explorer-exploit-any-other-kit