Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I install very few programs. I already installed what I am going to install in the new W10. Two years from now, its very likely I ll have same programs I am using today. If one of the programs I am using stops being compatible with SBIE, I ll switch. But if that happens, I ll install something well known and get the installer from the developers site. Getting infected can happen but very unlikely.

    I said many times, the only time I am not using Sandboxie is when the PC is idle, pretty much that's how it is. For my security to be solid I got to run all files and programs sandboxed every time they run. There can be exceptions but it has to be rare. When I said the other day that I wont use Edge, is not because I dont like Edge or distrust how secure it is, is just that for my security to work I must be disciplined. If Universal apps are not compatible with SBIE, I have to stay away from using them and Edge. Specially Edge, I mean, I personally believe that when I am browsing with Firefox is NoScript really the one taking care of my security. Sandboxie is like a safety net that never gets used. In Edge, I cant cant use SBIE or NoScript. For me, staying away from Edge is a no brainer.
    Believe it or not, I like WD, and recommend it over any other AV. I just don't want to use an AV, and deal with it. I use my computers like when computers first came out and there were no viruses. It can be done guest. You turn it on, use it for whatever you want to do, and when you turn it off is clean. No scans or having to deal with many security programs is what I get from using Sandboxie.. And the best part about it is that is easy and all flows naturally.

    Bo
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    guest, another thing that I do for new programs is installing them in a sandbox and keeping the installation for a while. For the last year or so I done that with Irfanview. I keep it installed in a sandbox and change the installation once in a while.

    And for years, I have been installing Flash in a sandbox, copy the sandbox folder and save this copy in my Documents. After a few days, a week later, I delete the sandboxed installation of Flash and copy the copy of the sandboxed installation that I placed in my Documents and place it back in C/Sandbox/User and I ll have a brand new installation of Flash again. Sometimes I also install other addons in this same sandbox so I dont install them in my real Firefox installation.

    Bo
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I was looking for this but couldn't find it earlier. For what you do with SBIE, Forcing the Downloads folders Only. You ll be better off, more secure using the sandboxed Windows explorer instead. Why? Programs that are very tightly related to Windows (like WMP and Windows photo viewer), dont sandbox automatically out of a Forced folders. Most programs do and exes always do. But some like the ones I mentioned wont.

    But everything, doesn't matter what it is, its gonna run sandboxed every time they run when you navigate and execute via a sandboxed Windows explorer.

    Bo
     
  5. guest

    guest Guest

    ok i see.

    ithe rare case i run flash is hen a website requires it, so it is ran directly on my isolated browser. i dont have the need outside.

    I don't use any legacy Windows program like WMP or Photo Viewer, i use the Metro Apps versions instead, which run in their own sandbox already (Appcontainer).
    I just force-sandboxing on all my internet-facing folders.
    I have also WinExplorer isolated on-demand via a shortcut, but i didn't managed to make explorer forced. i admit i don't use it often.
    can you post the template of your sandboxed Windows explorer. Thanks.
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You dont want to force Windows explorer. That would be a mistake and gives errors.

    Nothing fancy.

    [WindowsExplorer]

    Enabled=y
    ConfigLevel=7
    BlockNetworkFiles=y
    Template=BlockPorts
    Template=LingerPrograms
    Template=AutoRecoverIgnore
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,off
    AutoDelete=y
    NeverDelete=n
    BoxNameTitle=n
    NotifyInternetAccessDenied=y
    DropAdminRights=y
    ClosedFilePath=InternetAccessDevices
    ClosedFilePath=%Desktop%\Otros.txt
    LeaderProcess=explorer.exe

    Bo
     
  7. guest

    guest Guest

    ah ok, i thought you forced it. Your template is almost same as mine. Good then. Thanks.
     
  8. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss

    Stupid argument cause this requires already (in this case pre-installed) software which was running. Oh yeah, but when you're already infected nothing really prevents anything! Except that you could here just sandbox this mentioned .exe and this would't work at all.
     
  9. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I made no argument whatsoever - and especially not that what is described in the article can be used to bypass SBIE. I didn't explicitly state that what is discussed can be used.

    The article is a point that demonstrates vulnerable code exists in Invincea-X\SBIE that can be exploited. That is true of just about any soft. A determined attacker can find a weakness and bypass any security soft - and that includes SBIE - and they don't necessarily have to attack the security soft directly itself.
     
  10. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    So why you post it then, to show that software is not the Holy Grale? Dunno what to think about you or your post. As said it only shows that this wasn't sandboxed and pre-installed before SBIE which is pointless cause when it's sandboxed YOU CAN'T bypass it which is a fact, there is not even a POC to escape from the sandbox. So showing people information which they don't understand are useless cause you not mentioned it's not really a threat at all to the product.
     
  11. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I really don't care what you think.

    I didn't make the argument you keep saying that I made. You are making that argument. I didn't say what is in the article can be used to bypass from inside the sandbox. It is simply a point that establishes that vulnerable code can, and does, exist in SBIE\Invincea-X. That is true of just about any software.

    Sandboxes can be bypassed. To state otherwise is an absolute falsehood. The SBIE sandbox has been bypassed in the past. Bromium posted a SBIE bypass a few years back. It was a break-out from within the virtual container. There's been other stuff published by other sources as well.

    It's a miracle... SBIE is the only security software known to mankind that cannot be bypassed. Oh please...
     
  12. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    No it's not true maybe read the article, the weakness was outside the sandbox not as you say 'from inside'. This doesn't show anything except that you're secured when you just had sandboxed it. So again what's your point showing it? Giving something without anything and re-spell the same words doesn't provide anything to this topic here.

    Can you post that link again (for me)? I not monitored the entire thread here. if there is something I would consider to directly contact the developer and open an ticket to solve this, but from what I'm aware there not exist an POC for that. SBIE works quite different btw then others cause the driver needs to be bypassed not the interface itself, that is what makes me uagh, normally this requires additional steps to bypass several windows mechanism and makes it also pointless cause that's user fault then.
     
  13. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Like I said repeatedly. You are saying I made that argument. I said no such thing. The link to the article was a demonstration that vulnerable code has been established as fact in Invincea-X which is built upon the SBIE foundation. And where there is one vulnerability, there is a fair probability that there are more. A determined attacker who is willing to devote resources to targeting any security software - and that includes SBIE - will probably find security issues that they can take full advantage of. All of this is the very nature of line upon line of security code.
     
  14. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Pls just give me all links to the 'vulnerability' POC's you found....
     
  15. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Research it online. I am recalling stuff from more than two years ago. And what Tzuk has said in the past goes all the way back to the early 2000s.
     
  16. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    You will never convince the SBIE fanboy's. It is the Holy-Grail to them.
     
  17. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Cause there is nothing I research once a week.....

    All what is available are not even poc's and they all require additional windows bypasses such as ASLR, disable driver signature enforcement, UAC and and and... Nice try anyway.
     
  18. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I am not trying anything. SBIE code is no different than any other security soft code. Attacking the underlying OS to bring down a security soft is a valid attack. Bypassing UAC and circumventing a security soft is a valid attack.

    The nonsense you fanboys spout is contrary to what the original software architect himself stated long ago.
     
  19. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Some of the stuff they spout on this thread is delusional.

    And if you notice they pick and choose certain words and phrases and ignore everything else that is posted. Use stuff out of context for their own purposes. It's typical stuff on these forums.
     
  20. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Telling this products is not different from others without showing anything except your words is ridiculous, especially there wrong you said it bypassed the sandbox which is wrong and I explained it very well already. Show us the stuff you found and we can talk about it, otherwise just be quit.

    Sandbox does work different cause you need to bypass the driver itself. So this is not easy and I asked a valid question to show your research which you not did. So the case is closed. You have nothing to show and to say except FUD.
     
  21. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Instead of having a intellectual debate. They get mad or runaway. What happened to individual thinking?
     
  22. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Once again it is you saying it and not me. Bromium and others demonstrated reliably that SBIE sandbox could be bypassed. It was posted online a few years back. And early on there were security issues that needed to be fixed. You are one who is stating things that are contrary to what the original software architect stated in the past.

    Research it online. It's not my research. I am recalling stuff from memory from a few years back going all the way back to the early years on the Sanboxie forum.

    SBIE code is no different than any other security soft code. A determined attacker who is willing to devote the required resources to dissecting and targeting it will likely find something that they can take advantage of. That is a fact and applies to any security soft code. That's a truth just about anyone with common sense who is familiar with security software generally - and they acknowledge it without a fuss except that a few people choose not to accept it.

    It's really bizarre to see people actually think that a particular software is any different than other software. Somehow the facts regarding code vulnerabilities do not apply to those softs.
     
  23. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Again where are the links for that? Again do these so called bypasses requiring additional setps?

    Your words, so now I gonna ask again to show me code to proof that, especially when it's within the sandbox running. The linked article doesn't matter as said cause it was running outside any container, that's a difference. I not care if you're already infected because then this entire point makes no sense at all.

    So why you talk then? You have your own product, you already bashed the wilders community together with other communitys.
    Welcome to 21th!

    Jesus for a wannabe developer you're difficult from concept, it's the effort someone needs to bypass all this we're talking about here. It's maybe easy to bypass UAC but not other security mechanism, especially not when we talk about time and this all has to be done so that the user isn't aware of all this. The layer Sandboxie here offers is different and that has nothing to do with code, it's that the processes are isolated so even if you infect one process you not have access to (maybe another you need) all the others.

    I'm glad I not use your Applocker clone, cause when I read you can't even offer research, source or anything you code must be same, full of FUD. Typically developer which quickly wants to make money even if Windows already offers exactly the same.

    Dunno why I talk to kids ...
     
  24. guest

    guest Guest

    details here : https://www.talosintelligence.com/reports/TALOS-2016-0256

    It uses buffer & race condition, and privilege escalation.

    Anyway , who cares , it was fixed.

    @Lockdown point is that no softwares is without vulnerabilities, they just need to be discovered and exploited. Then you made it an argument.
    Only idiots believe that a security softs is invincible.

    lol i guess you have no clues of what is Appguard :argh:
     
    Last edited by a moderator: Jul 27, 2017
  25. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    From the link:
    And I won the discussion cause this isn't sandboxed. You can't intercept into Sandboxie driver without that the user isn't aware of this, especially not while the 'application' is within the box.

    Maybe read this.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.