Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Wat, in 2008, Tzuk gave this interview in which he talks about what motivated him to create Sandboxie. He talks about the IE in the name, etc. It last about half an hour. Go to Episode #172, it starts at about minute 34:00.
    https://www.grc.com/sn/past/2008.htm

    Bo
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Cool. So it looks as though Tzuk getting hit by spyware while using IE was the inspirational motivation for him creating SandboxIE :) Obviously, however, he didn't intend for it to be used to secure IE only.

    EDIT:

    He mentions using it to secure 'internet facing programs in a secure way where they are isolated from the system" Rather than using a full-blown VM...so my theory on it's original intended use I believe is correct.
     
    Last edited: Jul 23, 2019
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Thanks for the link, Bo! I like this exchange...

     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You are very much welcome, my friend. Good stuff for long time SBIE users, Page. You can also listen to the conversation, I am not sure you saw where to click for that (extreme left).

    Bo
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Sandboxing IE was the first stone. Getting it done, gave him the idea that sandboxing could also be done with other programs.

    When I first started with Sandboxie in March/April 2009, Sandboxies UI was pretty much identical to what we have now, but Is interesting to point out that just a few months earlier, Sandboxie had no UI. Changes to Sandbox settings were written directly to the sandboxie.ini by the user. I know you were using Sandboxie when I started, you probably were using Sandboxie when the UI was first implemented, sometime at the end of 2008/January 2009.

    Bo
     
  6. guest

    guest Guest

    exactly what I said from the start, TEST. You know when you TEST or TRY it is to check how something behave.
    Then if satisfied, you may run it unsandboxed or not (depending the user taste) .
    You don't test or try indefinitely an app, at some point, you use it normally if it is deemed safe. ***Comment removed***
    Don't get me wrong, I also used to use a sandbox your way, (internet facing programs always sandboxed) but others don't, especially if some apps needs to be run in normal conditions.
    Isn't why you use only (old) programs that don't get hampered by Sbie?

    This so simple to understand, there shouldnt be any discussion about it.

    What you believe it meant isn't forcibly the sole and unique meaning. If my memory is good, I asked him if testing apps in it is ok, I don't recall he said no.

    Later.
     
  7. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    219
    Hi,

    I'm not registered at the ESET forums so I'll ask here and hope for an answer. :)

    How can I get the "ESET Cleaner module 1197" so that the problem on files not being deleted from the sandbox is solved? Will it be downloaded as a virus definitions update, by itself, or do I have to manually downlaod it from somewhere, in some other form?

    I am using the ESET Antivirus for Business, version 6.2.2033.0. If possible, I would like to stay on that version but solve the problem with not deleting files. If not, I'll update.

    Thank you for any info in advance.
     
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    ditto. :thumb:

    what is the purpose of testing something in an isolated environment if you can't expect to (and won't) get the same results in the real world anyway? these reviewers rightly think so, too.

    https://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htm

    *****

    https://www.raymond.cc/blog/no-more-worries-when-running-untrusted-programs/

    *****

    https://www.howtogeek.com/howto/5219/run-apps-in-sandboxie-to-keep-your-system-secure/

    *****

    https://www.ghacks.net/2013/12/11/sandboxie-review/
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Helo Bellzemos,
    I obtained the module early by changing settings to accept pre-release updates. I am running ESET NOD32 and it's probably a different setting configuration than your business version. I strongly encourage you to register at the forums in order to get the info you are after.

    ESET pre-release update.jpg
     
  10. guest

    guest Guest

    It is so simply logical, I wonder how anyone could question it...

    Problem is that for various reasons sandboxie often break or hamper programs ran in it, and mostly when they get a significant code modification like Chrome.
    Then Sbie require a immediate update to catch up (if it can) , this is an annoyance inherent to sandboxie (due to the way its mechanism performs).

    Hence, some of its supporters, to minimize the issue, declare out of the blue, that Sbie shouldnt be use to test (malicious or not) programs... What a joke.
     
    Last edited by a moderator: Jul 24, 2019
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    To begin with, the current ver. is 7.x. As such, it is debatable that enabling pre-release updates on your version would download the new Cleaner module.

    As previously advised, best to post this issue in the Eset forum Endpoint section.
     
  13. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    I remember Tzuk saying that Sandboxie did not prevent any program in the sandbox from reading your system, just writing to it. This has always struck me as a very profound aspect of Sandboxie and one I keep in mind when using.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    But, with an appropriate and tightened setup (not defaults out-of-the-box) you can still prevent reading the system until program in question breaks. And most definitely with Sandboxie you can block any program you want reading and writing your personal data.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yes, is good to know how programs we use are designed. The reason Sandboxie was designed to be on default (which includes sandboxed programs being allowed to read the entire system) was to make things easier for new users. But what Mr X said is also true, Sandboxie gives you the settings to block sandboxed programs from reading your sensitive and personal files and folders. This settings can be used to protect your data from being stolen.

    Bo
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Regarding using Sandboxie as an analyzer of behavior. Sandboxie was not designed to be used that way. And using it that way is wrong, it doesn't matter who said is OK to use Sandboxie that way, maybe he thinks it can be used that way but he is wrong. Only people who doesnt know Sandboxie (like guest and hater IMDB) would think that.

    Now, if you use Sandboxie for testing only well known programs, programs that have been around for a long time, and you get the installers from the developers site, clean programs, like Chrome, Firefox, Irfanview, VLC, things like that, and you test them in the sandbox, you can pretty much tell and "assume"how they are going to behave when you install them outside the sandbox. And you wont get burn.

    But if you are into using suspicious programs, programs that you think the installer might be infected, you should not use Sandboxie for analyzing the behavior of this installers and programs. So, if you are into getting installers for paid programs without paying for the program, craked, you shouldn't use Sandboxie to analyze the behavior. Its wrong, and if you do it all the time, you might get away with it without getting infected a few times but eventually something bad will happen.

    Many years ago there was a program called Buster sandbox. The Buster sandbox was like an addon for Sandboxie. This addon was designed to be used along Sandboxie as an analyzer of behavior. You needed the addon to analyze the behavior of programs running in Sandboxies sandbox. Without the addon, you can not do it.

    Bo
     
  17. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    and then there's process memory. you can use, for instance, appguard to prevent programs from reading from running processes' memory.
     
  18. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    I'm on the fast ring on Windows 10 Insider. Has anyone actually got Sandboxie working on that?

    Edit: Tried the latest beta and it's still not working.
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Officially, latest beta (5.31.2) supports up to Build 18362. I am on 18362.239, all is well in my computer between Sandboxie and this version of W10.

    Bo
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Agreed! Testing software should be done in a VM, not Sandboxie. Although I suppose a simple executable that needs only user space to run could be tested perfectly fine in a sandbox. Maybe some other cases too, but that's above my pay grade.

    Furthermore, all the debating about the slogan: "Trust no program". Well I searched up your several replies to members in recent years, all stating the similar reason with just some different wrinkles in each reply, about what it means in the context of using Sandboxie, and I feel you were correct every time. It's about using trusted programs sandboxed, but not necessarily trusting their eeffectiveness at dealing with nefarious web content that might exploit some bug in the program, so using the sandbox deals with the problem by deleting the malicious payload when the sandboxed program is closed.

    BTW, I have a lifetime license but I don't use Sandboxie these days as I've settled on other methods, mostly utilizing built-in O/S features and hardening others in Win 10 Pro. That's just my personal preference. Sandboxie could still be utilized in many ways to help secure a system, especially with email and office files, to name but a few. Chrome and recent Firefox' sandboxes are probably robust enough not to require the aid of a third party program. Again, just my opinion based on my years of using computers with different O/S' surfing all over the web and downloading/running files. Most of the security discussions and technical articles completely overblow the severity of the threats. It's not nearly as bad as most people make them out to be.

    Example: the talk of the new evil on the block, LOLBins. Well, just don't fall for phishing emails. See how easy that is?
     
  21. guest

    guest Guest

    you don't even understand what I'm saying... I don't say Sbie is the one doing the analysis, it allow the users to safely observe the behavior of the app and then decide to use it unsandboxed or not afterwards...


    Typical fanboyism, those who disagree with you are ignorants or haters...
    Says who? The devs? Or just you?
    If the devs, I want you to post here their answer stating "Sbie isn't made to check files/installers for malicious behaviors"
    Then I will apologize and never use Sbie again which isn't what we paid for.
    Do it Bo, then this thread will be free of us, ignorant haters, but I'm quite sure I will never see any replies. :rolleyes:

    Also, be up to date, im not the guest of 10 years ago that just discovered Sbie...

    So from your view, Sbie isn't a security solution like other sandboxes.
    Thanks to tell us, so if it isn't made to protect us from malicious files/installers, it is useless to most of us, if we know an installer is clean we don't need Sbie.

    Your skill in security technical aspects seems limited hence you can't get that experienced people can pinpoint malicious/unusual behavior by naked eye. No need buster sandbox. For example, while on process view, if you see a Word doc executing powershell.exe or else, no need to be a genius to know what is going on...
    Go learn about LOLbins and co, then you will get my point.
     
    Last edited by a moderator: Jul 24, 2019
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    OK, guest, you got one more reply. Unfortunately, the old forum is dead so I cant get you what you want, but I dare you to go the new Mickey mouse Sandboxie forum and ask that question, since you don't like what I say, go and ask there, and lets see what they say.

    Do it, guest. Is your chance to make me look real bad.

    You could ask something like (using your own words), "Can Sandboxie be used to check files/installers that run in the sandbox for malicious behavior?

    I dare you to do it. Again, you can make me look bad if the answer you get is what you want. I know you wont get it (thats a guaranteed), but if you are so sure about it, you can try (I know you wont :D).

    One last time, but this time as a picture, this is what Sandboxie says about Application testing, anything else, anything you add to what it says there, like using SBIE for analyzing the behavior of sandboxed programs and files are assumptions by you.

    Sin título.jpg
    https://www.sandboxie.com/

    Bo
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Time out guys, this has gone far enough. Another words STOP
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,939
    Location:
    UK
    Post removed.
    You have been asked to take a time out and stop this constant nit-picking about Sandboxie.
    I strongly suggest that you do that.
     
  25. guest

    guest Guest

    Current status:
    more than 3 months...
    There might be hope on the horizon:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.