Sandboxie Technologies (SBIE Open source) (VERSION 5.33.6 ONLY!)

Hi!

How is the "new looks" Firefox v89.0 working with SBIE 5.33.6, any problems at all?

Thanks.

 

Hi Bellzemos. Firefox 89 is working well with Sandboxie 5.33.6. FWIW, I like this version of Firefox better than the one I updated from (Firefox 87).

Bo

 

Interesting, I've read that a lot of Firefox users doesn't like the new v89, I was hesitant to upgrade too. I will upgrade my FF too, esp now knowing that it works with SBIE. Thank you.

 

FF 89 works flawlessly for me when sandboxed. And for now you can turn off the Proton interface via about:config if desired (I have).

 

#this post not sandboxie related#
switch and design will be removed for v91 (means: also for 91esr).
https://www.wilderssecurity.com/thr...version-released.361562/page-142#post-3011516

 

OK, a quick followup question...

Since I've been restricting, Chrome crashes quite often now. It freezes and becomes unresponsive. I can always exit and restart and it restores the session but may crash again.

Anyone seen this? I'll go through my tinywall logs in more detail, but I'm guessing something is getting blocked and chrome somehow can't deal with it. I thought it maybe was a runtime issue but I allowed that with no resolution.

I turned on the SBIE1308 alert but nothing seems to coincide with the crashes.

 

That doesn't surprise me. My opinion has been for a long time that is better to run Chromium based browsers in unrestricted sandboxes. The reason for that being because often happens exactly what you are describing when this type of browsers are run restricted.

You are in a tough position having the software reporter problem and now this. Perhaps you could switch to Edge. Works nice with Sandboxie as long as you run it with the no sandbox flag. It is a good option.

Bo

 

Thanks, interesting. I though Edge was Chromium based now?

I just wonder what is the mechanism of the freezing. It does not appear to be program restriction related.

I saw a funny URL is my header after a freeze that said something about Akami, but to sure why that would freeze it.

It seems to do it most often on news sites where those annoying tube videos autoplay. Ublock origin doesn't stop them. I used to have a flash auto play controller but now that flash is gone, I'm not sure if there is an app that can control those things, I think they're HTML5 now?

 

Yes, it is, but Software reporter is part of Chrome and not part of Edge.

It probably is. IMO, there are so many processes and programs that come with Chrome and Chromium based browsers and they attempt to run all the time, and then when this processes get blocked, that eventually might lead to issues in some systems.

This is why I think is better to run this type of browsers unrestricted. I have never had Chrome but with Edge been forced upon us, I had to get used to it. I never even tried to run it restricted, I have always ran it unrestricted and works great with SBIE 5.33.6. It can even be said that I gotten to like it.

That's an easy one for NoScript. If you don't want videos to run automatically as you browse the internet, you set up NoScript to block them all and you won't get any. And when you want one to run, you allow it to run.

NoScript woks great with Sandboxie. I discovered both programs at about the same time in very early 2009 (to the day), and adopted them right away, never taking them down.

With NoScript, nothing runs unless you allow it. If you go to a news site and you just want to read, and nothing is required to be allowed to run in order for you to be able to read, that's how you handle that site (you allow nothing). That is what I do with my local paper and other papers like the Washington post.

Learning NoScript takes a while but is a great companion for Sandboxie. Once it does click in your head, is like learning to ride a 2 wheel bicycle, it becomes easy and all related to NoScript starts making sense.

Bo

 

+1
I LOVE the interface of the new FF

Camelia

 

Late to the 5.33.6 party but I been running tzuk original v5.26 on all my 8.1 units and is been everything as expected. Some of current topics is raised enough interest that i gave in and obtained Sophos final 5.33.6. Given everything I read to now, it seems that is the most stable of the last old original. Really haven't followed the progress of it in some time but if it works well as some of you say on Windows 10 21H1 and others I have no reason not to follow same course. 8.1 as well

Thanks @bo elam for sharing your positive results as well as @camelia.

 

You are welcome, EASTER.

Bo

 

I really can't tell any difference not that there is any but it still does what it was designed to without a hassle.

There's precious little time if any devoted strictly to stress testing it with malware like so often before. But it's extra sufficient to have Secure Folders lock down my zoo and doubling up with this version those samples are safely restrained.

Most peeps (myself included) make more use of it sandboxing their browsers and that's a good practice I suppose but on this end it's not been that much a top priority.

 

Yep, I specially like (and agree) with the "still does what it was designed to without a hassle" part of your comment.

I, FWIW, use Sandboxie all the time. If I am using my computer, I am using SBIE. The only time I am not using SBIE is when the computer is idle or I am doing Windows updates, and I can tell you, your comment (single sentence at the top) applies to my case use using Sandboxie 100%. Sandboxie 5.33.6 is not perfect in W10 21H1 19043.1055 .....but is very close.

Bo

 

Not to spoil any ones fun to much, but given the long list of critical security issues fixed since 5.33.6 is it really wise keep using the old version?

I mean whats the rational behind not updating?

 

Well said its like using av with out malware signatures
It's not only about security just a lot compatibility issue has been fixed expetialy with browsers

 

Of course there is the solid "stability" expectation. Regarding security, in tandem with user's overall total security layout it's long served a useful Browser sandbox addition in so many ways. As already mentioned also comes the compatibility aspect, again, chiefly and mostly as to do with browsers since they keep introducing changes that cause deviations.

On my 8.1 units, just about every conceivable attack vector is tightly monitored if not locked down with various 3rd party safety. I have long kept a plethora of ransomware samples (genuines). various file infectors etc crapware most of which are suited perfectly to test the quality of various Sandboxie setups.

Sandboxie is only recently again attracted my attention after many good years of proving adequate enough on it's own to do what it was designed for-containment-and does it well.

 

if your used security is aware of such attacks. if not - to blaim
(and that seems the major criticism and such concepts)

 

When it works and is proven, you just leave it at that.

 

David, you are an amazing developer. According to you, you fix more security issues in one release of your SBIE than what were fixed in the entire lifetime of SBIE before you came along. If someone wants to believe that, they can, I don't. And if someone wants to believe that Sandboxie has had all this holes for so long and no one did anything about them when they were developing SBIE, they can also believe that, but I don't.

I written about my personal reasons for not updating to your version. You want to know what they are (in case you really don't know what they are), read a few pages back in this thread.

But I ll mention one. The most important one. Trust. I trust 5.33.6 100% and don't trust yours at that level. Is not that I don't trust you are a good honest person, but you are not at the same level as a developer as Curt or Tom. And I wonder how many holes you have opened in SBIE (below is one example reported yesterday).

https://www.wilderssecurity.com/threads/sandboxie-plus-0-8.438361/#post-3012967

All the unnecessary changes you are making in SBIE, have to pay a price, and that price is holes. You chosen opening holes over security. This is something that neither tzuk or Curt or any of the other SBIE developers were willing to do before but you are doing it.

Greetings

Bo

 

You know that its open source right? Believing is completely unnecessary, just check the sources. Or ask someone you trust to check them for you.

Well its a fact, @diversenok provided me with half a dozen PoC exploits which all worked on 5.33.6 and are now fixed in my builds of sbie.
https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/page-2#post-2909697

May be its time to make the exploits public?
I mean its not like what they were is still a secret to anyone who would check out the source code with the fixes.

https://www.wilderssecurity.com/threads/sandboxie-plus-0-8.438361/#post-3012967
That Special experienced would have happened with the 5.33.6 build just as well, its an artifact of how windows 10 sometimes opens files,
as you have experienced yourself with the windows photo viewer

This is simply not true on all levels.

In fact someone at the company broke the enforcement of the registry isolation in sandboxie

See Key_Callback(void *Context, void *Arg1, void *Arg2)
here the original sources in toms repo: https://github.com/sandboxie/sandbo...d2cf986621b4f27e3ed9d/core/drv/key_flt.c#L115

The code block for the if (Driver_OsBuild >= DRIVER_BUILD_WINDOWS_10_CU)
always terminates without doing any access checking, see line line 177: return status;
that's an obvious mistake, the return should have been in the else if (NotifyEvent == RegNtPreSetValueKey) code block.
Sandboxie implements the enforcement of registry isolation in the Key_MyParseProc_2 function which if we return in said code block will be never called


and there is more where that came from...


I'm trying to be polite here but at some point the endorsement of using an evidently insecure peace of security software starts to bring others in danger.


David X.

 

Speaking only for myself that would so yes they SHOULD release those PoC exploits in order to once and for all make it proof positive clear.

@DavidXanatos - Many have not a clue how to read source so wouldn't compiled versions of those particular exploits clear up the skepticism? To that much anyway.@diversenok's coding reputation (PH too) gives much value IMO.

Just interjecting a few of my own thoughts to challenge uncertainties or indecisions to the Sandboxie+ peeps like me who may be on the fence. Personally im watching (and waiting) with keen interest as you work your ever living efforts off in addressing current issues cropping up from Windows 10 from time to time. I harbor no opinion either way as of yet except to observe each and every new improvement or bugfix to see if you finally catch a break from having to continually dissect and reorient internal functions to satisfaction and bug-free operation. If that's even at all possible given constant browser updates/changes that break things. Cheers.

 

Incorrect. David closed way more security holes than he introduced.

I will be publishing all of my exploits for 5.33.6 in the upcoming weeks: sandbox escapes, escalation of privileges, and other things that Sophos didn't consider important enough to fix for the entire year. None of these problems apply to modern versions of Sandboxie for many months, thanks to David. It's time to move on.

 

Greatly thank you @diversenok

 

+1. We need to hear things like this. I consider Sbie Plus an integral part of my security setup; it works great and no problems at the moment. Looking forward to the revelations, thank you.