Sandboxie+ Roadmap

Guys I need some input, as it looks the global settings are getting fuller and fuller, so I have eider to add even more top level tabs or add sub tabs on each page, like in box options, what do you think?
Ideally may be booth, start with adding tabs to the advanced toplevel tab and move config protection there...
...

 

As I already said in a few scattered posts we are looking forward to a unified installer for all platforms.
Perhaps offering the following installation options

Windows 7-10 on x86: Classic UI only
Windows 7-11 on x64: booth Plus and Classic UI
Windows 11 on arm64: Plus UI only

Providing support for Windows 10 on arm64, would require to eider be classic only or using a 32 bit version of the plus UI.
But since that would require additional adaptations and presumably next to no one is using windows 10 on arm64 anyways, I would opt for not providing support for that platform.

Anyhow: when we create a unified installer for sandboxie plus and classic, how should the filename for it look line, how about:
Sandboxie-v5.60.0+Plus-v1.5.0.exe
or
Sandboxie-Plus-v1.5.0(v5.60.0).exe
or some other scheme?

 

I support moving "Config Protection" items into "Advanced Config".
Another suggestion: get rid of the tab "Edit ini Section". It feels out of place imho.
I edit the config a lot but always via "Plus UI=>Options=>Edit ini file".

 

Well but its so useful to change global settings without having to ok a UAC prompt

 

I like this one.

 

Unless one associates a different program (for example notepad++) for opening/editing .ini files.

 

But how does that avoid the need for UAC confirmation? Surely you'd still need admin privileges to edit the Sandboxie.ini file directly?

 

David, is there any way Sandboxie can be modified to allow 0 byte files (which aren't necessarily 0 bytes in total) to be recovered out of the sandbox? This has been a problem for me for many years. Thanks.

 

Since people are inquiring from time to time about for how long sandboxie+ will keep Windows 7 support, win 7 has still ESU support until the end of this year and IMHO it would be prudent to support it for at least 3 years after its fully unsupported so until December 2025, even now windows 7 has almost more users that windows 8 had at its peak LOL.

That said there are also some roadblocks down the line:

1. Qt6 has dropped windows 7 support already, hence to its required to eider stay on Qt5 for the time being or deploy own recompiled Qt6 binaries with custom windows 7 support.

2. Visual studio 2022 is unable to target windows 7 when compiling a driver so if Github at some point gets rid of the windows 2019 build environment that will be a big problem. If when they removed the 2016 environment is anything to go by the 2019 will be axed in March 2024.

So I'm not sure if it will be possible with a reasonable afford to keep windows 7 support past March 2024 which is slightly under 2 years from today.

I think how to proceed will be to be seen then based on how many people will be still using windows 7 then...

 

2.) ImDisk integration allowing to create RAM resident boxes to leave no trace on the actual pc
Sound like a nice feature for having out of the box.

It's nice of you to keep sandboxie available for windows 7. Just make sure that you pull the plug before you have to spend most of your development time on that.

 

Windows 7 ESU is not easy to achive the legal way for end users. if you decide to support it then you should consider to charge those because special compilation below current standards, as you pointed out that a lot of environments already dropped windows 7.
ESU is not set to end in jan,2023, there are plans for a 4/5/6 trip until 2026 - only for business.
ESU for HOME or private users is not possible.

 

LOL good idea Windows 7 version only for patreons on the 10€ tier and higher, why not

But where did you hear about ESU 4/5/6 i cant find anything about that

 

The simple truth about support for old stuff is that its usually not really much work if any, of cause there are also exceptions, but typically the work starts when some dependency decides to drop support for a legacy platform, but you need to update the dependency for some reason often because of new features or a required bug fix.
There was absolutely no necessity for Qt 6 to drop windows 7 support, its still a very similar os to the latest windows 11, at least what the API which qt uses is concerned, just use a few dynamic imports instead of static once and you are good to go.

What can be a lot of work is adding support for a legacy platform to a peace of software developed for a much newer target, but this concerns only new software.

So VS 2022 dropping support for windows 7 drivers is also a intentional limitation on MSFT's side, especially given that other other than drivers the compatibility is maintained back to VS2017 with win xp support.

 

this one, in german
https://www.computerbase.de/2022-07/windows-7-esu-support-extended/
its not fixed, but considered

 

new feature idea, just added to roadmap
Add inbox process protection to better enforce start/ execution restrictions

The idea is to block processes which are not installed in a box from loading dlls located inside a box, when there are any restrictions in the box in place which allow external processes but not boxed processes to do something.

 

My assumption is that the RAM disk will only be active (per sandbox) if the sandbox option 'Auto delete content when last sandboxed process terminates' is enabled, as this would allow one to install a program into the sandbox (with 'delete content' option disabled), take a snapshot, then enable the 'delete content' setting so only new files will be deleted?

Assuming that's roughly correct, is there any way of achieving something similar now in Windows?
I know I can create a RAM disk with ImDisk, but can I use that as %FileRootPath%, or would there be too much of an overhead creating all the folders at startup?
The above assumes I don't want to install anything permanently into a sandbox, which I do, so is there a way to overlay a normal folder (which would be read only) with a RAM disk and use that as %FileRootPath%, a bit like the Linux overlayfs? I appreciate it'd be a pain, as for apps I want to install I'd need to install them (which would be onto the RAM disk), take a snapshot, copy the sandbox contents back to the normal folder used in the overlay, and then enable 'delete content'.

I'm loving the evolution of this project, even if at times the rate of change is a little overwhelming.

 

more icons:

 

I was thinkimg more like putting the entire sandbox in the ram disk so the snapshots would also be gone, but keeping the snapshots separate sounds like a good improvement

 

Then I'm glad I asked

If implemented only when 'Auto delete content when last sandboxed process terminates' is enabled (and only on those newly modified/created files) then there's no reason not to have it on by default, or at least to only need a global option as some people might not have enough ram or want to dedicate ram to it.

Looking forward to it!

 

+1 The ram disk sounds like a nice (build in) feature

 

Another +1 for an integrated Imdisk. Using Imdisk toolkit together with Sandboxie Plus now.

 

1.6.xx) Ability to import/export boxes from/to 7z archives



9.) Function to force boxed processes to use a specified socks 5 proxy

 

OH MY GOD! OKAY IT'S HAPPENING!

 

10.) Option to set file checkers to test files before recovering them

Based on a suggestion: https://github.com/sandboxie-plus/Sandboxie/issues/2202
this feature will be added in one of the next builds, my plan is to have an option on the triggers page to add a OnFileRecovery command entry where the return value will be able to block file recovery.
It will also be possible to run the preset checks on any file in the files view (side panel)

This resolves a couple issues present with trying to directly add support for various online checking services, using instead SignCheck from Sysinternals which the user will have to download and keep updated seams reasonable and MSFT can be trusted to keep up with the latest API's.
I just need to figure out the best workflow for a satisfying user experience, when setting this up for the first time.

 

Impressive!!