Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You and I only learned about this problem yesterday or today, but bad guys have known about it for a long time. Knowing this kind of information is their business. If they haven't taken advantage of it to this point I ll doubt they ll do so in the future (after the browsers and Windows updates, chances are lower now than before).

    Bo
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Same here. I am testing all functions I do sandboxed and so far, all seems well in W7 32 bits.

    I tried to get KB4056897 via Windows updates but it wasn't offered. So, I downloaded the package from the catalogue. I updated Sandboxie first, and Windows afterward.

    Bo
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi plat, in Windows 10 the Windows update didnt break anything related to Sandboxie. I tested all I do sandboxed and all went perfect. I updated that computer hours ago and rebooted a few times and turned off the PC. Looks good.

    Bo
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Done. My last update of the day was Sandboxie in Windows 10. Tested and retested, Sandboxie 5.23.3 is solid in W10 1709 64 bits and W7 32 bits (after installing latest Windows updates in both systems).

    Bo
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Update sequence: Win 10 CU KB4056892 to Win 10 Pro x64 v1709 16299.192 > Sandboxie 53.23.3 64-bit beta > Firefox 57.0.4. No problems so far.
     
  6. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    bo elam, probably a dumb question. Does this fix in anyway lower the protection of Sandboxie. Thanks for the fix,
    Acadia
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Acadia. In no way the workaround lowers Sandboxies protection. More than likely we are even more protected as the conflict between Sandboxie and Firefox is gone.

    Bo
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Can I remind users of the excellent facility in Sandboxie of restricting internet access for those programs that are not internet facing? Since the Meltdown/Spectre threats are read-only side-channel exploits, at least for now, the main risk is data exflitration of passwords and other secrets. Since Sandboxie can prevent that exfiltration for some apps by turning off Internet access, it's a valuable facility in this debacle.

    Of course that doesn't help with necessarily internet facing applications, the main risk there is obviously the browser where Sandboxie cannot prevent exfiltration, and where it runs uncontrolled Javascript. We'll have to wait for the browser updates which will nominally be available to start to mitigate this problem. The other mitigations are to implement ad-blocking and script restrictions. I'm afraid the browser-ad ecosystem is now obviously irretrievably broken and a threat until the main players get serious and prevent risks to consumers from their practices. Of course, that's true from many perspectives, but it seems to me that the Meltdown/Spectre class of threat is going to run and run with not easy defences even with Sandboxie - especially for Spectre, which means that it's totally unacceptable to have uncontrolled applications distributed to the browser.
     
  9. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Pretty sure restricting internet access isn't going to help if the program has kernel-level access.
     
  10. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    Oh, I must confess that I did not entirely read your fix, I was doing something else at the time. I did not realize that the only change you are making is in Firefox and NOT Sandboxie. Once again, thanks a ton,
    Acadia
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    adding reference messages
    https://www.wilderssecurity.com/thr...ks-exe-radar-pro.300552/page-122#post-2331903
    https://www.wilderssecurity.com/thr...ks-exe-radar-pro.300552/page-122#post-2332122
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You cant imagine how happy I am that I adopted script blocking (by using NoScript, its actually a lot more than that) nine years ago when right about the same time I started using Sandboxie, I also started using NoScript.Here is a comment by Giorgio about Spectre.and NoScript.
    https://forums.informaction.com/viewtopic.php?f=8&t=24391#p95180

    I am going to add something that I am pretty sure I have said here at the forum before. During this past 9 years, I have never ever seen anything that looks like malware, fake scanners or anything out of order while browsing. With NoScript, if you learn how to use it properly, that sort of thing doesn't happen, and when you have Sandboxie as a safety net, the chances of getting infected while using the browser are about none.

    Bo
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You are welcome, Acadia :cool:.

    Bo
     
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    I'm presuming the kernel stuff is fixed, although inelegantly. In any case, at the moment, all the exploits are read-only. It's "only" reading privileged kernel data, it hasn't achieved full escalation. Therefore that's normally only damaging if you're concerned about remote threats rather than local, and exfiltration which is stopped by Sandboxie with internet denied.
     
  15. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thanks for your posts.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Hi,
    remind me why when I run Firefox forced thru shortcut I get Firefox color and when I run Firefox thru Run From Start Menu or Run Sandboxed I get Windows color.
    Forced 52.5.3 ESR
    2182.png
    Run 52.5.3 ESR
    2181.png
    Thanks
     
    Last edited: Jan 10, 2018
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    bjm, supposedly the difference you see in Firefox UI when you run Firefox forced as opposed to Run as is because of a bug or glitch in Firefox. Something thats not right in Firefox. In my case, the colors are fine, they look the same in the portion of the UI that you pictured but loot at the pictures below. The color in the extreme right corner and the Minimize, Close and Maximize buttons dont look right when running programs sandboxed using the Sandboxed Start menu.

    1.jpg


    2.jpg

    Bo
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Forced 52.5.3 ESR...............................Run 52.5.3 ESR
    2195.png 2197.png

    Forced 57.0.4.............................Run 57.0.4
    Forced 57.png Run 57.png
    Thanks
     
    Last edited: Jan 10, 2018
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Bo

    How do you turn off Javascript with No Script?

    Pete
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Pete. By default, except for domains that are in your Trusted/Whitelist, JS is off for all domains when you visit a site.

    How to turn off JS for Trusted domains? If a domain is white listed and you want to take the domain out your white list, setting the domain back to default will do it. Or, you can also include it in your Untrusted/Black list.

    Note: If by any chance, scripts are running for domains that are set as Default, then it likely means you made changes to the Default preset by mistake. Look at the boxes inside the Default preset and make sure the scripts box is unticked. FWIW, I am unticking all boxes for the Default domain which gives a more restricted experience that what it was for Default domains in version 5.

    Bo
     
    Last edited: Jan 11, 2018
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks Bo.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You are welcome, Pete. I hope all is well. It should. NoScript is working flawlessly along Sandboxie.

    Bo
     
  23. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    How do I configure Sandboxie so Firefox 57.0.4 remembers the settings I choose in NoScript (Trusted/Untrusted etc) for websites I visit.
    I looked under Sandbox Settings at Applications/Web Browser/Firefox but which option do I choose?

    Currently the only things enabled are Force Firefox to run in this sandbox, and allow direct access to the phishing database.
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Pling_man, you need to allow Firefox Direct file access to file "storage-sync.sqlite". Thats the file NoScript 10 is using for saving data. You ll find it inside your Firefox profile folder.

    Bo
     
  25. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Thanks bo. I have the noscript addon installed in FF57 on one laptop now. I’m still trying to understand the Ui though and the best way to use it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.