What would you run with WSA Essentials and Sandboxie?

You do know that I'm a Sandboxie user. I use it less and less, though. But, anyway... Considering that Google Chrome is used by millions of users, is actually a pretty good view, isn't it? And, any bypass/break happening, is actually a chance for Google to improve its already great sandbox.

On the other hand, I've seen, including in this same forum, many make the claim that they tests lots of malware samples against Sandboxie, and none managed to break out.
Well, that's all peachy... but, what's the real % of malware samples that were actually developed, having as their target Sandboxie? I'd say 0% of them.

And, as Kees1958 mentioned, Sandboxie has been bypassed in the past...

Anyway, as Kees1958, I do hope that Sandboxie gets the needed change.

 

Nothing.

Bo

 

About this paragraph, tzuk said this at the Sandboxie forum: "The statement you quote is no longer true. You can use Process Explorer to see that the security context of Chrome processes is the same whether running inside or outside the sandbox."

So I am back where I was when I started the thread, using Sandboxie, WSA-E and Chrome, with Kees1958 suggestions for setting up WSA-E. This might be my favorite security setup ever. What would make it better? Bo gets right to the point: "Nothing."

 

Interested to know what that means. Does it mean SBIE now recognises and replicates Chrome's low integrity flag inside the sandbox or not? Does security context mean the same thing? I don't see it in Process Explorer but realise that can sometimes be misleading.

Regardless I'll continue to sandbox browsers, including Chromium based variants. Properly configured SBIE makes up for any loss associated with diluting the Chrome sandbox through raising integrity levels IMO.

Exactly!

NB - reading SSJ100's comments on the SBIE forum in the thread you reference where he rants about 'self-proclaimed experts' made me laugh. This from a guy who has his own forum giving out advice! - 'Oh wad some power the giftie gie us, To see oursel's as others see us!'

 

That seems to be the case! I downloaded the most recent stable version, and then ran it in a sandbox, and according to Process Explorer, the renderer processes do run at low integrity level.

Adobe Reader X, also seems to run at low integrity level, as well. I monitored it sometiem ago, and according to Process Explorer, sometimes it would get a low, and other times it would get a medium. But, it seems to always be at low integrity level now.

Can anyone test Internet Explorer 9?

-edit-

So, at least in what comes to Google Chrome and Adobe Reader X (I don't know about Internet Explorer), we have two sandboxes. But, one problem still remains - Sandboxie lacks ASLR support, and it does inject a dll into chrome.exe, to run it in the sandbox. Hopefully, this will happen too - supporting ASLR.

-edit 2-

Can anyone give it a run with Firefox and this version of Adobe Flash Player -http://labs.adobe.com/downloads/flashplayer11-3.html (This version runs in a sandbox. I'm wondering if Sandboxie breaks it? If it does, this means that Sandboxie doesn't truly mirror integrity levels into the sandboxes, it just works with those of Google Chrome and Adobe Reader X (perhaps also Internet Explorer 9))

 

I did a small test. This is actually something I noticed happening last year. I got my Downloads folder @ a low integrity level. Any file I have there inherits the low integrity level.

I downloaded a zip file, and saved it there. I checked the integrity level, and of course it inherited the low integrity level.
Then, I opened the zip file with 7-zip, which is being forced to run in a sandbox. I extracted the contents of the zip file, which is an *.exe and *.txt file, and the files have now a default medium integrity level.

So, Sandboxie still doesn't mirror integrity levels into the sandboxes. It just works with Adobe Reader X and Google Chrome's sandboxes (maybe also with IE9's Protected Mode?), but that's it. Other than that, it still effectively breaks Windows Vista and Windows 7 MIC.

 

Yeah, congratulations on Tzuk and Sandboxie. IMO this raised the bar for malware to come through (dealing with low rights, SBIE and UAC)

compliments

 

Bo knows.

 

Well, he still needs to support ASLR, and to actually globally mirror the integrity levels in the sandboxes. But yes, this is very welcome.

 

Apparently, Adobe Reader X Protected Mode no longer works in Sandboxie. Both the latest stable version, and the most recent beta version.

I did recently install the latest Adobe Reader X version.

-edit-

I also tested in a Default sandbox. Same result.