Sandboxie Acquired by Invincea

Just bought this new Win. 10 PC Desk top and am trying it out with the latest Sandboxie update 5.33.1 and I do have an MS email account I can verify that I have no problem logging in to my account. With SB version 5.31.6 there was a problem logging in. P.S. I still have my old Windows 7 here right along side of me and it's still working good as well.

 

Nice.

Bo

 

Long live Sandboxie! I still have hope for it to live on as open source, hopefully soon.

I haven't installed the v5.33.1 yet. Has anyone who has installed the v5.33.1 maybe tried if installing MSI packages is now possible?

 

Hi Bellzemos. The issue with installing MSI packages is not fixed in 5.33.1.

Bo

 

Haven't found and MSI package to install. Don't know

edit: I just realized that I replied to the wrong person Sorry about that @Bellzemos

 

not sure about, O&O Defrag MSI works, O&O DiskImage EXE failes (wrong OS), Softmaker Office MSI works.

 

Well, perhaps I will shed a tear LOL. But it's not about being emotional attached, it's about Sandboxie being such a brilliant tool. You just can't beat app virtualization. Others have tried to copy Sandboxie, think of SafeSpace, BufferZone and GreenBorder, but they all weren't as good.

But if some new tool comes up with the exact same abilities, I will gladly make the switch. Shade Sandbox seems to be promising, but I have the feeling it's not as powerful and secure as SBIE yet.

https://en.wikipedia.org/wiki/Shade_sandbox

 

What I meant is that older versions of SBIE didn't make use of the "Windows Integrity Mechanisms" like Chrome does. In the Bromium report, Chrome's sandbox was called more robust, simply because of the fact that it's customized for only Chrome and can be made more restrictive than Sandboxie, which provides "global" app virtualization.

It's a fair point, but as said before, normally when hackers develop exploit for the masses, they will be attacking Chrome or Firefox and not Sandboxie. Also, you can hardly blame Chrome and Sandboxie for getting hacked, if the Windows OS itself is leak. But even in such a scenario, Sandboxie still put up a fight.

 

Mumble - https://www.mumble.info/downloads/

Paint.NET - https://www.getpaint.net/download.html

PDF-XChange Editor - https://www.tracker-software.com/product/pdf-xchange-editor

All MSI, go ham.

 

I don't believe I mocked you or anyone for using Sandboxie. If I did, then my apologies. Ultimately, I was only trying to encourage the consideration of other means of securing a device, especially through the primary use of mechanisms built-in to the O/S. I remember years ago seeing a slogan in a mountain biking magazine that went something like: "Innovate or Die".

Neither have I, using numerous, and different, security approaches over the years, other than only two exceptions in 23 years using Windows; one was installing crack software on XP from a pirate site - obviously my fault, and the other was after a fresh install of pre SP2 XP sitting behind only a DSL modem and the blaster worm hit immediately after the installation completed.

Except the Windows mechanisms are already integrated into the O/S, practically eliminating the potentially sloppy coding often introduced by 3rd-party vendors. Unfortunately, using only Windows security mechanisms entirely has not ever been possible for me. Windows Firewall, for example, is a joke, because it can't even utilize wildcards in path rules I'm using a 3rd-party firewall with a purchased license that works fine, but lately the developer is asking for donations on its main web page. That's a red flag for me that suggests it may eventually be going under.

Which is why it's prudent to nullify an infection attempt in its very early stages.

 

Yes, but who cares if third party tools are often superior in terms like features and being more user friendly. I couldn't care less about stuff like SRP, UAC, SmartScreen and Win Def. Third party tools are doing a better job for me. For example, the Windows Sandbox is pretty much a joke compared to Sandboxie.

And they are using the exact same building blocks that the OS like Windows, macOS or Linux provides. And sometimes I do use OS security, for example I use WFC which is a frontend for the Win Firewall. But I'm planning to switch to TinyWall which isn't.

Yes of course. But I already explained it can't always be stopped in the earliest stage. Let's say people receive an email that lures them to a boobytrapped website. The exploit is able to bypass the browser's sandbox and uses a file-less payload. Again, SRP and perhaps even AE won't be able to block that. A virtualization tool on top like Sandboxie will most likely protect against this.

 

Clearly it's a difference in attitudes, where I have full confidence that I won't allow an exploit to ever reach the "critical mass" stage, whereas Sandboxie is being utilized as a containment measure in a "just in case" scenario. People really should endeavor to prevent the former scenario by not being tricked into allowing an exploit in the first place.

I also partially disagree with you on your last point where SRP and such can't block an exploit on a boobytrapped website, because often these exploits drop the malware into user-space directories, where a proper default-deny setup will block the attempt to launch the executable from these directories. If the user goes and allows it, then the user needs to educate themselves on ensuring it doesn't happen again.

EDIT:

btw, I'm not suggesting I'm right and your wrong in how we deal with threats, only that there is a marked difference.

 

Yes exactly. But if we lived in a perfect world, we wouldn't even need security tools at all. But keep in mind, sandboxes were designed to contain malware. So now, hackers don't need only one, but two exploits to get full control over the system, it raises the bar.

I'm afraid you're wrong. Why do you think I specifically mentioned file-less exploits. It's because they don't drop files to disk. In theory they can simply download and run file-less ransomware in memory. So this means that file encryption is being done by an already active process in memory.

Of course tools like HMPA, MBAE and Sandboxie may help. Some AV's with a behavior based anti-ransomware feature may also help. So no, Sandboxie isn't the only one who can stop this, that was never the point. I'm just saying.

 

Which is why I said I partially disagree. Powershell is utilized quite often in fileless attacks. Lock it down and the threat is nullified. At any rate, I don't want to veer OT, nor drag this out much further. The thread is about Sandboxie and I think we've all made our points.

 

@ bo elam - Hi Bo, thanks for the info.

@ special - Today I've installed the new v5.33.1 in a Windows 10 VM and tried installing Mumble MSI - and sadly it won't install under Sandboxie v5.33.1.

I wish they would list all the changes in the new version, like they did before (before as before all went downhill).

 

Well. I think you are doing it when you question my judgement for the simple fact that I use Sandboxie and will keep using it until the day it doesn't work anymore. I ll quote you again:

Something else. When I said, "In over 10 years using it (using SBIE), I haven't seen any malware.", it doesn't mean that I believe that using Sandboxie is the only way to stay clean.

This are my thoughts on whats best regarding security for each individual. I believe everyone should discover on their own how to beat malware. People should not copy what other people do, we should tailor our security based on our personal case use. Thats what I did and is the formula that brought Sandboxie to me. Eleven years ago, I could have gone a different way than Sandboxie but is obvious to me that I made the right choice in Sandboxie since I haven't seen anything malicious in all this years. Due to my success using SBIE, it wouldn't make any sense to switch away from SBIE.

During the first two years using Sandboxie, I used an AV along SBIE, and also had a couple of scanners, but eventually dropped using all of them. I havent used real time AV since Dec 2010, or scanners since Dec 2011. This first couple of years using SBIE, I was tailoring my security setup (perhaps looking for the perfect companion for SBIE), looking for the perfect fit for me. And found it in Sandboxie and NoScript with no scanners of any kind. We could say that it took two years for my security setup to settle down totally. So, figuring out whats best for you is not something that you decide and in a couple of seconds is done. It takes time, I think feeling confident is what you get and you are surronded by it when you know you got it right. Thats the feeling I have had all this years.

Bo

 

You are welcome my friend.

Remember, we still have Curts fingers in SBIE.

Bo

 

Thats exactly right. Let me tell you this. Like I said, the day Sandboxie dies, no reason to feel sad, here is why. In my view, what we gotten from Sandboxie after Tzuk left, is gravy. Is extra. And we gotten a lot of extra since Tzuk left. What, four or five years have gone by since that day, and we still have it working and working great. Why should we cry? Everything dies someday. A little inconvenience here and there but for the most part, even today, Sandboxie is still great.

Before Tzuk left, I told him that whatever we get from SBIE after him leaving was like gravy. I also told Curt the same thing years ago. Sandboxies problem didn't start this past April, it started way back. So, if I was to feel sad about it, I already done my mourning and rationalized all that there was to rationalize.

But even so, the day Sandboxie dies, the confidence that I built all this years regarding my computer security thanks primarily to SBIE is gonna crumble down. I am going to have to start from Zero again. I ll have to change how I use the computer and stop doing some of the activities that I like doing while using the internet and the computer. At least for a while, until I find a good replacement, I wont be doing some of the things I like doing. For me, the impact of not using SBIE in my usage of the computer is gonna be huge.

Bo

 

Honestly, there a number of replacement strategies you should be able to use. In the meantime, hopefully you can enjoy using Sandboxie for many more years. If I were in your shoes, I would embrace the challenge.

 

best is not to be vulnerable to come this way round!

thats problem for most people, not only here. to rely on approved bevahior. sandboxie is reason for my tools, but in most cases i dont need sandboxie this way any longer. as we dicussed more than once our understanding of sandboxie very different. if it will come to an end i will stick with the latest build and thats it until i will find a replacement. Bufferzone was a prequel here, in its basics similar or same and i was able to work with it. for now i dont know a sequel.

 

True enough, which is why I harp on nullifying the threat in the early stages, or better yet, before it can even gain a foothold.

 

Yes correct, I completely agree. It's best to block attacks in the earliest stage, that's why I'm using the EXE Radar + Sandboxie combo. But you never know if hackers can find a way to bypass AE or SRP. That's all I'm saying, nothing is bulletproof including Sandboxie. And BTW, why are we even talking about SRP, is it even available to home users? I would advice them to use EXE Radar, it's much more user friendly.

And yes, most of these attacks are using powershell.exe, but there are file-less attacks that use other methods. That's why companies invest in "state of the art" security systems, they can't just simply lock everything down without breaking stuff. Same goes for home user systems in certain cases.

 

That's why I have HMP.A now. An extra buff to Sandboxie.

 

Yes, if you want to block in-memory malware from running you need tools like HMPA and MBAE because stuff like EXE Radar and SRP won't protect against this. I'm talking about "true" in-memory malware that don't need to use so called LOLBins. They can run inside the exploited app like the browser, see links.

So let's say this exploit is able to bypass HMPA and can bypass the browser sandbox, then Sandboxie should still contain the malware. In case the malware happens to be file-less ransomware, file encryption should be prevented.

Like I said before, home users will normally not encounter these type of advanced attacks, especially because browsers are way harder to hack than in the past. And hackers often want to get persistence on the system, and that's easier to achieve with PowerShell or by simply dropping files to disk.

https://www.computerworld.com/artic...acks-stealthier-with-fileless-infections.html
https://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html

 

Voodooshield can block fileless malware. Or at least any that would start in one application and then call upon a windows system file to do its damage. Voodoo also protects against DLL injections by preventing the processes that would inject them and by whitelisting the DLL's now too. Voodoo also doesn't allow powershell to even run while it's "on"

And S.A.P. consistently gets good scores in fileless malware tests in comparisons to other paid and free antivirus programs out there on AVLab every year and it too will stop an unknown DLL from loading into memory.

But in the case of malware where the whole thing would happen inside of just one application, then yeah, you need something like MBAE or HMPA to stop that from happening.

I really wish they'd advertise HMPA as exactly what it is instead of talking about it on their website as just "stay protected with hitman pro alert" because almost all of the malware that a home user would encounter doesn't get stopped by HMPA.

In most cases Just sandboxie protecting the user's applications is more than enough.