Sandboxie Does Hidden Online Validation?

Ok so in the absense of the link itself,we're left to make a choice as to the truth behind this matter.

On the one hand some thief grumbles on a hacking forum,incensed that his stolen copy of SBIE premium no longer works,comes up with a theory that subterfuge must be the causal factor.

On the other hand,we have Tzuk,a guy that despite being a lone developer for many years has generously provided a perfectly functional product free of charge,a product that offers outstanding protection despite what some may say (all these bypasses yet where is the hard evidence?).

Well after soul-searching for all of 2 seconds I know whom I believe to be telling the truth.

 

Get the drift...

 

Ditto.

 

I see the light! My score: tzuk 1, elapsed etc. 0. Good night

 

404 ?

 

Ummm, punctuation, and lose the 0000h: http://www.sandboxie.com/buy.php

 

Instead of being angry at dishonest thieves, elapsed decides to go after Tzuk. A trustworthy developer with a good name. thats pretty messed up if you ask me

Instead of being grateful that a developer like him has offered such highgrade security, you accuse him of hiding some backdoor to your system, on no other basis but that of a word of some pirate.

btw for those of u who want to see the original topic, use google. wot site ratings say its safe -- why should i care, I am using sandboxie anyways
From a browser security point of view sbie is better than a vm because there are less vulnerabilities and they are patched more quickly. It uses less resources and you also dont have to worry about a worm slipping to the host via network connections

anyway i digress... Elapsed, I personally think you're part of a group of haters targetting sandboxie; probably xorrior's sock puppet.-- i smell trolling or maybe tht spammer tht posted on sbie forums

 

Seconded

 

@crofttk

?

I know http://www.sandboxie.com/buy.php works, but that wasn't my point.

mark.eleven the OP posted this www right at the start of this thread.

If the extra ',0000h gets a 404, how is it supposed to work hard coded ?

 

tzuk has a good clean program i am a hacker and had an older hacked version which became invalid i now have a new hacked version and before i get flamed i was taught computers by hackers so thats that !
now tzuk i will happily pay for your program [now that i've thoroughly tested it] but i don't do online payment for anything can i pay direct deposit ?
or we'll meet at the pub i'll buy you a beer or ten and give you cash
i even test hacked programs
in a hacked sandbox
on a hacked xp
so if you really want to believe a hacker
sandboxie and returnil2008 are my favourites

 

Thanks for your post LowWaterMark, it is refreshing to have an expert look deeper into this and describe the situation in more detail, something I believe Tzuk should have done in the first place instead of querying my feelings for him, although I find your word somewhat more credible and trustworthy.

Something I'm curious about though and maybe you can shed more light on (and hopefully by discussing this salvage some hope from this thread instead of it being plunged into nonsense by the Sandboxie fans that think this thread is about a Me vs him contest) Tzuk insists that Sandboxie has no form of dial-home function, so why is it after I boot up a test machine a few times with a registered copy of Sandboxie, that I now have several DNS records to sandboxie.com without any form of firewall prompt?

Thanks.

 

I have often used the hosts file to stop programs from attempting to communicate with the mothership. Cyberhawk was one, the first version of Prevx was another (which took a large amount of host entries to block, wish windows could do netblocks). Programs here and there, especially when they "wait" for a response from home before continuing, I try to kill that straight away.

Last year I seen sbie contacting home. This was from a firewall log (outpost pro v2)

72.52.218.204 host.sandboxie.com

I did this for awhile

hosts

127.0.0.1 host.sandboxie.com

I did it just to tie up a loose end I found, not because I was fearful of what sbie was doing, and because I have not used a firewall in daily use for quite some time now. I haven't done this to my win7 install, but it is still in my xp pro image. I might put it back in place on win7 if I actually use a host file again, which is doubtful at this point.

Sul.

 

@LowWaterMark

Re - ',0000h

I see, thanks

 

elapsed: with all my respect I must say that instead wasting your time discussing certain questions you should use that time to learn. With more knowledge you would not need to accept what other person says and you could verify things by yourself.

 

I'm a long time user of Sandboxie and did not intend this thread to bash Tzuk (or Tzuk vs anyone). In fact, I think he's doing a superb job, and Sandboxie is the only real time protection I have since I do not use any AV. I posted this thread seeking experts' opinion after I saw the comment in the other forum.

The author of Sandboxie has clearly explains himself, and other experts generally concluded that hidden online validation a false, hence I guess the mod can close this thread.

Thanks.

 

It has been interesting...

One solution: Make an in-depth investigation and come to a conclusion.

One of two things you will find:

Sandboxie does call home without the user knowing, which, sorry for my words, but true, is the behavior of spyware.

Sandboxie does not call home.

People are discussing illegal key versus legal key activation. Why? That is not the point, at all. The point is that illegal or legal key, a software developer has no right to code his/her/their program to call home without the user knowing. This behavior is a behavior of spyware. That's why it is called spyware. It calls home and sends information, whatever that may be. If what we know to be spyware would alert the user it was about to send personal information, then it no longer would be treated as spyware, now would it? No.

Someone mentioned that all this should be forgotten just because the guy who found this was a hacker using an illegal version. While the conscience is his to care for, if got any, how does that invalidate whether all this is or not true? It doesn't. It won't. Nor it won't say it is true. Nor will the fact Tzuk mentioned nothing happens.

Don't take other people's words as the true words. Find it out by yourself. Make a judgement.

But, I must say, all this has made me be alert. And, if something is found out, well, it doesn't truly matter if you're using a legal or illegal key. Trust is trust. It does exist or it doesn't. Sorry, but there isn't a middle term.

If a software developer wishes to check for validation, which I'm 100% for it, I'd do the same thing, then ask the user for permission. Paying users deserve respect, so respect them. (This is not directed to Tzuk, rather to all software developers.) This is what makes the difference between you and the bad guys. Otherwise, you're just as bad as they are. Period.

 

Did Outpost happen to note the name of the process doing that? Internet Explorer by any chance?

You're right, but I think it is also true that no one on this forum ever stops learning.

I agree, like stated before, I have no issue with validation, many software companies do it, including Microsoft, and have it clearly documented. Even Microsoft's update to it's validation was totally optional and properly documented in the update.

But unless I misread, Sb has no documentation about any form of validation, done by sanctioned methods or not, it would appear to one that it just simply does it.

 

SB could be checking for updates which can be turned off.

 

I already said on this thread that there is no hidden validation or activation or whatever. What can I do when biased people ignore this?

As for contacting host.sandboxie.com. Or more precisely, http://www.sandboxie.com/version.php . This is part of the version-check mechanism and it asks your permission before making a connection. There is a convenience checkbox to say -- go ahead and check without asking me. To enable this checkbox and then claim foul play, which I would not be surprised if elapsed is doing, considering the extreme prejudice he displays here against Sandboxie, is disingenuous.

I don't understand how elapsed gets a free pass to keep trying to sling dirt at me. I am not asking to silence him but his repeated slandering of my character are false every time, yet it seems an apology by him is not even expected for this kind of behavior.

 

Sorry, but to post something like that here at Wilders is too much, going too far. You owe someone an apology, perhaps even everyone at Wilders.

Acadia

 

A lot of softwares try to connect even when you have turned auto updates off.
Even our beloved google does it (even after removing it, try google earth).
Unless some one has the technical ability to prove it (either way) it is a fruitless even if we go on arguing for a week.

 

What technical ability is required to install a sniffer?

I think the question is nobody is going to try that because nobody believes that happens so it´s a waste of time checking.