Sandboxie

Only the browser process will have direct access if enabled, everything else within the sandbox won't.

Even if the malware somehow specifically hijacks the Firefox process to specifically attack your profile (which is extremely rare especially on updated browsers), your system is still isolated.

 

Sorry to ask, but why is your sandbox not configured to do just as you desire? Do you understand where the bookmarks are housed, the noscript settings stored?

Update wise, that can be an issue. I don't ever auto-update, so when I do update (really it is upgrade for me) I do so with the browser not being sandboxed, then delete the contents of the sandbox. Because my profile items like bookmarks etc are directly accessed, nothing much changes usually. They key to it all is, as you are likely aware of, to put your settings in place outside of the sandbox, then allow access to the areas that you will modify in the sandbox that you wish to keep, such as the bookmarks.

Sorry if I am telling you what you already know, but if the statement above is what you find cumbersome about sandboxie, there are multiple ways to overcome this with minimal effort.

Sul.

 

How so? I don't recall an option to only allow one process within the box to use the direct access. AFAIK it is on a per box basis, so that if the box has a direct access "hole", anything in the box can access the "hole". You know something I have missed maybe?

I think in practical terms this is probably a reasonable assumption. However, if your profile has been tainted with something malicious, and direct access is given so that the real live profile is impacted, the next time you run the browser outside of the sandbox, the real system can be effected. I run my browsers outside the sandbox when updating/upgrading or adding something, or sometimes just to test something.

Sul.

 

Check Resource Access > File Access > Direct Access > firefox.exe
The direct access rules only apply to that process.

 

That is a good question, one I have weighed myself. Initially I did not like this aspect either. Actually I installed SBIE and uninstalled it more times than I care to admit. It took me maybe a year of using it on again/off again to really like it in everyday use. I did not like the lag in some earlier versions. I did not like having to go find my downloads because I was not putting them into the typical recovery locations.

I used vmWare for a lot of stuff at that time, seems like I had one open all the time. At some point after testing SBIE a little more in-depth, I started using it to test things that did not require a reboot or install drivers. It was more convenient to use than VM because of startup times and just being able to delete the sandbox so quickly. Eventually I found myself only opening a browser in SBIE when I felt I needed it (I made a macro for Kmeleon that let me do this easily).

Eventually I put forth the effort to dig into the configurations of SBIE, and adapted how I did things to work around how it places items into the sandbox directory. In the end, I am more than happy that I did. It forced me to stop using my prior methods and streamlined how I do things. Not something I really wanted to do, but for me anyway, keeping track of what I have downloaded is now much simpler. But until I really applied myself to what SBIE could do, I was in much the same mindset you are.

lol, not saying you need to adopt my mindset or you will turn to the dark side Luke, just sharing something you might find of use.

Sul.

 

Oooh! Right you are. I don't use the GUI to configure it, only the .ini file. I have been missing a whole new feature lol. Time to update the templates I suppose, as thus far I had a global template for direct access objects, not realizing I could fine tune it. Suppose I should use the GUI from time to time rather than being such a nerd

Thanks for bringing that little tidbit to attention.

Sul.

 

You could try something like this as well

OpenFilePath=opera.exe,%AppData%\Opera\
ClosedFilePath=!opera.exe,%AppData%\Opera\

First line lets opera.exe have direct access to its appdata folder while the second line restricts apps other than opera.exe from reading the folder and its contents. Gives an added protection (placebo? ) in my opinion.

 

Nice.

I guess I never thought to use that in any form but this

Code:

ClosedFilePath=!<InternetAccess_Opera>,\Device\RawIp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Tcp
ClosedFilePath=!<InternetAccess_Opera>,\Device\Ip
ClosedFilePath=!<InternetAccess_Opera>,\Device\Afd*

It is an easy fix for all my boxes though with the use of my template.

Thanks.

Sul.

 

I've only just recently noticed that resource access 'per exe' myself. I have been looking around trying to see what others are going with, with this new Plugin container resource - in the latest Firefox.

On my Win 7 pc I updated Firefox to the latest version, and then noticed the new plugin-container.exe thingy requesting to run in the sandbox. So I allowed it to run, on my Win7, but I've put off updating Firefox on my XP untill I have figured out what's safest.

Has anyone else looked into how to handle Sandboxie & plugin-container.exe? Giving Firefox.exe, alone, rights to the plugin-container ... rather than the whole sandbox per se. ?

​

 

All I can say from the posts listed - is what a smashing lot of people you are.
If one wants to know about an issue, just post it and Wilders Wonders will give the answer. The knowledge and expertise is incredible.

Not really any point in being a member of another Forum other than to participate in an irrelevant chat club, Wilders is the source for getting a problem solved.

John B

 

Keyboard_Commando, what version of Sandboxie are you using as my Sandbox settings seems to have a lot more options.

As for the plugin-container it was a pain so I went back to an earlier version of FF.

Sandboxie Forum on Plugin-Container

 

My Sandboxie is the Free version 3.46 and my FF is version 3.6.6. I always keep bang up to date and will not revert to any earlier versions. If updated version do not work, then it is up to the suppliers to get their act together and make them work. You do not replace a Formula One winner by one with only three wheels.

John B

 

The new version of FF was slower here so I went back to the Phase 3 GT Falcon model - FF ver 3.0.

There is no need to uninstall/install. I delete the Mozilla folder in Programs folder and copy/paste the whole folder of whatever version I want that are kept on another partition.

Old Apps

 

I got around the bookmark problem by using a third-party url program. Whenever I want to save a bookmark, I copy and paste the url into my third party program, then copy and paste it back into the browser whenever I want to surf to that site. Yes, it takes a couple of seconds each time but two advantages: My Sandboxie has had no holes punched in it and this third party url program works in any browser this way, no need to keep updating my four browsers with the same bookmarks, I only need to bookmark once. I have two monitors and keep the url program up on my second monitor at all times, all my bookmarks are there for me to see no matter what browser I am using.

Acadia

 

Thanks for the link, Franklin. That was very helpful.

I am using the latest Sandboxie version 3.46. In the pic I am clicking on the Firefox.exe, in the sandbox, and then right clicking - to the Resource Access tab. I dont really like this plugin-container Firefox addition. From the link, it seems for the browser to fully function (for Adobe Flash, Quicktime, and Silverlight, etc, to work) plugin-container needs adding to the internet access, and its own start up rights. I don't feel that confident about this, not yet. So I am going to wait a while before I update Firefox on my XP pc.

 

The plugin-container evidently does not like being sandboxed at all, because ever since I added it to Start/Run and Internet, Firefox is very slow at loading pages. There was absolutely no change in speed between a sandboxed and un-sandboxed Firefox prior to adding it in, at least on my system.

 

is it safe using sandboxie with older versions of firefox,i don't like that plugin container either......

 

Yes, most definitely.

Acadia

 

but,there will be any risk with vulnerability from old versions?

 

Very old versions are vulnerable but 3.442 is vulnerability free.

 

hey buster sorry,i meant vulnerability in older versions of firefox ...no in sandboxie.

 

Sandboxie will protect any and all versions of Firefox, and every other browser for that matter.

Acadia

 

Re: plugin-container.

Why not just disable it?

 

*Sigh* Disabling protection to make other protection run better. That seems to happen a lot these days. Here's a question, I would assume Chrome basically uses the same method. So, for you Chrome users, how is Sandboxie working out? Considering both plugin and process protections in Chrome, is Sandboxie even needed (provided script whitelisting is done and common sense is used)?

 

When 3.6.4 came out, at first I did not like the plugin container but got
use to it real quick and is not bothering me at all now. I most be one of
the rare few but I only allowed it start/run access and have not allowed
the container internet acces. So far I have had one SBIE message about
the container needing internet acces so I have not felt the need to allow
the plugin container to have internet acces.

Bo