Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I remember all the Tzuk posts the Lockdown is talking about. But like him I have no intention of going back and trying to find links.
     
  2. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    You keep saying that I suggested that the linked article is a means to bypass Sandboxie. I said no such thing. That linked article demonstrates that vulnerabilities can, and do, exist in the code. Invincea-X is shown to have a vulnerability. And it is build upon the SBIE foundation. The article proves that SBIE code is no different than any other code.

    I don't have to prove anything. I am stating the obvious that is established industry fact. And I didn't state that it was easy to bypass Sandboxie. There again it is you saying that I said that.

    You are saying I am bashing Sandboxie. I'm not. If you look back through the posts I openly stated that anybody that knows security softs knows that Sanboxie is a solid product. But you choose to ignore that statement. I am just stating what is widely accepted by the industry for all security code. And that is if a determined attacker is willing to target Sandboxie there is a fair probability they will find something that they can take advantage of.

    Sandboxie code has nothing to do with security, vulnerabilities and any other issue ? Really ? It has 0 lines of code and therefore 0 attack surface ? Really ?? Someone will have to teach me that trick. Sandboxie is a software product and it is absolutely 100 % code.

    Your argument is that Sanboxie is not bypassable. Well in the past security issues within the sandbox itself have been discussed. They were reported and fixed. If it happened in the past it could happen again. Like I said, you keep saying things that are contrary to what the original Sandboxie architect stated in the past.
     
  3. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Sandboxed processes messed with container security in the past. It was discussed long ago and surely it was fixed back then. If it happened then, it can happen now, and it can happen again in the future. Sandboxie is a solid security product but it is not guaranteed 100 % like some would have others believe.
     
  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Our product is not perfect and I am the first to advise people that software is not 100 %. Unlike you and other SBIE fanboys that state SBIE is different and immune to the vagaries of code.
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    So we talking about that file manipulation aka vulnerabilities exists? Man, you're more ignorant than I tough. It's not a vulnerability when there isn't a practical use and I explained that's not easy to do that, especially not when the driver/SIB sandboxes already protect against the malware. You even understand what I'm saying here? How you infect something when it's in the box? The overrun doesn't even work then, check the code.

    Eagh, that makes no sense but okay. Cause there isn't even Sandboxie code shown, there is a poc shown, which isn't (at this point not confirm able). I submitted it into Sandboxie forum and wait for response/confirm.

    So you talk without any real message, is that same you code? I hope not. I'm really talking to kids here.

    You bashed the community here and you try to say that this product is like others, which is not the cause - it works on a another layer which is proven. Especially cause you can load the malware into it and then nothing happens unless you not recover it yourself, while other products not even offer such a mechanism (except Comodo). This makes a difference cause the product itself can't be compromised that way.


    Your understanding from developing is very very limit to say it friendly, code isn't vulnerable unless someone picks it up, code something and then again we are at the point when the user needs to be interference + allow it. As even in the link shown it's not easy cause you must allow manipulation within the driver, even then in 90% the driver just crashes or BSOD here (depending).

    I never said that, you just intent I would argue that way. I say that you're link shows nothing except to scare people, which is correct, you can't even explain it detailed which makes me thinking you can't even code a hello world. When you post something and someone ask something there should be minimum an explanation which you still refuse to give me, instead others (thanks for that) giving me something to argue with - which I also now did.

    At least it's something on his own created and not stolen from already existence windows functions to quickly make money.
     
    Last edited: Jul 27, 2017
  6. guest

    guest Guest

  7. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    So SRP not exist since over 20 years in Windows, thanks I all take it from here.....
     
  8. guest

    guest Guest

    What are you talking about? because Applocker exist so others cannot? especially when they add additional protection on top...

    yes better you move on...
     
    Last edited by a moderator: Jul 27, 2017
  9. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    If a CVE was created that means there is vulnerable code. Invincea-X is built upon Sanboxie code. So you are choosing to ignore what Cisco-Talos has proven. And that's kind of funny since Invincea itself accepted the report. That demonstrates a lot about Sandboxie ultra-fanboys' state of mind.

    In the past Tzuk openly discussed that there could be vulnerabilities such that there could be a breach of the sandbox. So, like I said, you keep saying things that are contrary to what the original Sandboxie architect himself has stated in the past.

    I didn't bash anything. It is you who is saying that I am bashing. Once again, I openly posted that Sandboxie is a solid product -- but you are ignoring that statement. I defended SBIE on a particular basis in my first post and then later on linked a post. And once I did that the Sandboxie fanboys came out of the woodwork and start their usual blown out of proportion defense of Sandboxie.

    If code wasn't inherently subject to vulnerabilities then there wouldn't be anti-exploit products and there would never be a need for a single security update\patch - ever - from any publisher. If you look back through Sandboxie updates you will see that security issues are mentioned as fixed. So I suppose the Sandboxie code wasn't problematic and they just fixed something that wasn't broken - just for the hell of it. Because they could...

    Oh... I forgot. Sandboxie is the miracle product which is completely different than any other software product in existence. It is the only product known to mankind where a vulnerability cannot exist. Oh please...
     
  10. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Fun thin is that when you search the official database it's not even listen, maybe because it's new. At this point I wasn't even aware that Talos exists because I look in the official lists not the Cisco internal databases or others. Before you mention fanboys and again bash the entire community to complain about the sandboxie product - again you have your own product why not just answer my question and make this less complicated?!

    In the past, sr I give a bull about the past in past computer not even existed - what arguments are these? In past Sandboxie wasn't even teamed up with Invincea so and?! You talk here more about manpower to maintain the code and handle possible vulnerabilities - which again makes me think you want to come here to ruin the product which isn't fair - especially because YOU not even explained anything yourself. Other people (you would call them fanboys) kicked in and did your work (look at their signatures -> AppGuard 'fans'). Made me giggle. You definitely did bash here, as shown now - don't excuse this.

    Anti-exploit products according to you are weak so why you bring the argument you wanted to destroy before? I saw lot of cracks about your own product in known forums too, should I post them and what do I get then? We aren't again talking about that software is exploitable we talking about the legit question if that POC is in 'wild' usable to bypass it in the real world and not only on paper. The difference here is that if that would be true it needs to be patched asap, but as I said I doubt this very much.


    In meantime I tried that POC and it's not working on my end, cause the entire system (win 10 1607 LTSB) becomes unstable and unusable till it crashes. I patched the driver to prove my words, which can be found here. It's for me not an attack which I consider to be harmful or urgent at this point.

    As said I also made an Sandboxie forum entry in the beta section (needs approval) and let's see what I (we) get as response. Let's keep this thread clean.
     
  11. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    You don't know about Cisco-Talos ? I thought you said you research about Sandboxie once every week. That report has been up for a while and, if I recall correctly, Sandboxie is mentioned in it. In fact I think a search for "Sandboxie" will return it somewhere on the search return pages.

    I am not bashing anything. It is you who says I am bashing. I am not complaining about SBIE. I have no vested interest in the product.

    So what the original software architect stated in the past doesn't apply today ? You have got to be kidding me. What was true then, is still true today, and what he said then remains true for any software product. If you don't even know what was discussed years ago, then how could you even know if it was relevant or not today ? Code has not changed so much over the years that old security problems do not exist today.

    I am not here to ruin the product. It is you who says I am here to ruin the product. Once again, I stated that Sandboxie is a solid product, but again you keep ignoring those repeated statements.

    What is there to explain ? From the beginning I have simply stated what is widely accepted basic principles of code and vulnerabilities. This is basic stuff.

    I never said anti-exploit products are weak. It is you that is saying that I said that.

    I could care less what people say about AppGuard. People on these forums say "stuff" all the time and I'm not concerned. I am not a jackass who is going to run around forums and the internet and attempt to sanitize what people say about AppGuard. People are entitled to their thoughts and opinions. Data is useful.

    Bromium demonstrated that the Sandboxie sandbox can be bypassed. It was posted online a few years ago. In the past, security issues with the sandbox were reported and fixed. So it is not like security issues with sandbox have never been a part of Sandboxie's history. The threat of vulnerabilities is an ongoing process. It will never end - ever.
     
    Last edited: Jul 27, 2017
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    ENOUGH!!!!
     
  13. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    ~ Removed Off Topic Remarks ~

    I use SBIE just for resetting my browser after I turn on cookies or Java-script.
    Don't consider it a main security soft, just another layer in defense. Nothing is perfect, except SBIE (NOT).
     
    Last edited by a moderator: Jul 28, 2017
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Depends on the type of exploit. If kernel exploits are used, then it's likely that third party sandboxes will indeed also be bypassed. But in the example that guest gave about the Edge sandbox bypass, SBIE would have saved the day, because the malware would still be running in the virtual container. This means that for example ransomware still wouldn't be able to modify files outside of the sandbox. And other malware wouldn't be able to inject code into system processes, because SBIE blocks inter-process communication to non sandboxed processes.

    Thanks, that was interesting to read. I personally would never rely on a browser's own sandbox for security, I would always run it with isolation on top.

    ~ Removed Off Topic Remarks ~
     
    Last edited by a moderator: Jul 29, 2017
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    if software rely on same kernel it is vulnerable same way. but talos noted a break-IN to a sandbox and not a break-OUT.
    https://www.talosintelligence.com/reports/TALOS-2016-0256
    i can image that this make sandboxie vulnerable from inside but that was not written. if it means that the sandbox driver can not be loaded sandboxie could not start the program inside and should throw an error. although it may happen this is too much theoretical for me.
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Brummeichen, this was Invinceas response to Talos vulnerability notice:

    "Invincea Comments: We believe this vulnerability is not serious and unlikely to be exploited. This exploit cannot be run within an isolated environment, and cannot be exploited without already being outside of the protection of the isolated environment."

    i asked Barb if there was anything else she could add to that official response, and she said:

    "I do not have anything else, other than the fact that the vulnerability was addressed and shouldn't be a concern (even to begin with, you would need an infected host (outside Sandboxie) to trigger the issue, so it is not "technically" Sandboxie related. Still, it got patched)."

    Bo
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    if this was the answer to chef-koch i read it there. then i installed 5.21 beta and was happy ^^
     
  18. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,155
    Location:
    usa
    I've just updated to 5.21.2 and have no issues.
    What's more.
    I've installed Bitdefender Total Security 2018 on my two other computers.
    Before I proceeded with all that "Include/Allow Apps" in BD's two/three modules, I've just simply added that line Write path.... in Sandboxie's configuration, and
    that was enough(!!!) to resolve any Sandboxie/BD issues.
    Just that one line in Sandboxie's global configuration was enough to get rid of any Sandboxie issues while using Bitdefender.

    Thank you for that advice!
     
  19. guest

    guest Guest

    Yep the vulnerability was mentioned because it existed, that is it; and was quickly fixed which is was it is supposed to be done, nothing to dramatize about honestly.
     
  20. illumination

    illumination Guest

    @Lockdown is correct about what he has been stating from bypasses to bugs that were or could be exploitable, took me all of 5 minutes to find this and I'm not even familiar with the sandboxie forum, or the product itself.

    Quoted from Tzuk himself here: https://forums.sandboxie.com/phpBB3/viewtopic.php?t=3167

    Make sure to read both pages of the discussion.
     
    Last edited by a moderator: Jul 29, 2017
  21. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    I know this will sound silly for most of you. But I feel bad that my comment ended up becoming such an issue. I understand that on a forum that strong discussions/arguments can occur, however I didn't think it would turn into a personal attack between two members of this forum. I'm sorry.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    You shouldn't be at all. As I see this, you have no guilt no shame on this.
    You asked valid questions and it's not on you the discussion went into a "verbal" ad-hominen warfare.
     
  23. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    There are no personal problems. To me it is no big deal. It is just another day on the forums. I stated my case based upon facts and statements made by the the person who designed the product. I'm just not going to sit by and let people spout garbage or even imply that SBIE cannot be attacked - whether it be from within the sandbox or outside the sandbox. Tzuk admonished people over the years that all code is susceptible to attack, including Sandboxie's. That was true then, is true at this moment, and shall remain true for as long as Sandboxie exists. Sandboxie is no different than any other security software. That's all there is to it. It's not anybody's problem that there are some who cannot cope with this fact.
     
  24. guest

    guest Guest

    +1 ,
    Don't feel bad, your question was valid and expected, we answered and even gave you an example, which is also normal. All was peaceful and friendly until someone jumped in out of the blue and start trolling/offending because he didn't stand a certain post mentioning a certain PoC, which was already fixed... :argh:

    "Trust No Program" punchy slogan written in red on Sandboxie main page , that obviously include itself. :D
     
    Last edited by a moderator: Jul 30, 2017
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Glad to know all is well, Zmechies :).

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.