Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    How do you plan on getting around the Driver signing @DavidXanatos? You don't sign your stuff correct?
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Using a leaked code signing certificate I found laying around the Internets.
    So far it works great :D
     
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,937
    Location:
    UK
    I hope you are just joking.
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    You can find this particular certificate on GitHub with the right keyword, or through google, don't know who put it there and why but it seams to work fine enough.
    And since its the only viable option I have no other recourse than to use it.

    That is... unless.... someone donates a k€ for the good cause. :rolleyes:
     
    Last edited: Apr 9, 2020
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
  9. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    Mmmm, the long trailed day ha arrived. As a SBIE veteran I should be grateful the product has survived the Sophos era and as recent convert to Linux and therefore Open Source software I should view this as a positive move.

    Unfortunately Linux teaches us also that open source means evangelists for their view of the best development path leading to fragmentation and diversion. That can lead to schism and fruitless debate at the expense of progress. I sincerely hope my old friend Bo, who has hinted at something positive on the horizon, is not mistaken. We badly need a leader for SBIE in the Tzuk/Curt mode. I hope he's/she's out there.

    Long live Sandboxie!

    Chris1341
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Chris, as of this morning, I was told that nothing has changed. Lets hope it remains that way. What you are saying we need is what we ll get if it happens. :)

    FWIW, according to Curt, when I asked if 5.33.6 was good to go with the next W10 update, he said "Yes, 5.33.6 works in both Fast Ring &Slow Ring, So, it should be good for a while. I tried to give people some breathing room before having to release a Win 10 fix."

    Bo
     
  11. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Lets hope we dont get too many Sandboxie-forks...
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Yes indeed that would be counter productive.
     
  13. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    I forgot to mention that the version (posts 6280 and 6283) didn't install properly in XP service pack 3. It went through the installation process as normal but no tray icon
    posts 6280 and 6283

     
    Last edited: Apr 10, 2020
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
  15. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    No I'm not, unfortunately, a simple code signing certificate is not enough for a driver.
    That is something you can use to sign your installer to make it look better.

    One needs a Extended Validation (EV) Code Signing certificate, see here:
    https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate
    To be precise not just any EV Code Signing certificate, one from one of these 7 vendors that MSFT accepts.
    The cheap once (assuming no extra hidden costs) are around 300€/Year
    And if one is to go that route and through the hassle IMHO one should get one valid for 3 years right away.

    So its not cheep unfortunately, and collection donations doesn't seam to work, see my patreon https://www.patreon.com/DavidXanatos
     
  16. soccerfan

    soccerfan Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    560
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    thank you, i read about EV and did not get it all. is there another way to donate than becoming a petreon?
     
  18. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Paypal is always an option. Or some sort of crypto currency. Depands on the amount I guess :D
    I would also take gold coins ;) hahaha...
     
  19. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Has anyone encountered compatibility issue between Sandboxie and HitmanPro.Alert? HMPA really doesn't seem to like sandboxie, and I'm trying to figure out why. HMPA throws out errors every time I launch something sandboxed. Perhaps there is an issue with Sandboxie that, if identified, can be fixed.
     
  20. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Advice from Mark Loman:

    Sandboxie is actually stealing tokens and elevating privileges with them so our mitigation is not wrong. Disable Local Privilege Mitigation if you insist on using Sandboxie around your browsers.
    Note that most browsers already run in a sandbox, like Microsoft Edge and Google Chrome, so adding another sandbox might be overkill on top of the native sandbox and all our mitigations.

    Source: https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-32#post-2719206
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Thank you. i was not aware of that post. I'll edit the settings.
     
  22. MGhell

    MGhell Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    34
    Yes, please provide a paypal option. I'll gladly give 50 bucks :)

    I don't think that goes well together...a security app signed with leaked certificate!

    Sandboxie deserves better...
     
    Last edited: Apr 11, 2020
  23. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    37
    Location:
    Out
    And could not make a formal request to Sophos to offer this certificate, many, including myself, had paid for our perpetual license. It would be more than worthy of their attention to acquire this certificate for the proper operation of sandboxing.
     
  24. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    So...now that Sandboxie is officially open source. Who's the first person/company who's going to make a fork of it?
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.