Two Questions about Sandboxie

As we say in England. The proof is in the pudding.

Sandboxie just works and if users set it up to protect their web browser(s), stop sandboxed programs having access to their documents and always run programs that they've downloaded in a sandbox. It would massively reduce the chances of people having computer issues (excluding faulty hardware) but computer shops need people to ruin their computers, so they want us all to run viruses and damage / lose our data as it brings them money.

Many people think a computer slowdown is due to the hardware being old. Not viruses and other crappy bloated software that they've installed is the real reason that their computers now all of a sudden now slow.

To prove how scummy computer shops are in England. All of them, years ago stopped selling disc imaging software or any other backup software that would actually help a computer user in favour of them selling anti-virus, internet security software by shilling for certain companies.

 

No need to get so bent, dude. "You should not present your own impressions or desires as facts." In case you're unaware of this, most of these posts here on Wilders are expressed opinions and taken as such. So, ya really don't have to get so hot and bothered. Full stop.
And as for your beautifully laid out a) and b) points, let's wait and see how long David will wait until he justifiably pulls the trigger on this freebie and puts a few dollars in his wallet. While my posts on this issue are purely speculative, they are nonetheless
highly visible. And not once has @DavidXanatos ever refuted the probability. I'm a fan of Sandboxie and will subscribe if and when it becomes necessary. And the rest of you that have a problem with that can take it or leave it.

 

current browser were fixed that fast and in regular usage there exist no attack, even without ad-/script- blocker. yes, there exist evil pages, no, those do not open by random, only by purpose. there was a time when browsers vulnerable to openings unstoppable popups or alert messages. but the really heva attacks were only possible with conjunctions of flash, java, pdf and javascript. glad that those times with plugins are gone.
i can accept when people "feel not safe", but there no need to. the development of firefox and chrome/edge is on such high level, and there exist also googles project zero beside another convention where pro's try to hack current browser versions and if possible the fix would come rather fast, within a day for mozilla.

idd, he could not do both at least. you and me remember his forum, it was full of requests and complaints.
but reading the list of security fixes which David fixed, i only can write that tzuk lost focus for sandboxies security.

i already wrote that. but to repeat - in the last 29 years using pc i never had an impact on my data. and i started as an idiot. and even without any antivirus because those bothered me with too much money for less security gain. i started with sandboxie 1.0 (beta) in 2004 but it was no part of my security, not even close. this happend later around 2010 when i abandoned any antivirus here.

the marketing of VS is excellent, like any vendor of some antivirus. i am not sensible to such crap advertisement and the lies behind. (to note - this do not include the ability of developer)
the general problem is that eg this forum (there exists a lot more) is a meet point for those who have issues or questions, but do not count those outside without any issue.

 

@Brummelchen So, on a scale of 1 --- 10, I'm going to suppose based on your response that VS ranks up there on or about 8.5. Please do not hesitate to correct me if I'm wrong. As always, thank you in advance.

 

i never ranked it because i do not care, i only read the feature list as an announcement for making money with it.

 

So, in other words, you would recommend Voodoo Shield as one of the best apps on the market to do what it purportedly does without hesitation.

 

Most security fixes by Tzuk and later by Invincea were done silently. Many security issues were reported privately to him, and fixed (and no one knew this was happening in the background).

Bo

 

This most certainly was so, but that does not mean that everything was fixed properly and the amount of holes I had to plug and those to be plugged still on the road map surely suggests that absolute security was not a priority.

I still can not wrap my head around the fact sandboxie always allowed sandboxed processes to read the memory of any unsandboxed program, this is so obviously unnecessary and dangerous.

An other example at some point in time Invincea plugged a hole with NtGetNextProcess in a pretty blunt way, but forgot to fix NtGetNetxThread which allowed for a very similar exploit.

And there were also a couple obviously flawed design decisions which if security would be most important would not have been made the way they were.

I think at some point the developers dropped the ball, as simple as that, such a developer is expensive and the revenue that could have been generated with sandboxie due to all those perpetual licenses quite limited, it is likely Invincea did not allowed enough time for the project.
I think Tzuk made the best deal out of it and sold it just at the right moment.

 

Same as every other software, Sandboxie has had holes in the past, and still has them now. I think you are being unfair to Tzuk and the rest of previous developers when you say that absolute security was not a priority when they worked in Sandboxie. When I first started using SBIE, there was a setting available to allow drivers to install in the sandbox, eventually, this setting was deprecated. That was done for better security. Some users didn't like this, and Tzuk took flak for doing away with the setting, but he made the decision because he thought the gains from having the setting available was not worth the risk users took when enabling the setting.

You yourself admitted (in the quote) that there are holes in Sandboxie now, holes that you know about, but you are not working to plug them right away. You have them on an schedule to eventually work on them and at the same time you keep adding new features or "improvements" constantly, You, yourself is doing exactly what you complained previous developers did not do (not make absolute security a priority).

But I guess in your view, is OK for you to spend most of your time developing new features but it was not OK for previous developers to spend most of their time working to keep Sandboxie secure (done quietly) and compatible with Windows and with most popular and common programs that most people use on a daily basis.

In my opinion, other than the bunch of unnecessary changes and extra stuff that you keep adding, I think you are doing a terrific job with Sandboxie. Without you, I wouldn't be using SBIE right now. SBIE 5.33.6 became broken a month ago. You fixed the issue, you are a champion.

But the guys before you, deserve their credit. To me, Tzuk and Invincea (Curt and his team of developers) are also champions. They won the World series. Once you are a champion, no one can take that away from you. To keep this post shorter, I ll finish this thought here. To some, Tzuk was god, he created Sandboxie. And Curt, he made it possible for Sandboxie to be released as open source. Without either of this two guys, there would be no more Sandboxie and you wouldn't be working on it. We should remember.

We owe them, we shouldn't forget.....

Bo

 

I see why it might appear that way, but this is not quite right.

In fact on github there are already branches pushed with the things I knew about fixed, and I was sitting on these code for weeks before that already.
But as these things change core Sbie mechanics it would be a nightmare to debug if I would have put all of that into 1.xx and then have to handle the flood of broken fringe edge cases without even knowing which change broke them. With such changes its good to introduce them one by one and observe what it at all got broken and needs a workaround, before proceeding to the next change.
Also the open issues in question are or of an architectural nature, unlike most of the already fixed security issues, they don't plug a known exploit but rather reduce the attack surface significantly for possible yet unknown exploits.

My point was not, "not fixing things in time" but "making things work in a way that leaves them vulnerable to potential exploits".

For example sbiesvc since the very first 4.xx builds had a "provision" to start a process in the sandbox with a system token (more powerful than an admin token), completely bypassing UAC and "Drop Admin Rights", that is almost as bad as it gets and a good portion of the vulnerabilities Diversenok found work only with a system token in the box. So if that "provision" wouldn't have being there, at least enabling drop admin rights could have been a workaround.
The issue here is not as such the ability to start something as system in the box, but that there were no safeguards or means to disable it, especially that it bypassed "Drop Admin Rights".

Or an other example, the mechanism to open access to the unsandboxed printer spooler allowed a sandboxed process to add an OpenIpcPath with the only restriction that it had to be under "\RPC Control\", a sandboxed process should be never ever able to tell the driver which paths to open, now that was most certainly introduced some time after windows 8 was released (so after Tzuk left I think). But anyhow this is such a big SNAFU I'm lacking words to properly express how wrong that was.

Its not about assigning time resources to bugs and possibly prioritizing compatibility but about making design decisions that from a security first standpoint were plainly wrong.

 

i do not recommend stuff like VS, because not needed. *** dont put words into my mouth i never said/wrote. if "snake oil" remind you something then it's time to re-think about.

in short: a good marketing can sell a lot of BS

 

Spoken like a true troubadour. Indeed...

 

Thank you for this Bo, I got this to work by creating a USB sandbox by copying none of the setting of the default box. I put a USB drive in, right click the drive letter and run click sandboxed. I can then choose which sandbox I use for it. The funny thing is, the window would never appear before I think because of restrictions I had on the default box. Now it shows up but it takes it's sweet time doing so.

After this was done I went in and changed the settings to allow no internet access as you suggested.

I've found that if I open the drive and find say a pdf file and I click it, the pdf viewer starts sandboxed and that is exactly what I would want.

Are there other settings in general you would use to make this more secure?

I did not check the drop rights box under restrictions because that caused problems before when I tried that on the default box.
I do have the network file box checked though I don't think it makes any difference on my stand alone system.

Many thanks for your help.

 

When you click to Run sandboxed on a drive letter or a folder (any folder), a sandboxed version of File Explorer opens up sandboxed. So, earlier, when you attempted to run File explorer in the DefaultBox, since it is Start/Run restricted, you could have added explorer.exe to the programs allowed to run, that in turn would have allowed the window (File explorer) to run/to appear in your Default box. In my earlier post, I think one of the suggestions I gave you for trying was to add explorer.exe to the programs you allow to run (if DefaultBox was Start/Run restricted).

That is the beauty of running File Explorer sandboxed. The functionality you are seeing in your sandboxed USB drive is what you get when you run File Explorer sandboxed or when you right click any folder in the drive and use the sandboxed Explorer that pops up to navigate anywhere in your computer. Whatever you do, whatever you run when you navigate to files or programs using a sandboxed explorer it is sandoxed. This is the safest way to open suspicious files (files you are not 100% sure what they are). I don't download any suspicious files but if you do, now you know.

You could block programs that run in the USB sandbox from having access to your sensitive and personal files and folders. That way you protect your important files from being stolen. Since you already forbid all programs that run in your USB sandbox from having internet access, this could be a little bit of overkill. But I still do it.

Personally, I allow all programs to run in my USB sandbox (but nobody touches my computer except me, and Never plug anyone else's flash drives), If on the other hand, you plug other peoples flash drives, then you could Start/Run restrict your USB sandbox. What you do with this basically is to only allow to run the programs that open the files that you normally keep in your USB drives. If you only keep videos and PDF, then only allow the programs that open those files. That would make this sandbox very restricted, very safe.

In my opinion, anything else is not needed except...

The one thing you are missing though, is forcing the drive.You should Force the USB drive. For the letter to appear, plug in the flash drive and via Forced folders in Sandbox settings, navigate to the Drive, click to add it.

That would make things automatic AND, if any malicious file is in the drive and tries to run on its own, the malware will run sandboxed. No matter what it is, if it runs, it will run sandboxed automatically. This would not be the case if you don't force the drive.

Force the drive....

Bo

 

Just what I was looking for, gracias. I will force the drive like you said before. I was not considering autoruns. If I ever want a trusted USB drive to open unsandboxed, it's easy enough to change the settings temporarily.

I did initially try adding explorer.exe to the allowed list, but the window still would not open. I'm thinking there was another executable not allowed to run that was stopping it but I can't find it.

 

Bo, unfortunately this is ineffective if USB drives open with varying letters, eg if using more than one, or one with separate partitions..

It has occurred to me that any drive could be forced if a certain file wasn't present, but I see no way to do that. It's OK @DavidXanatos I'm not asking for a new feature as I suspect of limited use.

 

Hey Bo.

Have you made the switch yet from "classic" to "plus" yet? DavidXanatos has been gracious on another thread recently illustrating the how-to's of navigating Sandboxie.
If you have any further instructions to add via screenshots or whatever; I for one, and no doubt many others, would be happy to indulge in whatever tips and suggestions you could provide.

Best regards,

 

If that is the case, then the user can just copy the settings for different letters written in the post below by soccerfan, and paste them in Sandbox settings of the USB Sandbox in the Configuration file (Via Sandboxie Control>Configure>Edit Configuration).

https://www.wilderssecurity.com/threads/two-questions-about-sandboxie.445400/#post-3085780

Bo

 

Hi StillBorn. I am still in Classic and will remain using Classic for as long as that is possible. I seen the thread. From my point of view, keeping both UI's can be beneficial to Sandboxie (and I mean to David's Sandboxie Plus), so I have given David via PM some very short suggestions on how he can make it so. Greetings.

Bo

 

You are welcome, glad to help.

That probably was rundll32. That needs to be allowed also, in a Start/Run restricted sandbox.

Bo

 

Hey Bo.
Keep staying the best because you are.

All due respect,

 

Here's a question most users will love to hate but I'll ask it anyway. Is there any difference even in the slightest for protection levels between the "Classic" version and the "Plus" version? GUI-wise, they're practically different planets.
And if "Plus" is the superior choice in protection, then I'll take the appropriate measures and wean myself off of the "Classic" version ASAP. So many thanks in advance.

 

>GUI-wise, they're practically different planets

what?! have you seen the recently finished migration guide: https://www.wilderssecurity.com/threads/sandboxie-plus-migration-guide.445681/
its almost the same UI just much better, it should be super easy to migrate from classic to plus.

About differences between plus an classic, that depends, technically booth builds share the same components, so booth can be configured to provide the same level of protection, but practically the classic version has no UI to configure this enhanced protection. And some enhanced protection is only available to users with a supporter certificate.

In the Plus UI you can configure for example detailed firewall per process rules for each sandbox individually.
You can configure sandboxie for privacy protection, that is to operate in a whitelist mode instead of the old blacklist mode. So a program in the sandbox can not read any user data, except explicitly where you granted access to.
You can run installers without giving them admin rights by making them think they have an admin token.
You get a lot of UI options to configure the various security/isolation options in fine detail.

 

I have migrated to Plus and intend to stay on it as I'm used to it now, but despite using SB for many years I find the choices bewildering at times as I do not understand the potential consequences. So I wonder if Classic would be better for the user with less detailed knowledge and who just want to install it and rely on the protection.

 

Or perhaps this alternative:

I changed to the Plus version already a while ago with two main principles:
- I left the default settings of the Plus version more or less as they are (perhaps with small changes - I do not remember at the moment) - relying that they offer a good protection and need not necessarily a customization.
- And I kept my old settings via the old ini-file* (the one from the classic version and even more back to the pre-David times of Sandboxie). So my old special settings still exist in the Plus version too.
*) [here I had posted its contents: https://www.wilderssecurity.com/thr...bie-fork-guidance-on-use.435796/#post-2981804 ]

I hope this combination offers a good protection without the necessity to deal at the moment a lot with the specifics of the Plus version.