Sandboxie-Plus v1.12.3

No I said changes to sbiedll.dll are not security critical.
Of-cause I make changes to the driver and or the service to add new functionality, like ram disk support, the various non standard box types, etc...

Until now I have fixed a huge amount of security issues inherited with the code base: https://github.com/sandboxie-plus/Sandboxie/blob/master/SECURITY.md
and have not introduced any new, so I think we are on a good track to add more functionality without compromising on security.

Cheers
David

 

Well where would you put the threshold to nagware?

It must be allowed to inform the user that there is an option and need to support the project if one wants it to be properly maintained.

The old sandboxie nagged the user once every 12 hours after 30 days of use, was that already nagware?

 

So far I find the amount of "nagging" Sandboxie plus does very fair. At least for my taste.
Keep up the good work and take breaks

 

Yes exactly, that's what I meant. The more features you're adding, the more changes you need to make to service and driver. I don't think it's smart to make SBIE too bloated, let's keep it lean and mean. I'm afraid you might go overboard, especially because you do all of the work by yourself.

Yes, I knew you fixed certain issues, but that's why I'm worried you might introduce new ones. For example, you talk about reworking the hooking mechanism around SCM, can you explain this a bit more? Will this require a change to the driver/service?

I don't think I ever saw a nagscreen in old versions that were developed by Tzuk/Invincea/Sophos and you? In fact, I'm using an old Sandboxie Plus version and I have never seen a nagscreen so far? It's better to limit functionality (without nags) and if people need more, they will buy a license.

 

+1
@DavidXanatos
Before people were happy to run the major browsers, major email clients, office programs/mediaplayers. That was with a company behind it.
Now more and more niche/exotic stuff is hoped for (wanted). This isn't a company anymore it's a one man show (more or less). If you can continue to keep sandboxie running for the main stuff without getting a nervous breakdown it helps all in the long run. (I wouldn't want open the box of problems that may emerge trying to full fill the dozens of niche/exotic requests)
Thanks for your work

 

@DavidXanatos
I would say with freeware...leave the user alone, no nags within the software to enjoy the product and if you have a paid version you can advertise it on your website.
Constant references to upgrade to a paid version creates bad feeling and resentment and makes it less likely that someone will 'upgrade' and particularly when the product has a history of being a 'people's' 'enthusiasts' product that loyal users have put vast amounts of energy into, during the software development.
Tzuk's Sandboxie forum got great input from members and with fluid dialogue and 'to and fro' helped the development enormously. The users must be given credit for their input and not feel like they are just a potential income source. That's my view.
Even when Tzuk was in charge of Sandboxie many people objected to occasional 'touch base' types of connections and wanted to enjoy the software without these interruptions.
Freeware (in my opinion) should be free of these intrusions (which spoil the feeling of ownership) and blemish the usage. The best freeware is a gift and recognition from the developer and a gift with a 'proviso' or 'catch' is not really a gift, just something that is burdensome.

 

On the other hand you can see it quite simply: Freeware respectively a gift is something you get from someone and you can use without having to pay for it.

From this point of view, Sandboxie (in its basic version) is definitely freeware / a gift.

Indeed in certain cases (e.g. permanent nagscreens) a gift may become burdensome. But I think this does not apply to Sandboxie.

 

You can google it one of the results from the first page

Only changes to sbiedll.dll

The way sandboxie currently handles a good portion of scm related API's is very hacky, it hooks functions in advapi32.dll which in later windows versions have been moved to sechost.dll so advapi32.dll contains only short jump stubs, then when they detect a modern windows version hooks the sechost.dll and redirects it back to advapi32.dll onto the initial detour, what ofcause breaks the trampolines for said functions, luckily these are not used later but eider way that's not how you do things.
Also that code needs a bunch of workarounds to handle loading of sechost.dll in case of circular dependencies, etc....
This was implemented this way most likely in order to fix the api's being moved in win 8 and later with the least afford possible, not great work at all IMHO.

The new code checks the various DLL's which may contain the actual function implementation and picks the right DLL to hook, a much more elegant and reliable approach.

Well but sandboxie always was like this (except for the 5.3x builds when Sophos decided no longer to maintain sbie), even worse with the free version users were not able to use more than one active sandbox at a time, trying to launch something in an other box showed a message informing of the need of getting a license. And it was showing the above linked nag screen every 12 hours in the last builds before 5.3x, I don't remember in which build that was introduced but it was there for quite some time.

So lets be realistic Sandboxie never was really Freeware it always was a very advanced Demo.
And you know when I got the driver signed I could have chosen to revert the behavior to the usual, locking out the use of multiple sandboxes and forced processes as it always was, just saying.

 

Good grief, people, Sandboxie works and is a special gift. Patience is the most divine of all virtues.
Acadia

 

I wish David well.
I'm not knocking David or Sandboxie. David asked a question about our thoughts on the threshold to nagware and I tried to answer it from my own perspective.
I still use an older version of Sandboxie (pre David) for which I have a lifetime licence. That is not a slight on David, his, work or his development of Sandboxie.
This might sound foolish to some but my older version has met (and still meets) my needs alongside Shadow Defender.
I've never had a problem running the older Sandboxie. on various operating systems and being a valid paid up user of those versions of Sandboxie, I'm happy.

.

 

I tried to use the hotkey "Shift + Break" in my sandboxed browser, but nothing happened, the browser was still there and working. Have i to activate the new hot key? And where can i see all the available hotkeys (i can't detect them in global config or sandbox-config)?

EDIT: I found the place, where i have to activate the hotkeys - it's in Global config editor at "general config / SandMan options".

But now i'm searching the option to configure a individual sandbox to be excluded from the global terminate command... - when i use the search field of sandbox-config (left bottom), no menu with 'hotkey' is found

 

Check Various Options -> Compatibility -> Exclude this sandbox from being terminated then "Terminate All Processes" is invoked

 

Hi! I've noticed 2 issues:

1. When I try to run a forced Firefox (latest standard stable version) outside the sandbox, using the right click menu with admin rights checkbox checked, Firefox runs sandboxed anyway. If I try the same, but with the admin checkbox unchecked, then Firefox runs unsandboxed. I can reproduce this on Win10 and Win11. It was working fine before I updated Sandboxie from v5.60.3 to v5.67.3.

2. When I try to open a text file on a forced USB drive, the file won't open sandboxed (well, won't open at all) and I get the following message from Sandboxie:

Code:

SBIE1241 Cannot mount registry hive:  [C000000D / 22]
SBIE1231 Initialization failed for process Volume3\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2310.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe [C0000001 / A3]
SBIE2314 Cancelling process Notepad.exe

This 2. issue is only present on Win11. It's the first time I installed Sandboxie (v5.67.3) on Win11.

Not big problems at all, but since it was written we should test the 1.12.3 / 5.67.3 version thoroughly, hope it helps.

EDIT: I just realised after reading my post again - I think that the Notepad in Win11 is a metro app? So I guess that's no issue as metro apps don't work with Sandboxie, if I remember correctly? My bad for issue nr. 2 then.

 

2. yes

1. so you want to use the run sandbox context menu to run firefox as admin unsandboxed?
Will try that out asap

 

If v5.60.3 is the "original Sophos" sandboxie afaik you would have to uninstall it (keep the sandboxie.ini file with the settings if wanted), reboot and then install sandboxie classic. You did that and not an over the top install, right?

 

OK cool. Don't get me wrong, it's clear to me that you are a skilled developer and I'm impressed with Sandboxie Plus, I'm just a bit worried that you're going overboard and might eventually break things. But according to you, you have got everything under control, so that's what important to me.

To be honest, perhaps I forgot about this, I mean about the nagscreen. I have installed an older version of Sandboxie Plus for about 1,5 years and still haven't seen any nagscreen.

Yes, same over here.

 

2. I will get the old Notepad in Windows 11, no problem at all. I don't like Metro apps.

1. Yes, just as you wrote. It doesn't work at the moment, but it's no big deal.

It's not, v5.60.3 is a David's version released in November 2022.

 

nags are awful, from my view. sandboxie now has nags -> "using now for x days " (similar).
i dont know about "premium" features, probably most like in sb+?
just using the classic, i still go with default values with few changes.
anyhow as people wrote some go with niche/rare features/problems i dont share.
for the nag(s) an option would be nice eg. "dont bother again" like sb error messages.
my usage of sb (classic) is very limited. just an opinion.

 

Well, I hate to admit it but I caved to the nag, which actually wasn't very obtrusive but did make itself known. I mean, if you can restrain yourself and tune it out, more power to you. But I preferred not to have any nags at any time and don't regret my decision.

 

If you're using something regularly then you should be - in some way - contributing to its development/maintenance.

Increase the nags

 

Well lets not over do it.

I decided to change the automated updater to only be automatic for users with a valid certificates,
all others well be directed to the https://sandboxie-plus.com/downloads/ to get their update, and user on the preview channel to the github release.
And I'm looking into placing som ads on the download page, right of the downloads.
Users which don't like ads will have an ad blocker and wont be bothered by them anyways.

I think this is quite fair given how much work I put into regular new updates.

 

Hi,

I updated Sandboxie from v5.60.3 to v5.67.3 on my main PC (Win10) and am getting the error pictured below anytime I run anything sandboxed.

Code:

SBIE2321 Cannot manage device map: [C0000034 / 88]
SBIE2321 Cannot manage device map: [C0000034 / 11]

I uninstalled and reinstalled Sandboxie, but that didn't help. I have googled the problem and yes, I'm using Windows as an Admin and if I disable the Drop rights feature in Sandboxie, I'm not getting the error.

What is the problem? Is it safe to use Sandboxie anyway and hide the message?

 

yes its safe in cace of a case it woul break compatybility and not security.
could you test some in between builds to pin point which exact build started to have this issue?

 

I tried it on a VM Windows 10 install, but there I don't get the message with the v5.67.3. On my main Win 10 machine where I'm getting it I won't be testing, because it's not a PC for testing. FYI: When I uninstalled and reinstalled Sandboxie on my main PC, I did not delete Sandboxie.ini because I wanted to keep all my sandboxes and settings intact - maybe that would have solved something, but that PC is not for experimentation so I just hid the message. I wish it happened in the VM so I could test. I did find this, if it helps you with pinpointing the date:
https://forum.xanasoft.com/viewtopic.php?t=552

 

PS: I just got a BSOD, for the first time ever on my main PC (had it since 2017, the same Windows 10 install from the beginning).

I haven't updated anything in the last weeks and I made a system backup yesterday before updating Sandboxie. The only thing I did was update Sandboxie (as I wrote in the previous post).

So, what I did when it happened was made Sandboxie v5.67.3 forget the hidden messages and then run Firefox sandboxed. This is what happened then:

Code:

0x000000ef

ffff8007`d7bd50c0

ntoskrnl.exe+3fd640

I tried to reproduce the same scenario after rebooting the PC, but this time there was no BSOD. Can you tell what caused it from the picture? Hope it helps. Hope it won't happen again as this is my main PC which I need to be stable.

Also, do you think if I uninstalled Sandboxie, removed the Sandboxie.ini file and then reinstalled, that the error messages would be gone?

But I would like to keep all my sandboxes and settings as before, maybe I could just paste a backupped Sandboxie.ini file back into place after reinstall? Will the sandboxes stay on the disk if I do this? I'm talking about Sandboxie Classic.