Sandboxed Desktop new feature (work in progress)

I'm working on a new Sandboxie feature, which allows to run processes in an entirely separate desktop.
See DEMO: https://youtu.be/EMlhObEiYiQ
This allows to reliably prevent any screen capturing from within the sandbox, it can also be use to do the opposite and protect a private encrypted sandbox.
The feature is still very much a work in progress so don't expect a release anytime soon.

 

Only 15 views on the demo video is it so boring of a feature or is it the summer and people have better things to do?

Anyhow I need some advice, where should the checkbox for this feature be located?
As it can help eider to protect the host or to protect the box depending on the use case it is not so clear cut where to put it.

 

It's too hot to comment.

Will each box use its own desktop, or will there be a single desktop? Do users have the ability to interact between the normal desktop and the Sandboxie desktop, like copy and paste?

You can place this setting in the first tab that appears when the options window opens. (General Options > Box Options)

 

Yep, summer and travel till month's end
But I do like the suggestion by @busy

 

Currently Sandboxie creates a new desktop for each box.
Clipboard is implemented on the windows station level so yea stuff copied in to the clipboard on one desktop will still be there when you switch to an other desktop.

One of the issues I'm facing right now is that the start menu and context menus on the taskbar on the non default desktop are broken on windows 10 and 11,
this is not a Sandboxie issue as SysInternals Desktops (https://learn.microsoft.com/en-us/sysinternals/downloads/desktops) tool has the same issue (on windows 7 it worked just fine), seams that the modern UWP based UI components are not rendered by explorer.exe but by some other process which lives on the default desktop and does not get a new instance for a new desktop.

So we eider have to craft an own shell replacement for the sandboxed desktops or live with issues.
Strangely enough Open Shell menu while not being triggered on 10 seams to work just fine on 11 there only the context menus for the pinned items are missing.

 

Will it become sort of like a VM? Are there any other advantages to it, I don't see the point to be honest.

 

No, a VM is something completely different.

There are many advantages, you see windows does not support DACLs on UI objects.
This means you can not precisely isolate UI elements on the same desktop from each other.

With Windows Vista MS introduced UIPI (User Interface Privilege Isolation) but this is only a one way isolation, processes have a set Integrity Level Medium for normal, High for admin, Untrusted or Low for Sandboxed.
And everything with a higher level can access everything on its own or lower levels, this is not great.
For example we can not protect the windows of an encrypted private sandbox from being messed with by software running on the host.
And as mentioned for best isolation we need to drop the integrity level to Untrusted what brings a hole mess of issues requiring a lot of code to fix, as well as yet unfixed problems like HW acceleration in web browsers not always working in non green boxes.

Using a separated desktop which has an own DACL allows us to keep a higher Integrity Level without reducing the protection of host windows.

Some IMHO not resolvable issues is a reliable desktop capturing prevention, having sandboxed proceses on a separate desktop ensures they can not capture any screenshots of host processes.

Also without DACLs we cant isolate 2 boxes from each other, booth have Untrusted Integrity Level hence are able to send messages to each other windows.

All these issues can be resolved by giving each sandbox a very own desktop it can have full control over.

The downside is that at any point in time only one desktop per window station can be rendered, so its required to switch desktops and we can not display windows of multiple boxes or the host at the same time.

 

OK I see, so it's all about getting better isolation from other sandboxes and the real system. My concern is that eventually Sandboxie will become too complex, know what I mean? I think it should remain a simple app virtualization tool. It almost sounds like Sandboxie would act more like iCore Virtual Accounts, that's what I meant with VM.

https://en.wikipedia.org/wiki/OS-level_virtualization
https://en.wikipedia.org/wiki/ICore_Virtual_Accounts

Sounds like a major downside to me. But it's still an interesting idea.

 

Well its optional so no one is forced to use it.

 

That's true I guess. And would it work a bit like iCore Virtual Accounts? I don't know if you remember this app, it did have potential.

 

No I dont remember it, is there some info about it that would quickly show what it did and how it worked?

 

You can read about it on Wikipedia, see link. I don't think I ever actually used it, since I was already happy with Sandboxie. But I believe it wasn't a full blown VM like VirtualBox and VMware Workstation. I guess it used a seperate desktop in order to virtualize stuff, so that's why this feature you're planning to implement reminded me of this app.

https://en.wikipedia.org/wiki/ICore_Virtual_Accounts

 

Is this similar to what ReHIPS does?