Is Sandboxie useless on Windows 10?

to tell you the truth, I did not check it out thoroughly. When I did not see the outward signs of HMPA at work, I assumed that it is not working at all. Maybe I am wrong about that.

 

okay, my bad. false alarm. after a reboot, the green border etc reappeared...

 

appcontainer were introduced with windows 8, so sandboxie became useless since win8? surely NOT

https://news.saferbytes.it/analisi/2013/07/securing-microsoft-windows-8-appcontainers/
https://www.malwaretech.com/2015/09/advanced-desktop-application-sandboxing.html
https://blog.nextxpert.com/2013/01/31/demystifying-appcontainers-in-windows-8-part-i/

 

I agree and sandboxie offers some other cool features (like the forced modes). Anyway you can't compare a security feature built in an OS with a dedicated software, and even less when the technologies used are different.

 

@guest, what's "windef" in your signature? Is that something new, and what is it?

 

Windows Defender.

 

WinDef = Windows Defender
WinFW = Windows Firewall

 

Brummelchen, guest, actually it can be possible to compare this what's the point of SBIE if you can do those tweaks with Appcontainer inside your own OS?
AppContainer simply replaces Sbie in most of the tasks that Sbie always does all the time (once you tightly configure Sbie everywhere).

 

Appcontainer is valid only with Metro Apps while Sandboxie can be applied to most of the softwares.

Also Sbie can isolate any folders the user want. Appcontainer cant do it because it is a mechanism of Windows and not an application.

So we have to wait an application to be able to implement capabilities from Appcontainer to other softs.

Until then Sbie will be still useful.

 

And who say that Appcontainer will not sandbox/isolate everything in Windows 10 what is part of Windows 10 OS, eventually?

 

Everything? no, but more areas possibly. but it won't be isolation but more virtualization (which is already implemented to the registry and others places when you are using SUA)

 

@guest and @CoolWebSearch

I think Cool has a point, consider a Windows 10 desktop:

- Use metro Apps for pdf-reader, media, mail, agenda, skype, social media (apps) and access Office online through Edge
- Use Chrome for browsing and gaming

With Control Flow Guard and Return Flow Guard exploits have a hard time escaping the AppContainer sandbox. This pretty much covers all internet facing software I can think of (I don't mind desktop utilities apps running medium IL like CCleaner, Synback, etc). Use the DESKTOP-TO-APP-CONVERTER for the rest (LINK). When you are willing to provide M$ with usage metrics: Windows 10 build in security. what else?

Using SBIE or HPMA is not bad, it is easier than tweaking your Windows 10 OS to provide simular (or better) protection. As long as there are people using Firefox there is a need for programs like Sandboxie and HPMA.

 

appcontainer is not used for any win32 apps by default. Chrome will use it, but thats a special case rather than the norm.

 

any chromium release use the sandbox, and firefox is able since v48 (e10s officially introduced) but disable it for reason sometimes (extensions to name). @guest already explained it well.

 

@Brummelchen Firefox is at release 50. So it has AppContainer sandbox now, that is big news! Well done.

So Firefox catches up like it did in XP area when it was the second safest browser (after Opera, but way more safer than Internet Explorer).

 

yes it is what i do, i'm using most of the Metro Apps (some are quite handy) , if i have specific needs not covered by them , i use portable versions.

This much an hassle to me

Agree.

 

appcontainer in firefox works like in chrome? How to enable it?

 

Sorry, you have to ask @Brummelchen he came with this breaking news (I have not touched Flunky Fox since I moved from Xp to Vista)

 

Same here , very long time i ditched it in favor of Chrome.
That is a huge step forward in FF's security (which was the weak point); once i will know the tweak i may reinstall FF

 

For each website a new firefox.exe-process is launched, and it has a Low Integrity Level. But it is no AppContainer sandbox like in Chrome.
Firefox.exe = Low Integrity Level
Chrome.exe = AppContainer
But even if it's no AppContainer, "e10s - Multi-process Firefox" is an improvement.
Edit: cosmetic fix

 

IE has been using AppContainer since ver. 10. You have to be using WIN 7/8/10 x64, running x64 IE, and enable advanced EPM. Edge by default runs in AppContainer on Win 10 x64.

Edge is more secure than IE11 due to how AppContainer is implemented for it on Win 10 x64. Also Edge runs as a service adding more security.

-EDIT- If you run IE11 in private mode on Win 10, then IE11 runs identical to the way Edge does; it runs as service under RuntimeBroker.exe. This combined with AppContainer assuming advanced EPM is enabled makes for a very secure browser.

 

Thanks you mean Low Integrity Level. So I have to try it out and see whether I can isolate Firefox completely with MemProtect and Fides/PumperNickel (nice project between Christmas and New Year)

EDIT: downloaded Firefox, it was still single process and ran at Medium Level Integrity Level, where to download this multi-process Low IL version?

 

@Windows_Security Kees, I believe that you have to Force Enable e10s on a 64-bit Firefox (I assume 64-bit, but could be wrong) with info from Mozilla (https://wiki.mozilla.org/Electrolysis#Force_Enable) and some good step by step details from GHacks as well (http://www.ghacks.net/2016/07/22/multi-process-firefox/) and the ability to change how many separate processes you would like to allow (http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/).

 

so still not interesting to me.

 

you need the "nightly" build to get multi-process