Is Sandboxie useless on Windows 10?

Discussion in 'sandboxing & virtualization' started by CoolWebSearch, Dec 1, 2016.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    In this forum, there is always someone asking, "should I sandbox Chrome or not?, the asking itself, tells they dont feel secure as they are, if they felt secure with Chrome as is, they would not ask that question. Personally, I dont use Chrome, I dont like Chrome, but I would sandbox it if I was a Chrome user.

    Some people think the Chrome sandbox is the end of the world and now I even see some thinking the same about the Firefox sandbox, sometimes I even see some expecting this browsers sandboxes to be as strong as a full fledged sandbox program like Sandboxie. Please, please :).

    Whatever. Me personally, I haven't seen nothing that looks like malware for 10 years, thats exactly the amount of time I been using Sandboxie and NoScript. Malware went away totally, completely disappear after adopting this programs, Thats no coincidence. One is the result of the other. But I remember, the last couple of infections I had, in 2008, it happened pretty much like I described in my previous post.

    Now, I cant get infected even if I tried, my browsing is even less safer than what it was when I used to get infected, but cant find malware anymore, I dont do safe browsing, but malware is like it disappeared. But I know that aint so. Its there but I got the right protection that makes seem like its not there but it is still there.

    Bo
     
  2. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,434
    Yeap, that's the magic of SBIE :) you browse unsafely but in total tranquillity.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,351
    Location:
    Canada
    The way I see it, sandboxing Chrome is like a sandbox within a sandbox. To me this is overkill. With enhancements to the browser and the O/S which I dare not mention here, I don't see a need whatsoever to sandbox Chrome.
     
    Last edited: Feb 10, 2019
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    Imo, just a matter of taste or peace of mind and how you use your system. Same as "should you use a security solution on top of your OS built-in security?"

    Adding a sandbox add a value in the overall protection of the system. But may also decrease the said security if it has vulnerabilies, since they inject dlls in the sandboxed processes. Reason why chrome and FF plan to ban code injections in their browsers.
     
    Last edited: Feb 10, 2019
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,698
    Same experience here, 1809 + Sandboxie + Chrome work perfectly well together. I'm not sure whether SB is really needed with Chrome, but browsing speed is the same with or without SB, therefore I use it...
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,351
    Location:
    Canada
    Only if the built-in O/S security lacks a feature that a 3rd-party security program can provide, especially if it can do so in a user-friendly way. Example of this is the firewall provided in latest Windows Microsoft O/S'; it works but it is far from user-friendly, as well as lacking in features afforded to the user to create a secure networking profile. Finally, the 3rd-party solution must be mostly bug-free, otherwise it is rendered virtually useless, because serious bugs will offset any benefits it might provide. I see some threads in these forums on 3rd-party solutions where members are reporting more bugs than than the benefits they provide. When this is ongoing, maybe it's time to move on.

    BTW, I have been a proponent of the built-in Windows firewall, but sadly, it is far too much work to maintain for most users, myself included.
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    Totally agree, my best example: Comodo IS, one of my favorite, knows it in and out, but discovered a 10+years old bug where all the rules you made (which in a lockdown setup takes hours) disappears out-of-the-blue without any notifications except that a rule you allowed was blocked.

    Anyway i would use Sandboxie 10 times over Comodo, Sbie has some small annoyance on my system but at least my settings are still there.

    same here, on one system i used to use it by blocking all connections on all profiles, then i create manually outbound rules, when you become used to it, it took one minute max to make a rule.
    Not a big deal and it spares me the issues of a 3rd party firewall, but since i became "lazy" i found Binisoft WFC useful, i use it to make them quicker.
     
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,121
    following its acquisition and tzuk's (the creator of sbie) departure in 2014, things didn't work out well for sbie. now it's almost like it's becoming an abandonware. less and less updates, more and more issues with every new windows version. hope it doesn't end up like winpatrol after mr. pytlovany.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    Sandboxie tech was the reason of the acquisitions, to be deployed at corporate level, not to get the niche base customers who afford limited incomes...Not saying the lifetime license plan which is totally aberrant business-wise.
     
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,469
    Location:
    Mexico
    Absolutely true. See, today they released a RC without any changes to fix nothing. Hard times for Sandboxie.
     
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    869
    I don't know if Sandboxie is still relevant. I've tried it three or four times over the years and always ended up uninstalling it after a short time. I just don't like it, but this is just me.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,777
    Location:
    .
    Maybe it means that they have nothing to fix. That would mean good times for SBIE.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,469
    Location:
    Mexico
    Tell that to the users facing issues.
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    There is nothing better than pictures to tell the story.

    I installed RC 5.28 a little while ago. After updating Sandboxie, I always test every program I run sandboxed, and the tings I do sandboxed. I do that to test and know if all is well for me. This time I took some pictures to prove how well or bad Sandboxie is working in my W10.

    Here they are.
    1. Firefox

    fier.jpg

    2. IE

    ie.jpg

    3.

    KMPlayer

    km.jpg

    4.

    WMP

    wmp.jpg

    5.

    USB drives

    usb.jpg

    6.

    Windows explorer

    we.jpg

    7.

    7Zip

    7.jpg

    8.

    Irfan view (program installed in a sandbox).

    irfan.jpg

    9.

    Libre Office

    libre.jpg

    10.

    Foxit

    foxit.jpg

    Sandboxie is not perfect but is working just fine in W10.

    Bo
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    I have one more picture, I wasn't allowed to upload #11, so here it is.

    11.

    Downloads folder as a Forced folder.

    forced folder.jpg

    Like I was saying, Sandboxie is not perfect but is working just fine in W10.

    As of right now we all know there is an issue with the new version of Chrome. We seen that before, and we also seen an update to fix the issue soon after. More than likely, the update is coming.

    Bo
     
  16. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    179
    Location:
    Canada
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    Not every program can be installed sandboxed. There are restrictions that, unfortunately for the sake of security, makes the installation of programs that are complicated not possible. perhaps paintNET is one of them. If every program was allowed to install sandboxed or if this restrictions were relaxed to allow programs like paintNET to install, like for example, instead of not allowing the installation of drivers or services, they were allowed to be installed, then malicious programs could take advantage of that.

    I remember here at Widers for years, people complaining or asking Tony (SD) to implement this restrictions. He newer did, if he had, there would be tons of users complaining when they tried to install something and were not able to. You cant have it both ways. Either you get security or usability, and the developer has to strike a balance. I see Sandboxie doing that. There are tons of programs that can be installed, find the ones that work well with SBIE.

    Bo
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    Excuse me,I missed that part. Hand picked would be like if I cherry picked what to show and what not to show. The pictures I posted earlier, show everything I do with Sandboxie, nothing less nothing more.

    Look below, this are all my sandboxes. The pictures reflects what I do in each of them. No hand picking.

    Sin título.jpg

    Bo
     
  19. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,121
    i think this guy's got some good points that explains it (posts of a member named lockdown on another forum):

     
  20. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    383
    Ya'll are making me bash my head into my keyboard. Please stop already!
     
  21. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,245
    Location:
    Europe then Asia
    @imdb Those points aren't new or secret, I mentioned them many times in the other sandboxie thread, Sbie is made from the winXP/7 era, where Windows was simple and didn't change much.

    That doesn't remove the merits of sandboxie protection, just that users needs to wait fix-updates. The longest was few years ago, we had to wait 1-2 weeks until a working stable version is released.

    So if you have a static system, and don't upgrade your softwares and OS right away, you can reduce those inconveniences.

    sadly it becomes difficult if your system is dynamic, sandboxie was supposed to adapt to most popular soft, (after all it sandbox the soft) , not the soft or the user to adapt to Sbie.
    There is not much the devs can change, that how Sbie mechanism works.
    We are lucky already they managed to make it works despite Patchguard.

    Bo argument is valid somehow when he say "use what works with sandboxie", I would add "if you can't, ditch Sbie and find a replacement ". Imo, people should never stick to a soft that give them nuisance.

    I still use Sbie because it still works with my most used softs, but it isn't my main sandbox anymore, the day Sbie won't satisfy me anymore, I will just stop using it like i did with many others.
     
  22. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,121
    yeah, i know. i also know that you were one of the posters on that thread.


    it sure doesn't. agreed.


    i think faronics deepfreeze or shadow defender is a much better choice if you want/have a static system.


    you darn right it was.


    i'm not sure of that. had there been a more active and dedicated developer like mr. tzuk, it could've been different.



    you're right, the opposite would be pointless.



    now that sounds reasonable. :thumb:
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,003
    Location:
    Nicaragua
    I updated my Windows 10 to version 1803 build 17134.590 earlier today. All is working well between the update and Sandboxie. As usual, nothing I do sandboxed was broken by the update.

    Bo
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,250
    Location:
    The Netherlands
    I believe what people fail to see, is that Sandboxie adds a protection layer on top with virtualization. Let's say hackers manage to exploit Chrome and can elevate privileges, then ransomware can encrypt the whole system.

    With Sandboxie on top, ransomware would only be able to encrypt the sandbox. So if you believe that Chrome will never be exploited, you probably don't need extra protection. But on my system, Sandboxie doesn't cause any performance problems in general, especially if you don't continuously update browsers, so why not.
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,351
    Location:
    Canada
    I would say highly unlikely, but in spite of that, I have Chrome hardened with security-specific flags enabled, Windows Defender Application control, ad/script blocking, and top-level domain restrictions. Not to mention my security setup with SRP, Firewall, Windows Defender, UAC at highest, LUA, O/S hardening, etc...It would be ridiculous overkill for me to sandbox Chrome.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.