SafeSpace 1.2.145.0 released

Discussion in 'sandboxing & virtualization' started by Victek, Jan 23, 2008.

Thread Status:
Not open for further replies.
  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    From the Artificial Dynamics web site:

    New Features
    * Integrated the object exclusion editor into the console. Customization of the exclusion list now applies dynamically.

    Bug Fixes
    * Optimized the GetAsyncKeyState key logger protection
    * Refined the purge process to resolve file permission issues
    * Added protection against false shutdown exploits
    * Fixed a bug which caused Internet Explorer search settings to revert to default
    * Application windows are now properly bordered in full screen mode
    * Added protection against key loggers using the BlockInput method
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    good news. See the IE issue was resolved. SafeSpace really is a good product and not as intrusive as some others. Hmmmmmm.;)
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Agreed. The UI memory usage and .NET dependency really need to be fixed, though. Keylogger protection is nice, but not a necessary feature at all.

    I really like how SafeSpace allows programs to be launched with limited rights. But the afore-mentioned problems, combined with a completely invisible virtualized file/registry system and difficulties in centrally managing what programs start isolated, means I'm sticking with Sandboxie and GeSWall for the moment.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    Regarding centrally managing which programs start isolated, there's an applications page in the GUI where you can do that. Does this not meet the need? Regarding Keylogger protection, why do you feel it's unnecessary?
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wonder if there is any POC keylogger for it.
    Anyone? Thanks
     
  6. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    does safespace is better than sandboxieo_O?
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    IMO, no.
    let me add it is a good product but I think Sandboxie is more user friendly.
     
  8. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    sandboxie cost the safespace is for free. :D
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    malware is free to.;)
     
  10. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Has anyone used this on Vista, last time I used it, I would get lots of "program not responding" but maybe its more stable now.

    dja2k
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    it works fine with vista. If you use vistas email and you have saved your contacts, you will need to go to the c:/users/contact folder and add it to trusted in order for your contacts to show up in your email program.

    That is if you include Vistas email into SafeSpace.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I dont know. If I were not using my sig and wanted one program to cover all, I think it may be a good choice. My Sandboxie loyality was coming through.
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I use Sandboxie as well, but I just had a client who wanted SafeSpace and he had Vista, but I had trouble with it running fine, maybe it was just his PC.

    dja2k
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Hey Folks

    This is a Safespace thread, not a Sandboxie VS Safespace. If you want to compare them do feel free to start another thread.

    Pete
     
  15. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    Seems My Computer has a slight delay when Safespace is on. Takes a few seconds to get access to the C: Drive folders. Do I have to manually purge SS after using Opera?
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    No. Right-click on any program and choose Enable SafeSpace protection. That program will not appear in the Applications page of the SafeSpace UI.

    Because instead of hoping your sandbox will catch each and every last one of the very numerous and complex keylogging techniques out there, it's much more realistic and safer to simply empty your sandbox before entering any personal details. No anti-keylogger techniques can ever be better than the approach of ensuring that no keyloggers are present; simple.
     
  17. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Thank you for your comments all.

    Solcroft. The option to 'Enable SafeSpace Protection' on a file is for controlling files and content which have been downloaded from the internet, for example, a .doc, .xls, .ppt, etc. Files which from dubious or untrusted sources.

    By tagging them in this way, you are ensuring that when they are accessed, they always run in SafeSpace, and thus containing any potential exploit embedded within.

    This also means that you do not have to continually add / remove the reading application (Word, Excel, Adobe Reader, etc) into the sandbox, or have to store the document in a virtual file system (where it will be removed on purge), or store it 'untrusted' on the real file system.

    In version 1.7 we added an additional option to 'Run in SafeSpace' where you can choose an application or file to run protected without having to tag it.

    I think what you are asking for is an Explorer extension which will allow you to add/remove configuration elements on the fly, without having to use the console itself. This is a good suggestion, and one that has been requested before, so expect to see something in a future release.


    Regarding keyloggers:

    Purging your sandbox environment is no guarantee that while during your subsequent browsing - even if it is directly to your bank or online store - that you will not be exploited. Just ask those who logged onto the Bank of India on 30th August last year.

    What you said is absolutely true - no keyloggers present is ideal. But the keylogger protection in SafeSpace caters for the 'what if' scenario, and I feel safer knowing that *if* the unexpected happened, I would still be safe.

    Keylogger protection or no keylogger protection. I choose the former.

    Best regards,

    Kris.

    Artificial Dynamics.
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Not really; what I'm after is a central location, be it from the UI or otherwise, that I can check and manage what programs will or will not start isolated. The Applications page in the UI currently does not do this; it will only list some of those programs, not all. Therefore, controlling automatic program isolation is a hassle.

    Conceded. Still, the keylogger process would be very much visible in the sandbox.

    That may very well be so, but since I cannot rely on that protection anyway, its presence or lack thereof is of no consequence to me personally.
     
  19. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    I don't really understand what it is you are after.

    Attached is a view of the Applications page. It tells you all of the applications that will always run in SafeSpace.

    Anthing else is entirely dependant on whether they come from these applications - IE, child processes, documents, etc. You can't list these items as they are unknown.

    Let me know if I misunderstood your point.

    Best regards,

    Kris.
     

    Attached Files:

  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Ex. 1: Isolated IE is used to download program A. Program A will automatically start isolated but not show up in the list.

    Ex. 2: Program B initially exists on desktop. User right-clicks on it and selects Enable SafeSpace protection. Program B will not show up in the list.

    They become known as soon as they're created, don't they?
     
  21. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    So if you are referring to what is currently running inside SafeSpace, the Home screen will tell you this:
     

    Attached Files:

  22. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    No.

    Kris, I am not really sure how to make this any more clearer than I already have (English isn't my native language), but I'll give it one last shot:

    I want SafeSpace to be able to list any and all files that will automatically launch isolated in it, when I run said file. Said file doesn't necessarily have to be currently running; it will just launch in SafeSpace when I run it, full stop. That's what I want SafeSpace to list, each and every last one of them.

    And if that still isn't clear enough I'm afraid I will have to give up for now to spend some to consider how to best convey that idea.
     
  23. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Understood.

    You would like a list of everything which as been tagged as untrusted. This has been requested, and is on our roadmap. Good suggestion, and I'm glad we got there in the end :)

    Best regards,

    Kris.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, this feature is a must for any Sandbox.

    BTW, Kris what about my Q in post no. 5.

    Thanks
     
  25. Tidyup

    Tidyup Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    101
    Ah, apologies for missing your question.

    We don't have our own POC keylogger available. We used several 3rd party products to identify the numerous keylogging methods that we block. There are plenty of resources within this forum for keylogger tests. Just give them a try :) To confirm the protection you are getting, the anti-keylogger feature can be switched on and off dynamically from the SafeSpace Home page.

    A good starting point for a test application is AKLT over at firewallleaktester.com. This utility demonstrates 7 keystroke and 2 screen scrape methods.

    Best regards,

    Kris.
     
Thread Status:
Not open for further replies.