SafeSpace Personal Edition

Hi Kris,

Before I migrate completely to SafeSpace, there are some questions I'd like to ask.

1. Low privileges. I notice that SafeSpace offers the option to launch applications with reduced privileges. What is the benefit - or point - of low privileges, since the applications will be isolated anyway?

2. File virtualization. Does SafeSpace remove all untrusted files when I purge SafeSpace? If yes, is there any method of selecting which files I want to survive a purge and permanently remain on my drive? Lastly, is there an easy way to check where isolated applications have generated what untrusted files in which folders?

3. Registry virtualization. Is there a method to select what registry changes I want to keep, or to make fully accessible to isolated applications?

Thanks.

 

Hi Solcroft.

Thank you for your interest in SafeSpace.

Isolation protects against interaction with system components, such as service and process manipulation, driver installations, etc. There are however other administrative tasks which are not blocked by this, such as reboot privileges, and tampering with the system time. Removing administrative rights further protects the system from unknown exploits requiring administrative rights.

In the Privacy page of the console, you will see that some directories are marked as Virtual. These are the directories (and subdirectories) which are cleansed when a purge takes place. Typically, Virtual folders should be used for non-private areas of the disk, such as Program Files and Windows.

Any other directory is Private by default, meaning that existing files cannot be opened, but any new files created will be tagged. These tagged files can only be opened inside SafeSpace. Tagged files are not removed when you purge. The same goes for any Read Only or Full Control folder.

All tagged files are identified by a SafeSpace logo (on vista), or a red border (on XP). There is currently no functionality to perform a search for these files, but a future version will include a tagged file browser.

In this version, all Registry changes are virtualized. A future release will introduce the ability to exclude certain registry keys, but this is something you cannot do at present. Do you have a specific use case for why you need to do this?

Best regards,

Kris.

 

Ah yes... forgot about those. No sandbox I know of currently blocks system time changes, so this sounds like a nice touch.

One last question: is it possible to mark entire drives as Virtual, for times when I need an isolated application to leave NO traces whatsoever on my computer?

Thanks for the swift reply.

 

Yes. In the Privacy page, you can add an entire drive. Just browse to and select the drive root in the folder explorer and click Add.

 

Hello all.

We have identified and resolved an issue which caused the TotalCommander GUI to display incorrectly. This issue was reported by a couple of users on Wilders. I apologise for not responding by PM, as I had to remove a lot of messages.

This fix will be available in the next release, coming soon.

Best regards,

Kris.

 

Thanks Kris.

 

Thanks for the info Kris. Looking forward to the next release

 

Hi Kris,

Some feedback on your program which I hope will be useful. After some toying around with SafeSpace, I've decided to not migrate to it completely; the reason being that I cannot set SafeSpace to prevent all changes to all drives, while at the same time keeping the files I need.

To perhaps make it clearer, I want to block program A from making any changes at all to my computer. To do so, I set all my local drives to Virtual, and run program A isolated. However, I use program A to produce a useful file that I want to keep. This doesn't seem to be possible.

Another small niggle is that: it seems that I can right-click on any program and select Enable SafeSpace Protection to run the program isolated. There are two behaviors about this that bugs me. First, there is no way to quickly run a program for that one time only without multiple clicks. I need to enable protection, run the program, and turn off protection when I'm done. In contrast, Sandboxie offers a quick Run Sandboxed option. Also, when one uses the context menu to enable protection, there seems to be no way of changing whether programs run with normal or reduced privileges. Secondly, programs and shortcuts that I use Enable SafeSpace Protection on do not appear in the Applications page of the main SafeSpace console, which means there is no easy method of centrally keeping track of what programs do or do not run in SafeSpace.

Third, the red border is extremely visually obstrusive for me. I realize one can select different colors, but I would prefer the options to: turn it off, make the border smaller, reduce its translucency, or, best of all, switch to a non-obstrusive indicator like the ones used by Sandboxie and GeSWall.

On the plus side, SafeSpace does offer strong protection, as it defeats just about every piece of malware I throw at it – especially when low privileges is used. It's a technically sound program, but not flexible enough for me.

Lastly, I would appreciate it if the need for the .NET framework is removed, as it means an additional 50MB download and a lengthy installation process for me. It's not a killer issue, but would greatly increase my willingness to re-try SafeSpace in the future.

 

Hi Solcroft.

Thank you for this great feedback. All of your comments have been taken onboard. I would like to offer you a few ideas for the current version:

You *can* set all drives to virtual, and exclude a single folder as Full Control. If you have the option in this application to save the file to a certain folder, maybe this would be acceptable?

I do accept that this may not fit your needs. We are already working new features to improve visibility of the virtual filesystem.

If you add an application to the Applications list, and then disable the 'SafeSpace Protected' option, it will not automatically launch protected, but it will still appear in the shortcut menu under 'Quick launch in SafeSpace'. Thus allowing you to 'occasionally' run an application in SafeSpace, directly from the shortcut menu, and keep track of these applications.

Again, we are working on new features to extend the level of control over application use.

The border control is managed exclusively by a process called 'waveframer.exe'. If you stop this process from auto running (using msconfig, for example), then no protected applications will be bordered. This does not affect any other functionality in SafeSpace.

We will be introducing more granular control over borders and icon overlays in a future version.

Once again, many thanks for this constructive feedback. I appreciate the time you spent evaluating our product, and I hope we can meet your expectations in a future verison.

Best regards,

Kris.

Artificial Dynamics.

 

So, is it right to think of SafeSpace as a hybrid between "pure" policy-based sandboxes (GeSWall and Defensewall) and virtualization-based sandboxes (Sandboxie and Bufferzone)?
Thanks for the answer

 

Lucas1985,

As far as I understand the info, my conclusion is teh same.

On a scale DefenseWall would be purely policy based, GesWall uses a little bit of virtualisation also within Windows own policy mechanisme (redirects), SafeSpace Personal is a nice mix, Sandboxie would be on the far end of session virtualisation.

 

Tidyup's answer can be found here.
https://www.wilderssecurity.com/showpost.php?p=1110958&postcount=58

 

Hi Kris

Firefox frequently crashes under LU account when entering letters into google search box on my PC.

btw when will the new version expected to be released?

 

I am trialling SafeSpace in one of my two computers,the weaker one to better understand its workings,i got rid of the software firewall and Threatfire to accomodate SS to leisure, still there are notable 80K spykes when the Config is open.
I like the GUI a lot,as also its way of working,but i have some difficulty to completely understand a few things,as for instance:

a-what kind of Applications are recommended to be shown in SafeSpace Apllications?

Why-if i put SeaMonkey over there i am unable to open it?
(Mozilla apps should be automatically taken care of?)

b- My waveframer.exe is working as seen from msconfig and task manager, and i chose a colour in Appearance,still cannot see any colour both in SeaMonkey and IE.


c-i already saw TidyUp reply about what to do with Returnil, is there any incompatibility with PowerShadow?
Using any such virtualization program can hinder Safespace?
Or does it add to the general security?

 

Hi Dogma. I've sent you a PM requesting a log file.

The new version should hopefully be available on Download.com tomorrow.

Best regards,

Kris.

 

Hello poirot.

The SafeSpace console is built upon .Net 2.0. However, the console is only required when you wish to configure SafeSpace. It is not required for day to day use, and most of the general functions are available in the notification bar menu.

The Applications list should be populated with any applications which are exposed to the internet and either display or introduce internet content, for example web browsers, instant messaging clients, Peer to Peer, etc.

I have tested SeaMonkey, and could not find any issues. I will send you a PM with some instruction on how to generate a debug log so I can investigate this further.

Can you check the Home page of the SafeSpace console to verify that they are running inside SafeSpace?

I have tested PowerShadow, and there seem to be no compatibility issues.

Best regards,

Kris.