Sandboxie 3.39.02 BETA released!

Discussion in 'sandboxing & virtualization' started by ssj100, Jul 26, 2009.

Thread Status:
Not open for further replies.
  1. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Ok I see yes,I just gave that a try on a VM , not damaging but an annoyance nonetheless.
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I agree with your fundamental point about default-deny since,in essence some users run sandboxed to specifically test malware.For an average user though,who's never heard of HIPS and the likes,having explorer crash like that would be an irritation.
     
  3. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Well perhaps he'll take that suggestion on board,he does listen to what the users want.
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    The whole Idea / reason for running programs in a sandbox environment or in this case Sandboxie is to ISOLATE the programs from the rest of the OS. at the moment sandboxie is only partially Isolating programs from the OS.

    ISOLATE means to prevent writing to hard disk as well as prevent programs in the sandbox from communicating to programs outside of the sandbox. while sandboxie does an excellent job at preventing writing to disk it would be so much better if it could also prevent programs from communicating outside of the sandbox. the stop.exe tests and the test.exe poc from this thread
    https://www.wilderssecurity.com/showthread.php?t=248588 prove that this is possible for sandboxie to achieve. So sandboxie is already able to block some type of communication activity, I hope Tzuk continues making this thing better with each version as time goes by.
     
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Now what sort of attitude is that when testing a beta version.

    Did you at least report it?

    On trying the very first release of the beta It wouldn't work at all on this vLited Vista install whereas it worked fine on other Vista installs.

    Tzuk requested a certain system .dll and two hours later a new beta worked.

    Quote Tzuk:
     
  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Not surprising since 3.39.02 is compatible with Windows 7 RTM. Only Sandboxie build 3.38 is Windows 7 RC compatible. I doubt that coding backward compatibility is even possible.
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    yea but it is better to also have a sandbox or in this case sandboxie to block communications in case it bypasses our HIPS like for example that test.exe poc with the notepad which bypasses comodo and MD.
     
  8. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    Hi, I reported the fact the current version did not work with IE set to forced under 7 on the 29th of May - two months ago. See http://www.sandboxie.com/phpbb/viewtopic.php?t=5688

    I dont believe it could have gone unnoticed that SandboxIE would not run IE under the only official consumer release of Windows 7 to date.

    Not making a big thing about this, just as a registered user, I would have expected some feedback - particuarly since it was stated the current version would work with win 7 RC.

    Puss
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    My findings on a clean XP SP3 non-VM...

    Sandboxie 3.38

    htaac.exe: wallpaper only, mouse and keyboard not functional
    htaab.exe: limited desktop functionality, no task manager generation, Sandboxie Control is terminated
    htaaa.exe: htaaa.exe terminates with internal error 128
    stop.exe: mouse frozen, keyboard functionality limited to Ctrl+Alt+Del
    stop2.exe: no desktop control, limited mouse and keyboard functionality

    Sandboxie 3.39.02b

    htaac.exe: same as above
    htaab.exe: same as above
    htaaa.exe: same as above
    stop.exe: blocked
    stop2.exe: blocked
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    so does htaac.exe and htaab.exe still bypass sandboxie? How or why on earth is it that Tzuk cannot test and see this for himself?
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Tzuk has tested and is getting the same result as me.

    All tests are contained in an XP VM and also contained in a normal XP install with the latest beta.
     
  12. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Just finished another round of testing and discovered that Malware Defender 2.3.2 impedes Sandboxie 1.39.02's ability to control htaac.exe and htaab.exe on XP. Disabling MD is not sufficient. It must be uninstalled. Once uninstalled, Sandboxie controls these tests successfully. I found no such conflict on Vista.
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Great bit of detective work nick s. :thumb:

    Only run SB and Returnil on all my installs so didn't have any probs.

    Still may be some other hips/blacklists that could be interfering as well?
     
  14. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    CONFIRMED. Malware Defender is hindering sandboxie from working properly. all
    tests pass with Malware Defender uninstalled. Shell get onto xiaolin and let him know. thanks to these pocs tests they have revealed a conflict, lets hope all software vendors will cooperate with each other if needed to resolve this conflict.


    I can't see why its not going to bother you?? if CIS is also hindering sandboxie from working properly then in affect CIS along with MD is actually reducing sandboxies capabilities or another name would be reducing sandboxies Powers. hence reducing your security.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Is there something you can allow that will let Sandboxie do it's job along with MD.

    I discovered by trying to block something Windows Media Player wanted to do with MD, I managed to get it so the second I opened a wmv file, I had a system locked up tighter then a drum. I reinstalled MD, and put it in learning mode and let WMP do it's thing.

    Pete
     
  16. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Thanks Franklin :).
     
  17. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Thanks ssj100. It's the first conflict I've seen between MD and Sandboxie.
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    well I had MD in learning mode and at the same time gave full rule permit permissions to all sandboxie's running processes, I even disabled MD, and it wasn't until I uninstalled MD that sandboxie was able to control the behavior of htaac.exe and htaab.exe.


    PS and a big thanks to Nick.
     
  19. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I agree. Conflicts like this introduce uncertainty. What about conflicts yet unknown?
     
  20. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Thanks arran. Like you, I found that Learning Mode was not useful.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    hmm interesting how sandboxie also conflicts with Avira, so it probably is something Tzuk needs to fix. but I have already sent pm to xiaolin so we shell see.
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Uncertainty is good thing. It keeps us on our toes and inspires us to play with malware and POCs that push the boundaries of our security setups. It also helps developers build better products.
     
  23. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    Can anyone test if it conflicts with Norton too?I'm not sure what Avira and Norton have in common,other than security center .
    I have been enagaged in some PM on sandboxie forums a while ago (version 3.36 i think)regarding a similar issue (a malware bypass ,not POC) which only bypassed sandboxie if Avira was installed.The bypass was reproduceble only on my machine.
    I am a sandboxie fan but if proven that all this time was an general vulnerability it would change things
     
  24. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    that's interesting. what OS are you running? do you still have the Malware sample that bypassed sandboxie when Avira was installed??
     
  25. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    It was on windows xp pro sp3 32 bit.
    I uploaded the file unfortunately to a rapidshare free account,and it's deleted after 10 days.This happenned 4 months ago.
    Edit:i only have the virus total link,if someone can get it via the MD5 ,PM and i'll send Virus Total link
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.