Sandboxie Acquired by Invincea

New Version works well for me, 1 day of testing and I not run into bigger problems.

Can't say much about the boot time protection because isn't this OS job? Another way would be to encrypt (if you use) the MBR with e.g. VeraCrypt.

 

Hi moose, in page three of the thread you linked they talk about this malware installing services.

I am no malware expert but one of the things that Sandboxie doesn't allow is the installation of Services. That alone should be enough for SBIE to prevent this malware from doing damage. This is done by Sandboxie by default and it can not be changed by you or sandboxed programs.

Bo

 

You? testing Sandboxie? thats a nice surprise.

I hope you like it.

Bo

 

Salutations/Greetings!!! @boelam,

Many thanks for the reply, just wanted to make the default settings stronger, if possible!

Making today great and tomorrow even better!

Moose World

 

One thing you can do is enable Drop rights in sandboxes where doing so doesn't create issues running the program sandboxed. You can also restrict the programs that are allowed to run and connect to the internet. You can enable this restrictions in Sandbox settings.

Bo

 

It is good practice to always try to run with drop rights because you run a limited user policy container within a Sbie sandbox

 

I'm not sure how "Drop Rights" is any more secure than just letting UAC do its job? If you don't allow admin privileges, wouldn't protection be the same?

 

would be even better if Sandboxie could profit from "lowbox token" as Chrome and run in AppContainer

 

J L, I run as administrator, the setting works very nice when you do. The setting allows me to run my computer as administrator and at the same time, run most programs with low rights restricted by Drop rights. In particular, I like the setting because it keeps programs from installing in the sandbox.

Here is an example of how I can be benefited by using the setting, if I am browsing and a website downloads malware, and the malware runs, it cant install. So, if you are using a sandbox with Drop rights and restrict the programs that are allowed to run in the sandbox, its not likely the malware its gonna run but if it does, it wont install nothing in the sandbox.

Bo

 

I assumed with drop rights the attack surface within the Sbie sandbox is limited to user space. Answer of Bo seems to confirm that.

At least that is what I remember of a post of Tzuk after I had critised Sbie for stil running processes as Admin (and he had implemented droprights).

 

I like to add something about Drop rights. I can safely say that just about all potential vulnerabilities that have ever been discovered or reported since the beginning of Sandboxie, can not be taken advantage by malware to escape sandboxes with Drop rights. You can go to the Sandboxie forum and go back years and years all the way back to 2004 and read all threads and posts about POCs and vulnerabilities and basically always, if you are using Drop rights, nothing gets out, POCs don't work, etc.

Bo

 

Hello friends,
I would install Sandboxie even on my new laptop (bought from a few days) that is equipped with Windows-10 home ..... But first I need to know if Sandboxie is able to run correctly on Windows-10
Unfortunately I read (in some Italian forum) that Sandboxie is not yet compatible with Windows10 and many users have many issues and crashes ...

 

It works perfectly with my Win 10 64 system. No problems at all.

 

Sandboxie works fine and its compatible with W10 except the running of metro apps or Edge which is not compatible yet.

Bo

 

Thanks very much for your prompt reply.
Probably the Italian forums are outdated....... and should be read so many "rubbish" !!
So from which version onward, full support to Windows-10 was introduced?.....and excuse my little knowledge, but what do you mean by "metro apps" ??

 

Zapco, Sandboxie's support for W10 started with the first beta 5 that was released. First stable version with support for W10 was 5.04. Read the link below for information about known conflicts of SBIE in W10.
http://www.sandboxie.com/index.php?KnownConflicts#Windows 10

Basically, don't run Edge and run programs from the Desktop.

Bo

 

New beta 5.09.1 has been released. This are the changes and the link to the beta thread at the Sandboxie forum.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=56&t=22545#p118570

Bo

 

Appreciate the link for the New beta 509.1!!! Installing now!

 

You are welcome, Moose. Let us know how it goes.

Bo

 

I like 5.09.1. This version is working better for me than 5.08.

Bo

 

Hi Bo, just out of curiosity what makes you say that a version is better for you than another? I always download the latest beta on my Win8 knowing that very rarely there are disruptive problems, and frankly I can't tell the difference from one to the other. Peter2150 says "really smooth" and I believe him, but how does, for example, "smooth" translate in terms of perception of the new version?

 

I see Pete, I guess that in most cases it is about speed perception and footprint which are obviously related. In my experience the only lag that I perceive is when opening Chrome for the first time, it takes a good 15- 20 seconds, but it has always been so with any version.

 

Usually I don't feel any difference after upgrading Sandboxie or lose any usability because of an upgrade. Thats being the norm for me. But sometimes, something works differently after going from one version to the next and in some cases, I have had to change settings in one of my dedicated sandboxes, after an upgrade, in order for the leader program to continue working flawlessly (without any kind of messages or errors).

Beta version 5.07.8 worked and felt great in both of my computers (XP and W7 32 bits). According to what I had read, nothing changed in RC 5.08 and when stable 5.08 was released, I did not upgrade immediately as I thought there were no changes that could affect my computers, but on Sunday, I decided to upgrade my XP to stable 5.08.

Always, immediately after upgrading versions, I run and test all programs that I sandbox to see if all works well, and reboot. We are not required to reboot but I do it to make sure all changes in the new SBIE version actually take place. And then test my programs in the sandbox again.

When I ran IE8 with 5.08 in the XP, immediately, I got an IE message stating that the search provider had been changed by a program. I got this message even though the search provider had not been changed and I only got the message when running IE sandboxed. I was familiar with this message because about a year ago, I experienced getting the same message after another SBIE update. At the time, I contacted Curt via PM but he couldn't figure nothing. Also at that time, I discovered that if I ran IE in a sandbox without enabling Drop rights, the search provider message went away. So, I was forced to lower down my restrictions in my IE 8 sandbox. A few versions later, after another SBIE upgrade, the message went away, and ever since until 5.08 that was the case. Upgrading to 5.09.1 got rid of the message, thats why I said this version works better for me. And it does work better because I can run again IE in a sandbox as restricted as I like.

Whenever there is a new beta or stable SBIE version that comes out, there are changes done to the code that we don't see reflected in the fixes and changes that are published. I told Curt and Craig about this thing but they have no idea what change could have affected IE8 that triggered the message. But something did work differently. Sometimes a new version can fix or break things even though its not clear why. This is one of those cases. Usually when I report an issue, they can easily tell the change that's creating an issue for me. Probably that is because I don't use any programs that can conflict with SBIE.

Osaban, I like you to know. For me, personally, all programs that I sandbox feel pretty much exactly the same as if I was not using SBIE. Sandboxie doesn't add any lag, at least I cant tell if there is one. Thats part of the beauty about using SBIE. I run and use all my programs the same way as if I was not using SBIE. Isnt that beautiful? I dont even use the colored border or the pound sign so my browsers and programs look also the same as if I was not using SBIE. Regards, Osaban.

Bo