Sandboxie Acquired by Invincea

Sandboxie could die, that could happen, but it wont be because of browsers having their own sandboxes.

Oliverjia, by the way, using Sandboxie to sandbox your browser is just one benefit of using Sandboxie. In my personal view, for me personally, sandboxing the browser is the least important benefit that I get from using Sandboxie.

The way I see it, to really really benefit yourself from using Sandboxie you got to go with the whole package which includes sandboxing pretty much all files you download or get created in your PC under Sandboxies supervision. You do this the whole time and don't play god deciding which files are clean or not. You just dont trust any files and programs, thats why you run them all under Sandboxie.

Using Sandboxie as I use it is so easy and effective that not only my computer is kept clean but when I am using the computer, it feels like I am using nothing for security. And whatever I am doing, feels exactly the same as if I was not using SBIE. On top, since I dont trust any files, just run them sandboxed, I dont need to use antiviruses, scanners or any other security programs. Not even Windows defender. Nothing.

You know what that means? It means I don't waste my time updating security programs or running scans. This gives me a lot more time for doing whats really important for me when using the computer.

Bo

 

Oliverjia, include also any sensitive file or folder where you keep files that you would like to keep sandboxed programs from having access to. If this files can not be accessed, they can not be stolen by sandboxed programs (that could be malicious and phone home).

Bo

 

This sounds a bit too paranoid to me. First of all, please tell me, what programs that you sandboxed will steal your personal files and upload your personal files to some servers? I don't think any of the main browsers will do that. Plus, I keep all my personal data and other sensitive data in a 2nd/3rd HDD that are BitLocker Encrypted, while these data themselves were firstly encrypted by VeraCrypt. So only viruses or Trojans will "steal you data" when they obtain control over the login account. But once these virus/Trojan can run, no matter in sandboxie or not, what it most likely will steal is that kind of information you put into your web browsing activities, such as your bank login credentials, emails etc. It makes no difference your use sandboxie or not.

My strategy is to restrict these bad programs from running in the first place using AppLocker and Limited User Account. Bottom line is, if you don't trust a program, then just restrict it from running at all, no matter sandboxed or not. Sometimes, once a virus/Trojan runs, it doesn't matter you use sandboxie or not.

 

No, thats not paranoid. Using as much as possible the security features that Sandboxie offers is how you get all the juice out of Sandboxie. And you tighten up your security by using this features.

The main browsers are OK but not all the addons that people use. Personally, I only use 3.or 4 extensions . All well known and been around for many years and are reputable. I also dont keep any plugin installed in the browser. But that's not everyone's case. People install 20 or 30 addons. One could be malicious. An infected addon can hijack the browser and phone home.

Its also possible that while browsing, malware gets downloaded into the sandbox, and if you are using a non restricted Start/Run sandbox, the malware could run and steal your sensitive information.

To take care of this potential problems is the reason to block access or hide your personal or sensitive files and folders.

Bo

 

When you get a file like a pdf or office file and you run it under Sandboxie its not really the program that you use to open this files that you don trust but the files that you run with it. A friend or family members perhaps sends you an infected Excel file and according to your scanners, its clean, but when you run it you get infected.

With Sandboxie, you run your Office program untrusted so all files that you open with it also run untrusted. They cant infect outside the sandboxed environment.

And again, the convenience and usability works out great because you can setup pdfs, excel, etc, to run sandboxed automatically. Very little thinking is required.

Bo

 

Agreed on this, but most likely the malicious addons will steal sensitive info related to online activities. So SandboxIE or not, it really makes no difference. That's why I stopped using most addons. The only addon I use today is uBlock Origin, because it's open source. I don't trust all others, including Ghostery and NoScript. Remember WOT?

This is where the weak point of sandboxie lies. In the same scenario, if AppLocker, or some other software restriction policies are used, then such drive-by downloads will be blocked from starting. Plus, under LUA/SUA, such malware would typically not do any real harm to the OS because they don't have enough account privilege to run/start.

LOL, in this situation, even when you double click the malicious Office file, you'll not be automatically infected if your OS is fully patched and up to date, and that you run with a LUA with software restriction policy (SRP) enforced (AppLocker or AppGuard). Because normal office file can be opened without any additional code execution, but a malicious .docx file will require additional code execution in order to infect one's OS. With LUA and SRP, these additional malicious activities simply can not be executed and will be blocked. This kind of disguised malicious attack via Adobe and Office is exactly what Microsoft EMET was designed to mitigate, and now EMET has already been integrated into Microsoft Windows 10.

But yeah, if you run everything as admin with no SRP in place at all, and you ignore the UAC warning and click Yes, you MIGHT then get infected by double clicking an malicious Office/Adobe file, depending on whether or not your OS is already patched against the specific exploit that the malicious code is targeting. You'll still be fine if the vulnerability has already been patched against the exploit.

 

Perhaps you missed this advisory? https://insights.sei.cmu.edu/cert/2...tect-insecure-applications-like-emet-can.html

 

There is no weakness there in Sandboxie. For example:

If you are using a default settings sandbox where all programs are allowed to run and connect to the internet, and you get infected. The infection remains in the sandbox and is gone for good when you delete contents of the sandbox. Your system, files, registry, programs are untouched and clean at all times.

To keep sensitive files safe, you block access to them as mentioned earlier.

Another example. You can set the sandbox so only a few programs are allowed to run and have access to the internet. There are settings for you to do this. Read Internet access and Start Run access.
https://www.sandboxie.com/index.php?RestrictionsSettings#internet

So. if for example you only allow Firefox, flash and your pdf reader to run in your browsing sandbox and while browsing all of the sudden malware gets downloaded automatically into the sandbox and it tries to run, its not gonna run. Its goint to be blocked and do nothing.

There is another setting called Drop rights. For example in scenario 1, if you are using this settings, the malware can start but wont install. This setting will keep the drive by from installing in the sandboxed environment.

Weakness, what weakness?

Bo

 

Thanks for the heads-up. So it appears indeed Windows 10 does not yet provide all the exploit mitigation capacities that EMET could. Well, in this case, installing EMET appears still be a good idea, since it's free. The latest update on that comparison table is based on Windows 10 v1607. I would think in v1703, a.k.a. Creators Update, the built-in exploit mitigation capacity should be improved.

 

First of all, even within Sandboxie, that fact that your virtual system in sandboxie can still be affected relatively easily, is weakness #1. Secondly, as I repeated many time already, even if your browser is running in sandboxie, once the malicious code was executed, the information you put into some web forms, such as your login credentials, web-based emails, passwords you typed into the web forms, will be transmitted real time to the bad guys' servers. The damage has already been done, even within the sandboxie protection. "Your system, files, registry, programs are untouched" does not mean your bank login information was not stolen by some key-logger while you were online. You don't think that's a weakness?

On the contrary, when you have LUA/SUA, SRP, Exploit mitigation, the malicious code can not be executed in the first place. Of course, no actual damage will be done to the system either. If you still don't see the difference between the two approaches, then I suggest we end this discussion.

Edit:

OK so you are now saying anything unspecified in the sandbox can not be run within the sandbox? OK if I assume that is true, LUA/SUA with SRP/AppLocker/AppGuard can do exactly the same. I don't see any advantage running sandboxie in such situations.

 

In mine there is. I run as admin my local win account.

 

Yeah I agree. If you use admin account for everyday computing, then Sandboxie should still be useful. But at the same time, it's still dangerous, because sandboxie only has user space privilege which can be compromised once admin privilege is granted to malicious programs.

 

Highly unlikely for Sandboxie. I've never been infected in the last 3 years browsing under Chrome/Sbie in ANY site I want, you know, happy clicking on anything. I don't care.

For the record I do not recommend this, just saying what I do on a daily basis though. Besides I have AppGuard, ERP hardened and Shadow Defender.

 

LOL as I suspected. You have some SRP enforced when you run on admin account and click happy.

 

There are a lot of things you can do with Sandboxie. I suggest you do some reading about it and dont assume you cant do something with it just because you dont know it can be done.

You prefer using LUA/SUA with SRP/AppLocker/AppGuard, thats fine. I am the opposite and prefer for many reasons to use Sandboxie alone. As mentioned by Mr X, running as Administrator is one advantage. And by using setting Drop rights, you lower the privileges of programs that run in the sandbox. Best of both worlds all at the same time with Sandboxie.

Bo

 

I don't read it because I don't care. When something can be done easily equally well or better with the OS built-in mechanism, I really don't want to use any third party apps to re-invent the wheel. My major point from the very beginning is what I just said: Just like third party HIPS, more and more sandboxing and exploit mitigations can be done easily with the OS built-in security features in Windows 10, therefore I see a diminishing trend for such kind of third party sandboxing tools. I don't care how much they can do now, because the OS can do the same more easily and straightforward.

 

I can see that.

I suggested reading because at least 3 times today you assumed Sandboxie is weak about something when in reality is the opposite. Later.

Bo

 

No I normally speak based on facts. Earlier in this thread during the conversation with Bo like the one I quoted below, somehow I had this impression that SandboxIE could allow drive-by downloads to run inside of the sandbox. Now I read it again, Bo probably referring to other sandbox tools/mechanisms but he was not really clear, because when I run the browser, I don't run anything un-restricted since I have LUA/SUA and AppLocker in place. Now it appears to be some misunderstanding. Anyway, truth is I could do equally well using the OS's built-in features without any third party tools such as SandboxIE. I prefer it that way, since the less third party software you have, the less attack surface you have in your OS.

I am sure with my current setup (LUA/SUA; strong password on both admin and SUA accounts; AppLocker; hardened Exploit Mitigation/EMET), Petya or any other unknown zero day attacked can be blocked, because any downloaded executables into the Temp or any other folders will be blocked by AppLocker. Light weight and effective, it's better than any third party software in my book.

 

Like I mentioned in the post above, you were not clear enough when you referred to Sandbox tools, because I don't run any sandbox without restrictions. If you said "other sandboxing tools" it would have been more clear. Either way, I don't care any third party sandboxing tools since my OS is effectively hardened with the built-in security features.

I suggest you have a good read on this previous thread below. Remind you that was with earlier versions of Windows 10; in Windows 10 v1703, a.k.a., Creators Update, the security features are certainly improved, so Windows built-in security certainly improved. I am sure in the future, Microsoft will make continuous efforts to improve the OS built-in security features.

You keep using Sandboxie, especially if you use Firefox. But let's allow time to tell the fate of Sandboxie.

https://www.wilderssecurity.com/threads/is-sandboxie-useless-on-windows-10.390335/

 

I mentioned Sandboxie features like Start Run restrictions when you implied that you cant restrict the programs that are allowed to run in the sandbox. My replies to your posts were specific to what you posted. We started talking about Data protection and you replied back implying that Sandboxie is weak because drive bys could run. Now you know thats not so, now you know that you can control the programs that are allowed to run but telling you about all that you can do with SBIE would take me about 3 forum pages (boring) and would make no sense since I was replying to your posts that belittled Sandboxies feature that protects data.

I remember that thread. Right now I only have my W7. My XP died a few months ago, soon I ll be replacing it with W10. And you can be sure that I will use Sandboxie in that computer pretty much as I use it in W7 and in the dead XP. Check this post by my good friend Elwe, he gives good reasons to use SBIE in W10..
https://www.wilderssecurity.com/threads/is-sandboxie-useless-on-windows-10.390335/#post-2635098

I ll add a couple more reasons to his list, running external drives like flash drives under Sandboxie is a must. You plug a flash drive to the PC, the USB folder pops up open sandboxed automatically. Anything that runs, runs sandboxed automatically. And being able to run Windows explorer/File Explorer sandboxed.

Oliverjia, I told you earlier, in my view, I get more benefits from SBIE for sandboxing other programs than what I get by sandboxing Firefox. Try not to forget, Sandboxie IS NOT a browser in a sandbox .

Bo

 

at least the facts are right as oliverjia wrote. but no reason to deny sandboxie in its usage or purpose. browsers grew up, making progress concerning security. all is wired, you can not speak about one while supressing other facts. i appreciate sandbox mechanism in browsers - and in security software - but the latest talk is about those sandbox mechanisms in security software which more and more collide with other sandbox mechanism. some can only use one same time! so chrome (and similar) and firefox are colliding with sandboxie but that wont reduce benefits (as bo wrote) for sandboxie. what about programs which dont use a sandbox? or testing purpose?

i dont wanna waste more time about discussion, pointless - take it or leave it.

 

I got some error message after upgrading windows 10 to 1703. I was using sandboxie stable. Uninstalled sandboxie for now. Does the latest beta work with Windows 10 creator's update?

 

Sandboxie latest betas support is up to Fast ring 15048. I think Windows 10 1703 is build 15063, that version will probably be supported in a few days.

You might like to follow Sandboxies beta thread, probably tomorrow something will be posted about support for that version in there.
http://forums.sandboxie.com/phpBB3/viewtopic.php?f=60&t=23888&start=60#p127194

Bo