Sandboxie Acquired by Invincea

Beta 5.19.3 has been released.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=61&t=24329#p127601

Bo

 

What really **phrase removed** on Sandboxie is that you need an upgrade every time the Browser changed. That's 90s style. I wonder why other Sandbox solutions like Comodo can handle this while Sandboxie needs for every gimmicks updates. Seems bad coding.

 

Comodo doesn't do sandboxing as Sandboxie. Have you ever wonder why there are no other program that do isolation/sandboxing like Sandboxie? I tell you the reason. Compatibility problems is why, which is also the reason for many updates for browsers (mostly Chrome family) AND Windows and also why other companies have gone away from doing sandboxing as Sandboxie.

I am thankful that we have Sandboxie but don't take for granted that its going to be around forever. Because its likely it wont. One day the cost of maintaining Sandboxie its going to be higher than profits and when that happens, we wont have Sandboxie anymore. Be thankful that the little program is still around despite most security programs going away from doing sandboxing.

Something else. There are things you can do to help the compatibility of programs you use along SBIE. I have the feeling you run Chrome and only Chrome under Sandboxie, and you have problems. On the other hand, I run Firefox and every program that runs in my computer under Sandboxie every time they run and rarely have problems. I dont get errors, messages. What I do is stay away from programs that dont work too well at a given moment in time with Sandboxie. If I start noticing something wrong or something I dont like, I switch programs and forget about it. I did that once.

I dont use Chrome but I believe most "problems" with Chrome running under Sandboxie are not really problems. Sometimes you might get an information message from Sandboxie about something Chrome is doing and you think the message is an error when actually is just information about Chromes normal process of doing things. I also noticed in some systems you cant restrict Chrome as much as in others. If thats you case, dont over restrict.

Now, if your complain has to do with gradual updates in betas or they being released too often. Dont use betas. Me personally, I like the way betas are released. The gradual updates makes it very easy for Invincea to figure out the change in code that might affect a system, your system when something goes wrong if you report the problem (for example), when you update from 5.19.2 to 5.19.3 than if you report it when going from 5.18 to 5.20.

A couple of years ago, I started noticing a lingering error when closing Firefox. No one else reported anything similar but I told Craig about it in a PM. And after he talked to one of the Sandboxie developers, he asked me to send him my system specs. Later that same day, they send me a modified copy of one of the Sandboxie files to test. It worked right away. After I confirmed it worked, later I got a PM from the developer (not Curt) telling me that his wife said Thanks, for the many hours of work that my report saved her husband.

Bo

 

Can you explain me why Sandboxie is different here compared to Comodo? Because I don't see any difference here because if I do create a special folder/virtualized store and remove it or inject the process - the result is the same, after the sandbox is closed the space gets wiped. To be honest the answer to your question is NO I haven't wondered because I have no research on this. Since Sandboxie isn't open source and Comodo also not really documented something on their internal processes.

My question is more why there are so often updates and if it's really necessary? I mean when Chrome/Opera/Firefox anyway already running in a sandboxed process I don't see the reason - instead they should be excluded to avoid this. I'm not sure if it isn't marketing anymore. I mean the times are once and for all over and Sandboxie hasn't evolved. Instead I would rather isolate the extensions only [because they are the more dangerous thread in most cases].

Can someone explain me with (if possible documents) why it's still necessary to isolate Chrome/Firefox and maybe with a Poc how the internal mechanism get's bypassed? I even would pay for this, cause Google and Mozilla have a bug bounty program and they pay a lot for this and I'm sure if it would be necessary it would already have mentioned or fixed. Of course Firefox is here the youngster but it's matter of time.

I'm not totally against Sandboxie but I don't see any argument anymore to recommend it especially if there are free programs available which doing the same.

 

Despite never using Comodo, here a few quick differences that come to mind.
1. Sandboxie uses more than one sandbox.
2. Sandboxie is used every time you run your PDF Reader, Office programs, video players, WinRar type programs, picture programs, your browsers, etc. You, the user, chooses what to sandbox. Someone like myself, the only time I am not using SBIE is when the computer is idle. You choose what to sandbox, unlike Comodo that sandbox automatically programs that are not white listed, signed or whatever parameter it uses to decide what to sandbox and what not to.
3. Sandbox settings. So many variable, you can set your sandbox in a thousand different ways, and still come up with more ways.
4 You can also sandbox (files that run out of them) folders, not only programs.
5. Huge difference. People who constantly uses Sandboxie, dont get infected. It just doesn't happens. If I go to the Comodo forum, I am sure I ll find people reporting getting infected. If you do the same at the Sandboxie forum, you can go back yearS and wont find any.

Bo

 

I understand that there are driveby malware that can run and install on its own with no need of user intervention, just landing in the wrong page can get your system infected. That alone makes it a good reason to use Sandboxie.

But there's more. In Sandbox settings, there are settings you can use to restrict the programs that can run or connect to the internet in the browsing session. You also have settings that prevent sandboxed programs from accessing sensitive files and folder so malware cant steal it and phone home. Etc.

Bo

 

Please keep it to yourself, for us poor folk.

 

I agree

 

I thought of putting things differently.

Sandboxie is a program for running other programs isolated from the system, registry and other programs. The goal is to keep the system intact and be able to use programs interacting with the system outside the sandbox as if you are not using anything/a sandbox.

Sandboxie is not Twilight zone. This interacting of sandboxed programs with the environment outside the sandbox is seamless. Thats a great feeling. At least, that's how I personally feel and dont take for granted that it is that way just because. It takes a lot of work for Sandboxie to work this way.

On the other hand, Comodos sandbox is a feature. Part of a program. Programs that get auto sandboxed. dont need to interact with the system or run. Later, if they were sandboxed as a false positive, you can white list them.

I see a huge difference .

Bo

 

Because sandboxie principle is a kind of "code whitelisting" (to describe it simply) to ensure its isolation is working; basically the software code is essential for Sbie. If the software's code change drastically (like chrome use to do) , Sandboxie has to adapt, it is why frequent updates are necessary. Sometimes you have to wait few days until an "fixed" release is available; which is one of my critcs about Sbie too.

because the other features (see below)

Sbie has a lot of other features like files/device/resources/registry/internet restrictions assuring a malware/keylogger in the sandbox has no access to the system at all or can call home. Built-in sandboxes of browsers obviously can't do that.

Sandboxie is also free (the paid version only force program/folder isolation) , and i would use it 1000 times instead of Comodo.

 

There's something I found curious, and it's how both Comodo Sandbox and Sandboxie handle Chrome's Appcontainer flag.

Normally, when you have appcontainer flag enabled and you check Chrome's integrity with Process Explorer it correctly states 'AppContainer'.
If you try to use Sandboxie on Chrome, the integrity level is 'Low'. However when I tried to use Comodo Sandbox on Chrome, it still read 'Appcontainer'.

I believe it was @mWave that stated that Comodo uses hardware virtualization. I assume that's how Comodo Sandbox was able to handle Appcontainer.

 

Because Sandboxie doesn't implement Appcontainer (yet), "untrusted" is the lowest integrity level possible for apps running in Sandboxie.

ReHIPS can also handle it because , i guess, it uses only Windows Mechanisms.

 

I don't think it has anything to do with hardware virtualization, support can probably be added without using the hyper-visor via Intel VT-x/AMD SVM. Although I am not sure.

 

In general, those free sandboxing apps don't give all of the options that SBIE provides. Like the ability to make multiple sandboxes and to protect data.

 

Being able to use multiple sandboxes is what sandboxing is all about. Sandboxing is isolation. Being able to use multiple sandboxes allows the user to separate/isolate programs not only from the system but from each other as well.

This is huge, for example, when I click on a PDF that I have in the desktop, the PDF runs sandboxed automatically in a sandbox where only Foxitreader.exe and Foxitreaderportable.exe can run, no program is allowed internet access and nothing can install in the sandbox. The tightness when I run PDFs is easily achieved because of the ability to use multiple sandboxes. And because we can use multiple sandboxes at the same time, things work smoothly/seamless.

Bo

 

Indeed , there is no point using a sandbox that can only sandbox one program/process.

 

I am not sure you understood what I wrote.

Most programs that do sandboxing, sandbox programs in one big sandbox. All run together, isolated from the system.

Sandboxie goes the extra mile. By allowing users to use separate sandboxes for different programs, programs can be run not only isolated from the system but from each other as well. We achieve better/more isolation when we dedicate one sandbox for one program. We cant do that for every program that we use but isolation is at its best when it can be done.

Bo

 

oh ok, so i misunderstand you. Indeed , i also prefer separated sandboxes, it makes more sense. i won't use a sandboxing program that doesn't give me the option of separate sandboxes.

 

Anybody have problems with SBIE after latest windows 8.1 updates? I use latest beta and get this error when launching sandboxed browser (Chrome, FF, Tor browser):


Problem started right after Windows update.

 

You probably know already but other users in W8.1 are experiencing the same.
http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=24406#p127938

As a temporary workaround, if the browser works fine after closing the messages, you could hide them for now.

Bo

 

Thanks for info bo. I will wait for next beta.

 

Just read <here>:
Sandboxie blocks those ports by default.
https://www.sandboxie.com/index.php?BlockPort

> that got me wondering if I'm doing right or wrong....since, I'll Remove default Miscellaneous+ (in sandboxes other than my Default sandbox) thinking I'm closing "hole" for not needed and cleaning up not needed in "ini".

right or wrong?

 

SBIE won't block infection through network if system is not updated. It could prevent infection spreading if malware is run under SBIE supervision. Just update Windows and you don't have to worry about it anymore.

 

My system is updated.
So, my thinking that I'm closing "hole" for not needed and I'm cleaning up not needed in "ini" by removing Miscellaneous+ is wrong?
My thinking is that "Default" is to get users started. Then user tweaks away "not needed".
Since, I've long time removed all Miscellaneous+ and my Fx sandbox works okay afaik then there's no need to "Improve the use".

Am I thinking arse-backwards.
Guess, I think minimalist & kiss.
Like for example, Firefox Options, I'll uncheck all I do not need.
So, for example in my Fx sandbox I'll uncheck all that I do not, as far as I know... need.

my thinking that I'm closing "hole" for not needed = right or wrong?