Sandboxie Acquired by Invincea

Only someone who cant see the forest because of the trees would see what you found as proof of weakness in Sandboxie, when in reality, having to go all the way back to 2008 to find something that broke the sandbox is actual proof of how strong Sandboxie is. Any security product, including AppGuard, would love that kind of record. I could not have done it better. Thank you .

Bo

 

You are welcome.
as you said breaking any sandbox apps from inside isn't easy job, however breaking the sandbox app from outside is also a valid attack, because not all the OS run isolated and we all know that there is many vector attacks.

 

The slogan refers to programs running untrusted, which is what takes place when you run your browsers, PDF reader, Office programs, etc, sandboxred. I get it, you are trying to poke fun at Sandboxie, you boys from MT had a lot of fun this past few days banging on SBIE, keep it up. But about the slogan? Make all the fun you want about it, but it works.

Bo

 

I was gonna get to that, guest. From Sandboxies point of view that's not so. For Sandboxie to work, the system has to be clean to begin with. There are no if ands or buts on that. If your system is infected, Sandboxie cant do nothing for you. And its not supposed to either or claims to do so.

Bo

 

Typical response from you BO, and yes I remember you from MT from some years ago.

It has been stated already this was not recent, but in the past these things occurred, the other fanboy wanted it placed directly on his dinner plate in front of him, so I dug one up.

What this proves above is that NO software is perfect, and that bugs exist and are/can be exploitable, including the OS it runs on.

Now the developer of sandboxie, I have respect for. This particular problem was brought to him, he did not become defensive or lash out at anyone, and gracefully resolved the problem, even after a user stated that this issue proves nothing is 100% and users should focus on regular backups.

I fully expected the response of this is old, even after that had been established before I posted, this is OK, if one reader walks out of this thread realizing nothing is bullet proof, then it will be a good thing.

 

indeed Bo, problem is that normal sandbox users (unlike you, me or some others) have a high tendencies to recover the sandboxed files, then run it non-isolated because they don't know how to pinpoint any malicious behavior while it was in the sandbox.

I saw many use a sandbox , run a file in the sandbox and then because nothing happened inside , assumed the file was safe then ran it outside.

i remember before someone created an AV or BB (forgot exactly the concept) acting as a sandboxie "plugin" (if i can say that ) to verify any isolated file , it was called like "buster" something.
This should be available again, will help many

 

Hi AD, I feel the same way as guest and Mr X. To me, you are OK.

Bo

 

guest, thats a user problem, not a Sandboxie problem. Sandboxie should not be used to tell if a sandboxed program is clean or not. Sandboxies role is not playing god.

Bo

 

I remember you. Your posts, here at Wilders, the ones that have nothing to do with SBIE are soaked with prepotence. I read a couple today. Please, lets stay away from each other. And thanks again.

Bo

 

I'm OK with that, I'm only seeking to discuss security with level headed, open minds, that still have at least one foot in reality.

 

i know i just say this in general, not focusing on particular apps. Just to say a soft vulnerability should be fixed wherever the vulnerability is coming from and whatever it does. Sandboxie fixed it quite quickly, that is good enough to me.

 

They fixed it in May. And said they "believe this vulnerability is not serious and unlikely to be exploited. This exploit cannot be run within an isolated environment, and cannot be exploited without already being outside of the protection of the isolated environment."

To me, that's as clear as it can be.

Bo

 

yes it was a PoC , and we all know that PoC rarely spread.

 

Agreed. Do you know what happens when a mod "hears" too much noise? He shuts down the source of noise. Not let this happen to this thread. Follow common sense and stick to the current beta... Just as the mod with the walking dog says.

 

Yes I agree.

Good to know it wasn't that serious.

The funny thing is, I was the only one who gave you an actual answer. If a browser's sandbox gets bypassed, that doesn't always mean that SBIE will be bypassed also, that's the only thing that matters.

 

I'm amazed that at WildersSecurity we need to argue about how seriously good, how profoundly exceptional Sandboxie is.
While some smart people are pointing to some examples of "weak" Sandboxie, I can tell from my personal experience that only Sandboxie was able to protect me against all that malware/ramsomware/etc... nastiness, while all those highly advertised AV's, programs, apps, etc... failed.

Oh yes, I understand that you can have a computer setup so strict, so protective, so impenetrable without Sandboxie, but I doubt that I would be able to enjoy the speed, flexibility, usefulness, benefits, etc... of the Internet.

Anyway.
Long live Sandboxie.
What a perfect idea!

P.S. I've posted this comment not(!) for discussion. It's my deeply-rooted belief and knowledge from long-term experience; therefore, please, don't start marketing some app or arguing.

 

That was not the point of the debate. All participant knew already it is a solid soft.

 

That's my main point!

Thank you.

 

Anyone ran Firefox 55.0 in Sandboxie yet? FF 55 has many changes. https://www.mozilla.org/en-US/firefox/55.0/releasenotes/

 

I usually wait for a few days before updating Firefox, but I tested 55 yesterday installing it in a sandbox and all seemed well. I only had it for a few minutes, but I tested playing videos in YouTube and made sure my addons were working. All was well.

Bo

 

Netflix still won't stream in FF 55 and SB. I hope they get this fixed.

 

Hi Ivo, they know about the problem. Fixing it is probably not a priority. Greetings.

Bo

 

Let's say I sandbox MS Word, but for convenience's sake, I give it direct access to my personal files.
Do my personal files have some protection, or no protection? I understand the Word application itself can do as it wants with my personal files. My question is what happens if Word is exploited: some protection, or no protection?