Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

  1. guest

    guest Guest

    Check past blackhat contests, FF (and IE) most exploited browsers, some even hack it in less than 5mn lol


    I m amused by people disabling validated built-in security to add 3rd party mechanisms that are not proven more effective.

    It is like you kill all your white globule just because you trust your biohazard suite more...hilarious :argh::argh::argh:
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Brummelchen, I know you dont mean bad, is just that sometimes (I think), regarding the pureness in Firefox, you kind of push were you stand too much. I see it a lot at mozillazine when I go there looking for something (usually to keep Firefox....the way I like it). When I read your posts (specially there) you kind of sound like you try to intimidate people from doing with Firefox what they want to do. You sound rough, like I said, I know in the bottom, you don't mean bad but it might make someone, specially someone who doesn't know you, feel bad. Regardless of what I am saying, I think you are OK and I like you. :)

    Bo
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    I cant believe you dare to compare Multiprocess with Sandboxie. And is even worst that that, you make it sound like MP is proven to be better than SBIE. You amaze me sometimes.

    Bo
     
  4. guest

    guest Guest

    First I didn't say MP was better but that Sbie didn't prove itself better, nuance...read carefully please.
    Not saying, Sbie users are so few that no one care to breach it. Doesn't worth time and resources spent on it, even by Sophos Loool.

    Seriously Bo, what amaze me is you really believe sandboxie can stop everything while the soft can't even behave smoothly on modern browsers without perpetual adjustments.
    Ah yes, I don't use browsers like FF who just discovered what is sandboxing, so maybe because of this you indeed need Sandboxie to help you to surf safely, personally I don't.

    And honestly, to me, only beginners needs Sandboxie just to stop some malicious downloads lol...
    Any security-experienced person need almost nothing, just what the OS offers, some safe habits, a bit of knowledge about LOLbins and how to block them via few Windows tweaks then malicious executables and other scripts threats are gone.

    Now I run all my win10 systems barebone, using just the security it offers and sometimes playing with its security policies, i got tired by the security circus and all its FUD.
    More than a decade of testing security apps and none even got the chances to give me an alert unless I decided to toy with them...

    I dare to say that you, Bo, don't even need sandboxie.
     
    Last edited by a moderator: Jul 22, 2019
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Proof that Sandboxie does what is supposed to do? No better proof that Sandboxie does its job well, that there has never been any in the wild malware that escapes the sandbox. None.

    Security by obscurity? You can call it that if you want, personally, I wouldn't even care if that was the case (IS NOT), because whats really important is that there is no malware out there running around that breaks the sandbox. Thats whats important. And there has never been any. Other than Sandboxie, very few security software can claim that.
    You have been reading my posts for years, and you still don't know how I use Sandboxie. If you knew, it would it click on your head that browsing is the one activity were I need Sandboxie the less. I said many times, and I paraphrase myself, "NoScript does the blocking and Sandboxie the containing when I am browsing. Since the day I installed NoScript, I have never seen any malware attempt to run. The credit for that belongs to NoScript, not Sandboxie".

    I also said many times, something like this, "NoScript turns the sharks of the internet into sardines". And thats what it does, I see it everyday when I browse sties that I know are dangerous (no porn sites, but really dangerous sites) were other users get infected easily, just by dropping by, they ll get infected and I come out smelling like a rose when I am done at the sites. This are sites I visit daily. If you want to try them, I ll give you the links. I stream baseball and football year around, and those are mean sites where you need good effective security to browse safely and not get infected.

    Anyway, for me, Sandboxie, is more important in the rest of activities I do in the computer. Whatever I am doing with the computer, when I am using it, I do it sandboxed. No exception (other than when doing updates). Basically, the only time I am not using Sandboxie is when the computer is idle.

    guest, Sandboxie is a lot more than a browser in a sandbox. You keep forgetting that. :)
    I thought about that before. This is one thing you are probably right. I ll say its probably true because of NoScript and what I have learned while learning and using Sandboxie. The process of learning and using SBIE gives you more than just learning the software. So, even if that was the case, in the end, I still owe that to Sandboxie.

    Bo
     
  6. guest

    guest Guest

    @bo elam Now I understand why Sbie is so vital for you. Unlike you, I don't take the risk to visit dangerous sites on my productivity/personal computer. No way!
    When i had to (which is for testing), I have a dedicated machine for it which I wipe after each risky usage.

    I don't, believe me Bo, I just mention browsers because the other usages are insignificant since i run only clean stuff.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,444
    Bo

    I have the highest regard for your SBIE knowledge, but unfortunately not everyone can run their systems like I do. I have mission critical software I run every day and it all has to play together. Not a chance it would run sandboxed. So for me SBIE can't be the first line of my system defense.
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    You still missing the point, it is NoScript the most important software for me when I browse. When I say, Noscript turn the sharks of the internet into sardines it literally means what I am saying. Sites that are dangerous are tamed, the danger is gone. It doesn't exist anymore. Sharks eat you, sardines go next to you and put their lips next to your leg but wont bite you. Thats what I get out of NoScript. And on top of that, you have Sandboxie, just in case, like a safety net.

    If you use NoScript and Sandboxie like I do, you can go anywhere in the internet and not get infected. You ll visit sites that are infected and they wont do nothing to you and you wont even know that users that visit there before and after you are getting infected. Sites get tamed, the danger is gone.

    Let me try to explain something to you that would kind of give you the whole picture of how important Sandboxie has been for me all this years. Because of the way I use Sandboxie, for me using the computer is like when we use a regular TV or a radio. I mean, we turn it on and off and dont even think about malware. Malware doesn't exit, I get the same feeling with the computer because I sandbox every file and program that run in my computer during their lifetime in the computer. Is rare when I run something unsandboxed.
    As far as I know, I only run clean stuff. I use in W10, same well known programs I run in W7 and ran in XP. Nothing different, and I don't test programs just to see how they work or what they do. My computers are basically locked down. I got my W10 on July 7 2017, and haven't changed or installed anything new since a day or two after I got the computer.

    But, even though the programs I run are well known and clean, you never know what can happen when you run a file (any file) you download from the internet. Malware can hide anywhere, and use any file, to trick you into running it. So, my formula for success has been to run every file in my computer under Sandboxie during their lifetime in the PC.

    Since I dont play God to decide whats clean and whats not or have any scanner to help deciding whether a file is OK to execute it or not, I found a very convenient way in running files under SBIE. I get 0 inconvenience, is user friendly, secure, an on top of that, I get the feeling I am using the computer like malware doesn't exit or like if I was using nothing for security. Some people cant understand why I sandbox most files that run in my computers, but cant beat it.

    Bo
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Hi Pete, the way I use Sandboxie is not for everyone. Some software cant run sandboxed. I know that's the case for you. If someone test software all the time or changes software all the time, that user definitively cant use the computer with SBIE like I do. Or, if someone shares the computer with other users, you got to have antivirus or scanners, so,my way of using the computer with SBIE for that type of user is not reasonable. Every case use is different. Or, someone who uses Edge or the Windows Store, my case use of the computer and SBIE is not for that user either. Personally, I found something that worked great for me all this years, luckily I adopt it when I found it. But is not for everyone.

    Bo
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    I like to add. If my case use of the computer was different than how it is, I would find how to maximize using Sandboxie, regardless of how I use the computer. You can always get more out of Sandboxie if you use your imagination.

    Bo
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,444
    Yep bo you are right, and I've tried somethings, but they don't work. I also have to consider there is another person who has to be able to make it all work.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,148
    Location:
    Here
    I don't attend Blackhat, so I should be safe :D (it's probably only place where you can encounter those exploits)
    Also, on competition they hack it in few minutes but they can prepare exploits for months...

    But seriously I don't see such a problem. If a security feature is causing a problem and I can disable it, why not? IMO by doing this, my overall security is not reduced much so it's not a big deal for me.
     
  13. guest

    guest Guest

    @bo elam what will you do if you cross a sandbox-aware weaponized installer that just stay dormant if sandboxed when you run it? (because they are able to detect Sbie's injected dlls in processes).
    You will think it is safe, you will install it the normal way then boom, you are infected. Of course, those kind of malware aren't abundant but they exist.
    I don't even talk about kernel exploits...

    Not saying, some software won't perform properly if installed sandboxed, you must install them unrestricted, so how sandboxie could help you?

    Your only real protection is your capacity to investigate the file's legitimacy and be able to prevent unwanted file execution.

    Don't make me wrong, I don't dismiss the merits of Sandboxie, I used to use it since ages too as a "in-case-of" protection, but I have more reserves than you towards it and won't rely only on it as main protection.
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    I dont use Sandboxie for figuring out if software you test/install in a sandbox is clean or not. Thats the wrong way of using Sandboxie. I said that many times here before. Sandboie should not be used that way.

    Bo
     
  15. guest

    guest Guest

    So
    Sorry Bo, a sandbox is also supposed to be used this way, if not, why implementing sandboxed installation? Why create the process view that show what a sandboxed app does.
    It is not because you lack arguments to contradict what obviously became a weakness due to malware evolution, that it suddenly become a wrong usage and just based only on your unique perspective.
    Sandboxing and Sandboxie are made to isolate potential threats and unwanted system changes, and using it to verify the behavior of file (installer or not, malicious or not) is not "wrong usage", it is the main purpose.
     
  16. davisd

    davisd Registered Member

    Joined:
    Feb 2, 2016
    Posts:
    18
    Location:
    Latvia
    And whats the right way of using it? Drater.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Using your words, "to verify" the behavior of the installer is whats wrong. But guest, if you want to use Sandboxie that way, I don't have a problem. But you will have a problem when you are fooled by malware that don't do nothing when run sandboxed but infects when you run it unsandboxed. Its your fault if you make that mistake. You know that some malware wont infect when run sandboxed. So, why use it that way (to tell if software is clean or not). It doesn't make sense. But some people do and think thats one of the purposes for using SBIE. Now I remember, you like to use Sandboxie that way, and I think you kind of promoted using it that way but is not a good way of using SBIE.
    Malware being able to detect thats running sandboxed is not really a weakness. Think about this If Sandboxie tried to hide itself, people would use it to cheat, and we would have antiviruses detecting Sandboxie as bad software or something worse. Good clean software doesn't hide itself.

    Bo
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Hi Drater. The problem, IMO, is using Sandboxie as a guide to tell if software is OK to be installed outside the sandbox. You can install suspicious software in the sandbox, use it, and delete the sandbox after using it. I think thats OK. But using Sandboxie to tell how software will behave when installed outside the sandbox (based on the behavior it had in the sandbox) is not a good way for using SBIE.

    I dont know how much you know about Sandboxie. But in a couple short paragraphs, I use it to run programs I run in a daily basis. If I run a PDF, it runs sandboxed. If I run a video, it runs sandboxed. Browsers run sandboxed every time one runs. Any file I download from the internet, runs sandboxed during their lifetime in the PC. There are exceptions to that rule, but pretty much thats how it is. If a flash drive gets plugged in, files that run out of it, will run sandboxed.

    Regarding installing programs in a sandbox. Personally, I dont install anything complicated. I seen people trying o install Windows, or a VM in a sandbox, you cant do that. Installing MS Office would be something that wont work. But you can install Libre Office, most browsers, videos players, things like that. Myself, I use Sandboxie very little for testing or installing programs. I mostly use it to install Flash, that way I dont install Flash in my real system. Right now I have Irfanview in my W10, and sometimes I might install a video downloader. I got one like that in my W7.

    Bo
     
    Last edited: Jul 23, 2019
  19. guest

    guest Guest

    Bo, You just repeated what I said above hahaha,.
    In the past Sbie was promoted that way, and it is not from my mouth but from the site itself: "don't trust any Apps" and other "run it first sandboxed", I didn't invented it.
    At that time there were no sandbox aware malware. So the issue wasn't one, now it is.

    Not by design but by incidence.
    Because Sbie's dlls are not obfuscated, malware detect them. Not the fault of Sbie, just that malware get smarter and it render Sbie useless.

    What?!
    Cheat, what for? And AV just need to get the dll whitelisted.

    Why not?
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    No, Sandboxie has never been promoted as a program for you to test programs and use the results in the sandbox as a guide of how good or bad the sandboxed program would behave outside the sandbox.

    Users like you, erroneously, have used Sandboxie that way. You knowing that there is malware that can tell when they are running sandboxed and wont do nothing bad when sandboxed, makes it even worse that you used and promoted Sandboxie to be used that way (using the results in the sandbox as a guide of how bad or clean the sandboxed program is).

    Personally, it doesn't bother me if you use Sandboxie wrongly. Is your choice. I like having choices and you as an adult have the right to decide whats best for you. This conversation with you on this matter is over on my end. Greetings, guest.

    Bo
     
  21. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    240
    Location:
    Mexico City
    Hello,

    I have a very newbie questions about sandboxie

    What I do is, I always no matter what when browse I run FF sandboxed in shadow mode.

    I only uncheck the Sandboxie option "Force Firefox to run in this sandbox (Registed version only)" when I need to update FF.

    Every time that there is a new version of FF I click on Cookies and Site Data > Clear Data...
    and Click on History > Clear History
    After this I Sync.

    At this moment my stored cookies, site data, and cache are currently using X KB of disk space, sometimes more sometimes less..

    Is useful to Clean Data and Clean History then Sync when FF is sandboxed?
    Or I am wasting my time doing this?

    Second
    If Sandboxie attempts to delete the sandbox contents without success, the only thing I do is exit Shadow Mode and reboot, Am I taking any risk doing this?

    Thanks
    Came
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    Hi Came. When you update programs like Firefox, you really dont need to disable the "Force Firefox to run in this sandbox" option in Sandbox settings. Next time, right click the Sandboxie icon by the clock and click Disable Forced programs. Doing that gives you about 14 seconds to run the program unsandboxed and start the update.The update will then be done unsandboxed.

    If you like, you can change the 14 seconds (I think is 14 seconds the default number of seconds). I changed mine long time ago to 60000 seconds :D. If you like to change the number of seconds, open Sandboxie control and click File>Disable Forced programs, an screen will open, and change the amount of seconds to the number you like. See picture below.

    2.jpg


    I never used Sync, or even cared about knowing how to use it or what it does. What I do in one computer has nothing to with the other, that's so even though I use same programs and do same activities. So, I cant tell you anything about using Sync with Firefox and Sandboxie.

    But I can tell you how I handle cookies, history, etc. First of all, the only time I run Firefox unsandboxed is when I do updates. Since that's the case, then that's the only time I get cookies in Firefox. I clean this cookies, by running CCleaner after updating Firefox and rebooting the computer. I never seen a Firefox cookie get out of the sandbox.

    I handle History this way. Since Firefox saves bookmarks and history in the same file, when we save bookmarks out of the sandbox via Sandbox settings, then History gets saved as well. So, how do I get rid of History? I use custom settings for history via Firefox Options. See screen below. When you set Firefox this way, history gets deleted but bookmarks are still being saved, and cookies and site data are deleted by Firefox when you close it and/or Sandboxie when deleting the sandbox. So, you really wouldn't need to clear data if you use Private browsing in Firefox.

    1.jpg

    Theres no risk in doing that. After rebooting the computer, the contents in the Sandbox folder should be identical to what it was before going in Shadow mode.

    Bo
     
    Last edited: Jul 23, 2019
  23. guest

    guest Guest

    Come on Bo,, I don't say to test malware, at the time Sbie was created there were no sandbox-aware malware, so stop with it... Sbie is to see if a file/program is safe to run then to use it outside the sandbox if needed.
    It is exactly what you are doing, you run your video player sandboxed in case the video is malicious. You are basically testing the video, up to you if you run it unsandboxed or not after, that is the purpose of any sandboxing program, Sbie included.
    I don't see you contradict the "dont trust any apps" tzuk's slogan, it means if you don't trust an app, test it first in Sbie. You think it means run all programs only on Sbie?

    Not all progs can perform properly sandboxed but you can see if something is wrong when you execute it or its installer.

    If you can't get it, your problem but don't tell others they are wrong.
    If not what the point of using Sbie? Delete cookies and downloaded files? Lol.
     
    Last edited by a moderator: Jul 23, 2019
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,273
    Location:
    Nicaragua
    OK, guest, you got me going. Perhaps, one more reply and we can close this up.

    This is what Sandboxie says at the Sandboxie site about testing programs. Is only one sentence and is very clear what it says. Please read under Application testing in the link I linked below, I quote, "Safely test and try new programs and applications within Sandboxie and prevent unauthorized changes to your underlying system that may occur."

    Thats all it says guest. Now, your words and I quote you, "...then to use it outside the sandbox if needed." Those are your words, they dont come from Sandboxie.

    Hopefully, this is the end of this. Here is the Sandboxie link.
    https://www.sandboxie.com/

    Regarding the "Trust no program" slogan, Tzuk never said what he meant with it. I got some ideas what he meant, if you want to know what they are, search for Trust no program in this thread and you ll find what I wrote. At least 2 or 3 times I written what those words mean to me. Later.

    Bo
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,517
    Location:
    Canada
    I'm pretty sure the primary reason right from the infancy stages of Sandboxie's release, was to run Internet facing programs like web browsers and email programs in a secure environment, offering the user the chance to recover files from the sandboxed environment when it's closed. Doesn't the name SandboxIE kind of imply sandboxed Internet explorer, the popular browser at the time of Sandboxie's release?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.