Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,316
    Location:
    .
    Last edited: Nov 14, 2019
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,019
    the picture on sophos is fake. ccleaner cumulates found cookies in that option which do not apply to the real existance of cookies. never ending story.

    the existant of cookes is as bjm_ shows up when you ticked IE > cookies - or IE direkt (internet options).
     
  3. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    244
    Location:
    Mexico City
    Thank Bo.. maybe they are spy us :ninja: I will block it that connection
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,316
    Location:
    .
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,019
  7. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    12,732
    Location:
    UK
  8. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    492
    Probably, but 0-days are astoundingly rare and Sandboxie doesn't really seem worth the program breakage that everyone seems to be having, me included on my laptop.
     
  9. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,177
  10. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    411
    At the risk of shooting myself in the feet I find fault with your short argument because SBIE does not rely solely on the built in windows uac controls or integirty levels (aka in this instance what I took to be your description of the 'windows sandbox') but instead relies on hooks [OM*G the number of user mode hooks is insane!] and then has requests sent to the SBIE service asking for permission to do THIS OR THAT.

    They are both using lower integrity levels as a starting point (and this is mostly good). It does not, however, instantly translate into fact that if someone can trick or bypass the Chrome broker it also applies to Sandboxie.
    Sandboxie has both service and driver components to aid in it's decision making and enforcement, chrome does NOT. How helpful that ends up being is not something I can properly attest to as I haven't investigated either in this scenario but with the little experience I do have with SBIE I'm tempted to believe that it still has a greater chance of preventing an escape.

    Don't get me wrong. I find the sheer number of user mode hooks which SBIE currently uses alarming. They are more often than not responsible for the compatibility issues you read about here or there. I don't even use SBIE anymore and while not particularly related to the number of hooks I have found things to simply be easier to handle these days.

    That said I still disagree with your statement that one cannot protect against something just because the other doesn't simply because they both start off by relying on a principle of 'least privilege' even if that means they initially start off at the same disadvantage by relying on the OS to limit what they can do and both use brokers to check the rest. SBIE has many 'extra' checks. It also has a bunch of other 'options' a user could choose to enable in order to block even more things.
     
    Last edited: Nov 29, 2019
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,019
    bypassing windows sandbox means to break out of untrusted or low integrity process - this means bypassing DEP, ASLR, CFG Integrity - one or combo of those. if sandboxie has "extra" checks this would mean you can bypass or harden these mechanisms, even they were deep hidden under the hood (ini file). if you have set sandboxie to limit processes, access, rights or web ofc this would limit the damage. if not anything is possible. i dont know how many special switches sophos built into sandboxie to eliminate incompatibility for chromium based browsers.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
    Are you sure this is BS? AFAIK, these hackers used holes in Chrome to break out of the sandbox. Sandboxie implements the sandbox in a different way, so if Chrome and Firefox get hacked, this doesn't mean that Sandboxie will fail to protect the system automatically. Hackers will also need to exploit Sandboxie. So I'm afraid you're the one who is talking BS.
     
  13. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    171
    Location:
    VPN city
    Would auto-denying admin access help with this at all?
     
  14. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    411
    I won't argue with you there.
    I don't even use it atm so while once upon a time I might have bothered to some test stuff ~ that isn't where I currently am.

    Hopefully people who care and have some real insight will take a look once the source is finally released and be able to tell actual users more!
     
    Last edited: Dec 1, 2019
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
    No of course not. They are using holes in Chrome to get remote code execution and then elevate rights. The point is that if Sandboxie is not targeted, it will still contain the malware.
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,620
    Location:
    Canada
    You know this based on what information? So far I've seen nothing but an obscure tweet on this hack. If this was the Pwn2own tournament, details on this nature of exploit would have been posted within a week of it happening.
     
  17. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    171
    Location:
    VPN city
    Wait wait. So seeing as how LOTS of people use chrome and not that many people use sandboxie, if only by comparison, how likely is it that someone would target sandboxie as well as chrome using the same exploit method?

    Okay, while proofreading this post, I scrolled up and saw that you weren't the one nay-saying sandboxie. Hopefully @Brummelchen will see this post.

    The whole point of using sandboxie is to have a safety net in case of exploited vulnerabilities in any applications that you'd run inside of sandboxie. If you're worried that something might bypass sandboxie as well, then get HitManPro.ALERT! to go with it and set the rule that allows HMPA to work with sandboxie. But what you'll want to do is set the rule for just one sandbox and then go into the configuration file and cut&paste the rule into the global rules.
     
    Last edited: Dec 7, 2019 at 5:04 PM
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,632
    Location:
    Mexico
    Don't just hope, make sure he can read it. How? Mention him in the post by clicking @ followed by his name. A notification will be showed when the user signs in.
     
  19. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    171
    Location:
    VPN city
    Oh, by the way, I was talking about auto-denying admin access within the supervision of sandboxie's sandboxes, not windows.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.