Sandboxie Acquired by Invincea

Okay, my confusion.
Just found: https://community.sophos.com/products/sandboxie/f/forum/116304/sandboxie-leaking/420741

Edit: just found re deprecated.cookie n' Windows automatically recreates some files: https://forum.piriform.com/topic/56057-suggestion-for-ccleaner/?tab=comments#comment-312391

 

the picture on sophos is fake. ccleaner cumulates found cookies in that option which do not apply to the real existance of cookies. never ending story.

the existant of cookes is as bjm_ shows up when you ticked IE > cookies - or IE direkt (internet options).

 

Thank Bo.. maybe they are spy us I will block it that connection

 

Microsoft account login fix per Akhilesh@Sophos 11-21-2019
https://community.sophos.com/products/sandboxie/f/forum/116358/microsoft-accounts/421336#421336

 

Guys, did you see this? Browsers like Chrome and Edge were hacked, I assume this means that they were able to bypass their sandboxes. In other words, if you ran Sandboxie on top, the malware would most likely be contained.

https://www.wilderssecurity.com/thr...kers-have-gathered-at-hacking-contest.423249/

 

no BS please - bypassing chrome or edge means bypassing windows sandbox and this dont matter whether inside or outside sandboxie to gain access to any data and send it out.

https://chromium.googlesource.com/chromium/src/ /master/docs/design/sandbox.md

 

Probably, but 0-days are astoundingly rare and Sandboxie doesn't really seem worth the program breakage that everyone seems to be having, me included on my laptop.

 

Does the Sandboxie offline activation page still work to generate the 400-character
activation key?
https://www.sandboxie.com/license/activate-offline.php

Is that completely done away with since the Sophos change?

 

At the risk of shooting myself in the feet I find fault with your short argument because SBIE does not rely solely on the built in windows uac controls or integirty levels (aka in this instance what I took to be your description of the 'windows sandbox') but instead relies on hooks [OM*G the number of user mode hooks is insane!] and then has requests sent to the SBIE service asking for permission to do THIS OR THAT.

They are both using lower integrity levels as a starting point (and this is mostly good). It does not, however, instantly translate into fact that if someone can trick or bypass the Chrome broker it also applies to Sandboxie.

Sandboxie has both service and driver components to aid in it's decision making and enforcement, chrome does NOT. How helpful that ends up being is not something I can properly attest to as I haven't investigated either in this scenario but with the little experience I do have with SBIE I'm tempted to believe that it still has a greater chance of preventing an escape.

Don't get me wrong. I find the sheer number of user mode hooks which SBIE currently uses alarming. They are more often than not responsible for the compatibility issues you read about here or there. I don't even use SBIE anymore and while not particularly related to the number of hooks I have found things to simply be easier to handle these days.

That said I still disagree with your statement that one cannot protect against something just because the other doesn't simply because they both start off by relying on a principle of 'least privilege' even if that means they initially start off at the same disadvantage by relying on the OS to limit what they can do and both use brokers to check the rest. SBIE has many 'extra' checks. It also has a bunch of other 'options' a user could choose to enable in order to block even more things.

 

bypassing windows sandbox means to break out of untrusted or low integrity process - this means bypassing DEP, ASLR, CFG Integrity - one or combo of those. if sandboxie has "extra" checks this would mean you can bypass or harden these mechanisms, even they were deep hidden under the hood (ini file). if you have set sandboxie to limit processes, access, rights or web ofc this would limit the damage. if not anything is possible. i dont know how many special switches sophos built into sandboxie to eliminate incompatibility for chromium based browsers.

 

Are you sure this is BS? AFAIK, these hackers used holes in Chrome to break out of the sandbox. Sandboxie implements the sandbox in a different way, so if Chrome and Firefox get hacked, this doesn't mean that Sandboxie will fail to protect the system automatically. Hackers will also need to exploit Sandboxie. So I'm afraid you're the one who is talking BS.

 

Would auto-denying admin access help with this at all?

 

I won't argue with you there.
I don't even use it atm so while once upon a time I might have bothered to some test stuff ~ that isn't where I currently am.

Hopefully people who care and have some real insight will take a look once the source is finally released and be able to tell actual users more!

 

No of course not. They are using holes in Chrome to get remote code execution and then elevate rights. The point is that if Sandboxie is not targeted, it will still contain the malware.

 

You know this based on what information? So far I've seen nothing but an obscure tweet on this hack. If this was the Pwn2own tournament, details on this nature of exploit would have been posted within a week of it happening.

 

Wait wait. So seeing as how LOTS of people use chrome and not that many people use sandboxie, if only by comparison, how likely is it that someone would target sandboxie as well as chrome using the same exploit method?

Okay, while proofreading this post, I scrolled up and saw that you weren't the one nay-saying sandboxie. Hopefully @Brummelchen will see this post.

The whole point of using sandboxie is to have a safety net in case of exploited vulnerabilities in any applications that you'd run inside of sandboxie. If you're worried that something might bypass sandboxie as well, then get HitManPro.ALERT! to go with it and set the rule that allows HMPA to work with sandboxie. But what you'll want to do is set the rule for just one sandbox and then go into the configuration file and cut&paste the rule into the global rules.

 

Don't just hope, make sure he can read it. How? Mention him in the post by clicking @ followed by his name. A notification will be showed when the user signs in.

 

Oh, by the way, I was talking about auto-denying admin access within the supervision of sandboxie's sandboxes, not windows.