Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

  1. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    646
    Location:
    Canada
    Just bought this new Win. 10 PC Desk top and am trying it out with the latest Sandboxie update 5.33.1 and I do have an MS email account I can verify that I have no problem logging in to my account. With SB version 5.31.6 there was a problem logging in. P.S. I still have my old Windows 7 here right along side of me and it's still working good as well. :cool:
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,543
    Location:
    Nicaragua
    Nice. :)

    Bo
     
  3. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    113
    Long live Sandboxie! I still have hope for it to live on as open source, hopefully soon. :)

    I haven't installed the v5.33.1 yet. Has anyone who has installed the v5.33.1 maybe tried if installing MSI packages is now possible?
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,543
    Location:
    Nicaragua
    Hi Bellzemos. The issue with installing MSI packages is not fixed in 5.33.1.

    Bo
     
  5. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    219
    Location:
    VPN city
    Haven't found and MSI package to install. Don't know

    edit: I just realized that I replied to the wrong person Sorry about that @Bellzemos
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,162
    not sure about, O&O Defrag MSI works, O&O DiskImage EXE failes (wrong OS), Softmaker Office MSI works.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Well, perhaps I will shed a tear LOL. But it's not about being emotional attached, it's about Sandboxie being such a brilliant tool. You just can't beat app virtualization. Others have tried to copy Sandboxie, think of SafeSpace, BufferZone and GreenBorder, but they all weren't as good.

    But if some new tool comes up with the exact same abilities, I will gladly make the switch. Shade Sandbox seems to be promising, but I have the feeling it's not as powerful and secure as SBIE yet.

    https://en.wikipedia.org/wiki/Shade_sandbox
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    What I meant is that older versions of SBIE didn't make use of the "Windows Integrity Mechanisms" like Chrome does. In the Bromium report, Chrome's sandbox was called more robust, simply because of the fact that it's customized for only Chrome and can be made more restrictive than Sandboxie, which provides "global" app virtualization.

    It's a fair point, but as said before, normally when hackers develop exploit for the masses, they will be attacking Chrome or Firefox and not Sandboxie. Also, you can hardly blame Chrome and Sandboxie for getting hacked, if the Windows OS itself is leak. But even in such a scenario, Sandboxie still put up a fight.
     
  9. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    275
    Location:
    Canada
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,768
    Location:
    Canada
    I don't believe I mocked you or anyone for using Sandboxie. If I did, then my apologies. Ultimately, I was only trying to encourage the consideration of other means of securing a device, especially through the primary use of mechanisms built-in to the O/S. I remember years ago seeing a slogan in a mountain biking magazine that went something like: "Innovate or Die".

    Neither have I, using numerous, and different, security approaches over the years, other than only two exceptions in 23 years using Windows; one was installing crack software on XP from a pirate site - obviously my fault, and the other was after a fresh install of pre SP2 XP sitting behind only a DSL modem and the blaster worm hit immediately after the installation completed.

    Except the Windows mechanisms are already integrated into the O/S, practically eliminating the potentially sloppy coding often introduced by 3rd-party vendors. Unfortunately, using only Windows security mechanisms entirely has not ever been possible for me. Windows Firewall, for example, is a joke, because it can't even utilize wildcards in path rules :( I'm using a 3rd-party firewall with a purchased license that works fine, but lately the developer is asking for donations on its main web page. That's a red flag for me that suggests it may eventually be going under.

    Which is why it's prudent to nullify an infection attempt in its very early stages.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes, but who cares if third party tools are often superior in terms like features and being more user friendly. I couldn't care less about stuff like SRP, UAC, SmartScreen and Win Def. Third party tools are doing a better job for me. For example, the Windows Sandbox is pretty much a joke compared to Sandboxie.

    And they are using the exact same building blocks that the OS like Windows, macOS or Linux provides. And sometimes I do use OS security, for example I use WFC which is a frontend for the Win Firewall. But I'm planning to switch to TinyWall which isn't.

    Yes of course. But I already explained it can't always be stopped in the earliest stage. Let's say people receive an email that lures them to a boobytrapped website. The exploit is able to bypass the browser's sandbox and uses a file-less payload. Again, SRP and perhaps even AE won't be able to block that. A virtualization tool on top like Sandboxie will most likely protect against this.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,768
    Location:
    Canada
    Clearly it's a difference in attitudes, where I have full confidence that I won't allow an exploit to ever reach the "critical mass" stage, whereas Sandboxie is being utilized as a containment measure in a "just in case" scenario. People really should endeavor to prevent the former scenario by not being tricked into allowing an exploit in the first place.

    I also partially disagree with you on your last point where SRP and such can't block an exploit on a boobytrapped website, because often these exploits drop the malware into user-space directories, where a proper default-deny setup will block the attempt to launch the executable from these directories. If the user goes and allows it, then the user needs to educate themselves on ensuring it doesn't happen again.

    EDIT:

    btw, I'm not suggesting I'm right and your wrong in how we deal with threats, only that there is a marked difference.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes exactly. But if we lived in a perfect world, we wouldn't even need security tools at all. But keep in mind, sandboxes were designed to contain malware. So now, hackers don't need only one, but two exploits to get full control over the system, it raises the bar.

    I'm afraid you're wrong. Why do you think I specifically mentioned file-less exploits. It's because they don't drop files to disk. In theory they can simply download and run file-less ransomware in memory. So this means that file encryption is being done by an already active process in memory.

    Of course tools like HMPA, MBAE and Sandboxie may help. Some AV's with a behavior based anti-ransomware feature may also help. So no, Sandboxie isn't the only one who can stop this, that was never the point. I'm just saying.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,768
    Location:
    Canada
    Which is why I said I partially disagree. Powershell is utilized quite often in fileless attacks. Lock it down and the threat is nullified. At any rate, I don't want to veer OT, nor drag this out much further. The thread is about Sandboxie and I think we've all made our points.
     
  15. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    113
    @ bo elam - Hi Bo, thanks for the info.

    @ special - Today I've installed the new v5.33.1 in a Windows 10 VM and tried installing Mumble MSI - and sadly it won't install under Sandboxie v5.33.1. :(

    I wish they would list all the changes in the new version, like they did before (before as before all went downhill).
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,543
    Location:
    Nicaragua
    Well. I think you are doing it when you question my judgement for the simple fact that I use Sandboxie and will keep using it until the day it doesn't work anymore. I ll quote you again:
    Something else. When I said, "In over 10 years using it (using SBIE), I haven't seen any malware.", it doesn't mean that I believe that using Sandboxie is the only way to stay clean.

    This are my thoughts on whats best regarding security for each individual. I believe everyone should discover on their own how to beat malware. People should not copy what other people do, we should tailor our security based on our personal case use. Thats what I did and is the formula that brought Sandboxie to me. Eleven years ago, I could have gone a different way than Sandboxie but is obvious to me that I made the right choice in Sandboxie since I haven't seen anything malicious in all this years. Due to my success using SBIE, it wouldn't make any sense to switch away from SBIE. :)

    During the first two years using Sandboxie, I used an AV along SBIE, and also had a couple of scanners, but eventually dropped using all of them. I havent used real time AV since Dec 2010, or scanners since Dec 2011. This first couple of years using SBIE, I was tailoring my security setup (perhaps looking for the perfect companion for SBIE), looking for the perfect fit for me. And found it in Sandboxie and NoScript with no scanners of any kind. We could say that it took two years for my security setup to settle down totally. So, figuring out whats best for you is not something that you decide and in a couple of seconds is done. It takes time, I think feeling confident is what you get and you are surronded by it when you know you got it right. Thats the feeling I have had all this years.

    Bo
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,543
    Location:
    Nicaragua
    You are welcome my friend.

    Remember, we still have Curts fingers in SBIE. :)

    Bo
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,543
    Location:
    Nicaragua
    Thats exactly right. Let me tell you this. Like I said, the day Sandboxie dies, no reason to feel sad, here is why. In my view, what we gotten from Sandboxie after Tzuk left, is gravy. Is extra. And we gotten a lot of extra since Tzuk left. What, four or five years have gone by since that day, and we still have it working and working great. Why should we cry? Everything dies someday. A little inconvenience here and there but for the most part, even today, Sandboxie is still great.

    Before Tzuk left, I told him that whatever we get from SBIE after him leaving was like gravy. I also told Curt the same thing years ago. Sandboxies problem didn't start this past April, it started way back. So, if I was to feel sad about it, I already done my mourning and rationalized all that there was to rationalize. :)

    But even so, the day Sandboxie dies, the confidence that I built all this years regarding my computer security thanks primarily to SBIE is gonna crumble down. I am going to have to start from Zero again. I ll have to change how I use the computer and stop doing some of the activities that I like doing while using the internet and the computer. At least for a while, until I find a good replacement, I wont be doing some of the things I like doing. For me, the impact of not using SBIE in my usage of the computer is gonna be huge.

    Bo
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,768
    Location:
    Canada
    Honestly, there a number of replacement strategies you should be able to use. In the meantime, hopefully you can enjoy using Sandboxie for many more years. If I were in your shoes, I would embrace the challenge.
     
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,162
    best is not to be vulnerable to come this way round!
    thats problem for most people, not only here. to rely on approved bevahior. sandboxie is reason for my tools, but in most cases i dont need sandboxie this way any longer. as we dicussed more than once our understanding of sandboxie very different. if it will come to an end i will stick with the latest build and thats it until i will find a replacement. Bufferzone was a prequel here, in its basics similar or same and i was able to work with it. for now i dont know a sequel.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,768
    Location:
    Canada
    True enough, which is why I harp on nullifying the threat in the early stages, or better yet, before it can even gain a foothold.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes correct, I completely agree. It's best to block attacks in the earliest stage, that's why I'm using the EXE Radar + Sandboxie combo. But you never know if hackers can find a way to bypass AE or SRP. That's all I'm saying, nothing is bulletproof including Sandboxie. And BTW, why are we even talking about SRP, is it even available to home users? I would advice them to use EXE Radar, it's much more user friendly.

    And yes, most of these attacks are using powershell.exe, but there are file-less attacks that use other methods. That's why companies invest in "state of the art" security systems, they can't just simply lock everything down without breaking stuff. Same goes for home user systems in certain cases.
     
  23. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    219
    Location:
    VPN city
    That's why I have HMP.A now. An extra buff to Sandboxie.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    Yes, if you want to block in-memory malware from running you need tools like HMPA and MBAE because stuff like EXE Radar and SRP won't protect against this. I'm talking about "true" in-memory malware that don't need to use so called LOLBins. They can run inside the exploited app like the browser, see links.

    So let's say this exploit is able to bypass HMPA and can bypass the browser sandbox, then Sandboxie should still contain the malware. In case the malware happens to be file-less ransomware, file encryption should be prevented.

    Like I said before, home users will normally not encounter these type of advanced attacks, especially because browsers are way harder to hack than in the past. And hackers often want to get persistence on the system, and that's easier to achieve with PowerShell or by simply dropping files to disk.

    https://www.computerworld.com/artic...acks-stealthier-with-fileless-infections.html
    https://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html
     
  25. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    219
    Location:
    VPN city
    Voodooshield can block fileless malware. Or at least any that would start in one application and then call upon a windows system file to do its damage. Voodoo also protects against DLL injections by preventing the processes that would inject them and by whitelisting the DLL's now too. Voodoo also doesn't allow powershell to even run while it's "on"

    And S.A.P. consistently gets good scores in fileless malware tests in comparisons to other paid and free antivirus programs out there on AVLab every year and it too will stop an unknown DLL from loading into memory.

    But in the case of malware where the whole thing would happen inside of just one application, then yeah, you need something like MBAE or HMPA to stop that from happening.

    I really wish they'd advertise HMPA as exactly what it is instead of talking about it on their website as just "stay protected with hitman pro alert" because almost all of the malware that a home user would encounter doesn't get stopped by HMPA.

    In most cases Just sandboxie protecting the user's applications is more than enough.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.