Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Welcome! Thanks for the good news!
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yes. This is it. His involvement in this project is why I was so happy and excited when I heard about it.

    Bo
     
  3. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Well, this is very understandable, I didn't expect this level of interest and enthusiasm, honestly. Currently running Insider builds but I'd stay on release builds if new SBIE versions are going to come out in a timely way.

    It seems Rasheed came the closest to fortune-telling what was going to happen. Cool beans, Rasheed. :)
     
  4. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    That seems so arbitrary though. What good is a signature to determine the safety of a file?

    It's like the most notorious criminal in the world wearing a name tag that says "The pope" or something that reads as the name of some other VIP typed person. and then he's allowed into a place just because he has a name tag that says he's the pope and not the world's most well known criminal.

    I really wish antivirus programs would stop leaning so heavily on digital signatures to figure that out. It's just not a good way to protect a system, yes I know comodo does that, but they also match up the signing authority along with the signature its self and they also match files based on a SHA1 hash.

    It's really just a matter of a bad actor pirating signing software and then slapping any signature they want onto malware, that's why it's important to match up the signing authority or the thumbprint of a signature before you allow something.
     
  5. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    SecureAPlus's Apex engine is now one of the products on virustotal that detects the setup file of sandboxie 5.40.1 as malware.
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    +1
     
  7. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    219
    Hello to all Sandboxie enthusiasts!

    I am very happy to read the news from the last days! Tom is with us and he seems really interested. So thank you Tom and also thanks to Curt, Ronen and of course everyone else who was, is and will be involved in developing, testing and supporting Sandboxie!

    I have a question already: where can I download the latest "official" SBIE v5.33.6? I only see the link to the v5.33.3 on the Sophos site.

    Again, thank you all! Let Sandboxie live on and keep on making our Windows computers super secure like it did for so many years!
     
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    https://community.sophos.com/produc...ndboxie-5-33-6-release-and-open-source-update
     
  9. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    What I've been hoping to hear since the open source idea was first muted. I have to say your intimate knowledge of the product, track record for resolving what others thought unsolvable within the product and initial comments on this forum fill me with more confidence for SBIE's future than Ive had since before the Spohos times.

    Part of a developers role is to know what's desirable to achieve within the paradigm of the products intended purpose. That often involves saying no to the fanciful that may detract or weaken the main goal of the software. Open source can mean those who hear the word no go off and develop their own version, often unclear about the impact it has on the wider development framework that has allowed the product to sustain the trust of its users. That can in turn weaken protection or overstrech the application to something it wasn't mean to be and is therefore not fundamentally designed to do.

    I'm really hoping having someone like yourself on board will mean we always have 'pure' core offering that we can have confidence in.

    Best wishes for your endeavours.
     
  10. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    I welcome SandboxieDev. These are my thoughts.

    I'd like to see Sandboxie developed by Tom @SandboxieDev and team for continuity and also to keep it's name, remain freeware, be without ads etc, online, periodical requirements, putting pressure on the user, or 'phone homes' and remain open source and be the focal point for others that are experimenting to feed into. I'd like one point of download that will become the place to go.
    The developer himself has said that money is not a problem to proceed re (certificate etc). I still have my lifetime licence and hope that lifetime licences will be recognised if Sandboxie is not freeware. I know that there is some value in 'forks' but I prefer to be following a single developer/development.
    When Tzuk (Ronen Tzur) was developing Sandboxie, the development was carried forward by the enthusiasm of users and forum members that constantly fed in their opinions and Tzuk was responsive and open to developer/user dialogue which is a mode of development that I like a lot.
     
    Last edited: Apr 17, 2020
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    You mean the post in the Sophos forum with the SbieSvc.exe stack traces?

    I saw that, I missed initially the point that apparently there were two issues with MSIserver, one from 1809 that broke it partially, and an other in 1903 that broke it entirely.
    Fixing the later was easy, see my pull request. And with that the few MSI's I tried worked fine.
    As far as I observed, as already mentioned, the broken part is around the "Custom Actions" mechanism.

    What I don't get about the stack trace is that it mention's a "SbieSvc.exe guest" but I don't see a SbieSvc.exe being started inside the sandbox at all. There are only two instances that are always there even when no sandbox is active.


    About the need for a kernel debugger mentioned, because service.exe is protected, there is an app for that; you can use TaskExplorer to clear the protection flag without the need to attach a kernel debugger. It uses the PPLKiller method https://github.com/Mattiwatti/PPLKiller just that you can use it to set and unset the flag for selected processes using a UI.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I agree that signature is not enough to say some file or app is safe or not.
    But in this case, SBIE's driver has to be signed, otherwise Windows won't let it load. So without certificate, Sandboxie won't be able to run on Windows.

    EDIT: disregard that, I just saw what you were replying to.
     
    Last edited: Apr 17, 2020
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @SandboxieDev
    As far as I understand the posting in the Sophos Forum about the MSI bugs, the procedure to reproduce starts with adding OpenClsid={000c101c-0000-0000-c000-000000000046} to the Sandboxie.ini hence allowing the MSI installer to be started by services.exe outside the sandbox this way I in indeed get the additional SbieSvc.exe instance and as described the installer fails.

    Howe ever as far as I can tell this is not the intended behavior, in older windows 10 editions when running a msi inside a sandbox a sandboxed instace of MSIserver was spawn up and used.

    This got broken by windows 1903 and my fix from last week actually solves that, in version 5.40.1 the MSIserver starts again inside the sandbox and for many MSI packages works just fine.

    Talking about the mumble installer package it looks like this:
    Windows 1803 + Sbie 5.33.6 the Instaler works fine.
    Windows 1903 + Sbie 5.33.6 the Instaler fails to start with the "cant access... error"
    Windows 1903 + Sbie 5.40.1 the Instaler starts fine and installs mumble successfully, only when the "Start mumble" checkbox on the final screen is checked it closes with again the "cant access... error"

    So the error mode as described in that thread is successfully fixed by my fix. :D Yea! :argh:

    What however is still broken is the part of the MSI mechanism that runs custom actions. Unfortunately some installers cant function without custom actions, which are described here: https://docs.microsoft.com/en-us/windows/win32/msi/custom-actions
    As far as I understand this mechanism it runs custom code in a separate instance of msiexec.exe which is spawn up by the MSIserver service and gets that "-Embedding <GUID>" arguments. Strangely on a 64 bit system this workers are 32 bit. But given that the issue is the same on 32 bit systems its just an oddity I guess.

    Cheers
    David X.
     
  14. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    The entitlement with this is so beyond my comprehension, I have one too, but you bought it from one place, this does not carry over, forever and ever, until infinity.
     
  15. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @sdmod
    Don't worry something under the GPL can't be made non closed source again, in theory Sophos could continue a closed source fork,
    but the code that is now GPLed will remain for ever so and those the community can just continue the open source branch.
     
  16. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    Thanks! It took a tremendous effort to get sandboxie working on windows 10. I took more than my fair share of lumps doing it. I'm glad to see my efforts are recognized and appreciated.

    You've effectively read between the lines. In my discussions with Sophos relating to the hand off of the open source code, they want someone that has "the best interest of sandboxie in mind". At this point in time there are only a handful of people that can pull that off. I'm one of them. Sophos management used almost your exact words about maintaining a pure offering. This I will do to the best of my ability with the time and resources I have available.

    This is by no means a one man job; it's going to take a village. One thing I want to stress is that I'm a sandboxie user first. I use sandboxie everyday, in fact I have 3 boxes up right now. One of the main reasons I'm here is that I don't want sandboxie to die. I happen to be the right person at the right time to do something about the fate of sandboxie.

    This is going to be a balancing act of both fixing issues and passing on knowledge to the community of interested developers. It's going to take time to get those developers up to speed. After all, I'm only one guy. I have demands on my time other than sandboxie, a day job (the one I'm not doing now), wife and kids. I'm going to need help to make this work.
     
  17. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    I hear you. I have sandboxie lifetime licence as well. I'm a user of sandboxie just like you.

    Agreed. I very much welcome this type of development structure.
     
  18. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    Thank you @DavidXanatos. I will verify your fix soon. Please give me a few to dust off my sandboxie hat and get this administrative stuff out of the way so we can play. Also, you can have the honor of being the first developer I'd like to invite to join the sandboxie project. We'll get this party started soon enough.

    This sounds like an RPC issue. The 64 bit process spinning off 32 bit workers is common. Take a moment and get familiar with ALPC and epmapper.
     
  19. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    I never said anything about creating my own sandboxie. My question was solely about the name.
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Great :) I'm honored, I gladly join, my user name on GitHub is also DavidXanatos

    Thanks I'll take a look on that.
     
  21. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA

    It's the instance of SbieSvc.exe that's created for the sandbox. You'll have one instance for each active sandbox. Bring up process explorer and start something in the sandbox you'll find an instance of SbieSvc.exe running as user (not system) ... that's the one you want.
     
  22. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    I figured that much, but it does not seam to always happen for example when starting calc in one and notepad in an other I only get one child SbieSvc.exe with the Sandboxie_GuiProxy_... argument

    upload_2020-4-17_21-31-33.png

    The one with Sandboxie_ComProxy_ that was described in the thread only gets spawn when needed and without the Clsid being open that did not happen at all. Thats what confused me there for a bit.
     
  23. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @SandboxieDev
    I just got a GitHub invite thank you :D
    Did you got my email from github? Do you need any other contact info?
     
  24. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    219
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    That was the only place where 5.33.6 was posted. IMO, after updating to 5.33.6, we are set. And can wait for new releases from Tom, which will comply with Microsoft driver signing rules.

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.