Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    37
    Location:
    Out
    Maybe we're talking about the donkey_bureaucracy :p
     
  2. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    I'm sorry @DavidXanatos this is not the fix you think it is. The behavior of your change has the same effect as opening the com ClassID {000c101c-0000-0000-c000-000000000046} which Curt discovered. Curt's "fix" addresses the MSIserver service allowing it to start as system, however, your code change does a bit more than that by allowing more services to run outside the sandbox. It acts like an open *. This weakens the sandbox. And still doesn't resolve the MSI issue in all cases and windows versions. The same error code shows up in the same place with or without your fix: Error code: (HRESULT) 0x80070776 (2147944310) - The object exporter specified was not found.


    Another thing. Stop thinking of this issue as a bug ... it's not a bug. Sandboxie is working as designed by blocking an external request. This, however, is a feature we would like to have so we have to make the changes to sandboxie to allow the MSI installer to install in the sandbox but such changes need to have minimal impact to the overall function and security of the sandbox.

    So far my observations are identical to Curt's. And, I did manage to find the originating rpc failure in the initial msiexec.exe in the sandbox. See the following image.

    This one is going to take a bit of time. I have a lot more digging to do!

    msi-winddbg.png
     
  3. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    All I can say about this is I asked for it. When I find out for sure I'll post. So maybe.
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Links at sandboxie.com like this one are important. I think Sophos said the site was going to be killed, hopefully you get them to change their mind.

    https://www.sandboxie.com/SBIE_Messages

    Bo
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    FWIW, even if it resolved the MSI issue, I wouldn't want a weakened sandbox. For me personally, the trade off of opening too much in order to fix the MSI issue would not be worth it.

    Bo
     
  6. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    229
    I totally agree with Bo. As much as I would like to be able to install MSI packages in a sandbox, I absolutely wouldn't want Sandboxie's security to lessen. This is what I'm afraid of, now that SBIE is open source... But I am so glad that Tom is with us cause I see that he knows what he is doing. So please don't open any holes, for those who need it, Sandboxie already has the asterisk (*) option.

    Also, I hope the Sandboxie.com site is saved as there is a lot of useful info on it and it was a lot of work to write all that. Losing the great old forum was a big blow alrady, hope the site won't get lost.

    Plus, I hope that in time Sandboxie can be somehow turned back into a paid model so that it stays professionally mantained, developed, tested and supported.
     
  7. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    It's to bad Sandboxie doesn't have options or some way to specifically give a Box/Container its own set of Resource Access/Restrictions rules that could allow MSI to run in that one, while leaving all other Boxes/Containers at stock settings which wouldn't allow MSI to run, so no "weakening" would happen, thus both sides could be happy. This is unfortunate indeed.
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Hi Special, I dont have any good news about this (yet) issue, but I can tell you that I know Curt, and now Tom, want to get this issue taken care of. I know fixing this issue is important to you, lets hope it gets done sooner rather than later.

    But for now, I think this is what you asked for a few days ago.

    https://www.wilderssecurity.com/threads/sandboxie-technologies-sbie-open-source.428156/

    Bo
     
  9. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Back on Windows 1909 temporarily and got my friend Sandboxie 5.33.6 back on here pronto. Now the Default Box contains Microsoft Edge and working great, except for this when opening gmail of all things:
    sbie error box msedge.PNG
    I've since Hidden the message and things go on as usual. No other site has thrown this (yet). Has anyone else seen this group under similar circumstances? Also happens when Vivaldi is sandboxed so it's not browser-specific. Windows 1909 v. 18363.815. Sandboxie 5.33.6
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Hi plat, everyone gets those messages sometimes when running Chromium based browsers in the sandbox. I usually get them when opening Settings in Edge. You can close the message and ignore it or Hide it.

    Bo
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,925
    Location:
    The Netherlands
    Yes, I came pretty close LOL. And now I understand why bo elam was so happy, it's pretty good news indeed.

    Very cool to have someone like you onboard and I hope you will get help from other developers. I have been a Sandboxie user since 2004, it's a unique tool on the market. I wouldn't mind paying a yearly fee to give it a better chance to survive. To give some background info, since 2004 I have used SBIE to protect my browsers (IE, Opera, Firefox and now Vivaldi) but the virtualization part is of course also pretty awesome. I always try to install apps inside the sandbox first, before deploying them on the real system.
     
  12. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    513
    Location:
    VPN city
    sandboxie 5.33.6 is still working. I don't care about MSI installers. Plenty of whitelisting software exists now that can block all malware. There's no need to fork sandboxie in such a way that would allow you to install MSI packages too many risks concerning security holes. Also, you shouldn't ever allow something to install a driver or a service inside the sandbox. Better to lock that stuff down and prevent all of it indiscriminately.

    Sandboxie exists as a safety net against modifications made by software or online services you use. If you're worried about accidentally installing malware or just wanting to try out new software, there's installation monitors you can get. Comodo used to make "comodo programs manager" which could be told to monitor the installation of any program so that you really could remove all of something if you didn't want it anymore. I'd be shocked if there wasn't any other software like that.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,900
    Location:
    Slovenia, EU
    I agree.
    There is also a possibility to install stuff in virtual machines to test it out.
     
  14. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Can you name some?
     
  15. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    513
    Location:
    VPN city
    From what I've read. It would involve making the installer service vulnerable.
    Keeping it closed off means there's no way to endanger the system by doing that.
     
  16. SandboxieDev

    SandboxieDev Registered Member

    Joined:
    Apr 14, 2020
    Posts:
    15
    Location:
    USA
    Thanks!
     
  17. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    256
    Location:
    Poland
    These is not at all good idea.. bc sometimes software can make issues on layer hardware and by using emulated fake hardware can make you other result.
    But for most scenario yes VM should be fine... but for be 100% honestly sure better make backup system and test on real one system and after testing do rollback system to prevous state and use verifed software/configuration as you wanted.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,925
    Location:
    The Netherlands
    Actually, I should thank you. I do hope that other developers can also play a role, perhaps developers of tools like EXE Radar and TinyWall can join you, perhaps I should send a PM to them to see if they are interested. :)
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,925
    Location:
    The Netherlands
    Well, it did work in the past, but I agree that it shouldn't weaken security. And luckily I don't download MSI installers that often.

    BTW, make sure you read this about hack-attacks on Github users:

    https://github.blog/2020-04-14-sawfish-phishing-campaign-targets-github-users/
     
  20. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Glad to hear someone like Tom decided to get involved in the project in order to keep Sandboxie alive!

    Maybe when important things, like browsers, are working fine again Sandboxie could be Buster Sandbox Analyzer friendly again.
     
  21. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    256
    Location:
    Poland
    Cool i already asked in other sandboxie topic for posibility to renew BSA <3
     
  22. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,443
    Location:
    Viena
    Is the source for the Buster Sandbox Analyzer available some ware? Or would the dev be willing to work with us on restoring compatibility?
     
  23. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    256
    Location:
    Poland
  24. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Source code never was released because it's a complete mess: tons of spaghetti code, non-commented source, uses many 3rd-part tools, it's very difficult to compile because it was coded in Delphi 6 and uses many propietary libraries. I only can say I've never been really a coder. I just coded BSA because I truly wanted a malware behaviour analyzer running under Windows but I should not have been the person doing it as it was far from my coding skills.

    I could send LOG_API source code.This is what really needs to be restored in compatibility terms. If LOG_API works fine again, then the tool would be as usesful as it used to be.

    Edit: I just checked using Sandboxie 5.31.4 and LOG_API worked fine. Don't know why I got some reports from people telling LOG_API was not working anymore. :-?
     
    Last edited: May 4, 2020
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,443
    Location:
    Viena
    Do you know what broke your LOG_API?

    Yes the code of LOG_API would definitely help in tracking down whats broken.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.