Sandboxie beta 3.55 released

Good on tzuk for getting these experimental security features into the 64 bit version! Things feel safer already.

Everyone should be aware, though, of what tzuk has said regarding the implementation: If Microsoft ever alters PatchGuard in the future (which they do silently, according to them, to make it a 'moving target') then you WILL start seeing BSODs afterward.

 

They'll alter it, I assure you. And, I'm betting we will have to wait no longer than until Windows 8 to see it.

 

Huh. I thought they were constantly poking at PatchGuard for security reasons, but apparently you're right. According to wikipedia, Microsoft has only every modified it twice since its inception in 2005.

 

I doubt they want anyone to mess with it, security companies included. I'd also be willing to bet that after enough changes, security companies will give up and stop trying to get around it. Vendors like Sandboxie and Defensewall were already hesitant, it took a bit to get them to try. But I bet they won't keep doing it. Luckily, it's very likely by the time that enough changes have been made to make them give up, that security as a whole will have changed a good deal. Hmm, perhaps I shouldn't say "lucikly" just yet. Security very well may change for the absolute worst by that point.

 

3.55.03 is up and running

and also microsoft is ready to have another kernel patch

-http://www.pcworld.com/article/224797/microsoft_readies_patch_tuesday_deluge.html-

 

Oh great Microsoft will kill SBIE right after it comes out. Super >_<

 

They wouldn't kill it, likely worst case scenario we're back to where we were pre-3.55. That being said, I don't know this, I'm sure it completely depends on what exactly MS is doing to fix the kernel in the upcoming batch. I don't know if it is just a "standard" patching, you know, something small, or if they are going after KPP itself. If they're going after the actual patch guard, there might be trouble. I have no clue, so I'm not going to keep yapping about it. My opinion is that Tzuk probably knows that eventually MS will mess up these tweaks that allow things like 3.55 to happen.

 

In the event that KPP is patched while one is running the latest version of Sandboxie with the new protections active, what recourse is there to restore the system?

Presumably after applying the Windows update in such a situation, booting will result in a BSOD a la KPP's design. I suppose one could boot into safe mode, but is there any way to undo the damage at that point? Since the new Sandboxie protection measures require a reboot of the system, I'm assuming it's not going to be as simple as editing the Sandboxie.ini file.

At the same time, one would hope there would be an easy way out of this mess without having to, say, reinstall the OS.

 

They are saying that they are patching the kernel, they aren't saying they are patching the kernel patch protection

 

Agree
I've updated and the new windows update didn't cause BSOD while using SBIE 3.55.03.

 

I love the fact that you no longer need to run with 'Drop my Rights' on x64 systems. This makes me able to install software safely in my 'install and try'-sandbox and test them! I still use Drop my Rights, on all other sandboxed applications though.

On a side note, if you're running without 'Drop my rights', be sure to have a password on your user account, as malware can change it. That's the only drawback I see with this new Exprimental protection for x64 when running without Drop My Rights.

 

I wonder when the full version will be released.

 

I really have to try Sandboxie. Looking for something new to learn, and for additional protection.

 

The beta is actually up to 3.55.04

I've just noticed that I get the following prompt from Sandboxie when opening Chrome sandboxed:

"SBIE2205 Service not implemented: ConnectPort (19/C0000022)"

It doesn't seem to have any consequences so far, but if anyone has any ideas before I post at the SB forum, I'm all ears.

Vista64 Ultimate + Sandboxie beta 3.55.04

 

Same thing here!

 

Looks like there is a thread here on the Sandboxie forums regarding this issue.

 

Being able to try programs sandboxed on 64 bit systems was a big miss
before this new version made it possible. I don't run 64 bit but it makes
me very happy that its possible now.

Bo

 

Thanks, it is similar but not the same alert and beta version. It is odd but I couldn't open a new thread on the sub forum "beta version 3.55", only administrators are allowed to.

 

Version 3.55.05 is available, and it corrects the error message reported in post #39. Tzuk is really very active and quick.

 

Any SBIE user: I have a Q!

Is there an option in SBIE to auto-sandbox all unknown applications?

Thanks

 

3.54 is still showing up on the site.

 

You need to go to the Beta 3.55 section on the forum area of the Sandboxie website.

Dave

 

Oops misread OSaban's post and thought the full version came out. My bad

 

Hi aigle, there is no option for that but if you force your browsers,
email client, USB drives, CD and DVD drive, anything known or
unknown will be, in a way, auto-sandboxed and will remain sandboxed
until you delete the contents of the sandbox.
Sandboxie is not like DefenseWall were files that come through via
a untrusted application, would remain untrusted. Thats why when
using SBIE, its perfect to use one folder for all downloads, having that
folder forced.

I don't know how much I can help you figure out SBIE but its my
pleasure answering your post. To me, you are a very knowledgeable
gentleman and a very nice human being.

Bo

 

Oh...thanks for the reply and so many thanks for the praise. I wish I could be like that what you think of me.

Back to the topic. I am not using SBIE but I have used it long ago for some time and even now occasionally I run it for testing.

I asked this question as I wanted to post a feature request on their forums. A feature like comodo sandbox ( ? probably also in BuferZone). The developer can add a white list in SBIE with an option to run all unknown applications sandboxed. When an unknown application is sandbxed, an alert should come from the tray. Also this feature shuould be disabled by default but any one if interested can enable it.

Thanks