Sandboxie Does Hidden Online Validation?

Discussion in 'sandboxing & virtualization' started by mark.eleven, Jul 19, 2010.

Thread Status:
Not open for further replies.
  1. mark.eleven

    mark.eleven Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    81
    Location:
    Island of Sodor
    I found an interesting comment on "hidden" online validation by Sandboxie on ~Url link removed~

    The guy in that forum used PE Explorer and extracted some strings from Sandboxie's start.exe . One of the string extracted contains " 'http://www.sandboxie.com/buy.php',0000h ".

    I have a lifetime license on Sandboxie and hence I have no worry on online validation by Sandboxie, but I just wonder how true it is that Sandboxie does "hidden" online validation?

    Any comment?
     
    Last edited by a moderator: Jul 19, 2010
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    That's disgusting...
    I have no issues with online validation, many companies do it, but to try and mask it from your firewall by such methods... Just reinforces my hatred towards the author, on top of his "omg 64bit" moaning and crying (at least he grew up and wrote a 64bit version), I'm glad I ditched such useless 3rd party products ages ago.

    I especially like how a few of the commenter's themselves describe Sandboxie bypass experiences.
    VM > Sandboxie.
    VM forever :thumb:
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Useless might be a bit harsh lol. I cannot think of another program, no matter who wrote it and what thier ethics are, that is so easy for the average user to use and that leverages very good protection for the said average user. VM is better, but also more complicated for novices and requires more poop to run not to mention that you must start the VM up (unless you use snapshots) before you can use it. Makes the slight 3-5 second delay some experience with sandboxie seem pretty snappy if you ask me.

    Online validation was only a matter of time in coming if the author expects to get paid for his work.

    Sul.
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    And perhaps the author uses it to see how many people are using keygens to pilfer the software as well.
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Couldn't care less if it does some online validation even less so for the assertion by some cracker. That some firewalls might let the communication through is neither here nor there
     
  6. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    177
    Indeed, the language you use shows that you obviously must feel something like hatred. Only that you do not (and probably are not able to) mention a reason for your hatred.

    And the statement that the product is "useless" is simply ridiculous. Read some threads here in the Forum to comprehend that the opposite is true. But people with an irrational hatred will hardly be convinced by arguments.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Did you even read the article describing how he does it? This isn't your every day validation, if it was, it wouldn't be a problem.

    I'm surprised I'm the only person that finds this disgusting.
     
  8. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    I Can see both sides but tzuk does offer a free version and a paid version, And i suppose he wants $$ for his hard work it`s not like it is microsoft activation, If he asked you to activate your paid license i prseume some people would only complain o_O He is trying to protect his product and would like the payment for his paid version if people are using it....
    For me i have no problem about it connecting out and verifying my license.. i have nothing to hide so it doesn`t bother me
     
  9. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Weird comments. Why so aggressive ?

    People have been given fair warning, more like. I seem to remember Tzuk and Ilya both explaining the situation - as they see it ... pointing out the potential flaws with Win 64bit and their products. Tzuk has given Sandboxie user's the choice to use the 64bit, but, at their own discretion. I certainly wasn't aware of the issues untill Tzuk explained the technicalities. I imagine a lot of average Sandboxie user's were in the same boat as me.


    EDIT: I didn't see the link, was edited out, so maybe you are angry at the method (which I haven't seen) lol

    ---​

    Anyway, there are some Sandboxie cracks/keygens around because I've seen them. I don't honestly mind that Tzuk might be protecting his income this way.

    I guess Tzuk might now have to state this validation check into small print somewhere - that is if he hasn't yet. *puppy*
     
    Last edited: Jul 19, 2010
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    But he could do it in a normal fashion instead of trying to sneak it through an ActiveX control.

    Why was the link removed? Now no one can see the story...

    It's not about validation, it's about the methodology he chose to put it into practice. Essentially trying to backdoor through your PC to do so.
     
  11. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I can see what you mean. I trust the software so I don't mind at all - I can see others might not.
     
  12. tzuk

    tzuk Developer

    Joined:
    Jul 4, 2004
    Posts:
    34
    I could not follow the link to the article, but there is no hidden activation in Sandboxie. Just because some random guy claims something that does not automatically make it true.

    The buy.php link takes you to "Register Sandboxie" page, and that page is certainly not some activation backend. The link is there for the very simple reason that there is a button which says "click here to buy Sandboxie" and it opens this web link when you click the button. There is nothing sneaky about any of this.

    funkydude, did I do something to you personally that you need to assume the worst about me and adopt a "guilty until proven innocent" attitude?
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    But when someone offers you a free product, trust is the only thing allowing you to install it. How does something like this build trust?

    I can't understand why a moderator removed it.

    Yes. But that's not for debate in this thread.

    I'm not surprised you claim nothing exists. Again bringing us back to who to trust.
     
  14. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Read it again but objectively and you will see that is a load of ..... a truck load :)
     
  15. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Well, as we've got it straight from the guy that knows ... I guess it was all Horse ~ Snipped as per TOS ~. In the end.
     
    Last edited by a moderator: Jul 19, 2010
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    He backed it up with evidence and it had nearly 10 replies without any objections.
     
  17. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    How can we read it? It's gone. If there's nothing to it, there's nothing to it. If the link contained malicious script/files or other inappropriate (meaning against the rules, not opinion), then fine, removal of the link was necessary. But at least give a reason for removal in the edit like usual. As far as this "validation", I understand it, and, as long as I know where it's trying to connect, I don't care. However, using Active-X to do it isn't exactly comforting.
     
  18. tzuk

    tzuk Developer

    Joined:
    Jul 4, 2004
    Posts:
    34
    funkydude there is no evidence. A pirated key stops working and someone says it must have been "... by creating an invisble internet explorer activex object instance and takes control over it via COM or by creating a invisible Windows-/Internet-Explorer process and uses it to send and recieve validation data."

    Only someone who wants to see bad things written about Sandboxie will take the drivel I quoted as proof of anything.

    Again I ask. What did I do to you personally that this attitude towads me is justified in your mind?
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,058
    Simple solution to that. Pay for it.
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    I don't know if that was meant to be funny, but anyway, I found it funny.

    When evidence is removed, there is no evidence indeed.

    I ask you now nicely to stop trying to make this thread about me and you. It has a point to exist, let's not obscure it with personal debates of bad history.
     
  21. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What is not there to start with can't be removed
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    The link was removed as it pointed to a google cache version of a thread at an unknown "hacking forum" which we were unable to verify as safe. When hacking sites are linked to, we need to be assured that their content is both safe and legal, to be within our TOS. As you know, links to malware, warez, hacking/cracking sites are not allowed by TOS.

    tzuk - I sent you the link for review.
     
  23. tzuk

    tzuk Developer

    Joined:
    Jul 4, 2004
    Posts:
    34
    Funkydude. You try to launch a smear campaign against me. I ask why, you say let's not make it personal. If it wasn't personal then you wouldn't have this bias against me in the first place, and would not easily believe lies about Sandboxie and then repeat those lies with a passion.

    Now I've done my part to disqualify all the false accusations about "hidden activation" when the truth is this genius cracker had to have been using a widely circulated pirate key, that I found by googling, and then simply invalidated in a later version of Sandboxie which he then installed.

    But rather than assume it was something trivial like this, he proposes the bit of drivel that I quoted earlier.

    Now I hope this can put an end to these wild and baseless speculations.
     
  24. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    You clearly cannot understand that my personal issues with you have nothing to do with this thread, yet you keep trying to bring them up. If I had launched a smear campaign against you, my posts would be about you, not the questionable methods you use for validation in your software.

    What exactly did you do short of give us your word and ask us to trust it over his just because it was posted on a hack forum, you know, where people hack software, and find things like this.

    Like you do with most discussions you dislike, don't worry, I have no evidence to back up my debate anymore, so I'll leave it in your hands, and the hands of your users to decide what to make of it, and how to proceed from here. Good day.
     
  25. tzuk

    tzuk Developer

    Joined:
    Jul 4, 2004
    Posts:
    34
    Questionable methods do not get into software by themselves. Based only on paranoid lies of a software thief, you were trying to convince people that I am a dishonest man employing dishonest methods. With neither him nor me providing tangible evidence, you would prefer his mindless drivel over my reasonable explanation. And in the end you concede, but you will make neither a retraction nor an apology. And yet you say your personal issues with me have nothing to do with this thread. Good day, indeed.
     
Loading...
Thread Status:
Not open for further replies.